Skip to Main Content

insightsarticles

Preventing fraud at financial institutions: An
anti-fraud
plan is the best investment you can make

09.28.16

Financial fraud by the numbers

In a June 2016 Gallup poll, 72 percent of respondents said they had “very little” or only “some” confidence in banks.1 This lack of confidence lives alongside recent headlines—including major fraud schemes revealed at Deutsche Bank this summer—and the fact that the financial services industry is the most affected sector in the world when it comes to occupational fraud.

Financial institutions account for 16.8% of all occupational fraud worldwide, with a median loss of $192,000 per case.2 Longer running, complex schemes can cost organizations much more—overall, 23% of fraud cases in 2015 caused losses of $1 million or more.3

What does a fraudster looks like, and how do they commit their crimes? How do you prevent fraud from happening at your organization? And how can you strengthen an already robust anti-fraud program?

Profile of a fraudster

One of the most difficult tasks any organization faces is identifying and preventing potential cases of fraud. This is especially challenging because the majority of employees who commit fraud are first-time offenders with no record of criminal activity, or even termination at a previous employer.

The 2016 report from the Association of Certified Fraud Examiners (ACFE) reveals a few commonalities between fraudsters:4

  • 3% of fraudsters had no criminal background
  • Men committed 69% of frauds and women committed 31%
  • More than half of fraudsters were between the ages of 31 and 45
  • 3% of fraudsters were an employee, 31% worked as a manager and 20% operated at the executive/owner level

Employees who committed fraud displayed certain behaviors during their schemes. The ACFE reported these top red flags:5

  • Living beyond means – 45.8%
  • Financial difficulties – 30.0%
  • Unusually close association with vendor/customer – 20.1%
  • Control issues, unwillingness to share duties – 15.3%

These figures give us a general sense of who commits fraud and why. But in all cases, the most pressing question remains: how do you prevent the fraud from happening?

Preventing fraud: A two-pronged approach

As a proactive plan for preventing fraud, we recommend focusing time and energy on two distinct facets of your operations: leadership tone and internal controls.

Leadership tone

The Board of Directors and senior management are in a powerful position to prevent fraud. By fostering a culture of zero-tolerance for fraud at the top of an organization, you can diminish opportunity for employees to consider, and attempt, fraud.

It is crucial to start at the top. Not only does this send a message to the rest of the company, but in the United States, frauds committed at the executive level had a median loss of $500,000 per case, compared to a median loss of $54,000 when a lower level employee perpetrated the fraud.6

A specific action plan for the Board of Directors is outlined in our free white paper on financial institution fraud.

Internal controls

Every financial institution uses internal controls in its daily operations. Yet over half of all frauds could be prevented if internal controls were implemented or more strongly enforced.7

The importance of internal controls cannot be overstated. Every organization should closely examine its internal controls and determine where they can be strengthened – even financial institutions with strong anti-fraud measures in place. 

The experts at BerryDunn have created a checklist of the top 10 internal controls for financial institutions, available in our white paper on preventing fraud. This is a list that we encourage every financial leader to read. By strengthening your foundation, your company will be in a powerful place to prevent fraud.

Read more to prevent fraud

Employees are your greatest strength and number one resource. Taking a proactive, positive approach to fraud-prevention maintains the value employees bring to a financial institution, while focusing on realistic measures to discourage fraud.

In our free whitepaper on preventing financial institution fraud, we take a deeper look at how to successfully implement a strong anti-fraud plan.

Commit to strengthening fraud prevention and you will instill confidence in your Board, employees, customers and the general public. It’s a good investment for any financial institution.

1http://www.gallup.com/poll/1597/confidence-institutions.aspx 2-7Report to the Nations on Occupational Fraud and Abuse: 2016 Global Fraud Study, The Association of Certified Fraud Examiners, p. 34-35

Related Industries

Related Professionals

Principals

BerryDunn experts and consultants

Not-for-profit fraud on the rise
“Local Accounts Payable Manager Steals Thousands.”
“National Charity Loses Millions.”
“University Funds Disappear.”

We’ve all seen the headlines. Stories about not-for-profit fraud have been popping up in the news, and the statistics confirm what you might have suspected: fraud in the not-for-profit sector is on the rise.

The Ethics Resource Center published a study showing that rates of fraud and misconduct at not-for-profits have reached or surpassed their for-profit counterparts, where they have historically been below private sector rates.1 This increasing fraud means a potential loss of almost $40 billion a year – or 5% of not-for-profit revenues in the United States.2

What does fraud look like at a not-for-profit? And how can you prevent fraud in your organization?

How and why fraud occurs
A 2016 report from the Association of Certified Fraud Examiners showed that approximately 95% of the perpetrators had never been convicted of a fraud-related offense before. Of all the fraud schemes revealed, 47% involve more than one person.3

The possibility of fraud occurring is difficult for many organizations to accept, especially not-for-profits, which often have fewer employees than their commercial counterparts, and are founded on trust and altruism.

But all fraud is committed by employees – or volunteers – who both identify an opportunity and have motivation to steal. The motivation is typically a personal financial pressure, such as a spouse who lost a job or a spending addiction. Employees must also rationalize their actions to commit fraud – “I’m just going to borrow money now, and I’ll pay it back later.” Or, “I need money badly right now, the organization is doing fine and won’t miss the funds.”

