Examiner-in-Charge School Feb 2024

Examiner-in-Charge School

Live Virtual February 13-22, 2024

@ www.csbs.org ♦ @csbsnews

CONFERENCE OF STATE BANK SUPERVISORS 1300 I Street NW / Suite 700 / Washington, DC 20005 / (202) 296-2840

Examiner-in-Charge School Live Virtual February 13-22, 2024

Week 1 Tuesday, February 13, 2024 1:00 pm – 1:30 pm

Introduction

Exam Management and Role as EIC

1:30 pm – 2:15 pm

Break

2:15 pm –2:30 pm

Case Study Introduction

2:30 pm – 2:45 pm

BREAKOUT: Review Pre-Course Scope Memo Assignment / Distribute Materials Packet #2

2:45 pm – 3:30 pm

Independent Work Time

3:30 pm – 4:00 pm

Wednesday, February 14, 2024 1:00 pm – 1:30 pm

Analyzing the “M” Component

Rating the “M” Component Exercise

1:30 pm – 2:00 pm

Break

2:00 pm – 2:15 pm

BREAKOUT: Meeting with Senior Bank Management

2:15 pm – 3:00 pm

Independent Work Time

3:00 pm – 4:00 pm

Thursday, February 15, 2024 1:00 pm – 1:30 pm

Rating the Composite

Rating the Composite Exercise

1:30 pm – 2:00 pm

Management Comments & Agendas

2:00 pm – 2:30 pm

Break

2:30 pm – 2:45 pm

Effective Virtual Meetings

2:45 pm – 3:00 pm

Internal Use Only

BREAKOUT: “Temperature Check” on Case Study / Independent Work Time

3:00 pm – 4:00 pm

Week 2 Tuesday, February 20, 2024 10:00 am – 12:00 pm

Meeting with Senior Examiner / Independent Work Time

Conveying Examination Findings

1:00 pm – 2:00 pm

Meeting with Senior Examiner / Independent Work Time

2:00 pm – 4:00 pm

Wednes day, February 21, 2024 12:00 pm – 4:00 pm

Exit Meeting Presentations / Independent Work Time

Thursday , February 22, 2024 1:00 pm – 1:45 pm

Board Meeting, Joint Examinations and Enforcement Actions

Case Study & Week Review

1:45 pm – 2:45 pm

Optional Feedback Meetings

2:45 pm – 4:00 pm

Internal Use Only

Examiner-in-Charge School February 13-22, 2024

1

Internal Use Only

Welcome!  Reminder: Approximately 8 hours outside of class time will be needed for independent work.  Please be ready to learn and engage with your peers.  Be camera ready and have your camera turned on.  Minimize distractions as best as possible (close out of email, put your phone on silent, etc…)

2

Internal Use Only

3

Internal Use Only

Instructors

Brad Coker

Michelle Lindner

Baker Moseley

Examinations Coordinator, Market and Liquidity Risk

Accounting Examiner Specialist Nebraska Department of Banking and Finance

Assistant Deputy Commissioner

Arkansas State Bank Department

Alabama State Banking Department

4

Internal Use Only

Introductions

SOMETHING YOU HOPE TO LEARN DURING THIS CLASS

NAME AGENCY AND STATE

YEARS OF EXPERIENCE AS EXAMINER

FUN FACT ABOUT YOURSELF

5

Internal Use Only

Exam Management and Your Role as EIC

1

Internal Use Only

Pre Planning

Examination Follow-up

Off-Site Week

EIC

Board Meeting

Onsite

Writing the Report of Examination

Exit Meeting

2

Internal Use Only

Pre-Planning

Initial Contact with Management • Introduction •Sooner rather than later

Familiarize Yourself with the Bank •Internal and external documents •Conversations with examiners and bank management

Identify Key Risk Areas. •Draw conclusions on risks,

examination strategy, and assignments

3

Internal Use Only

Pre-Planning Continued

Requesting Examination Information • Draw conclusions on risks, examination strategy, and assignments

Determine Staffing

Creation of Scope Memo

•Subject matter experts •Sufficient to complete a timely examination

• Varies by department • At a minimum, should cover • Institutional overview • Risk assessment • Discussions with Management • Prior examination findings • Financial analysis • Assignments/logistics

4

Internal Use Only

Off-Site Week

•Communicate with your exam team.

