Key issues at the Bank Audit and Risk Committees conference

Authored by Timothy Kosiek and Sherrie Krowczyk-Mendoza

At Bank Director’s Bank Audit and Risk Committees conference, discussion focused on three major topic areas: digital transformation, cybersecurity and implementation of CECL and ASC 606.

Digital transformation of banking

Technology has changed the way people socialize, shop and prefer to interact with their service providers – including banking institutions (e.g., depositing checks through a mobile device, transferring money to other customers etc.). The digital disruption occurring within the banking sector is impacting institutions of all sizes and types. What was once cutting edge technology, has now become a primary piece of staying competitive. With new financial technology (fintech) companies and offerings evolving every day, this aspect of the financial services world is challenging for institutions to stay abreast of as they try to balance rapid transformation with regulatory compliance and security. Banks are no longer just financial institutions, they must also be technology companies to compete.

Cybersecurity as a primary risk focus

With the rapid increase in technology utilized by banks, cybersecurity has overcome traditional regulatory compliance to become the primary risk area concerning financial institutions. Cyber criminals and the methods they use to attack organizations are constantly evolving and becoming more sophisticated. Breaches not only affect the company’s reputational standing, but also financial (as seen with breaches like the Swift attack resulting in an $81 million loss in 2016). Financial institutions’ reliance on third party vendors only increases the risk areas they face and with the rapid evolution of hackers’ tools, mitigation and protective strategies are the focus versus prevention. Bank boards need to know what defense mechanisms and procedures are in place to prevent and mitigate data breaches when they occur, as well as how cyber issues have been incorporated into disaster recovery procedures.

Preparing for ASC 606 and CECL

While organizations try to transform their technology and safeguard against cyber-attacks, two major accounting changes are looming for many banking institutions, specifically community bankers: ASC 606, Revenue From Contracts with Customers, and the Current Expected Credit Loss model (CECL).

ASC 606
The new revenue recognition standard under ASC 606 needs attention as it goes into effect for public institutions for fiscal years starting after Dec. 15, 2017. There will be a substantial effort required under ASC 606 for companies to document support of their decisions in their revenue recognition process via their disclosures. Previously, disclosures on financial statements were minimal, now they will be expansive.

Although CECL will not go into effect for public companies until fiscal years after Dec. 15, 2019, there is a substantial amount of work to be completed. With the Office of the Comptroller of Currency (OCC) recommending that banks under the $10 billion mark use something other than an enterprise software solution, banks need to begin assessing their internal processes and the options available to them for accounting under CECL soon.

The Bank Audit and Risk Committees conference once again was a source of highly engaging and insightful conversations about the many hot topics and challenges faced by banking institutions.

For more information on this topic, or to learn how Baker Tilly banking specialists can help, contact our team.