Possibilities Insights for Businesses & Individuals - Conversation with Emily Hofer - January 2016
Eide Bailly
Description
POSSIBILITIES
INSIGHTS FOR FINANCIAL INSTITUTIONS
JANUARY 2016
Conversation with Emily Hofer
Possibilities recently sat down with Emily Hofer,
CFO of Merchants State Bank in South Dakota, to
discuss the state of banking.
POSSIBILITIES: Congratulations on your recent
election to the ICBA Federal Delegate Board.
What do you think are the major issues facing
community banks right now?
Emily: I think the major issues are regulatory
and accounting issues. Community banks are
starting the phase-in of Basel III this year, which
will restrict capital in a way we haven’t seen
before, and on the heels of that we have a gray
area of what FASB will do with the Current
Expected Credit Loss model. ICBA and other
trade associations are working very hard to find
carve-outs for community banks, which may or
may not happen. The uncertainty of those issues
makes it hard to plan ahead.
We’ve gone through a lot of rounds of regulatory change when it comes to consumer and home mortgage lending, and it’s led some of my peers to stop doing residential real estate loans. It’s unfortunate for the towns these community banks serve, because people are forced to go elsewhere for those needs. These are the biggest challenges we will have to work through to continue to deliver the products and services our customers expect. It’s a new operating environment that keeps changing as we move forward. POSSIBILITIES: You’ve also served as both a director and chair of the Independent Community Bankers of South Dakota.
What are some of the lessons you’ve learned about advocating for community banks on both a state and national level? Emily: I’ve learned that lawmakers at both the state and national level want to hear from us. Community bankers are uniquely positioned to be involved in virtually all aspects of their towns and cities. We are the boots on the ground, so to speak. The important message we have to bring to them is that community banks played a very small role in the financial crisis we are coming out of, and we are critical players in current U.S. lending markets. When it comes to advocating for themselves, community bankers need to know it’s not just about giving money to your PAC.
That gets us a seat at the table, but it’s also very important to develop relationships with your lawmakers at every level. We have to keep reminding them that where you find a successful community bank, you will likely find a successful community. POSSIBILITIES: Merchants State Bank has been serving clients in the Freeman area for 116 years. What have been the keys to earning that successful history? inside 2 The Growing Need for Cyber Insurance 3 ESOPs: Valuable Tool for Community Banks Three Firms Join Eide Bailly 4 Developing a Strong Internal Audit Process 5 Test Your Knowledge: Regulatory-Defined Risks R&D Tax Incentives Affordable Care Act Reporting Requirements 7 M&A Corner 8 Bankers Seminar Save the Date Conversation continued on page 6 A BO U T E M I LY Emily Hofer is CFO of Merchants State Bank, a 116-year-old bank with locations in Freeman, Hurley, Viborg and Irene, South Dakota.
Emily received a BSM in finance and accounting, and a Bachelor of Professional Accountancy, from Tulane University in New Orleans in 2002. She worked for PricewaterhouseCoopers in New Orleans as a CPA in the financial services group, audit and advisory services. She returned to her hometown to join the Merchants State Bank team in 2005 as CFO and serves on the board of directors. She also serves on the boards of the Freeman Community Foundation, Freeman Volunteer Ambulance Service and Freeman Athletic Association.
Emily has been a volunteer EMT since January 2007. . 2 | POSSIBILITIES THE DIRECTORS’ CORNER Subtitle Titletitle title testing The Growing Need for Cyber Insurance A cybersecurity breach or data compromise is more than just a technology annoyance. Today’s cyber incidents have farreaching, long-term costs well after the systems and applications have been restored. Liability and legal costs can easily exceed several million dollars for each incident. This is what the Federal Financial Institutions Examination Council (FFIEC) addressed in the evaluation of its guidance for cyber incident management and resilience for financial institutions. Business Continuity Planning Business Continuity and Disaster Recovery Planning (BCP/ DRP) is required for any institute’s resilience to cyber incident losses.
A financial institution’s plan must include the ability to safely continue to operate and ultimately recover to a normal operating state in the event of any incident. Part of a good BCP/ DRP is a Business Impact Analysis (BIA) that will provide an impact value or cost of a loss associated with the risks to the financial institution. These values can provide the information for management to decide to how to cover those costs associated with a cybersecurity breach.
A new and maturing method of covering the costs is insurance. Will Insurance Cover Everything? Insurance is not a replacement for a well-developed and executed cybersecurity plan. However, incidents are inevitable and financial institutions must have insurance to cover the risks that cannot be completely mitigated. A complete BCP/DRP will include a financial institution’s risk and exposure that needs to be considered to provide the right type and level of insurance coverage.
Financial institutions should clearly understand the types of risks and exposures and prepare to spend more time, budget and resources to mitigate those risks to reduce the exposures that insurance does not cover. Examples of Cyber Liability Coverage Dax Deardeuff, an agent and cybersecurity insurance specialist with Insurica, says there are basically two categories that cover first-party expenses and third-party expenses with additional areas that could be covered under other existing policies. First-Party Expenses: • Notification – Coverage for the costs incurred by the insured entity to notify its customers after a data breach for the loss of sensitive information. • Credit Monitoring – Coverage for the costs of reissuing credit cards and credit monitoring by one or more major credit bureaus for a period of one to three years. • Crisis Management – Coverage for the costs of services performed by a public relations firm, crisis management firm, or law firm in order to minimize reputational harm. • Regulatory Action – Coverage for the defense of the insured entity in case a government authority alleges violation of data privacy laws. You will also want coverage for the potential fines or penalties incurred. • Forensics – Coverage for costs of a third-party investigation to determine the source or cause of a data breach. • Loss of Income – Coverage for business interruption loss. • Extortion – Coverage for the costs of extortion payments in the event an outside hacker demands data or resources. Third-Party Expenses: • Third-party disclosure – Protection for inadvertently allowing another party’s information to be compromised. • Third-party activity – Protection for activities of a third party. This is also called independent contractors liability. Your agent or insurance company can provide more information about coverages available. An institute’s management must face the reality that it is no longer an issue of when you will be breached, it is a matter of whether you are prepared and can respond quickly enough to your next cybersecurity event. Having proper cyber liability coverage could mean resilience for even the most-prepared institutions. C O N TA C T Calvin Weeks, EnCE, CEDS, CRISC, CISSP, CISM Computer Forensics Manager 405.858.5591 cweeks@eidebailly.com .