Once a scheme begins, it can fall into one of a few categories.

Common types of fraud
More than 83% of fraud schemes fall under asset misappropriation.4 There are two groups of assets that can be misappropriated: cash and inventory/other assets. Money can be taken from a not-for-profit before it is recorded on the books (skimming) or after it is recorded (larceny).

Skimming occurs when someone intercepts cash before it reaches its appropriate destination. For instance, an employee could intercept checks from donors and deposit them in an alternative bank account. Without separation of duties or other appropriate controls, the not-for-profit might never know that the donation existed. With a simple thank you note from the fraudster, the donor would assume that their check was properly received.  

Larceny occurs when someone steals money on the books. Petty cash is a vulnerable target, as are weakly controlled debit and credit cards, which could be charged for personal expenses. An employee could also write checks to a “vendor” which doesn’t actually exist, pocketing the funds for personal use. Reimbursement expense schemes are also common and should be watched for closely. These types of schemes often include a number of people working both on the inside, and on the outside of the organization.

Inventory or physical assets could be misused in many ways. For instance, if a not-for-profit receives gifts of tangible goods – such as sporting equipment, furniture or computers – an employee could divert some of the assets before recording them and sell the goods, keeping the revenue.

The other 17% of fraud falls under the categories of corruption and financial statement fraud. Although less common, they can occur at nonprofits just as they take place at larger, for-profit corporations.

Learn more and prevent fraud
A fraud risk assessment – whether performed internally or with the help of an external auditor—is a crucial first step in identifying organizational weaknesses and opportunities for fraud. When identifying risks, nonprofits should examine existing internal controls and add additional measures where necessary.

The ACFE study also found that 39% of fraud schemes were discovered by a tip, and the majority of tips came from employees through a tip hotline.Having a clear whistleblower policy in place can help employees feel comfortable reporting suspicious activities.

In general, a clear anti-fraud policy is crucial for any not-for-profit. Sharing policies with employees and board members, and having them all sign a code of conduct, allows the entire organization to take an active role in preventing fraud.

These are just a few of the tactics you can use when assessing fraud risk. Our free white paper recommends specific strategies to combat potential misappropriations and provides guidance on action if and when fraud has taken place.

Take a deeper look at the kinds of fraud risks and associated pitfalls affecting not-for-profits and learn how all organizations—even small ones—can put internal controls in place to reduce the risk of fraud.

Make sure your organization isn’t the next morning headline.

Download
Impact and Prevention: An Examination of Fraud in the Not-for-Profit Sector.

1 Bradley, John M., "Empowering Employees to Prevent Fraud in Nonprofit Organizations" (2015). Faculty Scholarship. Paper 1446, p 721

2 An Investigation of Fraud in Nonprofit Organizations: Occurrences and Deterrents. The Hauser Center for Nonprofit Organizations, Harvard University, p 5.

3 Report to the Nations on Occupational Fraud and Abuse: 2016 Global Fraud Study, The Association of Certified Fraud Examiners
4 Report to the Nations on Occupational Fraud and Abuse: 2016 Global Fraud Study, The Association of Certified Fraud Examiners, p 4

5 Ibid, p. 21

Article
Fraud within not-for-profit organizations

Read this if you are a financial institution with income tax credit investments.

Financial institutions and other businesses that participate in tax credit investments designed to incentivize projects that produce social, economic, or environmental benefits could benefit from proposed rules that simplify the accounting treatment of such investments and result in a clearer picture of how these investments impact their bottom lines.

FASB proposal

On August 22, 2022, the Financial Accounting Standards Board (FASB), issued a proposal that would broaden the application of the accounting method currently available to account for investments in low-income housing tax credit (LIHTC) programs to other equity investments used to generate income tax credits. The proposal, titled “Investments – Equity Method and Joint Ventures (Topic 323): Accounting for Investments in Tax Credit Structures Using the Proportional Amortization Method”, would expand the eligibility of the proportional amortization method of accounting beyond LIHTC programs to other tax credit structures that meet certain eligibility criteria.  

FASB introduced the option to apply the proportional amortization method to account for investments made primarily for the purpose of receiving income tax credits and other income tax benefits in ASU 2014-01. However, the guidance limited the proportional amortization method to investments in LIHTC structures.

The proportional amortization method is a simplified approach for accounting for LIHTC investments in which the initial cost of the investment is amortized in proportion to the income tax credits and other benefits received (allocable share of depreciation deductions). The cost basis amortization and income tax credits received are presented net on the investor’s income statement as a component of income tax expense (benefit). Under existing guidance, investments in non-LIHTC projects are accounted for using either the equity method or cost method, depending on certain factors. 

The proposal aims to address the concerns that the equity and cost methods do not offer a fair representation of the economic characteristics for investments for which returns are primarily related to federal income tax credits. Supporters of the proposal argue that the accounting method applied should not be determined by the legislative program under which the tax credits are authorized, but instead by the economic intent under which the investment was made. The hope is the FASB proposal will create a heightened sense of uniformity in accounting for investments in income tax credit structures. 

