The traditional school of thought in banking has been that asset size matters in terms of regulatory expectations around enterprise risk management (ERM). However, is it the institution’s asset size that matters, or is the sophistication and complexity of the institution’s risk profile more important?
One of the most popular questions asked amongst peer roundtables is, what is a bank expected to do for ERM and operational risk management (ORM) as it approaches the $10 billion asset size threshold of a regional banking organization (RBO)? The Federal Reserve (the Fed) considers an RBO to be a mid-size financial institution with total consolidated assets $10 - $50 billion. The follow-up question typically is, have regulatory expectations lessened, given recent scaling back of comprehensive capital analysis and review (CCAR) or Dodd Frank Act Stress Test (DFAST) requirements within the broader regulatory reform discussions in Congress?
These are hot topics, especially for banks falling under that $10 billion asset size bubble (known as community bank organizations ‘CBO’ by the Fed definition), as the cost of implementing ERM remains high.
Specific to CBOs with assets $2 – $5 billion, regulatory agencies have been providing more prescriptive guidance and recommendations to their banks to upgrade and enhance their ERM and model risk management frameworks pursuant to the existing regulatory guidance aimed at RBOs. Examinations are now more targeted and detailed, covering policies and procedures, personnel, risk appetite, risk assessment activities and board reporting. Examiners are pushing smaller-size banks to recognize the ERM value proposition as they feel a keen risk awareness will allow management to make more informed decisions.