Financial Institutions | 3 ESOPs: A Valuable Tool for Community Banks Many bankers are not as familiar with employee stock ownership plans, or ESOPs, as they are with other types of qualified retirement plans. An ESOP is a qualified retirement plan for the benefit of employees that invests primarily in employer stock, thus making all employees of the bank “owners.” Like other qualified plans, ESOPs are generally exempt from income tax. ESOPs also provide other special benefits due to Congress’s desire to encourage employee ownership, loyalty and productivity. Most importantly to S corporations, tax provisions unique to ESOPs cause S corporation income allocated to an ESOP to escape current taxation. The income tax is essentially deferred until the ESOP pays distributions out to employees. An Example Assume an ESOP owns 20 percent of an S corporation and the S corporation has current year taxable income of $1 million.
While the $800,000 allocated to non-ESOP shareholders will be subject to income tax, the ESOP’s share of $200,000 is exempt from current tax. Ideally, S corporations pay tax distributions to shareholders in an amount sufficient to pay the federal and state income taxes on their respective shares of the S corporation’s income. If the S corporation in this example distributes 40 percent of its earnings to help cover the shareholders’ taxes, the ESOP receives cash of $80,000 that is available to buy additional stock of the S corporation on behalf of the plan participants. This provides an important potential source of liquidity for the S corporation’s stock. Disqualified Person Rule The favored tax status of ESOPs carries complicated rules under IRC Section 409(p), designed to prevent abuses by overly aggressive taxpayers.
Under these rules that are specific to S corporation ESOPs, any employee who is a “disqualified person” can’t accrue any benefits under the ESOP in a year in which they own 50 percent or more of the S corporation’s total outstanding shares, taking into account shares directly owned, “deemed-owned” shares and shares allocated through tax attribution rules. A “disqualified person” is generally a person who owns 10 percent or more deemed-owned shares of the S corporation, or collectively with other family members owns 20 percent or more deemed-owned shares (deemedowned shares take into account only the stock treated as owned through the ESOP and other shares the employee can acquire in the future under certain stock arrangements). This limitation can prevent some shareholder-employees from becoming ESOP participants. Weighing Benefits and Complications Having an ESOP as a shareholder of a community bank involves many complex fiduciary and income tax issues, for both S corporations and C corporations.
Annual stock appraisals are generally required, and plan administration could be more costly than other types of qualified plans. Banks and bank holding companies must navigate regulatory issues, as well. Still, profitable banks that wish to provide ownership benefits to employees and create a liquid market for its shareholders should consider whether the advantages of ESOP ownership outweigh the complications. To discuss in greater detail how an ESOP might benefit your community bank, its employees and its shareholders, contact an Eide Bailly professional. C O N TA C T Paul Sirek, CPA, MBT Partner 612.253.6661 psirek@eidebailly.com Three Firms Join Eide Bailly We recently expanded our presence in Arizona and Montana, as well as added Oregon to our list of states with a local office. Eide Bailly: more time for client service, expanded resources for clients and improved career opportunities for staff. On Nov.
2, Beckman and Kunkin, P.C. of Scottsdale, Ariz., joined the firm. This was followed by the addition of Schafer & Associates P.C.
of Billings, Mont., on Dec. 14 and Edison, Perry & Co. of Enterprise, Ore., on Jan. 11.
The unions added 22 staff and three partners to our staff, and raised our total office count to 29 offices in 13 states. “These firms help us continue our goal of expanding west of the Mississippi River and finding opportunities to expand our expertise to serve clients better,” said Eide Bailly Managing Partner/ CEO Dave Stende. “We’re always interested in adding talented firms when it means we not only strengthen our existing practice, but also strengthen the ability for local businesses to succeed.” All three firms expressed similar sentiments as to why they joined . 4 | POSSIBILITIES Developing a Strong Internal Audit Process The definition of internal audit from The Institute of Internal Auditors is “an independent, objective assurance and consulting activity designed to add value and improve the bank’s operations.” The key to this definition is to “add value and improve the bank’s operations.” Any financial institution can benefit from examining its internal audit function to see how it can better utilize its resources to accomplish this. Adding value and improving operations through an internal audit approach can take many shapes and forms: • Internal Audit Department – Staff is 100 percent dedicated to internal audit and independent of all other operating units of the bank. • Team Approach – Staff audits work of other employees from other departments. • External – This can take on many forms, from 100 percent external outsourcing in which the entire audit cycle is completed by an external auditor, to co-sourcing, which is when only certain audits or functions are completed externally with others done internally. No ‘One Size Fits All’ No one approach is better than the other. It will depend on your bank as to what will work best. There are distinct advantages and disadvantages to each approach.