Additional provisions

Other provisions within the proposal would require a reporting entity to “make an accounting policy election to apply the proportional amortization method on a tax-credit-program-by-tax-credit-program basis” and disclose the nature of its tax equity investments and the impact on its financial position and results of operations. 

The significance of this proposal is amplified by the uptick in tax credit programs in recent years, including the New Markets Tax Credit (NMTC), Historic Rehabilitation Tax Credit (HTC), and Renewable Energy Tax Credit (RETC). While the FASB has yet to declare an effective date for the implementation of the proposal, comment letters from stakeholders were due October 6, 2022. 

For more information

To discuss the impact this new accounting pronouncement may have on your financial institution, please contact the BerryDunn Financial Services team. We’re here to help.

Article
FASB proposes changes to accounting for income tax credits

On November 8, 2022, Massachusetts voters approved a constitutional amendment to alter the state’s flat 5% income tax to add a 4% surtax on annual income exceeding $1 million. The so-called “millionaires tax,” also referred to as the “Fair Share Amendment,” is effective for tax years beginning on or after Jan. 1, 2023. The annual income level subject to the surtax would be adjusted yearly to reflect increases in the cost of living.

This measure is expected to bring in revenue of between $1.2 and $2 billion annually. The proceeds from the increased tax collections will support state budgets in the areas of education, roads, bridges, and public transportation. The measure passed with 52% voter support and is the sixth attempt to change the state’s flat income tax rate since 1962. This amendment is expected to affect about 0.6% of the state’s population, or about 20,000 taxpayers.

If you expect your income to exceed $1 million in 2023 and have questions regarding the recent legislation, please contact a member of our state and local tax team.

Article
Massachusetts voters pass "Millionaires tax"

Read this if you are responsible for cybersecurity or are a member of a board of directors.

The board’s role in the oversight of organizational risk is increasingly complicated by cybersecurity concerns. Cybersecurity risk is pervasive and will affect companies in a variety of ways. The responsibility for detailed cyber risk oversight within the board should be well documented and communicated, and may often touch various committees across the board, including but not limited to risk, audit, and compliance. With the increasing complexity surrounding cybersecurity, it is also important for the board to evaluate existing experience and skills, identify gaps, and address those gaps through succession planning or leveraging advisors.

Additionally, all directors need to maintain continual knowledge about evolving cyber issues and management’s plans for allocating resources with respect to the preparedness in responding to cyber risks. Such knowledge helps boards assess the priority-driven and investment decisions put forth by management needed in critical areas.

Here are some critical questions that boards and management should be considering with respect to mitigating cyber security risk for their organizations. They may be useful as a starting point for boards to use in their discussions and as a guide when looking at their oversight of management’s plans for addressing potential cyber risks.

General

  • What is the threat profile and risk tolerance of our organization based on our business model and the type of data our organization holds?
  • Is the cyber risk management plan documented, including the identification, protection, and disposal of data?
  • Has the cyber risk management plan been tested?
  • Does our organization’s cybersecurity strategy align with our threat profile and risk tolerance?
  • Is our cybersecurity risk viewed as an enterprise-wide issue and incorporated into our overall risk identification, management, and mitigation process?
  • What percentage of our IT budget is dedicated to cybersecurity?
  • Does that allocation conform to industry standards?
  • Is it adequate based on our threat profile?
  • What are stakeholder demands and priorities for cybersecurity? Data privacy? Data governance? What interactions has the company or board had with shareholders regarding cybersecurity?
  • What is the interaction model between senior management and the board for communications regarding cybersecurity?
  • Has the regulatory focus on the board’s cybersecurity responsibility been increasing? If so, what is driving that focus?

Board cybersecurity oversight

  • How is oversight of cybersecurity structured (committee vs. full board) and why? Is this structure well documented in the appropriate governance charters?
  • Is cybersecurity an area considered and reported as a director competency? If so, have skill/experience gaps been identified together with plans to resolve those gaps?
  • Is there a cybersecurity expert on the board?

Overall cybersecurity strategy

  • Does the board play an active part in determining an organization’s cybersecurity strategy?
  • What are the key elements of a good cybersecurity strategy?
  • Is the organization’s cybersecurity preparedness receiving the appropriate level of time and attention from management and the board (or appropriate board committee)?
  • How do management and the board (or appropriate board committee) make this process part of the organization’s enterprise-wide governance framework?
  • How do management and the board (or appropriate board committee) support improvements to the organization’s process for conducting a cybersecurity assessment?

Risk assessment: risk profile

  • What are the potential cyber threats to the organization?
  • Who is responsible for management oversight of cyber risk?
  • Has a formal cyber assessment been performed? Does it need to be updated?
  • Do management and the board understand the organization’s vulnerabilities and how it may be targeted for cyber-attacks?
  • What do the results of the cybersecurity assessment mean to the organization as it looks at its overall risk profile?
  • Is management regularly updating the organization’s inherent risk profile to reflect changes in activities, services, and products?

