Financial Institutions

AdvisorInsights for 2020 and beyond

PLANTE MORAN1

ContentsIndustry spotlight: Banks and credit unions 2

Tax planning: Don’t lose sight of what’s coming 4

Financial institution regulations and fintech compliance: A two-fold approach to risk management 7

Managing credit risk in today’s environment 10

Key accounting and regulatory changes you need to know 12

The expected impact of CECL: Going beyond “It depends” 16

Digging deeper into risk assessments: The questions you should be asking 19

Making the right decisions: The importance of model risk management 22

The new Business Continuity Management booklet: Four questions you should ask 24

Financial institutions at a glance 27

Our leaders 28

2Financial Institutions Advisor

Banks The Federal Reserve Board (Fed) recently released a report on banking conditions, indicating healthy loan growth in all categories, continued positive loan performance; improving reserve coverage ratio, robust profitability, and confidence in liquidity and capital levels in the banking system.

Primary concernsWhile there are many reasons to be optimistic, the Fed warned of some concerns within lending, specifically, increased concentration in commercial real estate (CRE) loans; moreover, the reserve ratio remains low by historical standards. As such, banking regulators continue to monitor evolving risks and are promoting their efficient, transparent, and simpler approach to supervising and regulating banks. Ninety-five percent of community banking organizations and larger regional banks are reportedly rated as satisfactory, compared to just over 50% of larger institutions (over $100 billion in assets).

Other risk areasIT/operations risk is followed by credit risk and internal controls as the top three outstanding supervisory findings for community banks. The regulatory focus will remain on credit, specifically commercial real estate lending and agricultural lending concentrations, with underwriting and administration being a priority. Fintech and cybersecurity lead the operational risks with Bank Secrecy Act/anti-money laundering law (BSA/AML), liquidity, and understanding transition plans for changes in accounting (CECL) and LIBOR rates.

Regulatory reliefStarting with the first-quarter call report, a new, simpler capital ratio will be allowed for community banks. The Community Bank Leverage Ratio (CBLR) is an optional ratio (a bank must opt in) that simplifies the measurement of capital to one calculation: Tier I capital/average consolidated assets.

INDUSTRY SPOTLIGHT

PLANTE MORAN3

Credit unions In recent testimony, the National Credit Union Administration (NCUA) Board Chair stressed the focus on the strong state of the industry, the Share Insurance Fund, and the efforts to improve the NCUA efficiency and effectiveness in the ever-changing financial services marketplace. Capital levels in excess of minimums across the system and a growing asset base (to $1.53 trillion) support the testimony.

Priority topics Topics include cybersecurity and technology and the emerging risks and threats posed by adopting financial innovations. Tools issued by the FFIEC Cyber Assessment Tool (CAT) were customized into an Assisted Information Security Maturity Self-Assessment Program in 2018 to help prepare credit unions for the Automated Cybersecurity Examination Toolbox (ACET). Between 2019-2020, all scheduled institutions between $100 million and $1 billion will have been assessed under the ACET maturity assessment to help establish baseline benchmark data.

Other risk areasBSA/AML and fintechs continue to be areas the NCUA is working diligently to address. With respect to BSA/AML, the focus is clarifying expectations for examiners in regard to the alliance with FFIEC agencies and U.S. Treasury. The NCUA continues to look for ways federally insured credit unions can adopt and embrace fintech to stay competitive.

Regulatory reliefCommercial real estate appraisal thresholds were increased from $250,000 to $1 million. There are also proposals out to understand the residential real estate appraisal from $250,000 to $400,000, requiring written estimate of market values of real property collateral in lieu of an appraisal.

4Financial Institutions Advisor

Don’t lose sight of what’s comingSince the Tax Cuts and Jobs Act was introduced, many guidelines have been issued to bring clarity to specific rules, including several that significantly impact financial institutions. Here are a few practical suggestions to consider.

We’re now in year two of tax reform following the introduction of the Tax Cuts and Jobs Act of 2017 (TCJA). Since the Act was implemented, a number of guidelines have been issued in order to clarify specific rules — many of which have a significant impact on financial institutions.

Below we highlight four tax reform items to continue to be aware of, identify proposed tax changes, and emphasize areas financial institutions should consider as they prepare their annual tax filings. We also highlight tax-planning activities to consider moving forward.

Tax changes: Four hot topics

REVENUE RECOGNITION AND 451(B)The TCJA amended Section 451 to change the timing of the recognition of income for accrual method taxpayers. The amendment basically states that if something is recognized in book income on an applicable financial statement, then it also needs to be picked up in taxable income at that time. Fortunately for financial institutions, the proposed rule excludes mortgage servicing rights. While this has been around since the TCJA was passed, it has heightened awareness today for two reasons.

The first reason is due to the IRS releasing proposed regulations in September to help clarify the rules provided for in the TCJA. The second reason relates to the potential impact that 451(b) could play related to any changes implemented under the new book revenue recognition standards. As bank accounting teams are working with their auditors to document and understand the impact of the new revenue recognition standard, please remember that 451(b) could play a role in the tax treatment of that change.

Brian HowePartner

brian.howe@plantemoran.com

Jeannette ContrerazPartner

jeannette.contreraz@plantemoran.com

Theresa GreenwayPartner

theresa.greenway@plantemoran.com

1

TAX PLANNING

PLANTE MORAN5

Actions to considerFinancial institutions should keep the impact of 451(b) top of mind when analyzing any potential changes that may result in the way revenue is recognized for book purposes for 2019 and going forward. If change results in a way where the tax treatment is also changing, then the institution may need to consider making an accounting method change. Financial institutions should work with their tax advisor to determine whether the change would be a nonautomatic or automatic method change.

ACCELERATED DEPRECIATIONBonus depreciation is an incentive included in the TCJA that allows for 100% depreciation of eligible asset purchases (e.g. computer equipment) in the first year for purchases occurring after Sept. 17, 2017. Currently, 100% bonus depreciation is slated to remain in effect until the end of 2022. Beginning in 2023, it’s scheduled to drop 20% each year for four years, fully expiring at the end of 2026. While financial institutions are currently eligible for significant favourable benefits, they should recognize that the benefit is creating a deferred tax liability that will reverse.

Section 179 is also applicable to purchases of this nature. Section 179 deductions for 2019 are eligible on asset purchases up to $2.5 million in total. In excess of $2.5 million, the deduction is reduced on a dollar-per-dollar basis. Businesses that spend $3.5 million or more on related asset purchases aren’t eligible for the deduction. Section 179 expenses must be taken out before bonus depreciation is calculated.