The bigger issue with respect to internal audit is whether the procedures and audits being performed are mitigating risks and identifying operational improvement areas. This is completed through developing a risk-based approach to internal audit. Which means moving away from the old tick-and-tie approach that has long been used in internal audit departments.
Tasks in the tick-and-tie approach included reconciliations, checklists, cash counts and balancing. A risk-based approach is directed at risks of loss exposure through testing internal controls, policy content and compliance with polices. These procedures should be a more efficient use of time by focusing on the major risks within your financial institution (credit quality, liquidity and interest rate risk). Developing a Risk-Based Approach The first step in developing a risk-based internal audit approach is to complete an annual institution-wide risk assessment. This entails having management assess the risks in your institution’s significant business activities. This would include documentation of various risks types (i.e.
credit, liquidity, compliance, etc.) in each significant area, and then evaluating current mitigating control risk and ending with a residual risk that is most often communicated in numerical score. This score, in turn, drives the depth and frequency of audits completed in this business unit. It is key that the audit committee be involved in the risk assessment process and subsequent development of the audit calendar so that they can adequately monitor and manage the risks of the bank. At this point, your institution needs to complete the audits, write up reports that include procedures completed, findings, recommendations and an overall rating of the area.
This report will be presented to the audit committee who will approve the report and follow up with outstanding findings. The tracking of recommendations process is critical, because if findings are not addressed there is no value gained from the audit process. Documentation Is Critical The implementation of a successful internal audit plan hinges on a well-constructed risk assessment in which the internal audit plan and procedures are linked to the risks identified within the risk assessment. Don’t forget to document the whole internal audit process. Whether it be in the documentation of the risk assessment, audit plan, audit work papers or tracking of outstanding findings, documentation will be critical to the success of your internal audit approach. It is not the goal of the internal audit function to mitigate all risks, but rather, to understand the risks of your institutions and improve and add value to your current process and procedure.
In addition, the internal audit needs to be ever-changing because the risk environment we are in is changing more rapidly than ever before. It doesn’t have to use more resources to develop a stronger internal audit, rather it needs a well-thought-out plan to target those risk areas within your institution. C O N TA C T Al Nolte Audit Partner 612-253-6580 anolte@eidebailly.com . Financial Institutions | 5 Test Your Knowledge: Regulatory-Defined Risks If you’ve had the opportunity to experience one or several regulatory exams over the last two decades, there’s no doubt you are familiar with the governing risks that examiners delve into when examining your institution. Although there are some differences in how the regulatory agencies label these risks, they essentially fall into the following seven categories: credit, interest rate, liquidity, operational, strategic, reputation and compliance. When assessing these risks and ultimately defining a financial institution’s overall risk profile, an initial step is to determine the level of risk to which the institution is inherently exposed. That entails having an understanding of the current challenges influencing the institution individually as well as the banking industry as whole. Quiz time.
The left-hand column below includes a list of significant influences affecting today’s banking industry, and the right-hand column lists the regulatorydefined risk categories. The objective is to match the risks with the influences. If you’ve already guessed that each influence can impact more than one risk, you’re ahead of the curve! The risks are not mutually exclusive. INDUSTRY INFLUENCES RISK CATEGORIES 1.
Population Trends & Millennial Generation a. Credit Risk 2. Technological Advancements b.
Interest Rate Risk 3. Loan Growth c. Liquidity Risk 4.
Regulatory Environment d. Operational Risk 5. Merger & Acquisition Activity e.
Reputation Risk f. Compliance Risk R&D Tax Incentives The IRS has expanded the list of activities that qualify for research and development tax credits, which means many organizations meet the necessary criteria simply through their efforts to stay competitive. Depending upon the nature and timing of your investments, your organization may be eligible for tax credits, some of which can be retroactively applied. To learn more about what qualifies for R&D tax credits, visit www.eidebailly.com/rd. g. Strategic Risk The above list includes just a few factors influencing today’s community banking landscape.
Which ones are or will be impacting the risk profile of your unique institution and, as a result, need a heightened level of attention? There’s no denying that some of these carry the weight of an immovable boulder without a readily available solution. In those cases, finding sanctuary in traditional banking practices will prove futile. We are in an unprecedented time where the industry is demanding creative, unconventional solutions. If your organization hasn’t opened the discussion, or continues to hem and haw these pivotal factors, now is the time to act.
Get curious. Start asking questions. Challenge all staff, not just the board and the senior management team. The solutions may not feel within reach, but kick-starting and regularly engaging in the brainstorming process will move your organization—and the community it supports—forward and towards a sustainable future. Go to www.eidebailly.com/RiskQuiz to see the answers to the quiz and learn more about each influence. C O N TA C T Christina Long Senior Managing Consultant, Financial Institutions 303-586-8555 cmlong@eidebailly.com Affordable Care Act Reporting Requirements 2016 ushers in the new Affordable Care Act reporting requirements for employers with 50 or more fulltime equivalent employees.
These employers will need to report this information to the IRS via forms 1094-C and 1095-C. These reporting requirements are due to employees by March 31 and to the IRS on May 31, if paper filed, or June 30 if e-filed. For more information on this requirement, as well as other ACA-related items, visit www. eidebailly.com/hcr . 6 | POSSIBILITIES Conversation with Emily Hofer Continued from page 1 Emily: I think it comes down to what most community bankers would say is the key—service. We have a unique opportunity to take a more holistic approach to banking. We are not centered around the idea of trying to see how many products we can hook you with, which is often the game plan of larger banks. We can customize our service for each individual customer.
