Each year, most businesses establish top priorities
that will help ensure their ongoing success. As key participants in our countrys economic stability and critical nancial infrastructure, nancial institutions (FIs) are no diferent. Its prudent for each FI to identify annual priorities that will secure the success of the lending, depository, and investment strategies that grow protability, satisfy customers and shareholders, manage operating costs and risks, and cost-efectively enable compliance. CSIs Annual Banking Priorities Study 1 was commissioned to give FIs timely industry and economic insight that can be used by each to successfully dene its annual strategy and accomplish its priorities. EXECUTIVE REPORT: 2013 BANKING PRIORITIES STUDY 1 This 2013 annual survey of nancial institutions was conducted with the help of cbanc Network and its members. EXECUTIVE SUMMARY CSIs 2013 Annual Banking Priorities Study, in addition to data released by the FDIC, ofers positive signs of a steady improvement across many important areas. The information suggests that 2013 is the year that FIs have a viable opportunity to execute on strategic plans for getting back to the basics of why most of them are in businessprotable, risk-based community lending and investing in prudent assets, while growing existing customer relationships and expanding market share to new customers. It is no surprise, however, to nd that many of the issues that confronted nancial institutions in 2012 will continue this year, including: Sustained economic recovery Countless new regulations being nalized from the Dodd-Frank Act Innovative ways to deliver new products to customers Secure and cost-efective ways to leverage technology for operating efciencies These areas of continued concern have caused many FIs to indicate that they retained the same top priorities from 2012 into 2013compliance and loan growth. While these top two priorities have not changed, the underlying reasons for these priorities have changed and are discussed in the 2013 Growth section under Detailed Review. The survey responses to this years study, along with other industry data, also suggest that 2013 is the year FIs focus on executing strategies to address unprecedented compliance pressures. Respondents also highlighted a continued, gradual recovery and positive outlook among banks for lending, protability, investment in technology, and adoption of such services as cloud computing and mobile banking. Expectedly, they also are continuing to report heightened concerns with: The foreseeable cost of regulatory changes scheduled in 2013 and beyond Information security threats from external international and domestic attacks and mobile devices Continued pressure on protability from low interest rates and tight net-interest margins E x e c u t i v e R e p o r t 2 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t 3 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y Annual Net Income Is the Highest Since 2006: FDIC Quarterly Banking Prole Data Ofers Signs of Improvement Commercial banks and savings institutions insured by the Federal Deposit Insurance Corporation (FDIC) reported aggregate net income of $34.7 billion in the fourth quarter of 2012, a 36.9 percent improvement from the $25.3 billion in prots that the industry reported in the fourth quarter of 2011. This is the 14th consecutive quarter that earnings have registered a year-over-year increase. Increased noninterest income and lower provisions for loan losses continued to account for most of the year-over-year improvement in earnings. For the full year, industry earnings totaled $141.3 billiona 19.3 percent improvement over 2011 and the second-highest improvement ever reported by the industry after the $145.2 billion earned in 2006. The improving trend that began more than three years ago gained further ground in the fourth quarter, said FDIC Chairman Martin J. Gruenberg. Balances of troubled loans declined, earnings rose from a year ago, and more institutions of all sizes showed improved performance. Sixty percent of all institutions reported improvement in their quarterly net income from a year ago. Also, the share of institutions reporting net losses for the quarter fell to 14 percent from 20.2 percent a year earlier. The average return on assets (ROA)a basic yardstick of protabilityrose to 0.97 percent from 0.73 percent a year ago. Asset quality indicators continued to improve as insured banks and thrifts charged of $18.6 billion in uncollectible loans during the quarter, down 27.4 percent from a year earlier. The amount of noncurrent loans and leases (those 90 days or more past due or in nonaccrual status) fell for the 11th consecutive quarter, and the percentage of loans and leases that were noncurrent declined to the lowest level in four years. In short, the following can be determined: Insured institutions of all sizes increased their loan balances during the quarter, led by commercial and industrial loans The ow of money into deposit accounts increased sharply. This indicates that many institutions took advantage of the low-rate environment to improve core deposits by making the most of the relatively cheap and stable retail deposit base. These institutions are now in a better position to ofer loans, once interest rates increase, and to cross sell products and services The number of institutions on the FDICs Problem Bank List declined for a seventh consecutive quarter Full-year net income improved for a third consecutive year FI Study of Challenges, Opportunities and Goals This CSI 2013 Banking Priorities Study provides an executive level view of the challenges, opportunities and goals facing FIs and the industry in general. C-level professionals, including executive, operations, compliance, information, and security ofcers, as well as other key personnel, were asked for their strategic insight on a range of industry-relevant questions. Several of the same questions from our 2012 survey were repeated this year to help monitor key trends. The questions that were retained focused on challenges and opportunities associated with the economys efect on growth, Dodd-Frank compliance and overall compliance readiness, mobile banking, and IT outsourcing in the