Risk assessment: cyber maturity oversight

  • Who is accountable for assessing, managing, and monitoring the risks posed by changes to the business strategy or technology and are those individuals empowered to carry out those responsibilities?
  • Is there someone dedicated full-time to our cybersecurity mission and function, such as a Chief Information Security Officer (CISO)?
  • Is our cybersecurity function properly aligned within the organization? (Aligning the CISO under the CIO may not always be the best model as it may present a conflict. Many organizations align this function under the risk, compliance, audit, or legal functions, while others with a direct or “dotted line” reporting to the CEO.)
  • Do the inherent risk profile and cybersecurity maturity levels meet risk management expectations from management, the board, and shareholders? If there is misalignment, what are the proposed plans to bring them into alignment?

 Cybersecurity controls

  • Do the organization’s policies and procedures demonstrate management’s commitment to sustaining appropriate cybersecurity maturity levels?
  • What is the ongoing practice for gathering, monitoring, analyzing, and reporting risks?
  • How effective are the organization’s risk management activities and controls identified in the assessment?
  • Are there more efficient or effective means for achieving or improving the organization’s risk management and control objectives?
  • Are there controls in place to ensure adequate, accurate and timely reporting of cybersecurity related content?
  • How does the company remain apprised of laws and regulations and ensure compliance?
  • What cloud services does our organization use and how risky are they?
  • How are we protecting sensitive data?

Threat intelligence and collaboration

  • What is the process for gathering and validating inherent risk profile and cybersecurity maturity information?
  • Does our organization share threat intelligence with law enforcement?
  • What third parties does the organization rely on to support critical activities and does the organization regularly audit their level of access?
  • What is the process to oversee third parties and understand their inherent risks and cybersecurity maturity?

Cybersecurity metrics

  • Have we defined appropriate cybersecurity metrics, the format, and who should be reporting to the board?
  • How regularly should a board obtain IT metric information?
  • Is the information meaningful in a way that invokes a reaction and provides a clear understanding of the level of risk willing to be accepted, transferred, or mitigated?
  • How is the board actively monitoring progress or lack of progress and holding management accountable?

Cyber incident management and resilience

  • How does management validate the type and volume of cyber-attacks?
  • Does the organization have a comprehensive cyber incident response and recovery plan? Does it involve all key stakeholders—both internal and external? Does it include a business disaster recovery communication process?
  • How does an incident response and recovery plan fit into the overall cybersecurity strategy?
  • Is the board’s response role clearly defined?
  • Is the cyber incident response reviewed and rehearsed at least annually? Do rehearsals include cyber incident exercises?
  • Is there a culture of cyber awareness and reporting at all levels of the company?
  • Is the company adequately insured and is coverage reviewed at least annually?

Cybersecurity education

  • How does the board remain current on cybersecurity developments in the market and the regulatory environment?
  • Currently, how does the board evaluate directors' knowledge of the current cyber environment and cybersecurity issues impacting their organizations?
  • Do boards currently have the skill sets necessary to adequately oversee cybersecurity? How is the board identifying and evaluating the necessary director skills and experience in this area?
  • Are directors provided with educational opportunities in this area?
  • Is regular cybersecurity education provided to the entire organization?

Cybersecurity disclosure

  • Has oversight of cybersecurity reporting been defined for management and the board?
  • Are company policies and procedures to identify and manage cybersecurity risk, management’s role in implementing cybersecurity policies and procedures, board of directors’ cybersecurity expertise and its oversight of cybersecurity risk, being included within the financial statement and proxy disclosures?
  • Does the company have a mechanism for timely reporting of material cybersecurity incidents?
  • Have updates about previously reported material cybersecurity threats and incidents been included in the financial statements?

If you have any questions about cybersecurity programs, communicating with your board about cybersecurity, or have a specific question about your company or organization, please contact our IT security experts. We're here to help. 

Article
Board oversight of cybersecurity: Questions to ask

Thanks to a little-known law, eligible Massachusetts taxpayers will receive a tax credit in the form of a refund this fall—just in time for holiday shopping. Chapter 62F of the Massachusetts General Laws, a voter passed initiative from 1986, states that if state tax revenue collections exceed a cap tied to wage and salary growth, the surplus must be returned to the taxpayers. This tax credit was only triggered once before – 35 years ago.

According to the Mass.gov website, in Fiscal Year 2022, state tax revenues exceeded the cap by $2.941 billion—the sum of which will be returned to taxpayers by check or direct deposit in the coming months.

Governor Baker stated that a preliminary estimate of the refunds will be approximately 13% of the taxpayer’s personal income tax liability in 2021, though they will update that estimate in late October, once all 2021 tax returns have been filed.

More details on the tax refund:

  • Taxpayers, both resident and non-resident, who have filed a 2021 state tax return on or before September 15, 2023, are eligible for the refund.
  • The expected time frame for the issuance of refunds is expected to begin November 2022.
  • Individual refunds may be reduced by refund intercepts, such as unpaid child support or unpaid tax liability.
  • Massachusetts taxpayers can use this online refund estimator to calculate their estimated refund using information from their 2021 tax returns.

If you have questions, please contact a member of our state and local tax team.

Article
Chapter 62F law to give Massachusetts taxpayers a bonus refund

Read this if you are responsible for cybersecurity at your organization.