We know our customers. We go to church with them, we serve on volunteer committees together. Many banking products are now commodities, and most banks offer the same products, so it comes down to the service that a customer receives. Part of our success is also due to our culture. We have a very familyoriented culture here at Merchants State Bank.
Our turnover is low, and our staff knows that if we have successful customers, we will have a successful bank. POSSIBILITIES: You are a third generation banker at Merchants State. What’s it like having that connection to the bank? Emily: It runs pretty deep. My grandfather bought the bank in 1968, and my dad served as president and CEO until a few years ago, as well as a chairman of the board until he passed away in early 2015. I’ve had all kinds of jobs with the bank.
I’ve shoveled sidewalks, made coffee, filed checks, and I think I was a teller by the time I was 12. I took a brief hiatus when I lived in New Orleans for school and work, but it was always my plan to come back. I stepped into the CFO role here in 2005. Every day I come in feeling proud I get to carry on this tradition.
It has been a tough adjustment here since my dad passed away. He was the guy I had lunch with every day for 10 years. But I imagine it was the same for him when my grandfather passed away.
It’s this thread that pushes me to do well here. I’m passionate about community banking, and fighting every day to ensure our industry stays strong. POSSIBILITIES: What do you anticipate the next year will look like for ag producers in your area? Emily: A lot of it is going to depend on what happens with federal crop insurance. Our average to better producers will make money this year, as they have the last couple years.
Commodity prices are down, but we’ve had really great yields in our area and that will help make up for the prices. But it’s hard to know what next year will look like, and federal crop insurance is a very important piece in that. What happens with federal crop insurance plays a huge part in our risk management, and we will be watching that carefully and talking to our legislators about it because our producers need it, and we need it to help them. POSSIBILITIES: How can community banks ensure they have a successful future? Hofer says developments in federal crop insurance will play a large role in what 2016 brings for ag producers. Emily: A lot of it will be to just keep doing what we’re doing. We’ve differentiated ourselves on the service level, and we need to continue to do that.
Clearly we have to be forward planning, but our success for many years has been because of our service, so that should remain a foundation. We’re facing a generational shift where everything we want and need is online, but I still enjoy the benefits of having brick-and-mortar institutions available, such as a doctor or a banker who can deliver personal service. I think a lot of people still feel the same way. Community bankers also need to be as involved as possible in open dialogue with our lawmakers and advocate as hard as we can for our industry.
That will be more and more important every year. It’s not someone else’s job, it’s a job for all of us. . Financial Institutions | 7 M&A Corner The following data was compiled from information provided by SNL Financial LC. The data includes all completed transactions reported with pricing information available for the time period January 1, 2011, through November 30, 2015. The data for the North category includes all completed transactions reported with pricing information available in Iowa, Idaho, Minnesota, Montana, Nebraska, North Dakota, Oregon, South Dakota, Washington, Wisconsin and Wyoming. The data for the South category includes all completed transactions reported with pricing information available in Arizona, Colorado, Kansas, Nevada, New Mexico, Oklahoma, Texas and Utah.
The data did not include any government assisted transactions, branch acquisitions, or savings banks/thrift transactions. Bank Transaction Data U.S., North and South Regions Price to Tangible Book Value (P/TBV) Multiple 1/1/2011 – 11/30/2015 200 150 132 111 132 107 100 78 50 33 14 15 18 22 12 2011 2012 U.S. 2013 North 21 13 2014 17 24 2015 South The bar graphs represent the number of transactions. In addition to the transactions summarized in the chart, there were 354 transactions in the U.S. since the beginning of 2011 for which pricing data was not included.
Of those, 125 transactions were in the North region and 86 were in the South region. North South Geography The 17 target banks transacted in 2015 for which pricing data was provided were headquartered in seven different states. None of those states had more than four transactions. Almost half the banks sold in 2015 were headquartered in Texas. The database listed no 2015 transactions in either Utah or Nevada.* Target Size Of the 51 banks sold in 2015, 34 had total assets less than $100 million.* The target banks in 2015 transactions ranged in assets from $7.4 million to more than $1.8 billion.* Multiples The average multiple in 2015 is slightly lower than the 2014 average. The average multiple continues its two-year climb since bottoming out in 2013. *includes transactions for which pricing data was not available. .
4310 17th Ave S PO Box 2545 Fargo ND 58108-2545 This publication is produced and published by Eide Bailly and distributed with the understanding that the information contained does not constitute legal, accounting or other professional advice. It is not intended to be responsive to any individual situation or concerns as the contents of the publication are intended for general informational purposes only. Readers are urged not to act upon the information contained in this publication without first consulting competent legal, accounting or other professional advice regarding implications of a particular factual situation. Questions and information for publication can be submitted to your Eide Bailly representative. To request reprints of this publication, send a written request to RequestReprints@eidebailly.com. © 2016 Eide Bailly LLP. To view this and previous issues of POSSIBILITIES, visit www.eidebailly.com/publications Managing Editor: Liz Stabenow Assistant Editor: Clinton Larson Send comments to: possibilities@eidebailly.com 3 6 T H A N N U A L Save the DateEide Bailly Bankers Seminar We would like to thank all of you who attended our 35th annual Bankers Seminar – Navigating a Sea of Change this fall. We are honored to have the opportunity to keep you informed of the changes affecting the industry and your business.
We hope you found the keynote speakers and sessions current, informative and valuable. We’re already planning the 2016 Bankers Seminar, and we are excited to be adding even more locations next year, both physically and via live streaming. Be sure to save the date for the seminar near you! An Independent Member Firm of HLB International 2016 Bankers Seminars Dates: Fargo – Thursday, Nov. 3 Norman – Thursday, Nov.3 Billings – Thursday, Nov.
