Skip to main content

About Us

We serve the public by pursuing a growing economy and stable financial system that work for all of us.

What We Do

Who We Are

Work With Us

Overview & Mission

The Ninth District

Our History

Diversity & Inclusion

Tours

Contact Us

Region & Community

We examine economic issues that deeply affect our communities.

The Ninth District

Regional Economic Indicators

Community Development & Engagement

The Bakken Oil Patch

Beige Book

Research

We conduct world-class research to inform and inspire policymakers and the public.

Research Groups

Topics

Data & Reporting

Banking

We provide the banking community with timely information and useful guidance.

For Banks

Data & Reporting

Banking Topics

Contact Us

For Consumers

Large Bank Stress Test Tool

CDFIs

Banking in the Ninth archive

Policy

We explore policy topics that are important for advancing prosperity across our region.

Policy Topics

Monetary Policy

Racism & the Economy

Economic Research

Community Development & Engagement

  1. Home
  2. Banking
  3. Risk List

December 2019 Risk List

December 31, 2019
Financial Data as of September 30, 2019 (unless otherwise noted)

PDF of December 2019 Risk List

Summary of December 2019 Risk Themes

The Federal Reserve Bank of Minneapolis Supervision, Regulation, and Credit (SRC) Division monitors the Ninth District for and collects information about current and emerging risks in banking. Based on the information gathered, SRC publishes for the public a list of risks and the level of inherent risk they pose to our district’s financial institutions (see the full list in appendix 1, “Risk Table”).

This list is as of December 2019 and does not include an analysis of the Coronavirus impact, which is significant but unknown at this time. Table 1 contains the risk themes we saw in 2019, and the following pages will explain these risks in more detail. Risks identified as noteworthy are considered to have high or elevated levels of risk. Due to the severity and trends associated with noteworthy risks, we will discuss district-specific concerns and best practices in this report. Risks labeled spotlight are risks with emerging issues or changes in the supervisory environment that may impact the district’s financial institutions. Spotlight risks are emerging and cannot be clearly dimensioned at this time or are currently less severe than noteworthy risks.

Table 1

Risk themes for December 2019.

  Risk Level1 Trend Previous Level
Spotlight Coronavirus Outbreak N/A N/A N/A
Rationale: Health authorities continue to identify new Coronavirus cases in each of the states within the Ninth District, and the spread of the virus will impact the communities and businesses in the district. Banks will need to prepare for the operational effects on employees and customers and the potential financial implications even though the full impact remains uncertain.
Noteworthy Cybersecurity High Stable High
Rationale: As evidenced by recent events, including the March 2020 Finastra and December 2019 New Orleans ransomware attacks and the current situation with Iran, global threats continue to rise and evolve, making it more challenging for financial institutions to prevent and detect cyberattacks. The Finastra cyber-event caused major disruptions for clients throughout the world including operational outages and payments processing interruptions for Ninth District financial institutions.
Agricultural Credit Elevated Increasing Elevated
Rationale: Low commodity prices, combined with a relatively high level of inflexible operating costs, continue to limit cash flow for agricultural producers. Net farm income has fallen significantly over the last several years, forcing many producers to use working capital and equity in order to meet debt requirements. Because of the multiyear decline in income among producers, many of the district’s agriculturally concentrated banks service producers who are unprofitable and have carryover debt. Severe weather events and tariffs by foreign countries also continue to exacerbate and strain producers, leading to a considerable increase in loan delinquencies.
Liquidity Elevated Stable Elevated
Rationale: While the funding gap has improved in recent quarters, concern remains for credit-concentrated financial institutions, given the ongoing challenges with generating organic core deposits. Elevated agricultural credit risk continues to raise the possibility of an adverse impact on the liquidity of the district’s financial institutions.