Cybersecurity threats aren’t just increasing in number—they’re also becoming more dangerous and expensive. Cyberattacks affect organizations around the globe, but the most expensive attacks occur in the US, where the average cost of a data breach is $9.44 million, according to IBM’s 2022 Cost of a Data Breach Report. The same report shows that the cost of a breach is $10.10 million in the healthcare industry, $5.97 million in the financial industry, $5.01 million in the pharmaceuticals industry, and $4.97 million in the technology industry.

Cyber threat actors are a serious danger to your company, and your customers, stakeholders, and shareholders know this. They expect you to be prepared to defend against and manage cybersecurity threats. How can you demonstrate your cybersecurity controls are up to par? By obtaining a SOC for cybersecurity report.

What is a SOC for cybersecurity report?

It provides an independent assessment of an organization’s cybersecurity risk management program. Specifically, it determines how effectively the organization’s internal controls monitor, prevent, and address cybersecurity threats.

What’s included in a SOC for cybersecurity report?

The report is made up of three key components:

  1. Management’s description of their cybersecurity risk management program, aligned with a control framework (more on that below) and 19 description criteria laid out by the AICPA.
  2. Management’s assertion that controls are effective to achieve cybersecurity objectives.
  3. Service auditor’s opinion on both management’s description and management’s assertion.

Why should you consider a SOC for cybersecurity report?

A SOC for cybersecurity report offers several important benefits for your organization, which include:

  • Align with evolving regulatory requirements. The cybersecurity regulatory environment is constantly evolving. In particular, the SEC’s cybersecurity guidelines are becoming stricter over time. A SOC for cybersecurity report can demonstrate you’re aligned with these guidelines. If you’re a public company or are considering going public in the future, you need to be prepared to meet not just the SEC’s guidelines of today, but their evolved guidelines in the future.
  • Keep your board of directors informed. Your board is responsible for ensuring the business is effectively addressing and mitigating risks—and that includes cyber risk. A SOC for cybersecurity report offers your board a clear and practical illustration of your organization’s cybersecurity risk management controls.
  • Attract and retain more customers. It’s becoming increasingly common for companies to require that their vendors have a SOC for cybersecurity report. Even for companies that don’t require such a report, it’s important to know their vendors are keeping their data safe. Having this report differentiates you from vendors who have not prepared one.
  • Improve your cybersecurity posture. A SOC for cybersecurity report can identify current gaps in your cybersecurity risk management program. Once you’ve addressed these gaps, you can show your customers, stakeholders, and shareholders that you’re continuously improving and evolving your cybersecurity risk management approach.

How do I prepare for my SOC for cybersecurity assessment?

There are several steps you should take to prepare for your assessment.

  1. Choose your control framework. You have several options, including the NIST Cybersecurity Framework, ISO 27002, and the Secure Controls Framework (SCF). There are multiple online resources to help you choose the framework that’s right for your organization.
  2. Determine who your key internal stakeholders are for your cybersecurity risk management program. You’ll need to select a point person to be responsible for ensuring the independent services auditor has all the documentation they need to complete their assessment and act as liaison across internal and external stakeholders.
  3. Collect all cybersecurity-related documentation in one location. Make sure you have an organizational system that makes sense to your point person so it’s easy for them to pull the appropriate materials to give to the independent services auditor.
  4. Conduct a readiness assessment. You can work with an independent services auditor to conduct such an assessment which will identify gaps you can address before performing the attestation.
  5. Select an independent services auditor to perform the attestation. SOC for cybersecurity services are provided by independent CPAs approved by the AICPA. Ideally, you’ll want to select a firm that is experienced in your industry, has a diverse and robust team of cybersecurity professionals, and is accessible when and where you need them.

As always, if you have questions about your specific situation or would like more information about SOC for cybersecurity services, please contact our IT security experts. We’re here to help.

Article
Yes, you need a SOC for cybersecurity report—here's why

Read this if you are a community bank.

The Federal Deposit Insurance Corporation (FDIC) recently issued its second quarter 2022 Quarterly Banking Profile. The report provides financial information based on call reports filed by 4,771 FDIC-insured commercial banks and savings institutions. The report also contains a section specific to community bank performance. In second quarter 2022, this section included the financial information of 4,333 FDIC-insured community banks. BerryDunn’s key takeaways from the report are as follows:

Community banks see quarterly growth in net income despite year-over-year decline.

Community bank quarterly net income increased to $7.6 billion in second quarter 2022, despite being down $523.0 million from one year ago. Higher noninterest expense, lower noninterest income, and higher provision expense offset growth in net interest income. Nearly three-quarters of community banks reported higher net income than one quarter ago. More than two-thirds of community banks reported an increase in net interest income from the year-ago quarter.


Loan and lease balances continue to show widespread growth in second quarter 2022.

Community banks saw a $82.3 billion increase in loan and lease balances from first quarter 2022. All major loan categories except commercial & industrial (C&I) and agricultural production grew year over year, and 69.9% of community banks reported annual loan growth. Total loan and lease balances increased $125.4 billion, or 7.7%, from one year ago. Excluding Paycheck Protection Program loans, annual total loan growth would have been 14.0% and annual C&I growth would have been 21.9%.

