Due Diligence on Bank and Treasury Management Providers

Governments have fiduciary duties to protect and safeguard the public funds entrusted to them, one of which is the proper selection of and ongoing oversight of bank and non-bank depositories and treasury management service providers. Government cash and near-cash assets are processed and held by banks, their third-party partners and, in some cases, non-banks; therefore, it is important to carefully choose bank and non-bank vendors and to perform on-going supervision and evaluation of each bank and non-bank that processes and/or holds government assets. The banking industry is highly regulated by both Federal and State oversight agencies and certain balances on deposit with those banks are protected by insurance made available by the Federal Deposit Insurance Corporation ('FDIC').

As part of a due diligence program, government officials should review the quarterly and annual financial reports of key counterparty banks as well as summary reports retrieved from each bank's regulator. These quarterly summary reports are known as Call Reports and can be viewed at https://cdr.ffiec.gov/public/ . Regulators establish certain key publicly reported financial standards for banks, such as the Total Risk Based Capital Ratio, the Tier 1 Risk Based Capital Ratio or the leverage Ratio. Banks must maintain sufficient book equity capital to meet the regulatory minimums otherwise the regulator will require that the bank raise new capital.

Credit Rating Agencies publish a rating in alpha and/or numeric form, and may rank bank debt instruments as indicators of a bank's ability to satisfy its obligations. It is a best practice for government officials to track and trend Private Rating Agency scores for key banks and establish a minimum threshold which primary counterparty banks must maintain in order to retain the government's depository relationship.

Other methods of determining the credit and soundness of a counterparty are the CAMELS (Capital, Asset Quality, Management Quality, Assets, Liquidity, Sensitivity to Marker Risk) ratings and the Probability of Default. The regulatory CAMELS ratings are not public information, however IDC publishes a unique rating (www.idcfp.com) based on CAMELS. The Probability of Default is an indication of the likelihood of a default over a particular time horizon, typically one and five years and is measured Through The Cycle (TTC) or as a Point in Time (PIT).

As part of the ongoing due diligence and prudent management of relationships, the GFOA further recommends that governments evaluate their key bank(s) and issue an internal Bank Review Summary on a quarterly basis.

In addition to monitoring and reporting, the government's operating relationship with a bank or non-bank processor of cash and near cash assets needs to be managed pro-actively.

A. Relationship Management

When monitoring regulated and non-regulated bank partners, and non-bank companies that process, validate, transfer, disburse and 'hold on deposit' cash and near cash assets and apply prudent, the following should be considered:

1. Maintain a current knowledge of the products, services and exposures that the government maintains with the bank or non-bank;
2. Create policies and procedures for all of the activities and interactions involving the bank or non-bank, including techniques to control misuse of government assets and plans to respond to any variance from policy.
3. Be aware of the competitors and their ability to replace the bank or non-bank in the event of a temporary or permanent interruption of service or change of bank or non-bank;
4. Particularly for sensitive products like payroll, make certain that an emergency back-up plan is available in the event that the bank is unable to process for the government;
5. Develop an action plan in the event of a confidential information breach internally or at the bank or non-bank.
6. Prepare a comprehensive business resumption plan for all of the services used from the bank or non-bank to respond to any emergency disruption of service, whether internal to the government or caused by the bank or non-bank, and to assure the on-going availability of disaster recovery and that those plans are tested frequently, both internally and against the bank or non-bank's business continuity plans.

B. Bank Review Summary

The Government's Bank Review Summary should:

1. Identify the government's product usage at the bank;
2. Describe the government's exposure at the bank (balance levels, exposure to product issues, etc.);
3. Evaluate changes in the bank's financial condition;
4. Report whether the bank's Credit Rating Agency scores meet or exceed established minimum thresholds;
5. Review any recent news including management changes, legal and regulatory actions, key product changes, changes in market capitalization, mergers or acquisitions, and any other meaningful financial events that may change the bank's condition, status or abilities;
6. Consider the actions required of the government in the event that the bank no longer qualifies as an approved depository/counterparty for the government.

C. Monitoring Financial Conditions

Monitoring the financial conditions of a bank or non-bank relationships should consist of the following:

1. A Review of the monthly account analysis statement or invoice to determine if volume counts are appropriate and consistent and to be sure that contract pricing is properly applied to the account analysis or invoice. Use the account analysis/invoice as well as internal knowledge to determine if product usage is appropriate from month to month. For example:
   • Should new products available in the marketplace replace existing product choices?
   • Are there less expensive ways available to process the transactions without giving up important value?
   • Can transactions be processed more safely?
2. A review of the financial condition of the banks or non-banks as well as a continual scan of news reports that may indicate changes in bank or non-bank financial performance or strategies.
   Conduct quarterly relationship review meetings with representatives of the bank or non-bank to maintain open communications, exchange ideas for improvement and stay informed of developments at the bank or non-bank.
   • Large banks and non-bank relationships should be reviewed quarterly.
   • Small banks and non-bank relationship should be reviewed annually.