Actions to considerWhen weighing Section 179 and bonus depreciation options, on the surface by electing either accelerated depreciation method, you’re eligible to deduct 100% of your eligible asset cost in the year of purchase. But, financial institutions should consider their relevant state tax implications. They could see a potentially state tax favorable result by taking Section 179 over bonus depreciation because while many states require you to add back the bonus, fewer do the same for Section 179 expenses.

Financial institutions should analyze on an ongoing basis whether it makes sense to use bonus depreciation, considering their income and whether there are any net operating losses that might cause them to want to elect out. They should also be mindful from a cash perspective that when the bonus depreciation rule starts to phase out — the deferred tax liability mentioned above that has been built up will likely start to reverse and thus become a cash tax event to the IRS.

2

6Financial Institutions Advisor

NONDEDUCTIBLE PARKINGIn December 2018, the IRS issued guidance related to nondeductible parking expenses in Notice 2018-99. The Notice details how to calculate the qualified transportation fringes (QTFs) no longer eligible for deduction — for financial institutions. Initially, it was expected that this change would primarily apply to institutions located in large cities; the reality, however, suggests that all institutions should consider their parking situation both at the head office and branch level.

Actions to considerFinancial institutions should work with their tax advisors to understand the implications of the new rules. They should also consider their current parking situation and explore whether signage should be changed in ways that would help minimize tax impacts.

ENTERTAINMENT EXPENSESThe TCJA made significant changes to eligible meals and entertainment expenses. Under the changes, which took effect in 2018, eligible meal related expense deductions are limited to 50%, while general entertainment expenses are no longer deductible.

Actions to consider Financial institutions should monitor their expenses and consider opportunities to minimize the entertainment component of their spend. They should also focus on breaking out events or activities, keeping records and details of different components in order to maximize the 50% deduction for meals.

Be well preparedTax reform and required adjustments can be complicated. Financial institutions should work closely with their tax advisors to make sure they understand how changes are evolving and what impact they might have on their federal and state tax liabilities.

Want more information on any of the issues highlighted in this article or on any other tax matters? Please contact your local Plante Moran tax advisor.

3

4

DON’T FORGET

Tax credits: With everything else that’s happening, don’t overlook the value of tax credits. For example, we see financial institutions investing in low-income housing credits and new markets tax credits. These credits have wide-ranging benefits: offsetting taxes, flowing through losses — which reduce tax liabilities, and can provide Community Reinvestment Act credits.

Opportunity zones: Created under the TCJA, opportunity zones provide a great opportunity to defer capital gains, so they shouldn’t be overlooked. If a bank has generated a capital gain, they should speak to their tax advisor to discuss how they might be able to use opportunity zones to avoid tax on the gain while also earning a good return.

PLANTE MORAN7

COMPLIANCE

FINANCIAL INSTITUTION REGULATIONS AND FINTECH COMPLIANCE:

A two-fold approach to risk managementFinancial technology, or fintech, companies are revolutionizing the services offered by financial institutions. But innovation isn’t without risk. We break down the risks for all parties and offer ways to improve your risk management program.

Fintech companies are on the rise and rapidly replacing traditional financial institution functions with smart technology. Financial institutions are collaborating with fintech companies to offer customers quick and convenient access to an array of banking services, including automated online payments, fund transfers, personal loans, investments, and more. Fintechs enable these services by leveraging new technologies that automate and optimize banking processes.

But while bank and credit union partnerships with fintechs create a more convenient experience for customers, there are many variables — and risks — both financial institutions and fintechs should consider before joining forces.

Three major risks for both financial institutions and fintechs include:

REPUTATIONAL RISKWhether you’re a financial institution or a fintech company, you face reputational risk when a new product is brought to market. Financial institutions and fintechs both invest significant time and resources in customer relationships — just one misstep can destroy your customers’ trust. Reputational damage could impact your credibility across the board, affecting the bottom line for additional products and your business as a whole.

Troy SnyderPartner troy.snyder@plantemoran.com

James SiegelManager james.siegel@plantemoran.com

1

8Financial Institutions Advisor

REGULATORY RISKRegulatory risk is an immediate concern for financial institutions that partner with fintech companies. Fintech products are changing the game for the financial services industry at an incredible rate, and lawmakers can’t keep up. Since it could take years to modify financial institution regulations to accommodate fintech products, regulators are carefully examining fintech relationships to ensure financial institutions are still in compliance with traditional regulations. It’s critical for financial institutions to build a strong compliance foundation at the start of any fintech partnership to prepare for increased scrutiny from regulators.

Fintechs currently aren’t subject to federal examinations, but that doesn’t mean they won’t be in the future. The Office of the Comptroller of the Currency (OCC) already has proposed a special-purpose national bank charter specifically for fintech companies. Many state attorneys general have expressed concern and interest in providing regulatory “sandboxes” for fintechs, with which future regulations are to be developed.

UNEXPECTED AND UNFORESEEN RISKSAs with any new product, unforeseen risks are ever-present. The greatest risk is the one nobody notices because it hasn’t happened yet. The opposing dynamics of fintech companies and financial institutions create the perfect storm of risk. Fintech companies have limited experience dealing with both regulations and regulators. And, financial institutions aren’t accustomed to the fast-paced, rapidly changing environment in which fintech companies operate. It’s not hard to imagine how these opposing weaknesses could overlap and contribute to a significant risk management blind spot.

How financial institutions should approach a fintech partnership

Understand the fintech’s risk management program. A fintech may already have a risk management program in place that addresses risks posted by anti-terrorist financing (ATF) regulation, General Data Protection Regulation (GDPR), and other international regulations. However, it’s likely that financial regulatory compliance requirements haven’t been completely incorporated into the fintech’s existing risk management program.

Ask about the fintech’s current compliance program and personnel in place, as well as any available risk assessments, policies, procedures, training programs, and audit programs. You should also explore how these will evolve into the compliance function you (and your regulators) need to see.

Build a robust risk management program that includes financial institution compliance.If your fintech partner’s risk management program isn’t tailored to a financial institution relationship, create a plan of action to build out a robust banking compliance program. Make sure the fintech understands its role and how it can help you address any regulatory examiner concerns. A trusted risk management advisor can collaborate with the fintech to design and implement strong internal controls and build a compliance culture.

