3 Principles to Promote a Bank Culture of Innovation

Many bank leaders I talk to are very aware of the importance of innovation in the face of a fast-paced, changing environment. Yet, they have trouble promoting change and adopting more modern and efficient processes and technology — contributing to the struggle of making their bank more innovative. While every institution is slightly different, I wanted to share a few practical approaches to achieve internally led innovation that were very effective during my 12 years at Alphabet’s Google and another six working with the most innovative community and regional banks.

A recent survey from McKinsey & Co. found that 84% of CEOs understand innovation is imperative to achieve growth, yet a mere 6% are satisfied with the level of innovation within their organizations. These numbers reinforce that executives have the desire to promote innovation, but continue to struggle with execution and strategy.

One of the main problems I see institutions having in their typical approaches to innovation is the reliance on external paid consultants instead of activating an existing resource within their bank: their own employees. Employees already have a deep understanding of issues that both they and customers experience with the existing services and technology stack and are in a unique position to generate ideas for improvements. Not to mention they are also highly motivated to drive these innovations to a successful completion.

Embracing this approach of where the innovation most likely comes will enable bank leadership to focus on creating an environment that is conducive for innovation. Here are three practical suggestions executives and boards should consider:

1. Make it “Safe” to Fail
The foundation of a successful bank business model includes managing risk, such as balancing the downside of defaulting loans with the benefit of interest income on performing loans. And just like it is impossible to benefit from interest income without risking the principle, it is not possible to innovate without trying some things that, in retrospect, do not work out as originally planned.

The key here is to make sure everyone in the organization knows it’s OK to try things and sometimes fail. Without trial and error, there is no reward. Organizations that minimize the negativity around failure and view it as an opportunity to become better are often the ones that are able to move forward and innovate.

2. Encourage “Bottom-Up” Ideation
Most are familiar with “top-down” change that stems from leadership teams and management. However, this approach makes it harder to innovate; in many cases, it ignores the unique context that front line employees have gleaned. These employees use the bank software and speak with customers, giving them a unique and very valuable perspective. They know what is causing pain and what modifications and improvements would make customers happier. The key to promoting innovation is to extend the opportunity for ideation to all employees in a “bottom-up” approach, allowing their voices to be heard while embracing and appreciating their creativity and insight.

Giving employees a safe space to voice their ideas and an opportunity to provide feedback is at the core of innovation. Executives can achieve this by shifting the organizational process from a one-pass, top-down approach to a two or more-pass approach. This is front line employees can propose ideas that management reviews and vice versa: management proposals are reviewed by the same front line employees for feedback. Management proposals’ are then refined to reflect the employee feedback. This allows management to incorporate all relevant context and makes everyone feels part of the process.

3. Enable an Agile Approach
While planning everything down to the smallest detail may seem like the safer option, it is important that boards and management teams accept that the unexpected is inevitable. Rather than trying to foresee every aspect, it is important to incorporate an agile mindset. An agile approach starts small and observes, adjusts course based on those observations and continues to course correct through repeated observation/adjustment steps. This allows the organization to absorb the unforeseen while still continually making progress. Over time, the pressure to be correct all the time will dissipate; the bank will feel more in control and enabled to make appropriate adjustments to increase the chances of the best possible outcome.

The rate of change around us and within financial services is steadily increasing; it is impossible to predict and plan for what will happen in the next few years. Instead, it is crucial that bank boards and management teams embrace adaptability as a critical element of corporate survival.

When Directors Should Talk to Investors

Company boards have long spoken to investors in indirect ways, through their votes and organizational performance. But as powers shift to large investors and governance norms have changed, investor groups have demanded more one-on-one conversations with bank directors.

Allowing directors to speak to investors comes with risk, and not just due to the potential for legal missteps. The director becomes a public representative of the bank and anything he or she says will be scrutinized, resulting in possible backfire.

“You can’t really say you’re not speaking for the company,” says Peter Weinstock, a partner at the global law firm Hunton Andrews Kurth. “You’re speaking for the company.”

But in an age where activist shareholders have an increased presence and institutional investors such as Blackrock and State Street Corp. have greater power, organizations find that some investors expect this one-to-one interface with directors. When done right, it can ease tension among the investor base, allowing management to maneuver more freely. When done wrong, however, it can result in proxy fights and changes to the board and management.

The topics that investors care about impact the moves that directors and boards make. Board discussions on compensation, for example, are becoming more important. Last year saw the lowest level of shareholder support for executive pay — only 87.4% of S&P 500 companies received shareholder approval in advisory voting during proxy season, according to PwC. That indicates a higher bar for boards to get shareholder buy-in for executive compensation.

Companies also must deal with an increasing amount of activist shareholder proposals. PwC reports there was a 17% increase in shareholder proposals last year. Out of 288 proposals related to environmental, social and governance (ESG) matters, a popular topic last year, 41 proposals passed.

One way to provide context for the company’s efforts on those matters: director conversations.
Institutional investors and shareholder analysis groups have turned their focus to three big concerns – audit, governance and compensation – all of which reside at the board level. With questions surrounding those specific concerns coming from many different groups, banks have turned to so-called “roadshows.” In those organized conversations, directors speak to shareholders or investor services groups about specific governance or audit topics. During those roadshows, board members stick to a prewritten script.

“The advent of the one-way listening session allayed director fear,” says Lex Suvanto, global CEO at the public relations firm Edelman Smithfield. “There isn’t much risk in what they shouldn’t say.”

Certain concerns may require more direct conversations with a specific investment group. When entering those conversations, it’s important to remember what information the shareholders want to glean. “Understand who you are speaking to and what they are all about,” says Tom Germinario, senior managing director at the financial communication firm D.F. King & Co. “Is it a governance department or a portfolio manager, because there’s a difference?”

Each investor will come to the conversation with different goals, investment criteria and questions they want addressed. It’s on the company to prepare the director for what types of questions each investor may need answered.

During those different calls, banks should ask to receive the questions ahead of time. Many investors will provide this, since they understand that the director cannot run afoul of fair disclosure rules, a set of parameters that prevent insider trading. But not all investors will provide those insights upfront.

To head off such concerns, the bank’s communications or investor relations team should run a rehearsal or prepare the director with possible questions, based on the reason for the meeting.

The investors will look for anything that might give them insight. Directors that veer off script could run afoul of what they can legally disclose. Plus, the tenor of the answers must match what the CEO has said publicly about the company. Without practice, the conversation can unwittingly turn awry.

“If a director is on the phone with an investor and something is asked that the company hasn’t disclosed, the director can table that part of the discussion,” says Weinstock. “The company can then make a Regulation Fair Disclosure filing before following up with the investor on a subsequent call. That’s an option if the company wants to release the information.”

It’s important to remember the practice will also protect you, since you will have a significant amount riding on the conversation as well. “Directors may reveal that they’re not in touch with important investor priorities,” says Suvanto. “Directors need to understand and be fully prepared to represent the values and behaviors [of the company].”

Suvanto adds that many directors would have been better not to speak at all than to go into a room with a large institutional investor, unprepared. In a public bank, such a misstep can lead to a proxy battle, which may result in the director (or many directors) being replaced by members the investors view as more favorable or knowledgeable.

The conversation also works differently, depending on the size of the bank and whether it’s a private or public institution. Institutional investors likely will focus on larger banks. Small banks may not account for an oversized spot in the institutional investor’s portfolios. Instead, for smaller companies, it’s often about getting the CEO and chief financial officer in front of investors to encourage investment. Often, this does not need a director’s voice.

For private banks, however, there are certain moments where directors may be asked to step in. If, say, an organization has questions about its auditing practices. Or what if a competitor bank has major governance violations? To address questions from investors concerning those issues, it may be advisable to have the committee head for the specific concern speak to investors about the bank’s practices.

But even a private bank cannot ignore concerns about releasing information that’s meant to stay within the board room. “It’s important to realize that information does not belong to a director,” says Weinstock. “It’s also important to realize that private companies could have insider trading violations.”