Communicate

•Organize your materials.

Organize

•Check your request list and follow-up

Check

•Complete as much exam work as possible.

Complete

5

Internal Use Only

Onsite

Encourage Communication • Open communication with management • Regular discussions with exam team to keep them on track • Keep your supervisor informed • Meetings, meetings, meetings Time Management • Maintain lists to keep on track • Allows you to organize thoughts for management discussions • Ensures potential issues are brought to resolution

• Serves as source for structuring exit meeting • Acts as reminder for items that need completed

6

Internal Use Only

Onsite - Continued

Conduct Meetings • First day • Fact-finding • Director’s conferences Complete Your Assignments. • Management component • Other areas • Develop overall conclusions

•Update •Wrap up •Exit

7

Internal Use Only

Exit Meeting Exit Meeting

Develop formal agenda.

Ensure your supervisor is in agreement with all conclusions.

Be prepared.

NO SURPRISES.

8

Internal Use Only

Exam Management & Your Role as EIC

Review/edit comments from other examiners. 1

Complete additional report pages. 2

3

Be mindful of writing tips from your department. 4

Ensure ratings and conclusions are supported and accurate.

9

Internal Use Only

Board Meeting

Formal written agenda.

Outline of significant items.

Communicate and know your audience.

Preparation.

10

Internal Use Only

Examination Follow-Up

• Level of involvement may vary • Review examination responses • Provide feedback to examiners

11

Internal Use Only

Meetings – A Big Waste of Time?

_______ people present Wrong

No real _p _u _r p_ o_ _s e_

Ambiguous _________ objectives

Agenda isn’t _______ followed

People aren’t ________ prepared

No _______ agenda

________ people present Too many

No ______ / ________ results decisions

Starting/ Ending ______ Late

12

Internal Use Only

Questions?

13

Analyzing the M Component C A M E L S

1

Analyzing the “M” Component

Most important part of your analysis

Management consists of Board and Executive Management

The Glue that ties it all together

In-Class Exercises

2

Management / Board

The management assessment includes an analysis of the board of directors.

The board of directors is the source of all

authority and responsibility.

Responsible for: • Formation of sound polices and objectives of the bank • Effective supervision of its affairs, and • Promotion of its welfare.

3

Management / Board

Various laws govern the election of board members and also govern transactions between board members and the institution

Directors should have ideas of their own and express them

Directors should have sufficient time to fulfill their responsibilities

Directors should be free of financial difficulties and possess personal integrity

4

Management / Board

A primary duty of a board is to select and appoint executive officers who are qualified to administer the bank’s affairs effectively and soundly.

Directors should avoid self-serving practices and conflicts of interest and place performance of their duties over personal concerns.

The board should ensure adequate MIS is in place to provide the board with accurate and sufficient reports to know bank’s condition.

5

Management / Board Ensure appropriate internal control system and adequate auditing program is in place Supervision by directors does not mean the board is performing management tasks Directors can be held personably liable for: • Breach of trust • Negligence which causes loss • Misappropriation of bank assets • Dereliction of Duty • Failure to maintain reasonable supervision over the activities and affairs of the bank, its officers and employees

6

Senior Management

Risk – the potential for loss or gain resulting from a specific action

Risk is okay.

Must learn and evaluate management’s view of risk.

Does management understand the risk they are taking and what could go wrong?

Management must identify, measure, monitor and control risk.

Do they have the balance sheet to take on this level of risk?