cloud. New questions were added to explore emerging topics that may be of interest to FIs in 2013. These questions explored such topics as security incidents, merchant capture strategies and outsourcing both IT and document delivery. In summarizing the results, the information we can surmise includes that: Compliance and loan growth remain the greatest challenges Loan growth displaces customer acquisition as the greatest area of opportunity in 2013 The economy is increasingly having a positive efect on protability More than 60 percent expect lending growth to improve in 2013 Mobile banking, wire and ACH origination, and remote deposit capture technologies continue to be new investment priorities in 2013 Mobile applications, text message alerts and mobile check capture are popular for 2013 Fifty-one percent of FIs plan to increase technology spending In regard to compliance challenges that require solutions, Dodd-Frank regulatory planning and self-assessment top the list again in 2013 with 57 percent Almost all FIs have or are working on a strategy to prepare for DFA regulatory changes IT risk assessments should be performed more frequently External threats and attacks remain the top security concern for the second consecutive year Consistent with last year, more than 65 percent of FIs will still have less than a fourth of employees accessing data from the network from mobile devices Overall, there is a steady rise in FIs outsourcing IT services to the cloud Disaster recovery was listed as the biggest benet to leveraging cloud-based solutions Concerns regarding cloud solutions diminished across the board, indicating that FIs have a better understanding of IT outsourcing More awareness of the GLBA security requirements and information security risk with document processing are still needed Paper statements and notices are decreasing Merchant Capture is a high-risk transaction and must be secure 4 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t DETAILED REVIEW The following summarizes the detailed responses of each survey question. 2013 GROWTH What are your greatest challenges heading into 2013? Compliance and loan growth continue to be the greatest challenges. While these top two priorities have not changed since 2012, the underlying reasons have. In an efort to help clarify the reasons, we will review the compliance and loan growth challenges of 2012 in retrospect and then ofer insight on how they may change in 2013. Compliance in Retrospect In 2012, key reasons behind the compliance challenges were the uncertainty of mandates from rule changes that were not scheduled to be nalized until 2013, identifying a prudent plan for proactively assessing the efect of the compliance changes on the FI and its customers, and strategies to fund these unprecedented compliance eforts with the necessary expertise and tools. Many FIs were taking a wait-and-see position, until the new rules were actually published. In 2013, the primary reasons behind the compliance challenges changed to focus on executing regulations that are on the horizon. Specically, several nal mortgage reform rules were published and are scheduled to take efect in January 2014. FIs must now act to: Dene a 2013 compliance strategy as part of an overall strategic plan Hire sufcient expertise to understand the efect of the rules on the FI Self-assess compliance with the new rules taking efect in January 2014 Implement changes, as needed 5 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t Greatest Challenges 6 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t 2 A qualied mortgage cannot have a debt-to-income ratio (DTI) greater than 43 percent, unless it qualies for a GSE or FHA loan DTI. The DTI requirement is in addition to other documentation and loan-to-value requirements to support a borrowers nancial position and ability to repay the loan. Therefore, even if the borrower meets all other requirements that satisfy his or her ability to repay the loan, the loan would not meet the denition of a qualied mortgage, unless it also meets the DTI bright-line requirement. Loan Growth in Retrospect In 2012, the following key reasons were behind the loan growth challenge: Examiner pressure on increasing regulatory capital levels and avoiding riskier loans Getting rid of toxic assets on the balance sheet Low interest rates and downward pressure on net- interest yields Excessive competition in a limited market of viable lending prospects The uncertainty of the elections and their efect on the industry as a whole Impending Dodd-Frank Act Mortgage Reform rules In 2013, many institutions are looking at loan growth as a means of getting back to basics with an improving economy and market opportunities to cross-sell products and services, and putting core deposits to use. FIs eforts over the last few years to clean up the balance sheet have yielded: Stronger core capital positions that enable FIs to pursue loan portfolio growth Improved Allowance for Loan and Lease Losses (ALLL) and lower nonaccrual amounts Unfortunately, FIs will continue to struggle against: Low interest rates and downward pressure on net- interest yields Excessive competition in a limited market of viable lending prospects A smaller pipeline of qualied mortgages with the new qualied mortgage rule that requires a minimum 43 percent debt-to-income (DTI) ratio. 2