Community bank net interest margin (NIM) increased to 3.33% due to strong interest income growth.

Community bank NIM increased eight basis points from the year-ago quarter and 22 basis points from first quarter 2022. Net interest income growth exceeded the pace of average earning asset growth. The average yield on earning assets rose 25 basis points while the average cost of funding earning assets rose three basis points from the previous quarter. The quarterly increase in NIM was the largest reported since second quarter 1985. However, NIM remains below the pre-pandemic average of 3.63%. 

Slightly more than half of community banks reported quarter-over-quarter reductions in noncurrent loan balances.

The allowance for credit losses (ACL) as a percentage of total loans and leases decreased six basis points from the year-ago quarter to 1.25%. The coverage ratio for community banks is 46.4 percentage points above the coverage ratio for noncommunity banks. The coverage ratio increased 54.1 percentage points from the year-ago quarter to 245.4%, a record high since Quarterly Banking Profile data collection began in first quarter 1984.

It has been a time of momentous change for the banking industry; this has been the case since the pandemic but continues to hold true. The Federal Open Market Committee (FOMC) had already risen the target federal funds rate by 225 basis points in 2022 at the time of writing this summary, with further increases throughout the remainder of 2022 anticipated. Although rising rates have been the largest contributor to strengthening net interest margins, the impact these rate increases will have on the long-term economy is still to be seen.

Inflation also continues to run rampant, with rate increases thus far seeming to be ineffective in slowing inflation. The continued inflation has many wondering if rate increases are not the answer and that there may be other, inalterable forces at play. If this is the case, the FOMC’s target rate increases could have the effect of worsening an economic slowdown. Furthermore, although loan growth remained relatively strong in quarter two, deposit growth waned. Community banks saw only a 0.4% increase in deposits from a quarter ago. This has put some institutions in a liquidity crunch, having to rely more heavily on wholesale funding to fund loan growth. However, making funding decisions has proven to be difficult, given the economic uncertainty and potential target rate increases.

Community banks will have to continue to remain vigilant and remain a resource to their customers. Banks’ customers are facing many of the same challenges that banks are facing—interest rate uncertainty, rising costs, staffing shortages, etc. Therefore, as we’ve previously mentioned, it continues to be important for banks to maintain open dialogue with customers. As always, please don’t hesitate to reach out to BerryDunn’s Financial Services team if you have any questions. You can also visit our Ask the Advisor page to submit your questions.

Article
FDIC Issues its Second Quarter 2022 Quarterly Banking Profile

Read this if you are a chief executive officer, chief operations officer, or chief retail officer at a financial institution.

There’s been much buzz around the recent announcement by the Biden administration that up to $20,000 in federal student loans will be cancelled for low- to middle-income families. And, rightfully so, as the debt cancellation is anticipated to be eligible for up to 43 million Americans with roughly 20 million borrowers expected to have their remaining student loan debt eliminated entirely.1 Although the relief does not apply to private loans, financial institutions should see this as an opportunity to enhance the customer experience. 

Trusted advisors 

Financial institutions are often seen as trusted advisors by their customers and may be a go-to resource for customers when making financial decisions. Debt cancellation of up to $20,000 can have a major financial impact on households, especially provided relief is only eligible to borrowers with household income below $250,000 ($125,000 for individuals).2 And, with roughly 20 million borrowers expected to have their remaining student loan debt eliminated, this may free up significant monthly cash flow for those borrowers. Even though student loan repayments have been on hold for the past couple of years for many borrowers, the cancellation of this debt may free up deposits those borrowers had set aside in anticipation of the recommencement of loan payments. Now that this remaining debt is expected to be forgiven, how might they use this debt forgiveness to better their financial health? Community banks and credit unions are in the driver’s seat to assist customers in making this decision.

Data analytics

With the onset of data analytics—the understanding of how transaction, financial, and other information may be used to understand customer needs—many financial institutions are well-positioned to recommend services tailored to each customer. Although making sense of this data and putting it into something actionable can be challenging, the rewards can be tremendous. For instance, analyzing spending habits or cash flow trends can equip an institution with the insights needed to assist a customer when asked how best to deploy this excess wealth. Do they have any loans with your institution they should pay off or pay down? Given the current interest rate environment, this may also prove to be beneficial for the institution, as it could then re-deploy these funds at a higher interest rate. 

Knowing your customer

A simpler approach than using data analytics to provide actionable insights is just simply knowing your customer. This is something community financial institutions excel at and is one of their biggest value propositions. When working on financial institution audits, we often ask about specific customers as part of our audit procedures. I am always awed by our clients’ ability to provide one of their customer's stories on a whim. Bankers have well-developed relationships with their customers. Customers are neighbors, restaurant servers, bartenders, firefighters, the list goes on. These are people bankers see out in their communities—you may even have children that go to the same school together. The point I am trying to make is that these relationships are much deeper than any relationship data analytics can provide. What major life events are your customers anticipating? A wedding? A child? A vacation? Needing a new car? These are all items that data analytics may not be able to tell you but personal relationships with your customer, and general knowledge about your community, will. How can you, as their trusted advisor, provide them opportunities to save for these major life events? I don’t want to discount the importance of data analytics but, I also want to stress the importance of these personal relationships. However, combined, they create a powerful tool for community bankers.