7

Component Rating Definitions

The capability of the board of directors and management, in their respective roles, to identify, measure, monitor, and control the risks of an institution’s activities and to ensure a financial institution’s safe, sound, and efficient operation in compliance with applicable laws and regulations is reflected in this rating.

8

Component Rating Definitions (cont.)

• Active oversight by the board of directors and management; • Competent personnel; • Adequate policies, processes, and controls taking into consideration the size and sophistication of the institution; • Maintenance of an appropriate audit program and internal control environment; and • Effective risk monitoring and management information systems.

Sound management practices are demonstrated by :

9

Component Rating Definitions (cont.)

Level and quality of oversight and support of all activities.

Ability to plan for, and respond to, risks that may arise from changing business conditions or the initiation of new activities or products.

The Management rating is based on an assessment of the following factors:

The adequacy of, and conformance with, internal policies and controlsaddressing operations and significant risks.

The accuracy, timeliness, and effectiveness of management information and risk monitoring systems appropriate for the institution’s size, complexity, and risk profile

10

Component Rating Definitions (cont.) Assessment factors continued: The adequacy of audits and internal controls. Compliance with laws and regulations.

Responsiveness to recommendations from auditors and supervisory authorities.

Managementdepth and succession.

Extent that the board and management is affected by, or susceptible to, dominant influence or concentration of authority. Reasonableness of compensation policies and avoidance of self-dealing.

Demonstrated willingness to serve the legitimate banking needs of the community.

The overall performance of the institution and its risk profile.

11

Component Rating Definitions (cont.)

A rating of 1 indicates performance by management and the board of directors and strong risk management practices relative to the institution’s size, complexity, and risk profile. All significant risks are consistently and effectively identified, measured, monitored, and controlled. Management and the board have demonstrated the ability to promptly and successfully address existing and potential problems and risks.

12

Component Rating Definitions (cont.)

A rating of 2 indicates management and board performance and risk management practices relative to the institution’s size, complexity, and risk profile. Minor weaknesses may exist, but are not material to the safety and soundness of the institution and are being addressed. In general, significant risks and problems are effectively identified, measured, monitored, and controlled.

13

Component Rating Definitions (cont.)

A rating of 3 indicates management and board performance that or risk management practices that are less than satisfactory given the nature of the institution’s activities. The capabilities of management or the board of directors may be insufficien t for the type, size, or condition of the institution. Problems and significant risks may be inadequately identified, measured, monitored, or controlled.

14

Component Rating Definitions (cont.) Common characteristics of “3” rated M Components: • Poor financial performance • Heightened risk profile • Weak risk management practices • Elevated AQ concerns (rising, high levels of adversely classified) • Gaps in management • Repeat examination findings • Multiple violations / contraventions • Questions as to the sufficiency of staffing

• Dominant member of management • Lack of reliability in financial reporting • Noncompliance with an outstanding supervisory action • Absence of meeting minute documentation on discussions of significant risks

15

Component Rating Definitions (cont.)

A rating of 4 indicates management and board performance or risk management practices that are inadequate considering the nature of an institution’s activities. The level of problems and risk exposure is excessive . Problems and significant risks are inadequately identified, measured, monitored, or controlled and require immediate action by the board and management to preserve the soundness of the institution . Replacing or strengthening management or the board may be necessary.

16

Component Rating Definitions (cont.)

A rating of 5 indicates management and board performance or risk management practices. Management and the board of directors have not demonstrated the ability to correct problems and implement appropriate risk management practices. Problems and significant risks are inadequately identified, measured, monitored, or controlled and now threaten the continued viability of the institution. Replacing or strengthening management or the board of directors is necessary .