1 Level classifications are described as follows:

High – Inherent risk reflects a current problem area or one likely to become a problem area in the next one to two years, that, if realized, would have a significant impact on institutions in terms of operating losses, rating downgrades, strategic goal impediments (e.g., M&A), or failures. The supervisory approach requires specific supervisory action steps to control or mitigate the risk
Elevated – Inherent risk reflects either a current problem area that has a less significant impact on institutions than a high-risk area or an area that is potentially high impact but is less likely to develop in the next one to two years. The supervisory approach typically must be a modified approach to monitor, understand, or communicate the risk.
Acceptable – Inherent risk does not fulfill the definition of either high or elevated risk, and the current supervisory approach is sufficient to manage the risk.

Coronavirus Outbreak

Rationale: Health authorities continue to identify new Coronavirus cases in each of the states within the Ninth District, and the spread of the virus will impact the communities and businesses in the district. Banks will need to prepare for the operational effects on employees and customers and the potential financial implications even though the full impact remains uncertain.

The outbreak will test the resiliency of the district’s financial institutions. Financial institutions could face operational challenges if their staff become unavailable or if customers suffer business or personal interruptions. The adverse economic effects of a pandemic, although uncertain at this time, are likely significant, and require a strong banking system to support ongoing economic activity and recovery. An institution’s pandemic planning is important to maintaining its strength and enabling a quick recovery.

Pandemic Planning

There are differences between pandemic planning and traditional Business Continuity Plan(s) (BCP) because the scale and duration of pandemics are unpredictable and can affect large geographic swaths. Furthermore, as with other Business Continuity Management (BCM) activities, pandemic planning should not be viewed as solely an Information Technology (IT) issue, but rather as a significant risk to the entire business. As such, an institution's pandemic planning activities should involve senior business management from all functional, business and product areas, including administrative, human resources, legal, IT support functions, and key product lines.

To address these differences, on March 10, 2020, the Federal Reserve Board issued SR Letter 20-3, “Interagency Statement on Pandemic Planning” to ensure that financial institutions are able to continue to deliver products and services in a wide range of scenarios and with minimal disruption. In addition to listing various sources of information related to operating during a pandemic, the guidance contains safe and sound practices related to BCPs, business impact analysis, risk assessment, and various aspects of risk management.

Working with Customers

On March 13, 2020, the Federal Reserve Board issued SR Letter 20-4, “Supervisory Practices Regarding Financial Institutions Affected by Coronavirus,” encouraging financial institutions to meet the financial services needs of their customers and members in areas affected by the Coronavirus. In order to support financial institutions as they work with their customer, the Federal Reserve Board along with other federal regulators of financial institutions issued an interagency statement on “Loan Modifications and Reporting for Financial Institutions working with Customers Affected by the Coronavirus” dated March 22, 2020. The statement declared that the agencies view loan modification programs as positive actions that can mitigate adverse effects on borrowers due to Covid-19, and that the agencies will not criticize institutions that work with their borrowers. The statement also provides supervisory views on troubled debt restructurings (TDRs), and regulatory reporting of past due and nonaccrual status for loan modification programs.

Available Resources

To assist financial institutions in delivering products and services to their customers in areas affected by the Coronavirus, the Federal Reserve and other financial institution regulators have enhanced or emphasized to financial institutions several available resources. There is a COVID-19 resources webpage on the Federal Reserve Board public website. A few of the available resources are highlighted in the following:

Intraday Credit: The availability of intraday credit from the Federal Reserve supports the smooth functioning of payment systems and the settlement and clearing of transactions across a range of credit markets. The Federal Reserve encourages depository institutions to utilize intraday credit extended by Reserve Banks, on both a collateralized and uncollateralized basis, to support the provision of liquidity to households and businesses and the general smooth functioning of payment systems.

Discount Window: The Federal Reserve encourages depository institutions to use the discount window to help meet demands for credit from households and businesses. In support of this goal, the Board lowered the primary credit rate by 150 basis points to 0.25 percent and increased borrowing periods for as long as 90 days, prepayable and renewable by the borrower on a daily basis. The Federal Reserve continues to accept the same broad range of collateral for discount window loans.