Knowing your customer—an example

As an example, you may know your customer is planning for a wedding and that they took some wedding wish-list items off their list because they couldn't afford them. Does the proposed debt cancellation allow your customer to now afford—or save for—some of these items? You may not know the answer simply based off previous conversations with the customer but, a quick phone call and discussion will provide you with an answer. And, even if the answer is: “No, this does not change my wedding budget,” it at least shows them that you were looking out for your customer and being proactive. 

Knowing your customer combined with data analytics—an example

Taking this example a step further, what if you had data analytics that displayed your customer’s spending habits? Is there a way to query payment transactions that would allow you to identify which customers have federal student loans? This information, paired with your knowledge gained from knowing the customer, allows you to provide targeted, actionable insights. Knowing their monthly cash flow, what loans they have outstanding (based on cash outflows), and deposit balances, you can be more strategic in your outreach, not only in who you reach out to but how you structure your outreach. For instance, could a customer benefit from using those forgiven student loan payments to now pay down other debt carried at higher interest rates?  Or, going back to an earlier example, if you know when the customer’s wedding is and their monthly net cash flow, is there a deposit product you could sign them up for that would allow them to work towards affording some of their wedding wish-list items that previously couldn’t be afforded?

Saving for retirement

Another aspect to consider is saving for retirement. Although borrowers are eligible for loan forgiveness of up to $20,000, most will likely only be eligible for $10,000 in forgiveness, as the $20,000 is only for Pell Grant recipients.2 To some customers, $10,000 may not seem like a lot. But, when considering the time value of money, a customer’s perception may change. Using an example from a recent Accounting Today article1, a 40-year-old man is expected to live to 81.5 years old. Therefore, assuming an annual return of 6% over 40 years, $10,000 can turn into more than $110,000 over four decades. Those who live to 90 can turn $10,000 into more than $200,000. Institutions with wealth management divisions may find colleagues who have great suggestions on how best to approach these conversations. Even if the customer has short-term spending needs/desires, as many do, steering these forgiven student loan payments towards retirement may be the most prudent decision. But sometimes a customer needs to see the potential impact plotted out and hear it from an outside, trusted source.

Customers with loan repayments restarting

To this point, the discussion has been on those customers that will benefit from loan forgiveness. But what about those that will not benefit as well as those that will only partially benefit (i.e., the entirety of their loan balance will not be forgiven)? Loan repayments are set to recommence in January 2023. Many borrowers haven’t had to make loan payments for over two years and some newer college graduates have never had to make a loan payment. These loan payments could come as a shock to those who have never made such a payment, as well as to those who previously had, if their spending habits have changed due to loan forbearance. There are two different perspectives to consider for these customers: credit risk and, sticking with the theme of the article, the customer experience.

Credit risk

The end of the loan forbearance period could have a significant impact on certain customers’ financial situations. For some, it could be the make-or-break point on being able to make their loan payments on other loans, possibly some of which are with your institution. Does the recommencement of these student loan payments change your customer’s risk profile? Do they now require closer monitoring?

Customer experience

Closely linked to credit risk, financial institutions should also see the recommencement of student loan payments as an opportunity to enhance the customer experience. Financial institutions should be proactive in reaching out to customers they know will be impacted to see if they feel prepared. This may be a difficult conversation to have but, it is one your customers will likely appreciate. If they aren’t prepared, are there steps the institution can take to assist the customer? Deposit products may again be worth mentioning to customers. Or, for those severely impacted, does the institution need to consider workout agreements with such customers? This provides a prime opportunity to work with your institution’s collections and credit risk departments. Keeping them in the loop (and vice versa) will help provide a seamless customer experience.

Institutions should also consider if this presents itself as a larger marketing opportunity, to attract new business. Although marketing decisions are generally based on potential return on investment (ROI), the ROI in this case may not quite be there, given the relatively small amounts. However, is this an opportunity for your institution to highlight its financial advisory services? 

In closing

For something that seems so simple on the surface, there is a lot to consider once you start diving in. Financial institutions have a big role to play and should see this as an opportunity to increase what are hopefully already strong relationships with customers. For those customers anticipating debt cancellation, financial institutions should essentially ask themselves: how can customers utilize their debt cancellation in a way that makes the most sense for them given their current financial situation and anticipated life events? For those that aren’t anticipating debt cancellation, financial institutions have an opportunity to be proactive. This proactivity will not only benefit the institution but will also show the institution is prepared and cares about assisting their customers and helping them transition back into student loan payments as smoothly as possible. 

This is a lot to unravel, especially in such a short time. As always, your BerryDunn Financial Services team is here to assist. Also, please feel free to reach out via our Ask the Advisor feature.

1How student loan relief can turbocharge retirement savings | Accounting Today
2The Biden-Harris Administration's Student Debt Relief Plan Explained (studentaid.gov)

Article
Student loans: Forgiveness, the end of forbearance, and where financial institutions fit into all of this

Read this if you want to understand the new lease accounting standard.