Many jumbo loan borrowers and rst-time home buyers with excessive credit card or student loan debt are expected to fail these DTI qualied mortgage requirements While the banking industry is not back to pre-2008 levels, such recent data as the FDIC Quarterly Banking Prole Report suggests that 2013 will continue to show steady improvement as the banking industry continues to recover from the nancial market turmoil that started in 2008. The Beige Book, released on March 6, 2013, by the Federal Reserve, also reported that economic activity generally expanded at a modest to moderate pace in all 12 Federal Reserve Districts. FIs should take advantage of the improving environment to get back to basics putting core deposits to use for: Lending under a prudent risk-based lending policy Diversied lending into residential, commercial and small-business loans Investing wisely in low-risk investments, while maintaining adequate capital FIs also can implement basic strategies and automated tools to help improve net-interest margins and prot. Examples include: Loan pricing Funds transfer pricing Analyzing the level and trend of long-term asset concentrations and non-maturity deposits Getting back to basics is not always exciting and does not guarantee the highest rates of return or a quick short-term prot. Executing a traditional risk-based lending and investment strategy with prudent loan and funds pricing tools, however, will support a sustainable return to long-term protability. FIs will continue to be smart in their planning and execution. Most FIs want to explore new and innovative products and services to establish higher revenues, maintain existing customers and gain new customers. Therefore, 2013 also is the year of execution for mobile banking, remote deposit capture, and compliance program updates and risk assessments. 7 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t What are your greatest opportunities heading into 2013? Loan growth moves into the top spot for the greatest opportunity in 2013. Expectedly, respondents indicated several opportunities of interest for 2013. Twenty-four percent cited loan growth as their greatest opportunitya 10 percent increase over last year. As one respondent stated: If it is true that we are sitting at the headwaters of an economic recoveryhowever slow it may comethen the opportunities are tremendous. As consumers return to the marketplace with a new appreciation for scal responsibility, banks will be at the forefront. Consumer awareness programs, convenience-based products and realistic (e.g., short-term and well-qualied) loan products should be tools for consumerism of the 21st Century. Until the residential lending market gains additional strength, it is anticipated that the primary focus for this loan growth among many FIs will be commercial real estate, small-business and agricultural loans. Commercial real estate and agricultural loans will provide higher yields than traditional family residential mortgages, which will improve the FIs net-interest margin. The respondents anticipated growth in non-residential loans also is consistent with the fourth quarter of 2012 FDIC data that showed insured institutions of all sizes increased their loan balances during the quarter, led by commercial and industrial loans. New technology retains the second slot for supporting customers and enhancing such virtual channels as online and mobile banking oferings. Additionally, mobile banking moved up to tie in the second slot as a new opportunity or expansion in the use of existing mobile platforms that have already been launched. Expanding market share also rose to tie in the second slot, as several respondents were optimistic about opportunities to put core deposits to good use with anticipated increased lending activities and their ability to beat out competition that may still struggle with limited capital. Ten percent of respondents continue to see opportunities for acquiring customers from big banks. 8 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t 9 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t Reports from the 12 Federal Reserve Districts indicated that economic activity generally expanded at a modest to moderate pace since the previous Beige Book. Five districts reported that economic growth was moderate in January and early February, and ve districts reported that activity expanded at a modest pace. The Boston District stated the economy continued to expand slowly, and the Chicago District reported that economic activity grew at a slow pace. 3
How do you expect the economy to afect your FIs protability in 2013? The economy is having an increasingly positive efect on protability. Overall, 32.7 percent of respondents feel the economy is having an increasingly positive efect on the FIs protability. Conversely, fewer respondents feel the economy is having a negative efect or any change on protability. While these changes are small, they are trending in a positive direction to suggest the economy is continuing to stabilize and ofer more opportunity for protability than in the last few years. 3 March 6, 2013 Federal Reserve Beige Book 10 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t FIs also can expect a continued residential lending struggle in 2013 due to: Prepayment risk with interest rates at record lows Tight net-interest margins and interest rate risk concerns A large concentration of lenders now marketing to residential borrowers A decreased percentage of real estate construction and development loans New borrower requirements for a qualied mortgage under the Consumer Financial Protection Bureau (CFPB)s qualied mortgage denition 4
Added disparate impact violation risks on lenders 5 What is your outlook on your FIs lending growth in 2013? More than 60 percent expect lending growth to improve in 2013. Nearly 62 percent of respondents agree lending growth is in the forecast for 2013. This is the second year in a row that the majority of respondents indicated a positive outlook. Another positive sign is that only 6.7 percent of respondents expect lending to decrease. The year-end 2012 lending data from the FDIC shows much of the growth is still originating in seasonally adjusted credit card balances and commercial, industrial and business loans. The FDIC reported that loan balances posted the sixth quarterly increase in the last seven quarters. Insured institutions of all sizes increased loan balances during the last quarter of 2012. These are positive indicators for growth. 4 Based on the CFPBs qualied mortgage denition, lenders should expect a smaller pipeline of qualied mortgages that meet the requirements for a minimum 43 percent debt-to-income ratio. Many jumbo loan borrowers and rst-time home buyers with excessive credit card or student loan debt are expected to fail these DTI qualied mortgage requirements. 5 The U.S. Department of Housing and Urban Development (HUD) issued a nal rule on Feb. 8, 2013, stating that a Fair Housing Act violation may be found when a lending practice has a disparate impact on diferent demographic groups. Violations may be cited even if a policy or practice is neutral on its face. HUD requires institutions to prove that any challenged practices are justied by a business necessity. 