2

3

PLANTE MORAN9

How fintechs should prepare for financial institution compliance

Lay the groundwork for current and future financial institution regulations.Building or strengthening your regulatory compliance program requires time and energy. Look beyond your current product offerings and consider what products you want to offer in the future — six months, two years, five years. Identifying these products and services, and a timeline for implementation will help you predict the types of regulatory pressures you’ll face. Building a compliance infrastructure is like building a house: If you lay the foundation correctly, you avoid the happenstance and cost of rebuilding in the future. Take the time to articulate future regulatory risks and incorporate them into your risk management program.

Prepare for new fintech regulatory requirements.Unlike in the tech industry, regulation is a major factor in the world of financial institutions. As more financial institution-fintech partnerships form, more regulations will come into play for both parties. At the very least, you need to understand how existing financial regulations will shape your relationships with financial-institution partners. In order to build a truly successful regulatory compliance function, take your organization one step further and anticipate what regulators could be asking for in the years ahead, both from financial partners and from fintechs themselves.

Control compliance costs and resources.The idea of building a compliance program might create concerns about additional staff needs, arduous processes, or exorbitant costs. But the truth is, implementing a compliance program doesn’t have to distract from your business. When new products and services are in their infancy, the volume of transactions and incoming revenue usually doesn’t warrant hiring more resources. Regulatory compliance risk management experts can help you build and maintain a compliance program on an as-needed basis. Knowing that resources are available to your organization — whether it’s an initial compliance program buildout, periodic staff augmentation, or performing periodic compliance audits — can help you achieve compliance success without breaking the bank.

Risk is inherent in any type of new venture, but don’t let the regulatory risks of new fintech and financial institution partnerships restrict innovation. By leveraging the expertise of risk management consultants, financial institutions and fintechs alike can go beyond simply addressing regulatory compliance risk for new joint ventures. They can also add value to their own organizations by adding, and strengthening, internal controls related to risk management.

Take the time to articulate future regulatory risks and incorporate them into your risk management program.

10Financial Institutions Advisor

Managing credit risk in today’s environmentLeveraged lending market and the M&A market — two key areas where risks for financial institutions are increasing. Here are a few tips to help you manage risks effectively in the current business environment.

Financial institutions are under a significant amount of pressure. They’re constantly working to balance risks and opportunities in order to manage their portfolios and drive future growth.

Below, we highlight two key areas where risks are increasing — the leveraged lending market and the M&A (mergers and acquisitions) market — and suggest activities that can help financial institutions ensure they’re managing their risks effectively.

LEVERAGED LENDING MARKETThe leveraged lending market has seen increased stress over the past year, with a range of factors impacting potential lending decisions. Leveraged lending refers to a transaction where the borrower’s post-financing leverage, when measured by debt-to-assets, debt-to-equity, cash flow-to-total debt, or other such standards unique to a particular industry, significantly exceed industry norms for leverage.

Increasing market stressSigns are pointing to market bifurcation — with GDP, marketing, and manufacturing factors suggesting a leveling off in the economy, while real estate prices continue to inflate. In the Midwest, for example, real estate prices are near 15- and 20-year highs. In the event a negative trigger occurs in the market, real estate values could decline very rapidly which will significantly affect loan-to-value ratios.

The economy has also experienced a flattening curve between 10-year and two-year U.S. Treasury Bond yields. At the end of November, the 10-year yield was 15 basis points away from falling below the two-year yield level, which would have resulted in a yield curve inversion. The gap between short-term interbank lending rates and comparable risk-free U.S. Treasury rates also reflected market stress.

Growing risk for leveraged lendingAs a result of various economic and market issues, financial institutions have seen an increase in defaults within their leveraged loan portfolios. This has led to a tightening of credit within the leveraged lending market.

This is somewhat of a reversal from a year or two ago when community banks were looking to get into leveraged lending. Now, financial institutions are pumping the brakes — tightening up credit underwriting and suggesting that the market may experience a downturn in the short term.

Brian FraneyPartner

brian.franey@plantemoran.com

Kevin GarciaSenior Manager

kevin.garcia@plantemoran.com

1

LOAN REVIEW & QUALITY TRENDS

PLANTE MORAN11

What can financial institutions do to mitigate leveraged lending risks?For financial institutions with leveraged lending portfolios, mitigating risk will become a major factor in success, particularly if market stress continues well into 2020. In order to manage risks more proactively, financial institutions should monitor their borrowers’ financial performance more closely. This could include activities, such as:

• Reviewing financials more frequently than in the past, such as reviewing a borrower’s financial results quarterly rather than annually.

• Increasing scrutiny with accounts receivables, inventory and fixed asset capitalizations are monitored effectively to ensure credit quality is maintained, and that losses and delinquencies do not mount.

• Monitoring accounts payables listings to ensure the borrower is not extending terms with vendor relationships.

• Conducting more frequent meetings or site visits (i.e. biannually rather than annually or every 18 months) with borrowers to ensure the insitutiuon fully understands the customers business, any new business ventures that the customer is expending cash on not included in the lending relationship that could place stress on the balance sheet, as well as further understanding the key and their actions to mitigate risks related to their line of business.

Financial institutions that take the time to strengthen their monitoring of higher risk borrowers will be better able to manage more volatile market conditions and decrease the likelihood of future losses occurring.

MERGERS AND ACQUISITIONS MARKETM&A activity in the financial services sector increased significantly in recent quarters, with Q3-2019 results indicating $57.3 billion in global deal value — up 21.9% compared to Q2-2019. Over the first three quarters of 2019, global M&A value in the financial institution sector reached over $206 billion — up almost 43% compared to the same three quarters in 2018. The United States accounted for the largest share of M&A activity during the first nine months of 2019, led by February’s BB&T’s acquisition of SunTrust Banks for $28.2 billion.

With the regulatory environment in the United States becoming more conducive to M&A, activity involving banks, credit unions, and other financial institutions is expected to remain strong.

Understanding M&A risksMany small and midsized banks and credit unions in the nation are pondering deals as an opportunity to scale or grow, with the increasing M&A activity in the financial services sector. Yet, few have the in-house expertise to conduct the due diligence required to quickly understand and evaluate the risks within the lending portfolios of their target institutions. Such due diligence is instrumental, if financial institutions want to ensure they’re making the best deals given their current strategy and objectives and that they’re offering the right price for a given target. A lack of due diligence can lead to numerous surprises during the post-deal integration process, which can quickly erode deal value.

