Beyond IndyMac: It's a Crisis of Confidence

With Banks in Question, Focus Turns to Maintaining Compliance and Customer Trust
Beyond IndyMac: It's a Crisis of Confidence
Last Friday, IndyMac became another financial institution to fail this year because of the credit crisis.

Taken over by federal banking regulators, IndyMac, a Pasadena, California-based mortgage lender with $32 billion in assets, was the largest thrift on record to fail and the third largest bank failure in history. Weeks before the bank's takeover on June 26, New York's U.S. Senator Charles Schumer sent letters to bank regulatory agencies expressing his concerns about the bank's viability. In the next 11 business days, depositors withdrew more than $1.3 billion from their IndyMac accounts. The Office of Thrift Supervision cited Schumer's letters as the immediate cause of the bank's closing in its announcement on the day the bank closed.(OTS Closes IndyMac Bank and Transfers Operations to FDIC)

IndyMac's takeover is only one of the symptoms of the tightening credit conditions that have been building at financial institutions since last summer. Earlier this week, the top financial leaders from Treasury and the Federal Reserve testified to legislators about the deteriorated state of the economy, the laundry list of economic casualties and a possible slow recovery. This is coupled with the announcement earlier this year by the Treasury of its plans to revamp how financial institutions would be regulated. (Treasury Proposes Axing OTS, NCUA)

And yet, while institutions struggle with the credit crunch, they can't lose sight of security and regulatory compliance. Just last week, in fact, the head of the Office of the Comptroller of the Currency, which oversees roughly 1,700 banks, told its compliance examiners that they need to stay focused on compliance despite the industry's recent credit issues. "We simply cannot take our eyes off compliance while we address safety and soundness," said Comptroller of the Currency John C. Dugan, speaking at the OCC Compliance Conference in Orlando, FL. "We know how to deal with credit issues, and we will work our way through these very difficult problems. What I don't want, though, is to finish dealing with the industry's safety and soundness issues only to find that we've allowed significant compliance problems to develop in their place."

Coupled with this continued need for compliance is the issue of maintaining customer confidence in their financial institution. In order to achieve this, industry experts say, institutions must keep information security at the top of their priorities.

A Matter of Trust
The Federal Deposit Insurance Corp. (FDIC) was named conservator of IndyMac, which was renamed IndyMac Federal Bank. ( FDIC Establishes IndyMac Federal Bank, FSB as Successor to IndyMac Bank, F.S.B., Pasadena, CA) The FDIC says it is watching other institutions that have made similar higher-risk mortgages, and FDIC Chairman Sheila Bair reassured IndyMac's customers that their insured deposits are safe. "IndyMac is only one of 8,494 depository institutions operating throughout the country and represents only .2 percent of banking industry assets," Bair says. "The overwhelming majority of banks in this country are safe and sound." The FDIC has tagged 90 institutions -- about 1 percent of all those it insures -- to be placed on its list of "problem banks."

When the IndyMac takeover by the FDIC is splashed over all news media, other institutions have to consider what their own customers are thinking about their bank, says Larry Ponemon, Chairman of the Ponemon Institute, an independent privacy and information security research firm. "It's all about customer trust. When people begin to believe that their bank isn't going to be able to make payments to them, when they begin to believe they're not going to meet their commitments, a domino effect begins to occur," Ponemon says. Other banking organizations should pay heed to IndyMac's example. "IndyMac shows what can happen when consumers begin losing confidence and trust in their primary banking organization."

Anything the financial industry can to do boost consumer confidence at this time would be a benefit, says Steven Jones, Director Information Security, Synovus Financial Corp., a $33 billion bank holding company with 35 banks in the Southeastern U.S. "Trust and confidence are paramount in this industry, and communication is critical to maintaining trust. This [IndyMac takeover] was a classic run on the bank scenario, but aside from a liquidity crisis, it was a trust and confidence issue foremost."

"The toughest issue to deal with has to be the rebuilding of trust with customers, but I think this can be obtained, in part, through strengthening of controls, and effectively communicating such controls to customers," says Jason Bawcum, Vice President of Security at Community South Bank in Parsons, TN. "There's no better way to build trust than to tell customers what steps you are doing to build or improve their confidence."

None of this will be easy, he adds, "but should definitely serve as a good starting point." Customer perception is key, especially in a time of economic downturn, says Bawcum. "Although not solely the fault of the financial industry, overall consumer confidence is sinking already," he notes.

As the media chatter about IndyMac raises customers voicing their distrust, and talk turns to people stuffing their mattresses with their money, Ponemon stresses "Anything that an institution can do to not have its trustworthiness diminished in the eyes of its customers is more important than ever before." In monitoring the news coverage of the IndyMac takeover, he repeats "Clearly the biggest issue is that financial institutions have to work even harder now to maintain the trust."

If there was ever a time to behave in ways that are ethical and trustworthy, Ponemon says "It's today. Even for the big banks, small little signals like a privacy breach would be enough of an event to tip the scales to bring about the loss of a lot of customers," he observes. Strong information security policies and procedures are key to preventing a breach, he says.

Outside of the most obvious recommendations of maintaining strong security and communicating with customers, Jones suggests maintaining a healthy relationship with banking regulators. "Make sure there are no surprises," Jones says. "Keep them abreast of risk and risk management activities within your organization."

The FDIC insures deposits in banks and has responsibility for fostering consumer confidence in the banking system. Jones says he believes regulators are also feeling pressure from the current economic situation. "We have historically seen a year over year increase in regulatory scrutiny, but the pace seems to be accelerating."

As the events of the past week at IndyMac begin to settle down and the bank resembles a more normal banking business, the FDIC proves again its ability to restore order, calm and confidence. These are the times when all institutions concerned about maintaining customer confidence need to remind their customers that their institution is sound. Communicate to them of the many regulatory checks and balances in place, that the FDIC or (NCUA for credit unions) ensure the safety of their deposits, and that the trust and confidence confided in your institution is well-placed.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.