11 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t What are your plans for ofering the following value-added services in 2013? Mobile banking, wire and ACH origination, and remote deposit capture technologies continue to be new investment priorities in 2013. With the popularity of smart phones and other mobile devices, FIs are realizing the benets of convenience, cost savings and revenue opportunities that mobile banking technology provides for customers and the institution. Resoundingly, 80.3 percent of the respondents reported that they have already implemented wire and ACH origination. Similarly, 64.9 percent already ofer remote deposit capture. Forty-six percent cite mobile banking with mobile alerts as the top technology investment from 2012 into 2013. A signicant percentage of the respondents (78.9 percent) have implemented or are exploring investments in mobile alerts. Nearly 67 percent of respondents ofer or are considering mobile banking check deposits. This reects a growing interest among the responding FIs now already ofering or planning to ofer the service. In addition, 52 percent have made or are exploring investments in mobile banking frameworks that enable them to successfully cross- sell and up-sell products and services to existing customers. Person-to-Person (P2P) Payments continues to be an area of investment through 2012 and into 2013. More than 31 percent of the respondents are looking at this technology in 2013. A total of 51.5 percent, ve out of 10 FIs, already ofer or are now considering the value of P2P as a new service for customers. P2P appears to be a slow but steadily growing service of interest among FIs. As FIs continue to search for added sources of non-interest, fee-based income, the following services may ofer additional income opportunities: Wire and ACH origination Remote Deposit Capture P2P Payments Micro-cash management to small- and medium-size businesses Notication of vendor discounts Technology Investments (208 responses) Already Ofer Will or Considering it for 2013 A Priority Investment Not Considering it Wire and ACH Origination 80.3% 1.9% 82.2% 7.7% Remote Deposit Capture 64.9% 14.9% 79.8% 20.2% Mobile Banking with Mobile Alerts 32.7% 46.2% 78.9% 21.2% Mobile Banking Check Deposit 6.7% 59.6% 66.3% 33.7% Mobile Banking with Framework to Cross-sell and Up-sell 7.2% 44.7% 51.9% 48.1% P2P Payments 20.2% 31.3% 51.5% 48.6% Personal Financial Management 23.1% 28.3% 51.4% 48.6% Micro-cash Management to Small- and Medium-size Businesses 23.6% 25.6% 49.2% 52.9% Opt-in for Notication of Vendor Discounts 3.8% 20.3% 24.1% 76.0% 12 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t What are your plans for technology investments in 2013? More than half plan to increase technology spending. Respondents show that plans for technology investments in 2013 will exceed 2012. Nearly 97 percent cited plans to invest more or the same amount in technology in 2013. Of that, 51 percent plan to increase technology spending. This is another positive metric that shows signs of condence among FI executives in the growing strength of our economic recovery and the outlook for the nancial industry. It also reects the awareness among FI executives of the value that prudent technology investments can generate as they continue to compete for new customers, grow income from existing customers, manage risk and compliance costs, and maintain protability. From the responses to this survey and other industry data recently published 6 , mobile banking and payments and cloud technology were identied as the most important IT-related projects for FIs in 2013. 2013 COMPLIANCE Where will you need compliance services and products to help in 2013? Dodd-Frank Act (DFA) regulatory planning and self-assessment are top of the list again in 2013 with 57 percent. Fifty-seven percent of respondents continue to identify DFA planning as the top compliance priority, exceeding last years response of 47 percent. Similarly, DFA self-assessment is again at the top of the list with 45 percent, which is consistent with last years priorities. Last year, we predicted that as more of the nal DFA rules were published, DFA compliance help would continue to be an important area of support for FIs. This trend is likely to continue as many of the new rules begin to take efect in 2014. Almost half of the respondents, 44.2 percent, selected help with the review and updating of their consumer compliance programs. This makes sense, since several of the DFA rules that have been published by the CFPB will require a review and update of each FIs consumer compliance program. It also is consistent with the increased focus of examiners on consumer compliance programs. Many institutions are reporting that examiners are performing more stringent consumer compliancerelated exams, e.g., Fair Lending, CRA, HMDA, Fair Credit Reporting Act, UDAAP, and website compliance. These compliance exam priorities may be the catalyst for approximately one-third of the respondents indicating that they will be looking for help with CRA, Fair Lending and Lending compliance reviews; deposit and operations compliance reviews; consumer compliance risk assessments; UDAAP risk assessments; BSA/AML reviews and risk assessments; and administering consumer compliance programs. Enterprise risk management (ERM) products and services also have jumped to the forefront with 40 percent identifying ERM as an area where they will need compliance help in 2013. Approximately one quarter of the respondents will be looking for help with information technology and security risk assessments, Management Quality (the M in CAMELS), website compliance reviews, social media compliance, stress testing and vendor management programs. 