Interagency Exam Joint Guidance in June 2020 referenced Federal and State Financial Regulator intent to include as part of an institution examination whether management had managed risk appropriately in response to stresses caused by the impact of Covid-19.
Operational, compliance, and cyber risks have likely increased for many institutions as a result of the pandemic. The agencies will consider whether management has appropriately planned for financial resiliency and operational continuity, implemented prudent policies, and is pursuing realistic resolution of issues resulting from the pandemic.
Examiners are expecting management to have an initial and ongoing risk assessment of the pandemic addressing credit risk, earnings prospects, capital adequacy, funding, liquidity, operations, and sensitivity to market risk. The institution’s risk identification and reporting processes will be evaluated.
Capital adequacy will be evaluated as institutions may experience cash flow decreases, asset losses, operational losses, extraordinary expenses, deposit fluctuations, and contingent liabilities as a result of the pandemic.
The pandemic will affect asset quality review in terms of prudent credit modifications and underwriting, maintaining appropriate risk ratings, designating appropriate accrual status on affected loans and providing appropriate loss allowances.
Actions taken by management to adapt fraud and cybersecurity controls to the adjusted operating environment will be evaluated. Third party controls and service delivery performance during the pandemic should have also been evaluated by management.
The internal and external independent audit areas will also be reviewed to ensure these functions are functional through work at home arrangements and these areas include reviews of new operational processes and programs.
In summary the pandemic filters though every part of the regulatory audit process whether you are talking Safety and Soundness, Compliance, or Informational Technology.
A reading of Interagency Joint Guidance is a must. Pandemic consideration is a prudent component of your next regulatory examination.
Related Reading:
4 Things For Businesses To Focus On Post-COVID
Cybersecurity Dos And Don’ts
Cybersecurity For Colleges And Universities
COVID-19 Brings The Spotlight Back To Stress Testing
Webinar Archive: Pandemic Continuity Planning
Pandemic Webinar Series