Management is the most forward-looking indicator of condition and a key determinant of whether a Bank possesses the ability to correctly diagnose and respond to financial stress.
The management component provides examiners with objective, and not purely subjective, indicators. An assessment of management is not solely dependent on the current financial condition of the Bank and will not be an average of the other component ratings.
Reflected in this component rating is both the board of directors’ and management’s ability to identify, measure, monitor, and control the risks of the Bank’s activities, ensure its safe and sound operations, and ensure compliance with applicable laws and regulations. Management practices should address some or all of the following risks: credit, interest rate, liquidity, transaction, compliance, reputation, strategic, and other risks.
The management rating is based on the following areas, as well as other factors as discussed below.
The Bank’s strategic plan is a systematic process that defines management’s course in assuring that the organization prospers in the next two to three years.
The strategic plan incorporates all areas of a Bank’s operations and often sets broad goals, e.g., capital accumulation, growth expectations, enabling Bank management to make sound decisions. The strategic plan should identify risks within the organization and outline methods to mitigate concerns.
As part of the strategic planning process, Banks should develop business plans for the next one or two years. The board of directors should review and approve the business plan, including a budget, in the context of its consistency with the Bank’s strategic plan. The business plan is evaluated against the strategic plan to determine if it is consistent with its strategic plan. Examiners also assess how the plan is put into effect. The plans should be unique to and reflective of the individual Bank. The Bank’s performance in achieving its plan strongly influences the management rating.
Information systems and technology should be included as an integral part of the Bank’s strategic plan. Strategic goals, policies, and procedures addressing the Bank’s information systems and technology (“IS&T”) should be in place. Examiners assess the Bank’s risk analysis, policies, and oversight of this area based on the size and complexity of the Bank and the type and volume of e-Commerce services offered. Examiners consider the criticality of e-Commerce systems and services in their assessment of the overall IS&T plan.
An area that plays a crucial role in the control of a Bank’s risks is its system of internal controls.
Effective internal controls enhance the safeguards against system malfunctions, errors in judgment and fraud.
Without proper controls in place, management will not be able to identify and track its exposure to risk. Controls are also essential to enable management to ensure that operating units are acting within the parameters established by the board of directors and senior management.
Seven aspects of internal controls deserve special attention:
It is crucial that effective controls are in place to ensure the integrity, security, and privacy of information contained on the Bank’s computer systems. In addition, the Bank should have a tested contingency plan in place for the possible failure of its computer systems.
The Bank should have adequate segregation of duties and professional resources in every area of operation. Segregation of duties may be limited by the number of employees in smaller Banks.
The effectiveness of the Bank’s audit program in determining compliance with policy should be reviewed. An effective audit function and process should be independent, reporting to the Supervisory Committee without conflict or interference with management. An annual audit plan is necessary to ensure that all risk areas are examined, and that those areas of greatest risk receive priority. Reports should be issued to management for comment and action and forwarded to the board of directors with management’s response. Follow-up of any unresolved issues is essential, e.g., examination exceptions, and should be covered in subsequent reports. In addition, a verification of members’ accounts needs to be performed at least once every two years.
The books of every Bank should be kept in accordance with well-established accounting principles. In each instance, a Bank’s records and accounts should reflect its actual financial condition and accurate results of operations. Records should be current and provide an audit trail. The audit trail should include sufficient documentation to follow a transaction from its inception through to its completion. Subsidiary records should be kept in balance with general ledger control figures.
A principal method of safeguarding assets is to limit access by authorized personnel. Protection of assets can be accomplished by developing operating policies and procedures for cash control, joint custody (dual control), teller operations, and physical security of the computer.
Bank staff should be thoroughly trained in specific daily operations. A training program tailored to meet management needs should be in place and cross-training programs for office staff should be present. Risk is controlled when the Bank is able to maintain continuity of operations and service to members.
The ongoing success of any Bank will be greatly impacted by the ability to fill key management positions in the event of resignation or retirement. The existence of a detailed succession plan that provides trained management personnel to step in at a moment’s notice is essential to the long-term stability of a Bank. A succession plan should address the Chief Executive Officer (or equivalent) and other senior management positions (manager, assistant manager, etc.)
Other key factors to consider when assessing the management of a Bank include, but are not limited to:
The board of directors and management have a fiduciary responsibility to the members to maintain very high standards of professional conduct: