It would be a mistake to conclude that the only way to succeed in banking is through ever greater size and diversity. Indeed, better risk management may be the only truly necessary element of success in banking."
- Former Federal Reserve Board Chairman, Alan Greenspan
The prevailing wisdom is that risk is a bad thing. Just ask those bankers who suffered through the failures of the last banking crisis and the corporate credit union problems, or who are dealing with the current problems resulting from the energy sector downturn. Prevailing wisdom, however, is wrong.
It's difficult to be a high performing financial institution, to consistently exceed the performance of your peers, and meet the expectations of your shareholders, without taking risk. Risk is the essential element of the business of banking. It is, instead, the inadequate management of risk that is the problem.
Unfortunately, financial institution managers have not been as successful at managing risk as they'd hoped. That's where we come in. AppPax Risk Advisors represents an innovative approach to understanding and managing risks faced by today's financial institutions.
From strategic business threats like fintech start-ups, lending growth, and retaining deposits to tactical threats such as cyberrisk, robbery and fraud, AppPax's consultants and systems provide the tools executives need to manage and to take advantage of risk.
Risk is the essence of "banking." Financial institutions, banks, thrifts and credit unions, take risk every time they open the door, make a loan, accept a deposit, process a payment, hire or fire an employee. Risk is that integral part of the banking business that drives earnings. This does not mean a financial institution should take on extraordinary risk, however, or only make higher risk, higher yielding loans. High performing financial institutions are successful at both taking and managing risk.
Most financial institution CEOs will say, "we do manage risk". While this may be true, their risk management activities are often confined to organizational "silos". Their approaches to risk assessment, monitoring and control are often narrowly focused and tactically driven. Consequently, risk management, compliance and corporate governance efforts and costs may be duplicated throughout the institution. Worse still, this approach may result in significant gaps in the risk management processAppPax's consultants aid financial institutions improve the effectiveness, and cost effectiveness, of their governance risk and compliance programs by:
Risk management is all about effective business management. The overriding goals of risk management are to identify risk issues that might impair the financial institution's ability to achieve its strategic business objectives, and implement strategies, organizations, processes and controls to mitigate the negative impact they might have on the institution.In many cases, however, the understanding between where a financial institution is trying to go strategically and how much risk it can afford to or must take to get there is not entirely clear. Far worse, many financial institutions sometimes fail to identify and track those events that might prevent achievement of their strategic business objectives.
AppPax's Enterprise Risk Assessment and Plan enables management to effectively evaluate the institution's current risk environment and the effectiveness of its risk mitigation.
Perhaps the greatest enterprise risk management challenge is creating a consolidated and intelligent view of risk, compliance and internal controls. At many banks, this effort continues to be fragmented, expensive and inefficient, resulting from disconnected silos of analytical information, created using a variety of different solutions.With so many disconnected systems, the institution cannot achieve an effective, enterprise-wide view of risk. It is left in a state of risk ignorance where interdependent risks are not anticipated, mitigated or managed. Threat to the business is exacerbated by aggregate risk exposure.In contrast, risk-intelligent financial institutions have implemented integrated risk reporting solutions, developed in-house or acquired from vendors. AppPax helps financial institutions design, develop, acquire and/or implement these systems. We assist management in identifying key leading and lagging indicators of risk, focused on the strategic direction of the institution and linked to the institution's inherent risk profile to develop effective, enterprise-wide risk management dashboards.
To learn more about how AppPax's experienced risk management consultants can guide your institution's team through the process of building an effective enterprise-wide risk management program, contact us today.
The objectives of the Compliance Assessment are to ensure that Bank’s consumer policies and procedures and supporting management, operational and information reporting systems are in place and meet regulatory compliance requirements. We will review the adequacy of the consumer compliance management function, including:
We will conduct appropriate tests of compliance with applicable compliance regulations in those areas specified by the Bank. Where compliance practice and/or procedures require improvement, AppPax will draft appropriate compliance procedures and develop recommendations for changes to supporting operating systems and management information reporting systems. The scope of the compliance audit tests will include all applicable regulations as well as the Compliance function.
We will review policies, observe operations in those areas governed by the regulations and interview appropriate management and staff, review existing compliance procedures documentation and related management information reports and other information, such as forms, templates, disclosures and worksheets, as appropriate. In each area, AppPax will determine whether existing procedures comprehensively address applicable compliance regulations. Where procedures require improvement, AppPax will provide appropriate recommendations for changes to policies, procedures, supporting operating systems, management information reporting systems, training and testing programs, and compliance organization and staffing.
AppPax's Consultants will:
AppPax's report of the assessment will:
In addition, AppPax will provide security policy templates and other information, as appropriate, to ensure the Bank's information security policies meet regulatory requirements.
To ensure a financial institution's security systems function effectively, AppPax performs independent vulnerability assessments and internal/external penetration tests.Vulnerability assessments include on and off-site assessments of security procedures, devices, methods, organization and staffing. While vulnerability testing provides the starting point for assessing information security controls, external security penetration testing provides financial institutions assurance security controls function as intended.
During these tests, AppPax's security professionals simulate attacks and attempts to login and gain access to a financial institution's servers and network. Methods include automated security test scripts and hands-on, live attempts to penetrate an institution's security controls.The effectiveness of any penetration test is based on the skill of the security team performing it. Our security consultants are CISSP, NSA, and OPSA certified, and their understanding of how financial networks and applications transmit customer information allows the team to quickly and properly identify risks to the institution.