3 Bismarck – Thursday, Nov. 3 Tulsa – Thursday, Nov. 3 Salt Lake City – Thursday, Nov.
3 Denver – Thursday, Nov. 3 Mankato – Wednesday, Nov. 9 Spokane – Thursday, Nov.
3 Sioux Falls – Thursday, Nov. 10 To learn more or to register for the Bankers Seminar, visit www.eidebailly.com/fi. www.eidebailly.com .
We’ve gone through a lot of rounds of regulatory change when it comes to consumer and home mortgage lending, and it’s led some of my peers to stop doing residential real estate loans. It’s unfortunate for the towns these community banks serve, because people are forced to go elsewhere for those needs. These are the biggest challenges we will have to work through to continue to deliver the products and services our customers expect. It’s a new operating environment that keeps changing as we move forward. POSSIBILITIES: You’ve also served as both a director and chair of the Independent Community Bankers of South Dakota.
What are some of the lessons you’ve learned about advocating for community banks on both a state and national level? Emily: I’ve learned that lawmakers at both the state and national level want to hear from us. Community bankers are uniquely positioned to be involved in virtually all aspects of their towns and cities. We are the boots on the ground, so to speak. The important message we have to bring to them is that community banks played a very small role in the financial crisis we are coming out of, and we are critical players in current U.S. lending markets. When it comes to advocating for themselves, community bankers need to know it’s not just about giving money to your PAC.
That gets us a seat at the table, but it’s also very important to develop relationships with your lawmakers at every level. We have to keep reminding them that where you find a successful community bank, you will likely find a successful community. POSSIBILITIES: Merchants State Bank has been serving clients in the Freeman area for 116 years. What have been the keys to earning that successful history? inside 2 The Growing Need for Cyber Insurance 3 ESOPs: Valuable Tool for Community Banks Three Firms Join Eide Bailly 4 Developing a Strong Internal Audit Process 5 Test Your Knowledge: Regulatory-Defined Risks R&D Tax Incentives Affordable Care Act Reporting Requirements 7 M&A Corner 8 Bankers Seminar Save the Date Conversation continued on page 6 A BO U T E M I LY Emily Hofer is CFO of Merchants State Bank, a 116-year-old bank with locations in Freeman, Hurley, Viborg and Irene, South Dakota.
Emily received a BSM in finance and accounting, and a Bachelor of Professional Accountancy, from Tulane University in New Orleans in 2002. She worked for PricewaterhouseCoopers in New Orleans as a CPA in the financial services group, audit and advisory services. She returned to her hometown to join the Merchants State Bank team in 2005 as CFO and serves on the board of directors. She also serves on the boards of the Freeman Community Foundation, Freeman Volunteer Ambulance Service and Freeman Athletic Association.
Emily has been a volunteer EMT since January 2007. . 2 | POSSIBILITIES THE DIRECTORS’ CORNER Subtitle Titletitle title testing The Growing Need for Cyber Insurance A cybersecurity breach or data compromise is more than just a technology annoyance. Today’s cyber incidents have farreaching, long-term costs well after the systems and applications have been restored. Liability and legal costs can easily exceed several million dollars for each incident. This is what the Federal Financial Institutions Examination Council (FFIEC) addressed in the evaluation of its guidance for cyber incident management and resilience for financial institutions. Business Continuity Planning Business Continuity and Disaster Recovery Planning (BCP/ DRP) is required for any institute’s resilience to cyber incident losses.
A financial institution’s plan must include the ability to safely continue to operate and ultimately recover to a normal operating state in the event of any incident. Part of a good BCP/ DRP is a Business Impact Analysis (BIA) that will provide an impact value or cost of a loss associated with the risks to the financial institution. These values can provide the information for management to decide to how to cover those costs associated with a cybersecurity breach.
A new and maturing method of covering the costs is insurance. Will Insurance Cover Everything? Insurance is not a replacement for a well-developed and executed cybersecurity plan. However, incidents are inevitable and financial institutions must have insurance to cover the risks that cannot be completely mitigated. A complete BCP/DRP will include a financial institution’s risk and exposure that needs to be considered to provide the right type and level of insurance coverage.
Financial institutions should clearly understand the types of risks and exposures and prepare to spend more time, budget and resources to mitigate those risks to reduce the exposures that insurance does not cover. Examples of Cyber Liability Coverage Dax Deardeuff, an agent and cybersecurity insurance specialist with Insurica, says there are basically two categories that cover first-party expenses and third-party expenses with additional areas that could be covered under other existing policies. First-Party Expenses: • Notification – Coverage for the costs incurred by the insured entity to notify its customers after a data breach for the loss of sensitive information. • Credit Monitoring – Coverage for the costs of reissuing credit cards and credit monitoring by one or more major credit bureaus for a period of one to three years. • Crisis Management – Coverage for the costs of services performed by a public relations firm, crisis management firm, or law firm in order to minimize reputational harm. • Regulatory Action – Coverage for the defense of the insured entity in case a government authority alleges violation of data privacy laws. You will also want coverage for the potential fines or penalties incurred. • Forensics – Coverage for costs of a third-party investigation to determine the source or cause of a data breach. • Loss of Income – Coverage for business interruption loss. • Extortion – Coverage for the costs of extortion payments in the event an outside hacker demands data or resources. Third-Party Expenses: • Third-party disclosure – Protection for inadvertently allowing another party’s information to be compromised. • Third-party activity – Protection for activities of a third party. This is also called independent contractors liability. Your agent or insurance company can provide more information about coverages available. An institute’s management must face the reality that it is no longer an issue of when you will be breached, it is a matter of whether you are prepared and can respond quickly enough to your next cybersecurity event. Having proper cyber liability coverage could mean resilience for even the most-prepared institutions. C O N TA C T Calvin Weeks, EnCE, CEDS, CRISC, CISSP, CISM Computer Forensics Manager 405.858.5591 cweeks@eidebailly.com .
