Do you know your Cyber Exposure? No different than credit exposure then why treat it different? Strategic and Reputation risk are vulnerable with a less then rigorous program of cyber protections.

Play High Stakes Poker without Strategy and Best Practices when it comes to cyber security and defending against cyber-attacks.

Do you have a plan highlighting gaps between current practices and best practices?

Are there concrete steps for remediation?

Do we have fire drills demonstrating an effective incident response system?

The key to mitigation of risk when it comes to cyber-attacks is to INTENTIFY, PROTECT, DETECT, RESPOND, RECOVER


Strong Compliance means excellent technical skills, processing experience, and disclosure experience

Faced with compliance factors: high volume, high velocity, and high complexity. Manual processes won’t cut it. Build an automated repeatable system for the future.

The consumer compliance rating system evaluates the effectiveness and sufficiency of an institutions Compliance Management System Be prepared to address (1) Board and Management Oversight (2) Compliance Program (3) Violations of Law and consumer harm

Critical steps 1. Risk -conduct a risk assessment 2. Update policies to reflect how risk is handled 3. Procedures daily operations are accurate 4. System upgrades and updated 5. Training – train for the best to do things 6. Monitor- how effective are we and are we compliant 7. Audit programs reflect the risks and how they are effectively addressed 8. Corrective action develops remedies and apply.     

Mature ERM programs means better risk management and better financial performance. 25% improvement in ROE is well documented.

Organizations with a higher risk maturity have a stronger financial performance. Firms that have successfully integrated the ERM process into both their strategies and everyday practices display superior ability in uncovering risk dependencies and correlations across the entire enterprise. Court cases clearly hold Board members personally liable for risk management. Boards are given choices between effective risk management, or disclosing their ineffectiveness to the public. If they do neither it is considered fraud or negligence.

Does your ERM playbook follow the revised framework of the Committee of Sponsoring Organizations of the Treadway Commission. [COSO]

The reasoning is clear that contributed to the revisions; complexity of regulations, increasing velocity and volume of risks, the emergence of new risks such as IT, cyber-attacks, a lack of defenses and awareness, elevated risk responsibilities at the Board level, and the importance of understanding of interrelationships and synergies among risks.

What are the fintech trends I need to investigate to remain competitive in the future? Does your strategic plan include goals and objectives for the development of fintech capability?

Google and Amazon will appeal to millennials. More than 30 % of the millennials believe they don’t need a bank. Budgets are devoted to transforming digital onboarding experiences. 69% of the banks see open banking as an opportunity up from 50% in 2016. Fintech companies provide more choice for financial products and services than ever before. The game has become to compete on customer experience rather than focus on products.   

Win the customer experience. Great customer experience yields greater rewards. Avoid the barriers to delivering great customer experience. Designing a cohesive end to end customer experience can be complex. The silo organizational structure pre- digital era is a fragmented customer experience. There is no single shared vision and strategy for customer experience. Develop a digital platform where all can visualize the entire end to end customer experience. Close for good the gap between strategy and execution   

The Magic of Security Awareness Computer Based Training

Invest in the tools to increase security awareness to support high risk cyber risk business objectives. Trained people impact security outcomes, much more than any technology, policy or process. Invest in interactive computer based training.

Alternatively, address the cyber meltdown upon a significant breach. You will be asked to defend the measures taken to protect private customer information. Customers, shareholders, regulators, and opposing legal counsel will be asking the tough question “Describe the technological, human resources, and end to end solutions you employed to prevent the loss of data”. The financial losses, damage to your reputation, and the legal ramifications to a breach makes the justification easy for increased investment in cyber security.    

Strategic Planning is easy but the execution is painful.

Why can execution be so difficult?

  • Did you spend all your time and resources to build the plan with nothing left to execute?
  • Don’t make the perfect plan if you can’t light a fire and have energy during the execution phase.
  • The plan is over complicated to follow and execute. Have staff dedicated to execution
Embrace Technology or Become a Dinosaur

Will digital technology help or hurt community banks? How will it change the industry in the next five years?

With the impact of technology how will it influence the value proposition of community banks?

How will financial literacy influence the customer satisfaction and experience. How does do the community banks apply financial literacy in this digital age to gain a competitive advantage?

How do we infuse banking with fresh thinking to navigate the shift in the digital age?

Creating value with the digital channel

It starts with people who have a background beyond banking. We look for people who understand technology really well and who embrace change. The digital assistant or the digital genius from Apple. They are socially connected with the customers in a different way. The right people in the right place are better able to provide value to end users.