The COVID-19 pandemic has introduced unprecedented strains to the economy since the beginning of 2020, enhancing concerns about credit risk and putting pressure on retail and commercial lenders’ ability to serve their borrowers.
Cybersecurity risks have also evolved as more employees work from home, following government-mandated work-from-home models, and risk environments change. These shifts are prompting bank leaders to evaluate their business continuity plans and pandemic planning initiatives to make sure they’re putting safety and efficiency first.
Bank Director’s 2020 Risk Survey, sponsored by Moss Adams, was conducted in January before the US economy felt the full effects of COVID-19. Yet, insights derived from this annual survey of bank executives and board members help paint a picture of how the industry will move forward in a challenging operating environment.
Most of the country’s community banks have worked to issue loans through the Paycheck Protection Program (PPP)—the Small Business Administration (SBA) loan created under the Coronavirus Aid, Relief and Economic Security (CARES) Act passed in late March. These loans—which may be forgiven if borrowers meet certain criteria—fulfill a specific need by allowing small businesses to retain staff, pay rent, and cover identified operating expenses.
However, it’s likely that businesses will seek additional credit sources as the economy opens back up and businesses reopen their doors. The lapse in revenue generation by businesses will provide lending institutions with significant underwriting challenges.
More than half of respondents in the 2020 Risk Survey revealed enhanced concerns around credit risk over the past year, while 67% believed that competing banks and credit unions had eased underwriting standards.
While there’s no way to determine what the future holds, near-term lending decisions will likely occur amid an uncertain economic recovery. Amidst these unprecedented circumstances, there are some important questions lenders should consider when determining their lending approach:
- How will our organization evaluate lending to businesses that have been closed due to COVID-19?
- Should a COVID-19-related operational gap be treated as an anomaly, or should lenders consider this as they underwrite commercial loans?
- What other factors should be considered in the current environment?
- How much of our bank’s capital are we willing to put at risk?
Directors and executives who responded to the survey consistently indicated that cybersecurity is a key risk concern. In this year’s survey, 77% revealed their bank had placed significant emphasis on increasing its cybersecurity and data privacy in the wake of cyberattacks targeting financial institutions, such as Capital One Financial Corp.
With more bank staff working remotely, cyber-risks are even greater now. Employees are also emotionally taxed with concerns about their health, family, and jobs, so the risk for errors and oversights increases. Unfortunately, companies can always count on cybercriminals to prey on individuals in any environment, and the COVID-19 pandemic presents them with a ripe opportunity.
For more details, see our article COVID-19 Can Lead to Cybersecurity Risks—Protect Your Organization and our Cybersecurity Checklist for Remote Work.
In the survey, respondents whose bank had weathered a natural disaster in the past two years were also asked if they were satisfied with their institution’s business continuity plan. The majority, or 79%, indicated they were.
However, the COVID-19 pandemic isn’t a typical natural disaster like a hurricane, tornado, flood, or fire. Although buildings haven’t been destroyed and bank operations aren’t impacted in the same ways, companies are still experiencing significant disruption to their normal operations—if they’re able to operate at all.
These circumstances, coupled with expanding technology and banks’ operations becoming increasingly cloud-based, will likely lead to changes in business continuity planning.
In an interagency statement released one week before the World Health Organization (WHO) declared the COVID-19 outbreak was a pandemic, federal regulators reminded depository institutions of their duty to “periodically review related risk management plans, including continuity plans, to ensure their ability to continue to deliver their products and services in a wide range of scenarios and with minimal disruption.”
At the same time, the Federal Financial Institutions Examination Council updated its pandemic guidance, noting the need for a preventative program and documented strategy to continue critical operations throughout a pandemic. The program should be flexible and reflect the institution’s size and complexity.
Since that time, banks have encouraged customers to broadly adopt digital platforms and, when necessary, serve customers in person through drive-through lines or by appointment to reduce face-to-face contact. Bank employees wear masks and gloves, branches are cleaned frequently and, where possible, staff work remotely.
The pandemic can provide important understandings about the effectiveness of an organization’s business continuity plan. It’s important for organizations to gain insight from this opportunity.
You can do so by considering the obstacles banks are facing during the pandemic, and continuing to plan for potential impacts.
For example, there could be another wave of COVID-19 later in the year; alternately, it could be years before we see an event similar to what we’re currently experiencing. Either way, it’s important for your bank to consider the potential consequences of each outcome and be ready with a plan.
We’re Here to Help
Reviewing your organization’s business continuity plans and planning initiatives can help reveal opportunities to move forward with confidence—despite challenging operating environments.
To learn more about how your organization can respond to the COVID-19 pandemic, contact your Moss Adams professional.