17

In-Class Exercise

Analyze the presented information and assess the M Component area. See handouts

• Institution A • Institution B • Institution C • Institution D • Institution E

18

Rating the Composite

1

Rating Definitions

Composite Rating

Changing Composite Ratings

2

Composite Rating Definition

• Managerial • Operational • Financial • Compliance

Careful evaluation of performance

• Capital adequacy • Asset quality • Management capability • Earnings quantity and quality • Adequacy of liquidity • Sensitivity to market risk

Key components to assess an institution’s financial condition and operations

3

Composite Rating Definition

Composite Rating 1 Financial institutions in this group are sound in every respect and generally have components rated 1 or 2 . Any weaknesses are minor and can be handled in a routine manner by the board of directors and management. These financial institutions are the most capable of withstanding the vagaries of business conditions and are resistant to outside influences such as economic instability in their trade area. These financial institutions are in substantial compliance with laws and regulations. As a result, these financial institutions exhibit the strongest performance and risk management practices relative to the institution’s size, complexity, and risk profile, and give no cause for supervisory concern .

4

Composite Rating Definition Composite Rating 2

Financial institutions in this group are fundamentally sound . For a financial institution to receive this rating, generally no component rating should be more severe than 3 . Only moderate weaknesses are present and are well within the board of directors’ and management’s capabilities and willingness to correct. These financial institutions are stable and are capable of withstanding business fluctuations. These financial institutions are in substantial compliance with laws and regulations. Overall risk management practices are satisfactory relative to the institution’s size, complexity, and risk profile. There are no material supervisory concerns and, as a result, the supervisory response is informal and limited.

5

Composite Rating Definition

Composite Rating 3 Financial institutions in this group exhibit some degree of supervisory concern in one or more of the component areas. These financial institutions exhibit a combination of weaknesses that may range from moderate to severe ; however, the magnitude of the deficiencies generally will not cause a component to be rated more severely than 4 . Management may lack the ability or willingness to effectively address weaknesses within appropriate time frames. Financial institutions in this group generally are less capable of withstanding business fluctuations and are more vulnerable to outside influences than those institutions rated a composite 1 or 2. Additionally, these financial institutions may be in significant noncompliance with laws and regulations. Risk management practices may be less than satisfactory relative to the institution’s size, complexity, and risk profile. These financial institutions require more than normal supervision, which may include formal or informal enforcement actions . Failure appears unlikely , however, given the overall strength and financial capacity of these institutions.

6

Composite Rating Definition

Composite Rating 4 Financial institutions in this group generally exhibit unsafe and unsound practices or conditions . There are serious financial or managerial deficiencies that result in unsatisfactory performance. The problems range from severe to critically deficient . The weaknesses and problems are not being satisfactorily addressed or resolved by the board of directors and management. Financial institutions in this group generally are not capable of withstanding business fluctuations. There may be significant noncompliance with laws and regulations. Risk management practices are generally unacceptable relative to the institution’s size, complexity, and risk profile. Close supervisory attention is required, which means, in most cases, formal enforcement action is necessary to address the problems. Institutions in this group pose a risk to the deposit insurance fund . Failure is a distinct possibility if the problems and weaknesses are not satisfactorily addressed and resolved.

7

Composite Rating Definition

Composite Rating 5 Financial institutions in this group exhibit extremely unsafe and unsound practices or conditions; exhibit a critically deficient performance ; often contain inadequate risk management practices relative to the institution’s size, complexity, and risk profile; and are of the greatest supervisory concern . The volume and severity of problems are beyond management’s ability or willingness to control or correct . Immediate outside financial or other assistance is needed in order for the financial institution to be viable. Ongoing supervisory attention is necessary. Institutions in this group pose a significant risk to the deposit insurance fund and failure is highly probable .

8

Changing Composite Ratings

• Internal and external parties Communication

• Be thorough • Expect questions

Analysis

• Based on the analysis • Needed for ALL conclusions

Support

• Cannot over-communicate Communication

9

Questions

What are some tips/tricks for keeping everything organized during the exam process?

What are some best practices for bringing findings together at the end of the exam for both the exit meeting and report?

10

Questions?