Reserve Requirements: Effective on March 26, 2020, the reserve requirements were reduced to zero percent, helping support lending by depository institutions to households and businesses.

Emergency Communications System (ECS): The ECS is a free service that state supervisory agencies and the Federal Reserve Bank supervision functions use in an emergency to communicate with the financial institutions they regulate. In order to receive such communications, supervised institutions should create a profile in the ECS website (a secure website hosted by the Federal Reserve Bank of St. Louis). Please have the new contact(s) register by visiting the ECS website at https://bsr.stlouisfed.org/ecs to create their contact profile.

Sound Practices

In addition to the safe and sound practices outlined in SR Letter 20-3, financial institutions can help mitigate risk stemming from the Coronavirus by following the additional practices described below.

Liquidity: Test contingency funding plans including funding outflows and impacts on off-balance sheet exposure (e.g. funding lines of credit). Consider testing available credit lines by accessing a federal funds line and borrowing a nominal amount of funds from the Federal Home Loan Bank and the Discount Window.

Operational: Assess succession plans to ascertain whether the plans provide an adequate response to a prolonged absence(s) in a key role(s). Consider how to communicate to customers and the community during the Coronavirus outbreak.

Credit: Work constructively with customers and members of the community to understand and address the impact the Coronavirus outbreak might be having on their finances or businesses. Consider SR Letter 20-4 and the Interagency Statement dated March 22, 2020.

Information Technology: Remind employees to remain mindful of cybersecurity threats, such as phishing and consumer fraud, including those related to the coronavirus outbreak.

Consumer Compliance: Maintain appropriate controls for ensuring fair treatment of customers in lending or other transactions and compliance with applicable laws and regulations.

Cybersecurity — High 

Rationale: As evidenced by recent events, including the March 2020 Finastra and December 2019 New Orleans ransomware attacks and the current situation with Iran, global threats continue to rise and evolve, making it more challenging for financial institutions to prevent and detect cyberattacks. The Finastra cyber-event caused major disruptions for clients throughout the world including operational outages and payments processing interruptions for Ninth District financial institutions.

District Concerns

The following is a list of the main areas of cybersecurity concern in our district, as well as a high-level summary of the reasons for concern.

NEW

 Third-Party Risk Management: A number of firms have outsourced critical operations to third parties and migrated to cloud-based platforms; however, financial institutions are concerned about having the technical expertise necessary to ensure the vendors have satisfactory controls related to confidentiality, integrity, and availability of data. In addition, financial institutions sometimes have difficulty obtaining sufficient information from vendors that are unfamiliar with the risk management needs of financial institutions.

NEW

 Risk Assessments: Regular risk assessments, including cybersecurity assessments, have been a challenge for some financial institutions. Without risk assessments, an institution will be unable to identify risk associated with its IT environment.

NEW

 Employee Training: Insufficient or lack of employee training on information security commensurate with the IT environment of an organization continues to be a challenge for financial institutions. Employee awareness and diligence related to information security remains a primary means to prevent and detect cybersecurity issues.

Operational Resilience: Some financial institutions continue to lack regular business continuity planning/disaster recovery (BCP/DR) and incident response tests that demonstrate continuity of critical operations after an operational interruption. The increase in cybersecurity attacks has heightened the importance of regular BCP/DR testing and incident response plan testing.

Vulnerability and Patch Management: Financial institutions continue to find it difficult to prioritize, test, and install an escalating volume of software patches needed to address vulnerabilities and prevent security incidents. Compounding the problem is the volume of unaddressed backlogs.

Safe and Sound Practices

Financial institutions can help mitigate cybersecurity risk by following the safe and sound practices described for each area of concern.

NEW

 Third-Party Risk Management: Responsibility for providing satisfactory oversight over outsourced relationships remains with the board and senior management. Financial institutions should continue to identify critical vendors and ensure critical vendors have a satisfactory BCP/DR plan in place. Appropriate ongoing monitoring of existing relationships and due diligence of potential vendors are keys to a satisfactory vendor risk management program.

