Assessing Emerging Risks; Managing Non-Financial Risks: Day Two of RMA’s Governance, Compliance, & Operational Resiliency Conference

Thanks to all who attended Day Two of the RMA Governance, Compliance, & Operational Resiliency Conference, which featured lively discussions on card not present fraud and reputation risk, a preview of cybersecurity risks for enterprise risk management, and an expert session on managing non-financial risks.

Takeaways from today’s sessions, which are available to registrants on-demand, are below. Be sure to join us tomorrow for GCOR Day Three, which includes a Women in Risk keynote panel highlighting the maturation of operational risk, and timely advice on facilitating a board’s risk management decision-making. Panelists will be online during each session to take your questions in real time.

Friendly tip: If you neglected to download your CPE credit after a session, CPE certificates are available an hour after the close of each session and for the rest of the conference.

Day Two Takeaways:  

What banks must do versus what banks should do. Addressing ESG issues is not just a priority for investors and regulators, but also critical for employee and customer retention. To excel, according to Kelvin Dickenson, SVP of product development at SAI360, "ESG has to be authentic. It can't be a layer of window dressing in the annual report. It has to tie back to what you believe as principles for your organization, and it will be different by organization."

Dickenson moderated “Doing the Right Thing: Succeeding at ESG and Reputation Risk” with an experienced panel of practitioners. After defining terms, the panel explored how the approach to ESG is changing, resourcing best practices, the challenges of managing reputational risk, and approaches to measuring ESG impact. Demonstrated success is necessary for shareholder value and for employee retention.  But without a strategic approach to ESG, integrated into a larger risk governance framework, banks will have a tough time succeeding. 

CNP fraud has increased 50% in the last three years. Attendees could be excused for clutching their wallets after the sobering "Confronting the Risk of CNP (Card Not Present) Fraud" panel.  The expert panelists provided a masterclass on the challenges wrought by CNP, and various risks and exposures for banks, merchants, and consumers.

As noted by David Diehl, director of operational risk at Texas Capital Bank, one of the most sinister things about card not present fraud is that most people who are victims aren't even aware they have been victimized. But more consumers than ever have become susceptible to this type of fraud as their purchasing habits have transformed during the pandemic. Thomas Kelleher, SVP and director of fraud risk oversight at Citizens Bank, noted that prior to Covid-19, about 60% of debit card transactions were card not present. Post pandemic, that trend has shifted to over 80% of the debit card transactions. And for credit cards, CNP represents about 90% of all transactions.

Panelists discussed who was ultimately responsible for CNP fraud costs (answer: it depends) and trends in the card-not-present space, including Apple Pay and crypto currencies. Panelists also reviewed recent shifts by merchants to ECI-protected transactions. "Fraud is a way of life now," said Diehl. "We should be talking about it consistently, with our clients, business partners, employees, and our leaders to further educate them on best practices."

Strong regulatory relationships can mitigate non-financial risks. The pandemic and escalating geopolitical events are just a few of the non-financial risks confronting financial institutions. Community banks are especially challenged during these difficult times. In a panel discussion moderated by RMA President and CEO Nancy Foster, community bank senior executives discussed talent retention strategies and the regulatory environment against the backdrop of these evolving non-financial risks.

Processes established during the pandemic have actually improved the talent acquisition process. “You can now find talent in other markets that, until now, you may have been closed off to and now benefit from remote technology,” noted one panelist. But banks must take thoughtful steps to create a productive, positive virtual environment. “The culture ship sailed when we sent everyone home to work during the pandemic,” observed another executive. “We’re going to have to do some things differently to keep our employees in line and engaged when we only see them on Webex or Zoom calls”

Crossing over the $10 billion threshold was especially challenging during the pandemic. Panelists said it was important to establish strong relationships with regulators in order to respond to compliance expectations as banks evolve and grow.

Related Links:

- GCOR XVI, DAY 1: Climate Risk and Opportunities 

- GCOR XVI, DAY 2: Assessing Emerging Risks; Managing Non-Financial Risks 

- GCOR XVI, DAY 3: Retaining Talent; Training Boards

- GCOR XVI, DAY 4: Taking Inventory of Model Risk