AppPax's IT Audit is a comprehensive assessment of risk and validation of key controls throughout the Bank's Information Technology function. Our approach complies with the FFIEC's Interagency Guidance on the Internal Audit Function and its Outsourcing and the IT Examination Handbook. AppPax has developed a customized IT risk assessment and audit approach, based on COBIT 5.1.The Scope of the IT Audit includes:
In addition to reviewing policies, procedures, and practices related to each these areas, AppPax will perform appropriate tests of key procedures and internal control attributes to ensure their operational effectiveness. The report of AppPax's IT Audit will include maturity ratings of the major IT governance elements, as defined in COBIT, and an overall rating and audit opinion of the IT function.
Failure to comply with BSA/AML regulations can potentially devastate a financial institution. In response, many financial institutions have significantly increased staff in this area and invested heavily in technology systems to support the compliance effort. As a result, the day-to-day costs of compliance are almost as equally devastating.With regulatory emphasis on BSA/AML expected to increase as the credit crisis wanes, now is the time for financial institutions to ensure their compliance efforts meet regulatory requirements.AppPax will work with your institution to ensure that you have:
Most importantly, AppPax will help ensure that the BSA/AML compliance function is both effective, and cost effective.
AppPax can also assist your financial institution in the following areas to improve the effectiveness and efficiency of your BSA/AML compliance effort:
The regulatory message is clear. All financial institutions are expected to have a clearly defined, documented and effectively implemented Bank Secrecy Act and Anti-money Laundering program. AppPax's skilled consultants can help you ensure your bank's program meets or exceeds regulatory requirements.
AppPax's performance driven methodology balances each organization's unique risk profile with operational objectives in its unique approach to Business Continuity Planning. AppPax's approach includes:
According to regulators, testing is the most critical - and most overlooked - aspect of Business Continuity Planning. AppPax's methodology includes:
Responding to a regulatory enforcement action is the most significant challenge a financial institution can face. It can also be an opportunity to implement important changes which many times have been a long time coming. If properly managed, objectively resolving enforcement proceedings can result in a stronger, more credible, and more viable institution, with enhanced potential for sustained long-term growth and earnings in a managed risk environment.Addressing the requirements of the enforcement action, and correcting problems cited in the Report of Examination must be the critical priority for the board and management. The key lies in managing the process. The key objective is to get back to the business of banking as soon as possible.To help financial institutions address regulatory enforcement actions, as well as earnings performance, lending and problem asset issues, AppPax offers the following services:
The quality of a financial institution's loans impacts all components of its financial performance. Loan quality problems can diminish the liquidity inherent in the loan portfolio and have a negative impact on the adequacy of the institution's capital. Poor loan quality also reflects upon management's competence. Continued loan problems may also impair an organization's ability to generate quality new loans.To aid financial institutions in managing credit risk, AppPax Risk Advisors will:
AppPax's proven loan review methodology provides management with a comprehensive, objective credit quality review. Information developed during the review enables management to better gauge risk and potential loss in the portfolio, address weaknesses in individual credits and improve credit risk management and correct documentation errors.Loan reviews are performed by experienced lending and credit risk management professionals, employing sampling and analytical methods compliant with regulatory requirements.Loan review engagements are completed through a combination of on and off-site effort. This combination of on and off-site work helps our clients manage the costs, while ensuring that the quality of the review is maximized.A typical engagement involves an initial on-site visit to:
Following the on-site visit, AppPax's loan review professionals will complete quarterly reviews of segments of the financial institutions loan portfolio off-site, reviewing scanned images of loan and credit file documentation.For each loan relationship selected for review, AppPax will independently assess the quality and collectability of the loan and assign a risk rating, utilizing the Bank's existing risk rating criteria. Any changes in risk grades will be thoroughly reviewed with appropriate lending and credit administration staff.AppPax will provide a report of our work including:
AppPax's loan review provides management and Directors with critical insights into the quality of the financial institutions credit portfolio.
The effective management of credit risk has never been more critical to the viability of today's financial institutions. AppPax will complete a comprehensive review of existing lending, loan operations and credit risk management policies, procedures and controls, systems, organization and staffing, and reporting processes. In connection with this diagnostic, AppPax will gain a thorough understanding of the organization's lending strategies and procedures, as well as its credit risk management processes. During this phase, AppPax's consultants will review the Bank's:
A key objective of this phase will be to understand current loan origination, analysis, approval and operational processes. AppPax will evaluate the processes for originating various types of loans, including commercial, commercial real estate, construction, SBA and consumer loans, identifying and assessing the efficacy of key credit risk management procedures and controls and reporting systems. AppPax will review the Bank's lending and loan accounting policies in view of the inherent level of risk, risk trends, and strategic lending objectives (i.e., growth, quality, markets, products, delivery channels).AppPax will develop a thorough understanding of the credit management processes within the Bank, including:
Coincident with this phase, AppPax will identify loan quality and risk management information systems in use and the sources of information in such systems. AppPax will also develop an understanding of related aspects of loan collection and workout and credit review (i.e., information systems used, information sources available and information requirements). This review will enable AppPax's consultants to understand the lending processes and controls and related credit risk management processes.The Bank must also implement appropriate processes for determining the adequacy of the Allowance for Loan and Lease Losses, in compliance with new CECL requirements. In this phase of the engagement, AppPax will evaluate: