Over the past two weeks, the international markets have been roiling under news that the COVID-19 virus, commonly referred to as the coronavirus, may be spreading. The Board of Governors of the Federal Reserve System (the “Federal Reserve”), the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency and the Consumer Financial Protection Bureau (collectively, the “Federal Bank Regulators”) have not issued specific guidance or released public statements outlining their expectations for responding to issues arising from the spread of the coronavirus. However, financial institutions should consider the potential impact (if any), including any regulatory impact, the coronavirus may have on institutions. Below are considerations that should be discussed by boards of directors and senior management.
- Credit Risk. No one yet knows the financial ramifications of the coronavirus on the global economy. Nonetheless, financial institutions should begin to discuss and review their portfolios to quantify potential credit risk in applicable customer, industry and geographic segments. For instance, the coronavirus is being reported as having a disastrous impact on the tourism, travel, transportation and hospitality/restaurant industries. Further, we know that, at this time, the largest geographic impact of the coronavirus has been in China and Southeast Asia. Customers with a greater exposure to these markets (e.g., manufacturing companies with Chinese or Southeast Asia supply-chain dependence) or which operate in the industries identified above may have additional risk going forward.
- Review of the Business Continuity Plan. Given the potential risks associated with the coronavirus – such as credit risks, risks to employees and cybersecurity risks as noted below – senior management should take this opportunity to review their business continuity plan and determine if any updates should be made to the plan to better address these risks.Although the coronavirus has not, to date, been identified as a “pandemic” by the Centers for Disease Control and Prevention and, as noted above, the Federal Bank Regulators have not provided specific guidance, both the Director of the CFPB and the Chair of the FDIC, during separate public appearances, suggested that financial institutions review the FFIEC’s guidance on how to address pandemic planning (“Pandemic Planning Guidance”) when determining if their business continuity plan requires any updates. Under the Pandemic Planning Guidance, the FFIEC recommends that a business continuity plan include: (i) a preventive program to reduce the likelihood an institution’s operations will be significantly affected by a pandemic event; (ii) a documented strategy that provides for scaling pandemic efforts commensurate with the particular stages of a pandemic outbreak; (iii) a comprehensive framework of facilities, systems or procedures to continue critical operations if large numbers of staff members are unavailable for prolonged periods; (iv) a testing program to ensure the institution’s pandemic planning practices and capabilities are effective and will allow critical operations to continue; and (v) an oversight program to ensure ongoing review and updates to the pandemic plan. As a result, senior management should review and discuss the foregoing considerations and determine their relevance when considering if any changes should be made to their business continuity plan to address potential issues resulting from the spread of the coronavirus.
- Federal Reserve Interest Rate Cuts. On March 3, 2020, the Federal Reserve announced an emergency interest rate cut of 50 basis points.This was the first time since 2008 that the Federal Reserve cut rates outside of its regularly scheduled meetings. With cuts to interest rates, financial institutions will likely face new pressures on their net interest margin. However, while lower interest rates tend to create margin pressure, lower interest rates can also increase demand for loans. It is important to remember that the rate cut comes in an environment where consumer confidence is strong. At this time, the market needs to digest the emergency move by the Federal Reserve. During the coming months, senior management should continue to monitor the situation and consider what impact any future rate cuts may have on their current strategy.
- Employees. As is reported, the coronavirus spreads through person-to-person contact. To mitigate risks to employees, financial institutions may consider limiting unnecessary business travel, actively encouraging ill employees to stay home and providing employees flexible work-from-home options. Strategies to mitigate employee-related risk is ultimately institution-specific. However, at a minimum, senior management should consider all available options.
- Information Systems/Cybersecurity. To the extent a financial institution wishes to utilize an increased digital strategy, including, but not limited to, flexible work-from-home arrangements for employees or directing customers to the institution’s website and digital product/servicing offerings, a financial institution may need to update its employee and cybersecurity policies and procedures to accommodate an increased reliance on the institution’s digital platform. In updating any employee policy for flexible work-from-home arrangements, specific attention should be paid to use of office equipment, taking confidential documentation offsite and use of public Wi-Fi.
- Capital Markets. As was evident during the financial crisis, financial institutions have in the past found it difficult to raise additional capital in times of economic and market uncertainty. Senior management may want to consider the extent to which they may need or want to raise additional capital and/or issue debt in the near term as a defensive measure in light of the uncertainty around the potential adverse economic effects of the coronavirus.
- Consumer Fraud Mitigation. With all crises or natural disasters, in times of distress comes a greater risk of scams, fraudulent schemes and phishing attempts.Management should ready their compliance teams to be vigilant in identifying fraudulent activity and targeted scams and monitoring consumers’ accounts for fraud.
Click here for the FFIEC Guidance concerning pandemic planning and business continuity plans.