6 Crosman, Penny. Community Banks Plan to Increase IT Spending in 13: KPMG. Bank Technology News, Nov. 6, 2012. http://www.americanbanker.com/issues/177_215/community-banks-plan-to-increase-it-spending-2013-kpmg-survey-1054171-1.html E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y 13 E x e c u t i v e R e p o r t Will need compliance products and services to help with: (208 Respondents) Count Percent Dodd-Frank regulatory planning 119 57.2% Dodd-Frank self-assessments to identify areas of change, as needed 94 45.2% Review and update consumer compliance program 92 44.2% Enterprise Risk Management (ERM) 84 40.4% CRA, Fair Lending and Lending compliance reviews 80 38.5% Deposit and operations compliance reviews 67 32.2% Consumer compliance risk assessments 65 31.3% UDAAP risk assessments 64 30.8% BSA/AML reviews and risk assessments 62 29.8% Administering consumer compliance program 60 28.8% IT and IS risk assessments 55 26.4% Management Qualityensuring that management consistently and efectively identies, measures, monitors and controls risks 54 26.0% Website compliance reviews 47 22.6% Social media compliance, e.g., logging and tracking of social media marketing activity and customer complaints 47 22.6% Stress testing to quantify the efect of changing economic conditions on asset quality, earnings and capital 46 22.1% Vendor management IT and security compliance and risk 46 22.1% Fraud 41 19.7% Asset qualityassessing the quantity of existing and potential credit risk 38 18.3% Red ags and identity theft reviews 37 17.8% Internal control audit 36 17.3% Earningsevaluating the quality, strength and source of earnings 30 14.4% Consumer complaint tracking 30 14.4% Electronic Funds Transfer, Regulation E 29 13.9% Business continuity program 28 13.5% Sensitivityassessing the ability to identify, monitor, manage and control market risk 27 13.0% Capital adequacymaintaining adequate capital 25 12.0% eBanking Review 24 11.5% Expedited Funds Transfer, Regulation CC 23 11.1% GEOCODING for HMDA and CRA 23 11.1% Vendor management consumer compliance and risk 23 11.1% ATM audit 22 10.6% Customer due diligence 21 10.1% OFAC screening 19 9.1% CIPbad check history 19 9.1% Wireless penetration testing 19 9.1% Wire processing 18 8.7% Liquidityassessing ability to fund assets and meet obligations as they become due 13 6.3% Phishing/pharming audit 13 6.3% Web application testing 8 3.8% Other 7 3.4% 14 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t Do you have a strategy established to prepare for the Dodd-Frank regulatory changes in 2013? Almost all FIs have or are working on a strategy to prepare for DFA regulatory changes. While only 18 percent have actually rolled out a strategy to start managing the DFAs efect on their compliance programs, 71.2 percent of respondents indicated that they are working on a strategy to prepare for the changes. Since the nal mortgage reform and other rules have already been published, all institutions should immediately begin to assess and administer policies, procedures, practices, disclosures, webpages and other compliance program aspects that may need revision to ensure compliance with the pending efective dates of the new rules, e.g., January 2014 is the efective date for the mortgage reform rules. It is easy to understand why many institutions have not nalized a strategy to manage the efect of the DFA on their compliance programs. While many nal rules are published, the industrys reaction has caused the CFPB to re-open some of the rules for industry comment. For example, as we go to press with this study, the CFPB published the nal mortgage reform rules and simultaneously asked for additional industry comment on a safe harbor provision for the Ability- to-Repay qualied mortgage requirements. While most FIs appreciate the intent to dene a safe harbor that will enable them to make more loans, they will not be able to nalize their lending program strategy until the qualied mortgage safe harbor is nal, which is anticipated in mid-2013. FIs need time to update their strategic plans for what types, size and volume of loans they will pursue, e.g., will it be residential, commercial, auto or other. While the proposed amendments may help nancial institutions that are under $2B in assets and issue less than 500 residential loans per year, they will need time to plan and adapt. Since the efective date of the rule is January 2014, this may only leave institutions with a few months to react and plan accordingly. E x e c u t i v e R e p o r t 15 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y How many additional compliance staf will you hire in 2013? Nearly 80 percent of respondents indicated that they do not plan to hire additional compliance staf in 2013. Many forecasts have suggested that FIs would be forced to hire additional compliance staf to keep pace with the numerous compliance changes scheduled for 2013. The responses to this question remain consistent with those in our 2012 annual survey (i.e., 63 percent indicated they had sufcient staf with the necessary expertise). Who is responsible in your organization for compliance readiness? Approximately 87 percent of respondents cite the compliance ofcer as the primary position responsible for ensuring compliance readiness. A comparison of the 2012 to 2013 responses suggests that compliance committees, risk ofcers and CEOs also are taking on additional compliance-readiness responsibilities. The 4 percent reduction in the business unit leaders as a primary point person for compliance suggests that perhaps compliance is moving to a more centralized function in some FIs. E x e c u t i v e R e p o r t 16 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y What types of resources are you considering to assist with compliance activities in 2013? Consistent with the 2012 responses to this question, 89 percent of respondents plan to use existing staf. How often do you update your IT risk assessment and control evaluation? IT risk assessments should be performed more frequently. IT risk assessments continue to be scheduled as an annual project for approximately 60 percent of the responding institutions. The FFIEC requires that IT risk assessments be performed as material changes occur, new information is available, or at least once a year if no new information is available or no material changes occurred. As institutions implement such products and services to customers as mobile banking, social media, P2P, PFM and other oferings, and update their compliance programs, they should consider the subsequent efect on and validity of the IT risk assessment. E