Working with a third-party advisor to conduct due diligenceAs noted above. few banks and credit unions have the resources or expertise required to conduct deal due diligence. When working with a third-party advisor, financial institutions gain access to dedicated resources with a wealth of expertise by conducting similar due diligence activities and using proven processes and methodologies, which ensure that key risks are identified and quantified for inclusion in final deal pricing. For example, this might include penetrating, evaluating, and analyzing a target’s commercial portfolio or loan portfolio and then providing critical insights about any potential risks and opportunities such as high loan to value ratios, lack of current financial information used to risk rate loans and the lack of documentation included in appraisals to support credit decisions.

By conducting appropriate due diligence, financial institutions can ensure they’re making the right go or no-go decisions with respect to potential M&A deals, and that they have the information they need to structure any resulting deals in a manner that will reduce their post-acquisition risks and give the institution the greatest opportunity for return.

Managing your risks to create new opportunitiesWe’ve worked with numerous financial institutions to manage and evaluate credit risks both within their own organizations and as part of the due diligence process related to M&A deals. If you’d like more information on any of the issues highlighted in this article, please contact your local Plante Moran business advisor.

2

12Financial Institutions Advisor

ACCOUNTING AND REGULATORY UPDATES

Key accounting and regulatory changes you need to know

Financial institution industry

DELAYS FOR MAJOR NEW ACCOUNTING STANDARDSIn November, the FASB approved the delay of several major accounting standards: CECL (Topic 326), Leases (Topic 842), and Derivatives and Hedging (Topic 815). This change is the first indication of the Board’s shift in mindset to an environment where large public companies adopt new standards multiple years before smaller institutions.

A summary of revised effective dates for December 31 fiscal year-end companies is below. See ASU 2019-10 for additional details and guidance.

CECL (Topic 326) » 2020 — SEC filers, excluding smaller reporting companies as defined by the SEC

» 2023 — All other entities

Leases (Topic 842) » 2019 — Public business entities, employee benefit plans, not-for-profit conduit bond obligors

» 2021 — All other entities

Derivatives and Hedging (Topic 815) » 2019 — Public business entities » 2021 — All other entities

Ryan AbdooPartner

ryan.abdoo@plantemoran.com

Kate KronesManager

kate.krones@plantemoran.com

PLANTE MORAN13

LIBOR PHASEOUTWith the anticipated discontinuation of LIBOR in 2021, institutions with significant borrowing, lending, or hedging transactions indexed to LIBOR are beginning to analyze contracts to identify where amendments are needed and searching for a replacement index rate.

A group convened by the Federal Reserve Board and Federal Reserve Bank of New York has identified the Secured Overnight Financing Rate (SOFR), a measure of the cost of overnight borrowing collateralized by U.S. Treasury securities, as a possible alternative rate for LIBOR.

Additionally, to offer relief for accounting for contract amendments executed to update the reference rate, the FASB has issued 2018-16. Under this update, modifications of loan, lease, or debt contracts to reference a new index rate are treated as a continuation of the initial contract and don’t need to be analyzed to determine if they qualify as a new agreement. The standard expands circumstances under which hedge accounting will be preserved when agreements are modified, and is effective for contract modifications completed through Dec. 31, 2022.

Credit unions

2019 SUPERVISORY PRIORITIESAs we await the release of the NCUA’s 2020 supervisory priorities, we reviewed trends in the regulator’s focus noting cybersecurity, BSA compliance, interest rate and liquidity risk, and consumer compliance have appeared on the list of priorities consistently over the last three to four years.

Cybersecurity and IT appear to continue to be points of emphasis, including the introduction of new information security examination procedures, which will be piloted through 2020 preceding full implementation scheduled for 2021. The NCUA intends to provide additional resources to credit unions in this area through the publication of monthly cybersecurity articles, enhancements to its cybersecurity website, and cybersecurity forums.

Cybersecurity assessment

BSA compliance

Interest rate and liquidity risk

Consumer compliance

Concentrations of credit

CECL implementation

Internal controls and fraud prevention

Commercial lending

Automobile lending

Response programs for unauthorized access to member information

TILA-RESPA Integrated Disclosure Rule

CUSO reporting

2016X

X

X

—

—

—

—

—

—

X

X

X

2017X

X

X

X

—

—

X

X

—

—

—

—

2018X

X

X

X

—

—

X

X

X

—

—

—

2019X

X

X

X

X

X

—

—

—

—

—

—

14Financial Institutions Advisor

Banks

CBLRRegulators approved simpler capital requirements for community banks, effective Jan. 1, 2020. Under the new rule, often referred to as the Community Bank Leverage Ratio (CBLR), banks that meet certain criteria can reduce capital reporting to only the Tier 1 ratio, eliminating several ratios currently required under Basel III.

Criteria to qualify for CBLR Leverage ratio 9% or higher

Total consolidated assets Less than $10 billion

Trading assets and liabilities as a percentage of consolidated assets Less than 5%

Off-balance sheet exposure as a percentage of consolidated assets Less than 25%

Banks that have adopted the rule but subsequently fall below the 9% minimum have a two-quarter grace period during which they could remedy compliance with the qualifying criteria. There is no grace period if the leverage ratio falls below 8% or if an institution no longer meets the qualifying criteria due to a merger or acquisition.

Although the majority of banks under $10 billion in assets qualify for the CBLR, many community banks are hesitant to adopt due to future expansion or acquisition plans and hesitancy to see how state regulatory bodies respond to the federal rule.

FDIC CREDITSThe Dodd-Frank Act raised the FDIC’s minimum Deposit Insurance Fund (DIF) reserve ratio to 1.35% of insured deposits. As of June 30, 2019, this ratio has been achieved, and the FDIC announced they’ll be awarding credits, beginning on the second-quarter assessments. The credits will be automatically applied to each quarter’s assessment as long as the DIF ratio stays above the threshold.

BROKERED CDS AND RECIPROCAL DEPOSITSThe FDIC took action to reduce restrictions imposed on brokered deposits held by certain institutions. In a final rule adopted in early 2019, certain reciprocal deposits (such as deposits sourced through the CDAR’s network) are exempt from being considered brokered deposits for certain insurance institutions. Under this exemption, well-capitalized and well-rated institutions aren’t required to treat reciprocal deposits as brokered deposits, with a cap on the amount of deposits subject to the exemption.

...many

community banks are

hesitant to adopt due

to future expansion or

acquisition plans and

hesitancy to see how state

regulatory bodies respond

to the federal rule.