NEW

 Risk Assessments: Board and senior management are responsible for monitoring and maintaining sufficient awareness of cybersecurity threats and vulnerable information through regular risk assessments. IT enterprise security risk assessments allow financial institutions to assess, identify, and modify their overall security posture and to view their entire organization from an attacker’s perspective.

Employee Training: Financial institutions should continue to conduct regular employee information security training as well as cybersecurity training and testing commensurate with the IT environment of the institution.

NEW Operational Resilience: BCP/DR and incident response plans should be up-to-date and regularly tested to ensure employees are aware of steps to be taken in case of an operational interruption. Additionally, financial institutions should conduct BCP/DR testing regularly with critical vendors.

NEW

 Vulnerability and Patch Management: Financial institutions should continue to improve vulnerability and patch management programs. Board and senior management should engage in regular network penetration testing in order to validate network resilience. In addition, vulnerability scanning should be performed regularly to explore potential points of exploitation and potential security issues on a network. Financial institutions should promptly remediate identified problems.

Agricultural Credit Risk — Elevated

Rationale: Low commodity prices, combined with a relatively high level of inflexible operating costs, continue to limit cash flow for agricultural producers. Net farm income has fallen significantly over the last several years, forcing many producers to use working capital and equity in order to meet debt requirements. Because of the multiyear decline in income among producers, many of the district’s agriculturally concentrated banks service producers who are unprofitable and have carryover debt. Severe weather events and tariffs by foreign countries also continue to exacerbate and strain producers, leading to a considerable increase in loan delinquencies.

District Concerns

The following is a list of the main areas of agricultural credit risk in our district, as well as a high-level summary of the reasons for concern.

Carryover Debt: Many Ninth District agriculturally concentrated banks have borrowers who are unprofitable and have carryover debt. In these cases, borrowers have expired working capital and utilized equity capital (generally farmland) to meet debt requirements. According to the most recent Agricultural Credit Conditions Survey, about half of the bankers surveyed expect rates of loan repayment to decline and the level of loan renewals or extensions to increase in the next quarter, which will further increase carryover debt levels and reduce borrower equity.

NEW

 Loan Delinquencies: Loan delinquency rates have increased, particularly at the most concentrated banks, which have the least capacity to mitigate asset quality risk through capital. However, capital levels have increased at agriculturally concentrated banks over the past year, and dividend payout ratios are appropriate overall.

NEW

 Severe Weather Events: 2019 was a damaging year for farmers across the Ninth District. For instance, excessive moisture continued into fall, with severe weather delaying or stopping harvest for corn and sugar beet producers in northwestern Minnesota and North Dakota. As of December 8, 2019, North Dakota producers harvested 43% of the corn crop compared to the 2014 to 2018 average of 95%. In South Dakota, heavy snows and relentless spring rain and flooding led to millions of acres in prevented planting. Producers in these areas may experience crop loss and declines in realized cash flow that may not fully repay operating expenses.

Foreign Tariffs: Foreign countries continue to use tariffs as a means to keep farmers and ranchers from their traditional export markets. These market distortions continue to reduce the margins for farmers and ranchers and their operations. However, the Market Facilitation Program (MFP) provided financial assistance to farmers and ranchers, accounting for over 20% of net farm income in 2019.

Safe and Sound Practices

Financial institutions can help mitigate agricultural credit risk by following the safe and sound practices described for each area of concern.

Carryover Debt: Financial institutions should address carryover debt either in policies or documented procedures that consider the strong risk management practices detailed in SR 11-14, Supervisory Expectations for Risk Management of Agricultural Credit Risk.

NEW

 Loan Delinquencies: Financial institutions, especially those with significant concentrations, should consider employing risk mitigation strategies as part of their capital planning process. Other strategies may include using other loss absorbing facilities such as FSA guarantees, or obtaining additional collateral from weaker borrowers. Strategies can also include indirect loss mitigates such as robust cash-flow analysis, enhanced collateral inspection, and strong monitoring practices for loans with carryover debt.