x e c u t i v e R e p o r t 17 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y 2013 SECURITY & MOBILE DEVICES What is your top information security concern for 2013? Attacks from external sources continue to be the primary security concern. Respondents indicated that they had the same information security concerns for 2013 as in 2012. The top concern continues to be from external threats and attacks. Mobile users and mobile devices are second and internal attacks are third. Moving to the cloud continues to be ranked as the fourth information security concern. Its no wonder external attacks remain at the forefront. At the beginning of 2013, hacktivists leaked the condential data of more than 4,600 banking executives from a Federal Reserve website, and distributed denial of service (DDoS) attacks on banks remain at the top of the news. A few respondents also identied the following information security concerns: P2P DDoS Skimmers Data breach Speed of change Remote deposit IT staf turnover Social networks Social engineering Third-party vendor risk Phishing and malware Corporate account takeover Customer security practices Adequate security monitoring Fraud: -ACH and wire fraud -Mortgage fraud -Credit and debit card fraud -Online fraud -Identity theft 18 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t How many network security incidents has your institution experienced in the last 12 months? The majority of respondents answered that there were no successful security incidents within the last 12 months. A security incident could be considered anything from a successful network attack, a conrmed but prevented attack, or in some cases, even a lost smartphone. The average FI may have at least one attack attempted on its network per month. With 24x7 intrusion protection and prevention monitoring, chances are these are stopped before they become successful. Its good news that the majority of respondents experienced no successful network attacks within the last 12 months. Also, it is important to note that while 25 institutions claimed no knowledge of the number of security incidences, understanding and monitoring the risk your institution is up against each month is of critical importance, from the CEO to the teller.
What percentage of your staf will access data from your network via smartphones or mobile devices in 2013? The majority of respondents plan to limit mobile access to less than 25 percent of employees. The percentage of staf expected to access network data from a smartphone or mobile device stayed roughly the same; however, some institutions reported a small percentage shift moving from those organizations that expect to see 1-50 percent of their staf using mobile devices to access networks to the upper tiers, 50-100 percent. It is still surprising that the majority still lies in the 1-25 percent category, considering the growing number of smartphones on the market. Staf Percent 1 to 24% 66.4% 25 to 49% 9.1% 50 to 74% 3.4% 75-100% 1% Not Sure 20.2% 19 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t What groups within the institution will use mobile devices for business in 2013? Data conrms that more and more executives, including board members, are using mobile devices for business. This year, respondents were asked to report on usage from board members instead of tellers and indicated that more than a quarter of the institutions board members are using mobile devices for business. Additionally, respondents indicated a growth in the number of executives using mobile devices for work, while management and loan ofcers decreased slightly. Board member usage may be an indication of the popularity of tablet-based board portal solutions for managing board documents and meetings. The increase in executive usage also is consistent with industry trends, as executives look to stay connected from the road, home and while in the ofce.
NEW QUESTION: When will you have a mobile device management solution in place? Mobile device management solutions help to secure and monitor mobile devices that access a business network, with the goal of reducing risk. With so many employees and board members accessing network data from mobile devices, its reassuring to see that nearly 60 percent already have or will have a plan in place by the end of 2013. 20 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t What is your view of mobile banking security? Perception regarding the security of mobile banking is beginning to trend more favorably. In this years survey, more respondents now believe that mobile banking is just as secure as Internet banking, and 7 percent fewer respondents now feel it is less secure. Perception is reality, and both FIs and customers are becoming more educated on technology, so the gap between perception and facts is closing. With three types of mobile banking availableSMS, mobile browser, and appsits important that FIs understand the security implications of each. SMS (or text messaging) is very secure in that there is no identiable customer information shared through this iteration of mobile banking. This is the most basic version, which allows for the exchange of simple balances and transactions, leaving very little information available to a fraudster. However, users should be aware of attempts to collect such data as PINs, account numbers or other information by spoofed SMS messages. Browser-based mobile banking is the most comparable, as far as security, to Internet Banking. In reality, it is probably somewhat safer at the moment because creators of password-cracking viruses and Trojan horses havent yet fully focused on the mobile market. Of course, mobile web users are as susceptible as anyone else to the phishing scams and spoofed websites that try to trick users into disclosing passwords and other personal data. Apps developed specically for banks, however, are proprietary applications and are highly secure because they can contain unique security algorithms. And because they dont use web browsers, these applications are resistant to phishing scams. As more FIs begin exploring mobile banking options and rolling out services to customers, the responses to this question are likely to continue to trend in a positive direction.