11

Internal Use Only

Agendas & Management Comments

1

Internal Use Only

Exit Meeting Agenda

Clear identification of risk or finding.

Summarize the area.

Use of tables.

Consistent wording.

Mindful of your audience.

Consider your order.

2

Internal Use Only

3

Internal Use Only

Section Heading

If numbers are in the table, do not need to state again in the bullet points.

Use of key words.

Entire section / component summarized in five bullet points.

Clear distinction of what the findings are, and consistent wording, using action word for findings.

4

Internal Use Only

5

Internal Use Only

6

Internal Use Only

Your meeting agenda is due by Wednesday, February 21 at 10 AM ET Don’t forget to include your assigned rating for: 1. Management 2. Composite

7

Internal Use Only

Management Comment

Focus on the risk level and trend, and specific findings.

Strong introductory sentence.

Order your findings.

Support your rating.

Consistent wording.

Written for layperson.

8

Internal Use Only

9

Internal Use Only

10

Internal Use Only

11

Internal Use Only

12

Internal Use Only

13

Internal Use Only

14

Internal Use Only

Your Management comment is due by Wednesday, February 21 st at 8 PM ET

Reminder: Include your assigned Management rating and be sure your comment supports it.

15

Internal Use Only

Examiner-in-Charge School Effective Virtual Meetings

1

Internal Use Only

2

Internal Use Only

3

Internal Use Only

Session Learning Objective: • Learn tips for conducting virtual meetings.

4

Internal Use Only

1. Agenda

5

Internal Use Only

2. Introductions

6

Internal Use Only

3. Prepare

7

Internal Use Only

4. Minimize Distractions

8

Internal Use Only

5. Technology

9

Internal Use Only

6. Etiquette

10

Internal Use Only

7. Close the Meeting

11

Internal Use Only

Questions

12

Internal Use Only

Conveying Examination Findings

1

Internal Use Only

Exit Meeting

2

Internal Use Only

Communication

• Critical to examination process

• Strength in both written and verbal communication is necessary

• Ability to vary communication styles is important

3

Internal Use Only

Purpose of the Exit Meeting

• Provide closure to exam

• Obtain verification of examination facts

• Alert management to items included in the Report of Examination

• Alert management to other items

4

Internal Use Only

Exit Meeting Tone and Format

• Consistent with management discussions

• Consistent with the materiality of exam findings

• Consistent with the tone used in the Report of Examination

5

Internal Use Only

Meeting Agendas

Necessity of formal agendas  Office requirement  Numerous issues  Material recommendations

Agenda Formats  Vary by state and federal agency  Concise and void of clutter  Spelling and Grammar

6

Internal Use Only

Additional Handouts

• Vary by state

• Know the practices of any participating federal agency

• Regulations, FILs, State Laws

• Ratio Tables

7

Internal Use Only

Meeting Disclosures • No surprises – IMPORTANT!!!

• CAMELS • Violations • Recommendations • Risk factors

8

Internal Use Only

Items Worthy of Discussion Only

• EIC needs to be able to distinguish between discussion only topics and reportable issues

• Recent instance of a poor banking practice

• Prior poor practices

• Corrections during the exam

• Inadvertent Violation

9

Internal Use Only

Tips for a Successful Exit Meeting

• Encourage a dialogue • Familiarize yourself with ROE • Absolute agreement? • Keep management informed • EIC should update bank management on all items in process of review • Bring another examiner

10

Internal Use Only

Tips for a Successful Exit Meeting

• Leave no surprises

• Advise of any potential regulatory actions

• Advise management to respond

11

Internal Use Only

Subsequent Events

• Advise bank management of any changes to individual CAMELS component ratings and/or composite rating

• Document the exit meeting discussion

12

Internal Use Only

Writing the ECC Page

13

Internal Use Only

You need to catch the readers’ attention!!