PLANTE MORAN15

Public companies

SEC’S REVIEW OF ACCELERATED FILER DEFINITIONIn May 2019, the SEC issued a proposal to exclude all smaller reporting companies (SRCs) with less than $100 million of revenue from the definition of an accelerated filer. This follows a change in 2018 that increased the SRC threshold to $250 million of public float (or public float under $700 million and revenue under $100 million) without changing the accelerated filer definition, resulting in many companies that are both SRCs and accelerated filers.

If the May proposal passes, SRCs wouldn’t be required to obtain an auditor’s attestation on the effectiveness of internal control over financial reporting (ICFR) and would follow later filing dates. This wouldn’t, however, modify the FDICIA requirement for banks over $1 billion in assets to obtain an independent auditor’s opinion on the effectiveness of ICFR.

The proposed change is highly anticipated in the industry as there are more financial institutions than any other type of company that would no longer be considered accelerated filers.

CHANGES TO THE AUDITOR’S REPORTA new section related to critical audit matters (CAMs) is being phased into the auditor’s report for public companies to provide investors with additional information on significant matters in the audit and how they were addressed. This addition to the auditor’s report will require auditors to identify and provide additional disclosures around matters that are critical to the audit.

The criteria used to identify CAMs and additional disclosure requirements for each CAM identified are summarized below.

CAM identification » The matter is communicated or required to be communicated to the audit committee.

» The matter relates to material accounts or disclosures that are material to the financial statements.

» The matter involves especially challenging, subjective, or complex auditor judgment.

CAM disclosures » Identification of the CAM

» Description of the main considerations that led the auditor to identify the matter as a CAM

» Description of how the audit addressed the CAM

» A reference to the relevant financial statement accounts or disclosures related to the CAM

This addition to the auditor’s report isn’t expected to significantly change communications with the audit committee, as all CAMs are already required to be communicated.

Auditors were required to include disclosures related to CAMs beginning with June 30, 2019, audits for large accelerated filers. This requirement will be phased in for all other public companies for year-ends on or after Dec. 15, 2020.

16Financial Institutions Advisor

THE EXPECTED IMPACT OF CECL:

Going beyond “It depends” “How much will my institution’s allowance increase upon adopting CECL?” This is the most-asked — and least-answered — question financial institutions have about the new allowance for credit losses rules.

Shareholders, board members, and management all need an estimate of the impact so they can fulfill their responsibilities for governance and planning. But we understand why the FASB, financial institution regulators, and service providers refuse to publish expected ranges of adoption adjustments.

Let’s take an example: Two institutions with the exact same loan portfolio size, loan type mix, underwriting, and geography may estimate materially different allowances for credit losses under current expected credit loss (CECL). This may stem from differences in the remaining term, mix of acquired versus originated loans, management’s economic outlook, or allowance for credit losses methodologies selected, among other factors.

Challenges quantifying impactThe U.S. Securities and Exchange Commission (SEC) requires registrants to disclose the financial statement impact recently issued accounting standards will have when adopted unless the impact isn’t expected to be material. The impact should be quantified unless not known or reasonably estimable.

Despite being only three months away from the Jan. 1, 2020, adoption date, many large accelerated filers disclosed they were unable to reasonably estimate the impact of CECL as of the Sept. 30, 2019, 10-Q filings. Non-SEC registrants and SEC registrants that are smaller reporting companies have until fiscal years beginning after Dec. 15, 2022, to adopt the new rules.

Ryan AbdooPartner

ryan.abdoo@plantemoran.com

Joe VloedmanSenior Manager

joe.vloedman@plantemoran.com

CECL

PLANTE MORAN17

ESTIMATED IMPACT FROM CECL ADOPTIONASSET SIZE $100B+

Regions Financial Corporation

Fifth Third Bancorp

Huntington Bancshares Incorporated

BB&T Corporation

JPMorgan Chase & Co.

U.S. Bancorp

Citizens Financial Group, Inc.

KeyCorp

Citigroup Inc.

Bank of America Corporation

PNC Financial Services Group, Inc.

M&T Bank Corporation

First Republic Bank

Wells Fargo & Company

Source: Sept. 30,209, 10-Q filings -20% -10% 0% 10% 20% 30% 40% 50% 60% 70%

Next, for a sample of 30 banks with total assets of $10 to $25 billion, all of which identified an effective date of Jan. 1, 2020, 15 banks disclosed a quantitative expectation as of Sept. 30, 2019. Among this group, the median high end of the reported range was 65%, and the median low end of the reported range was 30%. The three banks with the largest expected impact indicated their acquired loan portfolios will significantly impact the CECL adjustment. As you can see in the chart on the next page, there was no bell curve of normal distribution in this group — reported expectations were spread evenly across the landscape.

Our analysisTo help individual institutions better understand the big-picture implications of the new rules and to provide more insight than “It depends,” the Plante Moran team reviewed CECL footnote disclosures from a large sample of Sept. 30, 2019, Form 10-Q filings and compiled the results.

We first reviewed filings for 15 of the largest banks in the United States, all with total assets over $100 billion. Fourteen disclosed a quantitative expectation as of Sept. 30, 2019. Among this group, the median high end of the reported range was 33%, and the median low end of the reported range was 25%. Ranges disclosed by these banks are displayed in the graph below.

18Financial Institutions Advisor

EXPECTED IMPACT FROM CECL ADOPTIONASSET SIZE $10 – $25B

4

3

2

1

0 <10% 10–20% 20–30% 30–40% 40–50% 50–60% 60–70% 70–80% >80

NU

MBE

R O

F BA

NK

S

MIDPOINT OF INSTITUTION’S RANGE OF EXPECTED INCREASE

Source: Sept. 30, 2019, 10-Q filings

Finally, for a sample of 30 banks with total assets of $5 to $10 billion, all of whom identified an effective date of Jan. 1, 2020, only four banks disclosed a quantitative expectation as of Sept. 30, 2019. Among this group, the median high end of the reported range was 27%, and the median low end of the reported range was 18%. Many of the banks that didn’t provide a specific range of expectations did disclose that management expects the allowance to increase upon adoption. Note that we excluded from this sample any companies with fiscal year-ends, as well as institutions classified as emerging growth companies, both of which may have a later effective date.

In addition to the outsized impact of acquired loans, longer-duration consumer loans were the most significantly impacted pools identified by many institutions. This is due to CECL’s requirement to predict losses over the life of a loan and immediately record those losses. Most models estimate losses in each year through maturity, so portfolios with more years until maturity will generally predict greater losses compared to loans with fewer years until maturity.