Financial Institutions | 3 ESOPs: A Valuable Tool for Community Banks Many bankers are not as familiar with employee stock ownership plans, or ESOPs, as they are with other types of qualified retirement plans. An ESOP is a qualified retirement plan for the benefit of employees that invests primarily in employer stock, thus making all employees of the bank “owners.” Like other qualified plans, ESOPs are generally exempt from income tax. ESOPs also provide other special benefits due to Congress’s desire to encourage employee ownership, loyalty and productivity. Most importantly to S corporations, tax provisions unique to ESOPs cause S corporation income allocated to an ESOP to escape current taxation. The income tax is essentially deferred until the ESOP pays distributions out to employees. An Example Assume an ESOP owns 20 percent of an S corporation and the S corporation has current year taxable income of $1 million.
While the $800,000 allocated to non-ESOP shareholders will be subject to income tax, the ESOP’s share of $200,000 is exempt from current tax. Ideally, S corporations pay tax distributions to shareholders in an amount sufficient to pay the federal and state income taxes on their respective shares of the S corporation’s income. If the S corporation in this example distributes 40 percent of its earnings to help cover the shareholders’ taxes, the ESOP receives cash of $80,000 that is available to buy additional stock of the S corporation on behalf of the plan participants. This provides an important potential source of liquidity for the S corporation’s stock. Disqualified Person Rule The favored tax status of ESOPs carries complicated rules under IRC Section 409(p), designed to prevent abuses by overly aggressive taxpayers.
Under these rules that are specific to S corporation ESOPs, any employee who is a “disqualified person” can’t accrue any benefits under the ESOP in a year in which they own 50 percent or more of the S corporation’s total outstanding shares, taking into account shares directly owned, “deemed-owned” shares and shares allocated through tax attribution rules. A “disqualified person” is generally a person who owns 10 percent or more deemed-owned shares of the S corporation, or collectively with other family members owns 20 percent or more deemed-owned shares (deemedowned shares take into account only the stock treated as owned through the ESOP and other shares the employee can acquire in the future under certain stock arrangements). This limitation can prevent some shareholder-employees from becoming ESOP participants. Weighing Benefits and Complications Having an ESOP as a shareholder of a community bank involves many complex fiduciary and income tax issues, for both S corporations and C corporations.
Annual stock appraisals are generally required, and plan administration could be more costly than other types of qualified plans. Banks and bank holding companies must navigate regulatory issues, as well. Still, profitable banks that wish to provide ownership benefits to employees and create a liquid market for its shareholders should consider whether the advantages of ESOP ownership outweigh the complications. To discuss in greater detail how an ESOP might benefit your community bank, its employees and its shareholders, contact an Eide Bailly professional. C O N TA C T Paul Sirek, CPA, MBT Partner 612.253.6661 psirek@eidebailly.com Three Firms Join Eide Bailly We recently expanded our presence in Arizona and Montana, as well as added Oregon to our list of states with a local office. Eide Bailly: more time for client service, expanded resources for clients and improved career opportunities for staff. On Nov.
2, Beckman and Kunkin, P.C. of Scottsdale, Ariz., joined the firm. This was followed by the addition of Schafer & Associates P.C.
of Billings, Mont., on Dec. 14 and Edison, Perry & Co. of Enterprise, Ore., on Jan. 11.
The unions added 22 staff and three partners to our staff, and raised our total office count to 29 offices in 13 states. “These firms help us continue our goal of expanding west of the Mississippi River and finding opportunities to expand our expertise to serve clients better,” said Eide Bailly Managing Partner/ CEO Dave Stende. “We’re always interested in adding talented firms when it means we not only strengthen our existing practice, but also strengthen the ability for local businesses to succeed.” All three firms expressed similar sentiments as to why they joined . 4 | POSSIBILITIES Developing a Strong Internal Audit Process The definition of internal audit from The Institute of Internal Auditors is “an independent, objective assurance and consulting activity designed to add value and improve the bank’s operations.” The key to this definition is to “add value and improve the bank’s operations.” Any financial institution can benefit from examining its internal audit function to see how it can better utilize its resources to accomplish this. Adding value and improving operations through an internal audit approach can take many shapes and forms: • Internal Audit Department – Staff is 100 percent dedicated to internal audit and independent of all other operating units of the bank. • Team Approach – Staff audits work of other employees from other departments. • External – This can take on many forms, from 100 percent external outsourcing in which the entire audit cycle is completed by an external auditor, to co-sourcing, which is when only certain audits or functions are completed externally with others done internally. No ‘One Size Fits All’ No one approach is better than the other. It will depend on your bank as to what will work best. There are distinct advantages and disadvantages to each approach.
The bigger issue with respect to internal audit is whether the procedures and audits being performed are mitigating risks and identifying operational improvement areas. This is completed through developing a risk-based approach to internal audit. Which means moving away from the old tick-and-tie approach that has long been used in internal audit departments.