21 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t 2013 OUTSOURCING & CLOUD What information technology services is your FI currently outsourcing? From 2012 to 2013, respondents indicated that there is steady growth in the trend of outsourcing IT services, with increases in complete outsourcing of IT, network and security, infrastructure monitoring and maintenance, and IT projects and consulting. This trend will likely continue as the complexity of technology for nancial institutions grows beyond internal resources, cloud solutions are embraced, and bankers look to focus on their core competencies.
What are your plans for outsourcing IT services in 2013? The trend toward moving additional services to outsourced vendors looks like it will continue, with nearly 5 percent looking to completely outsource IT and 12.5 percent planning to outsource more than they did in 2012. While at the same levels as 2012, this still represents the steady increase year after year in the previous chart. Seventy-one percent will hold fast with the level of outsourcing today, up from 2012. Surprisingly, slightly more respondents also indicated that they are going to outsource less than they do today. 22 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t What percentage of your IT assets will be in the cloud in 2013? Respondents indicated a growing comfort level with cloud-based solutions. While slightly more respondents answered that they would have no assets in the cloud in 2013, the survey also saw a shift in percentage from the lower end (1-25 percent) to the higher end (26-100 percent). This may indicate that those institutions that have developed a comfort level with cloud solutions will continue to look for more ways to reap the benets, while performing the due diligence cited in 2012s FFIEC Outsourced Cloud Computing Guidance. NEW QUESTION: What types of solutions do you use in the cloud today? Of those using cloud solutions today, the majority are using applications in the cloud. This makes sense, considering that cloud-hosted applications or Software-as-a-Service (SaaS) usually are the easiest transitions and quickest wins for organizations looking to transition to the cloud. Just behind those using applications only, more than 13 percent are using both applications and infrastructure in the cloud, with infrastructure-only in third place. 23 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t NEW QUESTION: What types of solutions are you looking to move to the cloud in the future? Of those planning to move solutions to the cloud in the future, the majority plan to move forward with applications and infrastructure. Thats understandable, since many of the respondents have applications only at this point and will be looking to expand into infrastructure as well. This is a logical next step in continuing to achieve the benets of the cloud. NEW QUESTION: Rank cloud benets in terms of importance to you. Surprisingly, disaster recovery ranked above capital cost reduction, the latter being the chief value statement often associated with cloud services. Also surprising is that the features of enhanced support and relocation of internal IT resources also trumped speed to market and scalability. However, this makes perfect sense for organizations that are looking to achieve enterprise-level support and IT resources by outsourcing some or all of their IT operations in the cloud.
24 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t What is your greatest concern when it comes to cloud-based services? Concerns with cloud adoption are coming down across the board. There are signicantly large decreases indicated in the areas of compliance and loss of control, as well as a signicant decrease in the chief concern, security. The drop in concern from 2012 to 2013 may indicate that nancial institutions are beginning to see cloud services as another form of outsourcing, with the same vendor management due diligence requirements. This also indicates that cloud is becoming a more mature ofering within the nancial industry.
NEW QUESTION: Are you currently leveraging virtual desktops within your environment? Virtual desktops are an expected area of growth. More than 20 percent of nancial institutions are leveraging virtual desktops today. This is a new question on the survey in 2013, so it will be interesting to see how this trend changes in the coming years, as Gartner predicts the worldwide hosted virtual desktop market will exceed $65 billion in 2013 7 . 7 Gartner. Gartner says Worldwide Hosted Virtual Desktop Market to Surpass $65 Billion in 2013. March 26, 2009. http://www.gartner.com/newsroom/id/920814 25 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t 2013 DOCUMENT PROCESSING NEW QUESTION: Are you outsourcing statement printing to a GLBA- compliant vendor? More awareness of GLBA requirements and information security risk are still needed. Almost 45 percent of respondents do not outsource statement printing to a GLBA-compliant vendor. GLBA requires all FIs and their vendor partners to safeguard and to hold all non-public customer information condential. This requirement must be enforced throughout the statement composition and preparation process and validated through a series of quality tests and periodic audits. FIs must ensure that their outsourced print provider has a GLBA policy that is part of a larger information security strategy. They should regularly test this policy through audit review and electronic vulnerability assessments. These assessments should be conducted by independent third parties to ensure their validity. It also is a good practice for outsourced print vendors to be reviewed annually by federal and state bank examiners, according to FFIEC guidelines. NEW QUESTION: Are you transitioning from paper to electronic statements and notices? Paper statements and notices are going away. Eighty-ve percent of respondents have already transitioned or are in the process of transitioning from paper to electronic statements and notices. The responses to this question validate a general industry trend that FIs are gradually selecting electronic statements and notices, since these delivery options allow them to capitalize on both