14

Internal Use Only

15

Internal Use Only

16

Internal Use Only

Most Critical Section of the Report of Examination

• First report section reviewed

• Sometimes the only section reviewed

17

Internal Use Only

Purpose of the ECC Page Comments

• Highlights critical findings

• Ranks the importance of examination findings

18

Internal Use Only

Purpose of the ECC Page Comments - continued

• Pull together the component ratings to form a composite rating.

19

Internal Use Only

Tone of ECC Page Comments

• Commensurate with the level of materiality of weaknesses reported.

• Consistent with the tone used in management discussions.

20

Internal Use Only

Influence Further Reading

• Highlight critical examination findings.

• Avoid inclusion of immaterial findings.

• Be as concise as possible.

• Choose words carefully.

• Use appropriate grammar and spelling.

21

Internal Use Only

ECC Page Format

• May vary between agencies and states

• Discuss the composite rating

• Identify the overall risk profile of the organization

• Present individual CAMELS components in order of importance

22

Internal Use Only

Main Topics • Composite rating • Overall risk profile • Highlight commitments made by management • Specify whether a management response is required

23

Internal Use Only

Board Meetings, Joint Examinations and Enforcement Actions

1

Internal Use Only

Board Meetings Know your audience / Be Prepared • Many aren’t bankers and probably won’t understand our daily language High points / Significant Issues • Don’t get bogged down in too much detail unless it is the main issue • Practice – Vet out your thoughts with co-workers • You are your office. Don’t pass the buck.

You most likely will not be alone • Your supervisors might have things to say. Have a plan worked out before hand

2

Internal Use Only

Board Meetings - Continued

Other thoughts or experiences?

3

Internal Use Only

Joint Examinations More frequent now:

• Banks over 3 Billion in assets

• Problem banks or bank’s with identified issues

• Just to coordinate resources

4

Internal Use Only

Your role as EIC • Early communication in planning • Which agency is the lead for processing?

• It is and should be a joint process • Coordinate staffing and resources • Should make it as seamless as possible for the institution • Remember both agencies will have bosses that have questions or want to be informed

5

Internal Use Only

Your Role - Continued • Contact and meetings with bank management shouldn’t be conducted alone • Avoid disclosing conclusions with management until things have been vetted

6

Internal Use Only

Enforcement Actions

What is an enforcement action?

Why do bank regulators use them?

7

Internal Use Only

Types of Enforcement Actions • Informal vs. Formal • Typically joint actions • Contents:

• Identifies parties to the document • References a specific examination • Requires signatures of the directors • Sets time frames for initiating change • Usually requires updated to the regulators

8

Internal Use Only

Informal Actions

Regulatory Letter

Board Resolution

Memorandum of Understanding (MOU)

Section 39 of the FDIC Act (FDIC)

9

Internal Use Only

Formal Actions Written Agreement

• Issued to state member banks • Signed by Regulators and Board

Consent Order (C & D)

• Issued to state member and non-member banks • Signed by Regulators and Board • Requires bank to immediately stop inappropriate action or implement affirmative action

10

Internal Use Only

Formal Action – continued

Capital component will likely need to address Prompt Corrective Action (PCA) • If bank doesn’t consent there would be a hearing with a Administrative Law Judge • Capital Directives • Removal of Officers and/or Directors • Civil Money Penalties (CMPs) • Termination of Insurance • There are many specific limitations that occur when a PCA capital category drops

11

Internal Use Only

12

Internal Use Only

Examiner-in-Charge School Case Study Introduction

1

Internal Use Only

Case Study Key Notables:

Tue. February 13

Wed. February 14

Thu. February 15

Tue. February 20

Wed. February 21

Thu. February 22

•Intro, Review Scope, Distribute Packet #2 •Independent Work time

•Meet with “Bank

•Temperature Check with instructors •Independent work time

•30-minute one on-one with “Supervisor”  10:30 –12:30 EST and 2:00 – 4:00 EST •Independent Work time