What is ASC 842?

ASC 842, Leases, is the new lease accounting standard issued by the Financial Accounting Standards Board (FASB). This new standard supersedes ASC 840. For entities that have not yet adopted the guidance from ASC 842, it is effective for non-public companies and private not-for-profit entities for reporting periods beginning after December 15, 2021.

ASC 842 (sometimes referred to as Topic 842 or the new lease standard) contains guidance on the accounting and financial reporting for agreements meeting the standard’s definition of a lease. The goal of the new standard is to:

  • Streamline the accounting for leases under US GAAP and better align with International Accounting Standards lease standards 
  • Enhance transparency into liabilities resulting from leasing arrangements (particularly operating lease contracts)
  • Reduce off-balance-sheet activities

What is the definition of a lease under the new standard?

ASC 842 defines a lease as “A contract, or part of a contract, that conveys the right to control the use of identified property, plant, or equipment (an identified asset) for a period of time in exchange for consideration.” 

This definition outlines four primary characteristics to consider: 1) an identified asset, 2) the right to control the use of that asset, 3) a period of time, and 4) consideration.

(For a deeper dive into what constitutes a lease, you can download the BerryDunn lease accounting guide here.) 

How will this affect your organization?

  • Lease arrangements have to be classified as finance, operating, or short-term leases. In general accounting for the lease asset and liability is as follows:

    • For finance leases, use the effective interest method to amortize the liability, and amortize the asset on a straight-line basis over the lease term. Note that this has the effect of “front-loading” the expense into the early years of the lease.

    • For operating leases (e.g., equipment and some property leases), the lease asset and liability would be amortized to achieve a straight-line expense impact for each year of the lease term. ASC topic 842 establishes the right-of-use asset model, which shifts from the risk-and-reward approach to a control-based approach. 
  • Lessees will recognize a lease liability of the present value of the future minimum lease payments on the balance sheet and a corresponding right of use asset representing their right to use the leased asset over the lease term. 
  • The present value of the lease payments is required to be measured using the discount rate implicit in the lease if its readily determinable. More likely than not it will not be readily determinable, and you would use a discount rate that equals the lessee’s current borrowing rate (i.e., what it could borrow a comparable amount for, at a comparable term, using a comparable asset as collateral).
  • It will be critical to consider the effect of the new rules on your organization’s debt covenants. All things being equal, debt to equity ratios will increase as a result of adding lease liabilities to the balance sheet. Lenders and borrowers may need to consider whether to change required debt to equity ratios as they negotiate the terms of loan agreements.

Time to implement: What do you need to do next?

The starting place for implementation is ensuring you have a complete listing of all known lease contracts for real estate property, plant, and equipment. However, since leases can be in contracts that you would not expect to have leases, such as service contracts for storage space, long-term supply agreements, and delivery service contracts, you will also need to broaden your review to more than your organization’s current lease expense accounts. 


We recommend reviewing all expense accounts to look for recurring payments, because these often have the potential to have contracts that contain a lease. Once you have a list of recurring payments, review the contracts for these payments to identify leases. If the contract meets the elements of a lease—a contract, or part of a contract, that conveys the right to control the use of identified property, plant, or equipment (an identified asset) for a period of time in exchange for consideration—your organization has a lease that should be added to your listing.

Additionally, your organization is required to consider the materiality of leases for recognition of ASC 842. There are no explicit requirements (that, of course, would make things too easy!). One approach to developing a capitalization threshold for leases (e.g., the dollar amount that determines the proper financial reporting of the asset) is to use the lesser of the following: 

  • A capitalization threshold for PP&E, including ROU assets (i.e., the threshold takes into account the effect of leased assets determined in accordance with ASC 842) 
  • A recognition threshold for liabilities that considers the effect of lease liabilities determined in accordance with ASC 842

Under this approach, if a right-of-use asset is below the established capitalization threshold, it would immediately be recognized as an expense. 

It's important to keep in mind the overall disclosure objective of 842 "which is to enable users of financial statements to assess the amount, timing, and uncertainty of cash flows arising from leases". It's up to the organization to determine the level of details and emphasis needed on various disclosure requirements to satisfy the disclosure objective. With that objective in mind, significant judgment will be required to determine the level of disclosures necessary for an entity. However, simply put, the more extensive the organization's leasing activities, the more comprehensive the disclosures are expected to be. 

Don't wait, download our lease implementation organizer (Excel file) to get started today! 

Key takeaways and next steps:

  •  ASC 842 is effective for reporting periods beginning after December 15, 2021
  • Establish policies and procedures for lease accounting, including a materiality threshold for assessing leases
  • Develop a system to capture data related to lease terms, estimated lease payments, and other components of lease agreements that could affect the liability and asset being reported
  • Evaluate if bond covenants or debt limits need to be modified due to implementation of this standard
  • Determine if there are below market leases/gifts-in-kind of leased assets

If you have questions about finance or operating leases, or need help with the new standard, BerryDunn has numerous resources available below and please don’t hesitate to contact the lease accounting team. We’re here to help. 

Lease accounting resources 

Article
ASC 842 lease accounting—get started today before it's too late