cost and operational efciencies. This trend is expected to continue as more people acquire electronic devices that make receiving and viewing this information easier. For those FIs that plan to continue using paper, they can still nd opportunities to reduce costs in this area. The cost to produce and deliver a paper statement varies widely. Doing the work in-house likely can run as much as $1.00 to $1.50 per statement when postage is included. However, outsourcing to a GLBA compliant vendor will likely save $0.30 to $0.80 per statement, but the cost is still a large expense for these accounts. Add to this expense the delivery challenges that are sure to develop with possible changes to the USPS, and electronic delivery looks very attractive. Transitioning to electronic statements and notices provides three key benets: Transition from paper to electronic statement and notices? Percent Already transitioned 30.3% In process already 39.9% Planning to in 2013 14.9% Staying with paper 14.9% It ensures the timely delivery of information. It creates the opportunity to deliver content within the online banking environment. It saves money. Electronic delivery is generally less than 35 percent of the print cost when considering the price of postage. 26 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y E x e c u t i v e R e p o r t NEW QUESTION: Have you implemented a successful and secure merchant capture strategy? Merchant capture is a high-risk transaction and must be secure. Approximately two-thirds, 62.1 percent, of respondents indicated that they have implemented or are in the process of implementing a secure merchant capture solution. Merchant capture has revolutionized payment processing by enabling nancial institutions to receive image payment transactions directly from remote merchant locations. This convenient and cost-efective capture solution yields great benets for all involved parties. It is imperative, however, that all merchant capture activities are securely protected. In 2011, the FFIEC issued supplemental guidance related to authentication in an Internet banking environment. FIs are now required to identify high-risk transactions and ensure appropriate authentication controls and security layers are in place. This supplemental guidance reafrms the original denition in the 2005 guidance of what constitutes a high-risk transaction: electronic transactions involving access to customer information or the movement of funds to other parties. Clearly, merchant capture qualies as a high-risk transaction. Depending on your assessment of risk, merchant capture security will be handled diferently. An understanding of risks and appropriate controls will aid you in completing this required exercise. Summary FIs are feeling cautiously optimistic about the future. The data from this years annual study, along with other key data points, indicates that FIs are no longer waiting passively for conditions to improve. As the survey respondents revealed, the top opportunities for the coming year include loan growth, new technology, mobile banking and expanding market share. These four initiatives are all interrelated, with each providing the ability to bolster the other. The determining factor will be developing a solid roadmap for the future, so that they can maximize protability. As FIs build a long-term strategy, the survey results reveal that many will capitalize on the identied opportunities through increased investment in technology. These investments will likely be concentrated in the areas of mobile banking, wire and ACH origination, and remote deposit capture technologies. Its likely that more investments will be made in cloud-based solutions, as FIs continue to recognize the cost efciencies that can be gained by outsourced technology. And underlying this outward activity will be a constant focus on regulatory compliance and data security. As the data suggests, FIs feel they are well-stafed for the upcoming compliance changes emerging from Dodd-Frank, but they will complement this readiness by using solutions that simplify the overall compliance process. Conversely, with external attacks being respondents greatest security fear, its likely that they will increase their focus on measures that strengthen rewalls and perimeter security; however, FIs shouldnt neglect the fact that social engineering also leaves the door open for external attacks. A well-rounded approach to both compliance and security will be key to enabling success in 2013 and beyond. Overall, the data from the CSI 2013 Annual Banking Priorities Study hints at renewed signs of optimism. As new regulations take efect and with new technologies constantly changing consumer behaviors, the health of the banking industry will come down to responsible, protable lending by forward-thinking banks that are willing to participate in a dynamic, ever-changing market place. About CSI Computer Services, Inc. (CSI) is a customer service company that delivers innovative technology solutions to more than 5,000 nancial institutions and companies nationwide. A total solutions provider, CSI ofers core processing, managed services, mobile and Internet solutions, payments processing, print and electronic distribution, and regulatory compliance solutions. With nearly 50 years as an industry leader in innovation and service, CSI serves its customers as a trusted technology partner that understands their needs and delivers solutions that empower them to be more competitive, compliant and protable. To learn more about CSI, visit CSIweb.com. E x e c u t i v e R e p o r t 27 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y Authors & Contributors Paul Reymann Chief Risk Ofcer, CSI Regulatory Compliance David Culbertson President & General Manager, CSI Document Services Bill Kane Senior Risk Management Consultant, CSI Regulatory Compliance Chad Whittenberg Director of Product Management and R&D, CSI Regulatory Compliance Sean Martin HIVE Network & Security Manager, CSI Managed Services Clif Skrdlant Senior Product Manager, CSI Managed Services E x e c u t i v e R e p o r t 28 E x e c u t i v e R e p o r t : 2 0 1 3 B a n k i n g P r i o r i t i e s S t u d y KY_041113_001_V1 April 2013