•Exit Meeting •Presentation and observe

•Review •One-one-one feedback discussion with

Management” •Independent Work time

•Exit Agenda to Instructor prior to presentation •Management comment due by end of class

instructor (Optional)

2

Internal Use Only

Case Study Key Notables: Feedback provided considering: • Scoping Exercise • Meeting with “Bank Management” • Meeting with “Supervisor” • Exit Meeting Agenda • Exit Meeting Presentation • Written Management Component Comment • Overall Participation

3

AGENDA SAMPLES

Information Technology Management

 The Board’s supervision of the Information Security Program (ISP) is satisfactory; however, formality of reviewing management’s activities and the IT risk profile should be improved.  The IT Steering Committee meets sporadically. o The Board should implement a regular meeting schedule for the committee based on committee objectives and risk profile of the institution.  The risk assessment is generally appropriate, but provides minimal consideration to cloud services, cyber related risks, and accepted audit risks. Strategic Planning  The IT Strategic Plan is short-term (12 months) and the enterprise-wide plan lacks specificity for adequate planning. o Strategic plans should be enhanced to include IT goals and needs 3 to 5 years into the future, ensuring allocation of IT resources and budget considerations. o IT strategic planning should align with the enterprise business plans. See also the FFIEC IT Handbook – Management Reporting and Monitoring  Currently IT Steering Committee meeting minutes and IT related reporting made to the Board is insufficient. o Management should develop an IT risk reporting process including defined reporting channels to ensure accurate, timely, and relevant reporting is made to the appropriate levels of management. o Formal reports to the Board, and documentation in Board meeting minutes, should include, at a minimum, the annual GLBA report and Identity Theft/Red Flag report. See also the FFIEC IT Handbook – Management

Proposed Rating –

*Certain agenda items have been omitted for the purposes of this CSBS course.

1

EARNINGS -

EARNINGS

Period Ended 09/30/2023

Peer

Period Ended 12/31/2022

Period Ended 12/31/2021

09/30/2023

Net Income (After Tax)/Average Assets Net Interest Income (TE)/Average Earning Assets Total Noninterest Expense/Average Assets

1.00 3.03

1.18 3.66

0.41 3.57

0.02 3.58

3.41

2.61

3.41

3.76

 The institution remains structurally unprofitable.  Normalized, the ROAA fall to negative 0.19% when adjusting for realized security losses ($40,000), reverse ACL provisions ($943,000), and loss contingency related to the Leon Smith lawsuit ($150,000). o Overhead expenses remain elevated and rank in the 90 th percentile of the peer group. o Personnel expenses continue to exceed bank profitability.  Reported net interest margin has declined 63 basis points (bp) from 9/30/2022 as cost of funds increase faster than assets have repriced. o NIM normalized to exclude interest recoveries of $539,000, falls to 3.11%. Projections  Management’s profit plan focuses on loan growth and targets $8 million in 2023.  $5 million has been raised as of 9/30/2023, and management anticipates meeting the target by year-end.  Budgeting practices have improved since the prior exam and project approximately $40,000 of profit in 2024 with $12 million (15%) in loan growth.  Future expense considerations not included in the 2024 budget: $700,000 potential ORE Loss 205,000 minimum salary expense to fill vacant positions 72,000 possible additional loss relative to the Smith lawsuit Recommendations:  Record the Fausch loss contingency in accordance with GAAP.  Ensure non-interest expense budget totals give appropriate consideration to probable expenditures.