Tariffs and Severe Weather Events: Loan officers should consider closely monitoring borrower cash-flow projections and farmland values, as well as discuss deviations and potential remedial steps with the borrower, including:

  • An assessment of the borrower’s risk management practices related to varying cash flow due to weather events and trade/government policy.
  • An assessment of the long-term viability and financial strength of borrower operations.
  • An assessment of operating efficiency, management strength, and management succession plans.
  • If necessary, repayment plans with required action steps.

Liquidity — Elevated

Rationale: While the funding gap has improved in recent quarters, concern remains for credit-concentrated financial institutions, given the ongoing challenges with generating organic core deposits. Elevated agricultural credit risk continues to raise the possibility of an adverse impact on the liquidity of the district’s financial institutions.

District Concerns

The following is a list of the main areas of liquidity risk in our district, as well as a high-level summary of the reasons for concern.

Funding Gap: During the three-month reporting period ending on September 30, 2019, core deposits slightly outgrew loans, reversing a nine-quarter trend where total core deposit growth had been increasingly insufficient to match loan growth. To cover this gap between core deposits and loans during the previous nine-quarters, some financial institutions increased their reliance on volatile sources of funding. It is still too early to conclude whether the previous nine-quarter trend has subsided or if the relative growth of core deposits to loans has returned to a more sustainable level.

Layered Risk: As the financial conditions for agricultural producers deteriorates, financial institutions with agricultural loan concentrations may see their liquidity decrease as expected payments from the borrower decline and the cost to administer loans to these borrowers increases.

Safe and Sound Practices

Financial institutions can help mitigate liquidity risk by following the safe and sound practices described for each area of concern.

NEW

 Funding Gap: Financial institutions should consider developing board approved risk limits around noncore funding. This can include a combination of level, type, and mix of noncore funding.

NEW

 Funding Gap: In their liquidity stress tests, financial institutions should consider testing for possible liquidity gaps if noncore funding were to decrease or become unavailable.

Layered Risk: Financial institutions should consider including concentration risk in liquidity and capital planning processes to ensure there is a sufficient liquidity buffer.

Layered Risk: When cash-flow projections indicate debt-servicing difficulty, financial institutions should consider a borrower’s long-term viability and overall financial strength, including equity, operating efficiency, and outside debt.

Appendix 1 – Risk Table

Risk Level2
12/31/2019		 Previous
6/30/2019		 Last Winter
12/31/2018
Credit Risk Acceptable Acceptable Acceptable
Agricultural Credit Risk Elevated Elevated Elevated
Energy Sector Risk Acceptable Acceptable Acceptable
Commercial Real Estate Credit Risk Acceptable Acceptable Acceptable
Investment Securities Credit Risk Acceptable Acceptable Acceptable
Liquidity Risk Elevated Elevated Elevated
Interest Rate Risk Acceptable Acceptable Acceptable
Cybersecurity Risk High High High
BSA, AML, & OFAC Risk Acceptable Acceptable Acceptable
Consumer Compliance Risk3 Acceptable Acceptable Acceptable

2 Level classifications are described as follows:

High – Inherent risk reflects a current problem area or one likely to become a problem area in the next one to two years, that, if realized, would have a significant impact on institutions in terms of operating losses, rating downgrades, strategic goal impediments (e.g., M&A), or failures. The supervisory approach requires specific supervisory action steps to control or mitigate the risk
Elevated – Inherent risk reflects either a current problem area that has a less significant impact on institutions than a high-risk area or an area that is potentially high impact but is less likely to develop in the next one to two years. The supervisory approach typically must be a modified approach to monitor, understand, or communicate the risk. Acceptable – Inherent risk does not fulfill the definition of either high or elevated risk, and the current supervisory approach is sufficient to manage the risk

3 Consumer compliance inherent risk, reflecting consumer compliance, fair lending, and the CRA, is at an acceptable level but continues to require robust risk management. The inherent risks have matured and are generally well known, and financial institution risk management has proven generally effective.