Institutions that haven’t yet finalized CECL’s adoption-date adjustment can use this information to understand the impact expected by their peers, which is significantly affected by underwriting, remaining maturity, presence of acquired loans, and economic outlook.

For institutions adopting CECL in 2023, we recommend management continue to work toward finalizing models in 2020 to complete parallel runs and model validations prior to adoption. As we noted above, institutions will be expected to quantify the expected impact as the adoption date nears. Especially for institutions followed by analysts or investors, it’s important to disclose the institution’s progress, significant conclusions, and estimates. Without these disclosures, analysts will be left to come to their own conclusions with incomplete information.

PLANTE MORAN19

PERSPECTIVE: INTERNAL AUDIT AND RISK

DIGGING DEEPER INTO RISK ASSESSMENTS:

The questions you should be askingHave you updated your risk assessments lately? If not, it might be time. From new products and services to a volatile risk environment, many factors can affect your level of risk. Here’s how to stay current.

Nowadays, it’s become a full-time job for management to keep risk assessments up to date and fresh. That’s because the competing risks from cybersecurity and regulatory compliance can be burdensome to manage and monitor. How do you prioritize these challenges while considering the impact of new products and services, liquidity risk, interest rate risk, fintech, and vendor management? External factors, including changing customer preferences, will continue to force institutions to think about how to meet immediate service expectations and how to introduce innovative products to meet customer needs. It’s an endless cycle that you need to stay ahead of — but how? Here are four ideas.

NEW PRODUCTS AND SERVICESIt’s critical that financial institutions management teams stay on top of the latest and greatest offerings, especially if the strategic focus is to grow with new generations. What new products and services should you offer? That’s not an easy question — but it becomes easier the more team members you consult. As the adage goes, if you want to go fast, go alone; if you want to go far, go with others. More input means you’re covering more bases — and managers from the business line, operations, information technology (IT), marketing, risk management, audit, and compliance can offer a slew of perspectives on the risk impact of each offering.

Sherrie Krowczyk-Mendoza Partner sherrie.krowczyk-mendoza@plantemoran.com

Rob BondyPartner robert.bondy@plantemoran.com

Scott PhillipsSenior Manager scott.phillips@plantemoran.com

1

20Financial Institutions Advisor

A focused risk assessment on new products/services will help in the evaluation and readiness stages, starting with product launch.

Questions to ask:• What new products and services will you offer, and how are

they different from what you currently offer?

• What’s the overall impact and cost of implementation (adequacy of current system, personnel, etc.)?

• What is your strategic market launch plan, and how will competitors react?

• What are the internal control and compliance risks, and has the internal audit/compliance team been involved?

LIQUIDITY RISK AND INTEREST RATE RISKWhose responsibility is managing liquidity and interest rate risk? Management? The board? The asset-liability committee? Yes, yes, and yes.

Relative to liquidity risk, there should be adequate board and management oversight, with clear and measured reporting and stress testing. Policy guidelines should be commensurate with the risk profile of the institution, and a contingency funding plan ought to be in place to ensure clear action items are identified should there be a change in the interest rate environment. The risk assessment process should clearly present the impact of liquidity decisions, including strategies to increase core deposits, seek brokered deposits, or use Federal Home Loan Bank borrowings.

In addition, interest rate risks are impacted by political and economic events and how the market responds to volatility. These changes will impact customer behaviors, ranging from changes in loan prepayment speeds to retention of core deposits. Understanding the net interest income at risk, as well as the economic value of equity, can be evaluated through scenario stress tests, helping you better prepare for such changes.

Questions to ask:• What strategic impact could a change in your product pricing

have on your lending and deposit customers?

• How strategically would or could you handle this impact in terms of marketing new products or services, or pulling back on those that haven’t had a positive impact?

• What would these changes do to your current operations and IT infrastructure?

• If you change your strategic direction, what’s the regulatory risk?

2

Interest rate risks are

impacted by political and

economic events and

how the market responds to

volatility. These changes

will impact customer

behaviors, ranging from

changes in loan prepayment

speeds to retention of

core deposits.

PLANTE MORAN21

FINTECHSThe most recent generation of customers is demanding faster and immediate convenience, driving the need to consider partnering with fintechs as an alternative to expensive research and development. However, finding the right fintech to partner with isn’t easy, and in fact it adds another layer of risk. Like the process for launching new products and services, a strategic discussion on the impact should happen early in the decision process with input from all departments. Vendor due diligence and determination of roles and responsibilities is critical at the onset. The risks associated with both internal controls and regulatory compliance need to be identified with a strong infrastructure set up to ensure these risks are addressed.

Questions to ask:• What’s your growth strategy related to fintech, and how does this impact your institution’s core strategy?

• What’s the intended infrastructure (management, operational, compliance, IT, supporting personnel, etc.)?

• How will this infrastructure be managed and monitored?

• Does your vendor management process thoroughly risk-assess each fintech, include an onboarding process, and provide ongoing contract monitoring?

• Who’s responsible for understanding and implementing the appropriate controls relative to regulatory compliance and the Bank Secrecy Act?

• Who will be responsible for conducting the internal audits from a controls, regulatory compliance, and IT standpoint?

• What will the management and board-level reporting look like? What are the reports necessary to manage and monitor this business division?

VENDOR MANAGEMENTOverall, institutions are outsourcing and partnering with more and more third parties to maintain operational efficiency and a strong bottom line. Although these relationships can prove to be very beneficial, we can’t overstate the importance of a strong vendor management program. Critical decisions that identify the primary individual responsible for the third party (updating agreements and assessing operational, management, regulatory compliance, and IT impacts) will increase with more third-party involvement.

Questions to ask:• Is there a board-approved vendor management policy in place, and how does the board manage

and monitor vendor risks?

• What companies are you working with, and do they sole source or outsource their processes (i.e. work with fourth or fifth parties)?

• What agreements are in place, and have these been completely reviewed for responsibilities?

Putting it all togetherKeeping your risk assessment fresh in terms of new products and services, liquidity and interest rate risk, fintech, and vendor management is critical. It’ll provide management and the board a tool to understand and plan for such risks. Managing these types of risks will be doable with mindful upfront planning, the inclusion of a holistic team, and a plan to keep your risks — along with the rewards — top of mind.

3

4

22Financial Institutions Advisor

ALM/IRR/MODEL VALIDATION

MAKING THE RIGHT DECISIONS:

The importance of model risk managementWith the increasing use and reliance on technology, automated predictive, economic, and financial models help financial institutions make faster and better business decisions. But how should organizations manage risks? A strong model risk management (MRM) framework is critical.