2

REPORT OF EXAMINATION (ROE) SAMPLE COMMENTS

IT MANAGEMENT – 2

The Board has established satisfactory risk management practices and identify, monitor, and control IT and Information Security Program (ISP) related risk appropriately. IT policies and procedures generally reflect the complexity of the risk environment. The Risk Assessment lacks adequate identification of cloud services, and cyber security risks, and acceptances of audit findings are minimally addressed. The IT Strategic Plan is short-term and limited to considerations of the IT department. The bank-wide Strategic Plan encompasses all business units, including the IT department; however, it lacks specificity necessary to coordinate IT resources, and assess and mitigate risks of new services and technologies. Compliance with Interagency Information Security Standards Management is compliant with Appendix B to Part 364 – Interagency Guidelines Establishing Information Security Standards of the FDIC’s Rules and Regulations. The annual IT Report covering the status of the ISP was reported to the Board as a consent agenda item on August 22, 2023. Cybersecurity Preparedness Management self-assessed cyber risk using the FFIEC Cybersecurity Assessment Tool resulting in an inherent risk profile of minimal and baseline maturity level. Management also completed the Ransomware Self-Assessment Tool to evaluate ransomware threats. Reporting and Monitoring Currently all IT related items receive blanket Board approval with no discussion or review of supporting documentation. Management should develop an IT risk reporting process including defined reporting channels to ensure accurate, timely, and relevant reporting is made to the appropriate levels of management. Documents which assign responsibility for the ISP and annual reports of management’s efforts to implement the ISP should be formally reviewed the by the Board and noted in meeting minutes, including annual approval of the information security program/policy and risk assessment, annual Gramm Leach Bliley Act (GLBA) report, and annual Identity Theft/Red Flag report. Refer also to the FFIEC Management IT Handbook for additional guidance.

COO Jody Smith committed to ensuring the aforementioned items are reviewed and formally approved at the next meeting on February 8, 2024.

1

MATTERS REQUIRING BOARD ATTENTION (MRBA)

PROFITABILITY

Management has complied with the Supervisory requirement to prepare a Profit Plan annually; however, plans have not yet resulted in the adequate generation of core operating profits. The institution remains unprofitable due to a combination of asset mix, narrowing net interest margin, and high overhead expenses. The Board should review all elements of institution earnings thoroughly and prepare future profit plans with the goal of restoring profitability through changes to the asset and liability mix, overhead expenses, and/or non-interest income. Failure to restore profitability will limit the institution’s ability to support holding company debt payments, augment capital, and provide a cushion for interest rate risk exposure.

EXAMINER COMMENTS AND CONCLUSIONS (ECC)

EARNING - 3

Earnings are less than satisfactory. The institution remains structurally unprofitable, and core earnings have been negative or negligible the last five years. Further, earnings projections indicate that near-term profits, while improving, will not be sufficient to provide for organizational needs. The sustained poor earnings performance and weak income projections indicate that further efforts are needed to improve profitability to levels sufficient for operational and Holding Company debt service needs. The reported September 30, 2023, Return on Average Assets ratio of 1.00 percent falls to negative 0.02 percent when adjusted to exclude nonrecurring items that include realized securities losses of $40,000 and allowance for credit loss (ACL) reverse provisions of $943,000. Refer to the Matters Requiring Board Attention pages for recommendations to address underlying earnings deficiencies. In accordance with Generally Accepted Accounting Principles (GAAP), management should record a $150,000 contingent loss expense that has been deemed probable related to the Leon Smith lawsuit. This expense will further reduce current year earnings.

CFO Johnnie Yale provided examiners with the accounting entries to signify that the contingent loss expense was recorded on November 17, 2023.

Despite loan growth realized during 2023, interest rate sensitivity, caused primarily by exposure to longer-term assets, has prevented meaningful earnings improvement. The Net Interest Margin (NIM) of 3.03 percent has declined from 3.11 percent at year-end 2022 (ratio adjusted for nonrecurring interest recoveries that totaled $539,000).

Noninterest expenses remain elevated ……

Budgeting practices have improve; however, projected 2024 profits of $40,000 are insufficient to support operating needs….

Chairman Barbara Royal stated that she believes earnings will continue to improve as expenses related to loan collections, litigation, and consultants decline. President Jack Casey stated that the key to improving profitability is growing loans but that he and the Board are committed to maintain strong credit quality.

*Comment sections have been omitted for the purposes of this CSBS Course.

2