Tasks in the tick-and-tie approach included reconciliations, checklists, cash counts and balancing. A risk-based approach is directed at risks of loss exposure through testing internal controls, policy content and compliance with polices. These procedures should be a more efficient use of time by focusing on the major risks within your financial institution (credit quality, liquidity and interest rate risk). Developing a Risk-Based Approach The first step in developing a risk-based internal audit approach is to complete an annual institution-wide risk assessment. This entails having management assess the risks in your institution’s significant business activities. This would include documentation of various risks types (i.e.
credit, liquidity, compliance, etc.) in each significant area, and then evaluating current mitigating control risk and ending with a residual risk that is most often communicated in numerical score. This score, in turn, drives the depth and frequency of audits completed in this business unit. It is key that the audit committee be involved in the risk assessment process and subsequent development of the audit calendar so that they can adequately monitor and manage the risks of the bank. At this point, your institution needs to complete the audits, write up reports that include procedures completed, findings, recommendations and an overall rating of the area.
This report will be presented to the audit committee who will approve the report and follow up with outstanding findings. The tracking of recommendations process is critical, because if findings are not addressed there is no value gained from the audit process. Documentation Is Critical The implementation of a successful internal audit plan hinges on a well-constructed risk assessment in which the internal audit plan and procedures are linked to the risks identified within the risk assessment. Don’t forget to document the whole internal audit process. Whether it be in the documentation of the risk assessment, audit plan, audit work papers or tracking of outstanding findings, documentation will be critical to the success of your internal audit approach. It is not the goal of the internal audit function to mitigate all risks, but rather, to understand the risks of your institutions and improve and add value to your current process and procedure.
In addition, the internal audit needs to be ever-changing because the risk environment we are in is changing more rapidly than ever before. It doesn’t have to use more resources to develop a stronger internal audit, rather it needs a well-thought-out plan to target those risk areas within your institution. C O N TA C T Al Nolte Audit Partner 612-253-6580 anolte@eidebailly.com . Financial Institutions | 5 Test Your Knowledge: Regulatory-Defined Risks If you’ve had the opportunity to experience one or several regulatory exams over the last two decades, there’s no doubt you are familiar with the governing risks that examiners delve into when examining your institution. Although there are some differences in how the regulatory agencies label these risks, they essentially fall into the following seven categories: credit, interest rate, liquidity, operational, strategic, reputation and compliance. When assessing these risks and ultimately defining a financial institution’s overall risk profile, an initial step is to determine the level of risk to which the institution is inherently exposed. That entails having an understanding of the current challenges influencing the institution individually as well as the banking industry as whole. Quiz time.
The left-hand column below includes a list of significant influences affecting today’s banking industry, and the right-hand column lists the regulatorydefined risk categories. The objective is to match the risks with the influences. If you’ve already guessed that each influence can impact more than one risk, you’re ahead of the curve! The risks are not mutually exclusive. INDUSTRY INFLUENCES RISK CATEGORIES 1.
Population Trends & Millennial Generation a. Credit Risk 2. Technological Advancements b.
Interest Rate Risk 3. Loan Growth c. Liquidity Risk 4.
Regulatory Environment d. Operational Risk 5. Merger & Acquisition Activity e.
Reputation Risk f. Compliance Risk R&D Tax Incentives The IRS has expanded the list of activities that qualify for research and development tax credits, which means many organizations meet the necessary criteria simply through their efforts to stay competitive. Depending upon the nature and timing of your investments, your organization may be eligible for tax credits, some of which can be retroactively applied. To learn more about what qualifies for R&D tax credits, visit www.eidebailly.com/rd. g. Strategic Risk The above list includes just a few factors influencing today’s community banking landscape.
Which ones are or will be impacting the risk profile of your unique institution and, as a result, need a heightened level of attention? There’s no denying that some of these carry the weight of an immovable boulder without a readily available solution. In those cases, finding sanctuary in traditional banking practices will prove futile. We are in an unprecedented time where the industry is demanding creative, unconventional solutions. If your organization hasn’t opened the discussion, or continues to hem and haw these pivotal factors, now is the time to act.
Get curious. Start asking questions. Challenge all staff, not just the board and the senior management team. The solutions may not feel within reach, but kick-starting and regularly engaging in the brainstorming process will move your organization—and the community it supports—forward and towards a sustainable future. Go to www.eidebailly.com/RiskQuiz to see the answers to the quiz and learn more about each influence. C O N TA C T Christina Long Senior Managing Consultant, Financial Institutions 303-586-8555 cmlong@eidebailly.com Affordable Care Act Reporting Requirements 2016 ushers in the new Affordable Care Act reporting requirements for employers with 50 or more fulltime equivalent employees.
These employers will need to report this information to the IRS via forms 1094-C and 1095-C. These reporting requirements are due to employees by March 31 and to the IRS on May 31, if paper filed, or June 30 if e-filed. For more information on this requirement, as well as other ACA-related items, visit www. eidebailly.com/hcr . 6 | POSSIBILITIES Conversation with Emily Hofer Continued from page 1 Emily: I think it comes down to what most community bankers would say is the key—service. We have a unique opportunity to take a more holistic approach to banking. We are not centered around the idea of trying to see how many products we can hook you with, which is often the game plan of larger banks. We can customize our service for each individual customer.
We know our customers. We go to church with them, we serve on volunteer committees together. Many banking products are now commodities, and most banks offer the same products, so it comes down to the service that a customer receives. Part of our success is also due to our culture. We have a very familyoriented culture here at Merchants State Bank.
Our turnover is low, and our staff knows that if we have successful customers, we will have a successful bank. POSSIBILITIES: You are a third generation banker at Merchants State. What’s it like having that connection to the bank? Emily: It runs pretty deep. My grandfather bought the bank in 1968, and my dad served as president and CEO until a few years ago, as well as a chairman of the board until he passed away in early 2015. I’ve had all kinds of jobs with the bank.