Over the past several years, a number of financial institutions have embraced the use of automated predictive, economic, and financial models to conduct financial and business analyses. Many are also in the process of developing or implementing credit loss models to address the Financial Accounting Standards Board’s new current expected credit loss (CECL) standard.

Increasing model use, increasing risksThe proliferation of data and the increasing complexity of financial analyses have caused many financial institutions to turn to models to help increase efficiencies, reduce mundane and repeatable tasks, and save time and resources. While the use of models allows financial institutions to make faster and better business decisions, they also present significant risks if a strong MRM framework isn’t in place to govern their use.

The challenge is that few small and medium-sized financial institutions have robust model risk management processes to govern their use of models. While financial institutions in excess of $10 billion are subject to model risk management regulatory guidance, smaller financial institutions don’t have the same obligations — although MRM is encouraged. This has led many to approach model implementation on an ad-hoc basis, with functional areas developing models in order to enhance their specific decision-making processes. The issue with this ad hoc approach is that it opens an organization up to a wide range of risks, including risks associated with input accuracy, data completeness, and alignment of bank-specific assumptions and strategic goals.

Steve SchickPartner

steve.schick@plantemoran.com

Bryan JohnsonSenior Manager

bryan.johnson@plantemoran.com

PLANTE MORAN23

Making model risk management a priorityWhile smaller institutions might not be subject to the same regulations as their larger counterparts, this doesn’t mean they should ignore such requirements altogether as they may be subject to such MRM requirements in the future. Additionally, if they’re going to spend the time and resources developing and implementing models, financial institutions should make sure those models work as intended. The last thing any financial institution wants to do is rely on inaccurate models for making key business decisions.

Where to start?Financial institutions that use predictive, financial, or economic models should consider enhancing their approach to MRM. As a starting point, this could include undertaking the following key activities:

Create an inventory of existing modelsIt’s important to conduct an inventory of any existing or in-development models. As a part of this, be clear as to the difference between a model and a tool so that all stakeholders have a common understanding of how to use and contribute to the inventory. In connection with documenting the inventory, include each model’s purpose, model owner, data sources, and significant assumptions.

Understand regulatory requirements related to model use and verificationFinancial institutions should take time to understand the regulatory requirements related to model development, implementation, and use, including validation, even if they’re not currently required to be in compliance. This understanding will help the organization manage the organization’s entitywide risk and help them establish MRM processes aligned to comply with regulations they may be subject to in the future.

Test and validate modelsInstitutions should test and validate any significant or complex models before implementation and on an ongoing basis so management can be confident in model outputs. For example, before implementing a new model, it should be run parallel with the existing process to ensure the new model is operating as intended and in line with expectations. On an ongoing basis, the model’s accuracy should be tested to determine if the use is still appropriate given the potential change in facts and circumstances. As recommended in the regulatory guidance, model testing and validation should be conducted by individuals or a third party independent from the models’ users and those that developed it. Based on the results of the testing process, institutions can identify model errors, track corrective actions, and ensure appropriate use.

Note: Financial institutions should validate their use of the third-party models. This would include determining whether a model is appropriate for its intended use and that any customizable model assumptions are accurate and relevant.

Involve the right stakeholdersMRM should be an entitywide activity. The board should be responsible for providing governance of the entire MRM process, while management should be tasked with developing the MRM framework and related processes. Leaders with insight across the organization should be engaged in the MRM process to ensure assumptions are appropriate, model documentation is robust, and data sources are valid and accurate.

Knowing you’re making the right decisionsModels can be instrumental in driving better business decisions or your financial reporting process — but only if you’re able to rely on the outputs. If you would like more information on our model validation services or how we can enhance your MRM framework, please contact your local Plante Moran business advisor.

24Financial Institutions Advisor

RISK: IT/CYBER

THE NEW BUSINESS CONTINUITY MANAGEMENT BOOKLET:

Four questions you should askOn Nov. 14, 2019, the FFIEC released the Business Continuity Management booklet (BCM), replacing the Business Continuity Planning booklet issued in February 2015. While the booklet states that it “does not impose requirements on entities” but rather describes “practices that examiners may use to assess an entity’s BCM function,” we’re encouraging our clients to understand these changes, as we’re anticipating they’ll be a focal point for exams beginning in 2020.

The shift in wording from business continuity planning to business continuity management reflects the changes in customer, regulatory, and industry expectations for the resilience of operations. How will this change affect you? Consider these four questions.

ARE YOU RESILIENT? The word “resilience” appears in the BCM booklet over 100 times, which is more than double in the BCP booklet. According to Presidential Policy Directive 21, “Resilience is the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.”

In other words: resilience isn’t based on recovery capabilities alone. You have to ask yourself, “Have we incorporated proactive measures for mitigating the risk of a disruptive event in the overall design of operations and processes?” Resilience is an enterprise-wide strategy that should include maintaining security standards and any outsourced activities.

You can expect that examiners will be looking at your institution’s resiliency as a result of how business continuity is managed throughout the organization, not just IT.

1

Joe Oleksak Partner

joe.oleksak@plantemoran.com

John Hampson Senior Manager

john.hampson@plantemoran.com

PLANTE MORAN25

ARE YOUR RISK MANAGEMENT STRATEGIES DESIGNED TO ACHIEVE RESILIENCE?In addition to the traditional elements of your existing business continuity plan, examiners will be looking at the following seven risk management strategies:

1. The board and executive management must understand the organization’s continuity risk-appetite incorporated into enterprise risk management, ensuring the plan reflects that understanding.

2. A more robust Business Impact Analysis (BIA) estimating the maximum allowable downtime and resource requirements for each critical business unit within the organization (not just IT.)

3. Inclusion of applicable elements for Pandemic Planning within the BIA and corresponding sections within the enterprise-wide BCP.

4. Annual enterprise-wide training involving all necessary individuals identified during the criticality analysis of the aforementioned BIA.

5. A renewed focus on partnerships or third-party interdependencies, such as a managed service provider, energy provider, telecom provider, etc., and vendor management requirements explicitly considered throughout the BCP.

6. A more visible integration between the BCP, Disaster Recovery, Incident Response, Backup and Recovery, and the Bank’s overall User Awareness and Information Security Programs.

7. Enterprise-wide testing strategy, including technology, business operations, internal and external communications, third-party interdependencies, transportation, telecommunications, etc.

IS YOUR BOARD OF DIRECTORS INVOLVED?The BCM booklet clearly defines the board’s role in business continuity. Specifically, how business continuity is governed through defining responsibilities and accountability, and by allocating adequate resources to the process. “The board and senior management should set the tone at the top and consider the entity’s entire operations, including functions performed by affiliates and third-party service providers when managing business continuity.”

Does your board:• Assign BCM responsibility and accountability?

• Allocate resources to BCM?

• Align BCM with your institution’s business strategy and risk appetite?

• Understand the risks and adopted policies/plans to manage events?

• Review business continuity results from reporting, testing, and auditing?

• Provide a credible challenge to management responsible for the BCM process?

Remember: Accountability begins with the board and flows down to all personnel.

2

3

“The board and senior management should set the tone at the top and consider the entity’s entire operations, including functions performed by affiliates and third-party service providers, when managing business continuity.”

26Financial Institutions Advisor

IS EVERYONE TRAINED ON YOUR BUSINESS CONTINUITY PLAN?It’s critical that your training program aligns with your institution’s BCM strategy. You should maintain a list of the current skill sets of all personnel to identify training gaps. Do you have a training program in place to educate stakeholders about the BCM goals and objectives? Have you tailored the training program to each target audience based on their needs? Are you training board members, senior management, business process owners, and frontline personnel? Are you updating the training program as significant changes occur?

Your business continuity plan should be comprehensive yet clear, concise, and easy to implement. It should be effective in the institution’s resiliency in the event of a disruption. Risk management strategies should be adequate enough to achieve resilience. The board of directors’ oversight is key to the success of the BCM. Lastly, a well-conceived and thorough training program tailored to target audiences, including the board of directors, allows for rapid implementation of the plan.

Face 2020 with confidenceConfidence comes when you know what to expect, and you adequately prepare. If you’ve taken the time to reflect on the resiliency of your operations, you’ll feel stronger about your institution in 2020. When you’ve closed gaps in your risk management strategies, involved the board, and detailed your business continuity plan, you won’t just be checking the BCM boxes — you’ll be buffering your organization against a multitude of seen and unseen risks.

4 Do you have

a training program in

place to educate stakeholders

about the BCM goals and

objectives?

Have you tailored the

training program to each target

audience based on their needs?

PLANTE MORAN27

AT A GLANCE

Financial institutionsGrounded, practical, bottom-line focusedThe pressure on today’s financial institutions is relentless. Managing rapidly changing regulations, complex reporting requirements, and cybersecurity risks can be challenging, but our team of specialists provide seamless service, a customized approach, and pragmatic solutions to address these challenges and more. Our key services include:

Practice profile

partners

industry professionals

years serving financial institutions

2020050+

Client profile

500+financial services clients

275+financial institutions clients

150+financial institution clients served by risk management practice providing outsourced or co-sourced internal audit services

Clients range in size from small institutions with less than $100 million in assets to national institutions, many of which are SEC registrants and FDICIA-compliant

Industry involvement

NATIONAL ASSOCIATIONS• American Bankers Association• Independent Community

Bankers of America• Bank Director• Financial Managers Society• Information Systems Audit &

Control Association• International Information Systems

Security Certification Consortium• AICPA National Banking &

SEC Conferences

• AICPA NCUA National Credit Union Conference

• Association of Credit Union Internal Auditors

• Credit Union Executive Society• National Association of State

Credit Union Supervisors• Credit Union National

Association CFO Conference

STATE ASSOCIATIONS• Indiana Bankers Association• Colorado Bankers Association• Michigan Bankers Association• Community Bankers Association of Michigan• Michigan Credit Union League• Ohio Bankers League• Ohio Credit Union League• Illinois Bankers Association• Community Bankers Association of Illinois• Illinois League of Financial Institutions• Iowa Bankers Association• Wisconsin Bankers Association

• Financial statement audits

• Tax planning & strategies

• Internal audits

• Regulatory compliance & BSA reviews

• Loan review

• IT assurance services

• Cybersecurity

• ITGC & GLBA assessment

• Network security

• Social engineering

• Operations consulting & improvement

• Human resource effectiveness & employee benefits consulting

• Real estate advisory

• Capital raising & M&A transactional support & due diligence

• Valuation services including financial instruments, intangible assets, loans, & deposits

• Model risk management

• FDICIA implementation

28Financial Institutions Advisor

OUR LEADERS

Brian PolliceCPA | Audit partnerbrian.pollice@plantemoran.com

Brian leads Plante Moran’s financial services practice.

Ryan AbdooCPA, CGMA | Audit partnerryan.abdoo@plantemoran.com

Rob BondyCPA | Audit partnerrobert.bondy@plantemoran.com

Kevin ConteCPA | Audit partnerkevin.conte@plantemoran.com

Jeannette ContrerazCPA | Tax partnerjeannette.contreraz@plantemoran.com

Brian FraneyCPA | Audit partnerbrian.franey@plantemoran.com

Brian leads Plante Moran’s loan review practice.

Theresa GreenwayCPA, MST | Tax partnertheresa.greenway@plantemoran.com

Brian HoweCPA | Tax partnerbrian.howe@plantemoran.com

Brian leads Plante Moran’s financial institutions tax practice.

Sherrie Krowczyk-MendozaCPA, CFSA, CRP | Audit partnersherrie.krowczyk-mendoza@plantemoran.com

Kyle MannyCPA, CGMA | Audit partnerkyle.manny@plantemoran.com

Brady NitchmanCPA | Audit partnerbrady.nitchman@plantemoran.com

Joe OleksakCPA, CISSP | Consulting partnerjoe.oleksak@plantemoran.com

Joe leads Plante Moran’s financial institutions technology/cybersecurity practice.

Kenley PennerCPA | Audit partnerkenley.penner@plantemoran.com

Chris Ritter CPA | Audit partnerchris.ritter@plantemoran.com

Steve SchickCPA, CGMA | Audit partnersteve.schick@plantemoran.com

Troy SnyderConsulting partnertroy.snyder@plantemoran.com

Troy leads Plante Moran’s financial institutions regulatory compliance practice.

Karla WhittenburgCPA | Audit partnerkarla.whittenburg@plantemoran.com

Financial Institutions AdvisorThis publication is distributed with the understanding that Plante & Moran, PLLC is not rendering legal, accounting, or other professional advice or opinions on specific facts or matters and, accordingly, assumes no liability whatsoever in connection with its use. Please send change of address or additions/corrections to the mailing list to kim.jones@plantemoran.com.

plantemoran.comStay in the know: plantemoran.com/subscribe

FS.G

B01.

0120

20