I’ve shoveled sidewalks, made coffee, filed checks, and I think I was a teller by the time I was 12. I took a brief hiatus when I lived in New Orleans for school and work, but it was always my plan to come back. I stepped into the CFO role here in 2005. Every day I come in feeling proud I get to carry on this tradition.
It has been a tough adjustment here since my dad passed away. He was the guy I had lunch with every day for 10 years. But I imagine it was the same for him when my grandfather passed away.
It’s this thread that pushes me to do well here. I’m passionate about community banking, and fighting every day to ensure our industry stays strong. POSSIBILITIES: What do you anticipate the next year will look like for ag producers in your area? Emily: A lot of it is going to depend on what happens with federal crop insurance. Our average to better producers will make money this year, as they have the last couple years.
Commodity prices are down, but we’ve had really great yields in our area and that will help make up for the prices. But it’s hard to know what next year will look like, and federal crop insurance is a very important piece in that. What happens with federal crop insurance plays a huge part in our risk management, and we will be watching that carefully and talking to our legislators about it because our producers need it, and we need it to help them. POSSIBILITIES: How can community banks ensure they have a successful future? Hofer says developments in federal crop insurance will play a large role in what 2016 brings for ag producers. Emily: A lot of it will be to just keep doing what we’re doing. We’ve differentiated ourselves on the service level, and we need to continue to do that.
Clearly we have to be forward planning, but our success for many years has been because of our service, so that should remain a foundation. We’re facing a generational shift where everything we want and need is online, but I still enjoy the benefits of having brick-and-mortar institutions available, such as a doctor or a banker who can deliver personal service. I think a lot of people still feel the same way. Community bankers also need to be as involved as possible in open dialogue with our lawmakers and advocate as hard as we can for our industry.
That will be more and more important every year. It’s not someone else’s job, it’s a job for all of us. . Financial Institutions | 7 M&A Corner The following data was compiled from information provided by SNL Financial LC. The data includes all completed transactions reported with pricing information available for the time period January 1, 2011, through November 30, 2015. The data for the North category includes all completed transactions reported with pricing information available in Iowa, Idaho, Minnesota, Montana, Nebraska, North Dakota, Oregon, South Dakota, Washington, Wisconsin and Wyoming. The data for the South category includes all completed transactions reported with pricing information available in Arizona, Colorado, Kansas, Nevada, New Mexico, Oklahoma, Texas and Utah.
The data did not include any government assisted transactions, branch acquisitions, or savings banks/thrift transactions. Bank Transaction Data U.S., North and South Regions Price to Tangible Book Value (P/TBV) Multiple 1/1/2011 – 11/30/2015 200 150 132 111 132 107 100 78 50 33 14 15 18 22 12 2011 2012 U.S. 2013 North 21 13 2014 17 24 2015 South The bar graphs represent the number of transactions. In addition to the transactions summarized in the chart, there were 354 transactions in the U.S. since the beginning of 2011 for which pricing data was not included.
Of those, 125 transactions were in the North region and 86 were in the South region. North South Geography The 17 target banks transacted in 2015 for which pricing data was provided were headquartered in seven different states. None of those states had more than four transactions. Almost half the banks sold in 2015 were headquartered in Texas. The database listed no 2015 transactions in either Utah or Nevada.* Target Size Of the 51 banks sold in 2015, 34 had total assets less than $100 million.* The target banks in 2015 transactions ranged in assets from $7.4 million to more than $1.8 billion.* Multiples The average multiple in 2015 is slightly lower than the 2014 average. The average multiple continues its two-year climb since bottoming out in 2013. *includes transactions for which pricing data was not available. .
4310 17th Ave S PO Box 2545 Fargo ND 58108-2545 This publication is produced and published by Eide Bailly and distributed with the understanding that the information contained does not constitute legal, accounting or other professional advice. It is not intended to be responsive to any individual situation or concerns as the contents of the publication are intended for general informational purposes only. Readers are urged not to act upon the information contained in this publication without first consulting competent legal, accounting or other professional advice regarding implications of a particular factual situation. Questions and information for publication can be submitted to your Eide Bailly representative. To request reprints of this publication, send a written request to RequestReprints@eidebailly.com. © 2016 Eide Bailly LLP. To view this and previous issues of POSSIBILITIES, visit www.eidebailly.com/publications Managing Editor: Liz Stabenow Assistant Editor: Clinton Larson Send comments to: possibilities@eidebailly.com 3 6 T H A N N U A L Save the DateEide Bailly Bankers Seminar We would like to thank all of you who attended our 35th annual Bankers Seminar – Navigating a Sea of Change this fall. We are honored to have the opportunity to keep you informed of the changes affecting the industry and your business.
We hope you found the keynote speakers and sessions current, informative and valuable. We’re already planning the 2016 Bankers Seminar, and we are excited to be adding even more locations next year, both physically and via live streaming. Be sure to save the date for the seminar near you! An Independent Member Firm of HLB International 2016 Bankers Seminars Dates: Fargo – Thursday, Nov. 3 Norman – Thursday, Nov.3 Billings – Thursday, Nov.
3 Bismarck – Thursday, Nov. 3 Tulsa – Thursday, Nov. 3 Salt Lake City – Thursday, Nov.
3 Denver – Thursday, Nov. 3 Mankato – Wednesday, Nov. 9 Spokane – Thursday, Nov.
3 Sioux Falls – Thursday, Nov. 10 To learn more or to register for the Bankers Seminar, visit www.eidebailly.com/fi. www.eidebailly.com .