What else could go wrong? A director could overpromise when the company isn’t ready to address the issue. This can happen in the environmental, social and governance (ESG) space with regards to addressing social concerns, for example. If a director commits to social commitments that the company cannot yet adopt, it can pit the director against the board or management. Either the company will decide to adopt the promised measures, or the director will have misled the investor.

“A director should never get on the phone alone,” says Germinario. “You never want an investor to misconstrue a promise.”

New Law Ends Pre-Dispute NDAs for Workplace Sexual Harassment, Assault Disputes

On Nov. 16, 2022, the U.S. House of Representatives sent the Speak Out Act to President Joe Biden’s desk with a 315-109 vote. The legislation, which cleared the Senate unanimously on Sept. 29, aims to prohibit the use of pre-dispute nondisclosure and non-disparagement agreements, or NDAs, with regard to sexual harassment and sexual assault. After previously expressing support for the legislation, President Biden signed the bill into law on Dec. 7, 2022.

The law builds off the previous amendment to the Federal Arbitration Act, the Ending Forced Arbitration of Sexual Assault and Sexual Harassment Act of 2021. That amendment gave individuals asserting claims of sexual harassment and sexual assault the option to file their claims in court, rather than be subject to pre-dispute mandatory arbitration clauses. The amendment also prohibited pre-dispute agreements that waive an employee’s right to participate in a joint, class or collective action in a judicial, arbitral, administrative or other forum relating to a sexual assault dispute or sexual harassment dispute. Both pieces of legislation are motivated in part by the #MeToo movement and are analogous to state laws passed in California, Illinois, New Jersey, New York and others.

Like its predecessor, the law only applies to pre-dispute NDAs that prohibit the discussion of sexual harassment or sexual assault claims. A bank and employee may still enter into an NDA, so long as the agreement is reached after the unlawful conduct is alleged. Furthermore, the law does not affect NDAs in other contexts, such as intellectual property, non-compete agreements, or severance agreements.

While the law prohibits the use of pre-dispute NDAs with regards to sexual harassment and sexual assault, it does not apply to other related discrimination claims such as race, age, gender or national origin. President Biden, however, expressed interest in advancing similar legislation that would apply to racial discrimination, unfair labor practices and others.

Even though the act has been signed into law, banks will not have to abandon NDAs entirely. NDAs will continue to be a useful tool for banks that wish to secure their confidential information. Bank board members will, however, need to update their employment handbook policies as well as any template NDAs. Additionally, it is important to remember that banks may still enter into NDAs regarding sexual harassment and sexual assault. Now, however, the choice will be in the hands of the employee after the unlawful conduct is alleged — and not the bank at the date of hiring. Additionally, it is also wise for a bank’s board of directors to keep pre-dispute NDAs intact for the other discrimination claims that the law does not effect.

Finally, after updating sexual harassment and sexual assault policies, it is always wise to ensure that a bank’s harassment reporting policy and investigation routine is effective at preventing and addressing harassment in the workplace. A comprehensive sexual harassment policy that encourages reporting, an open-door policy and quick and thorough investigations is the best way for board members to safeguard a bank’s work environment.

Hitting a Home Run With George Makris

Sports probably kept George Makris out of jail. 

At least, that’s his telling of it. Makris is now chairman and CEO of Simmons First National Corp, the holding company of Simmons Bank, in Pine Bluff, Arkansas, but he admits he wasn’t a great kid. Thanks to the guidance of his parents and a love of sports, Makris ended up on a more straight and narrow path.

He played baseball and football at Washington and Lee University in Virginia in the 1970s and then transferred closer to home, to Rhodes College in Memphis. He took over running his family’s Anheuser-Busch beer distributorship, which has several parallels to banking. For one, they’re both sensitive to interest rates. Makris says that when interest rates rise, people tend to move from Budweiser to Busch.

While it may seem odd to go from beer to banking, Makris did so gradually. He joined the board of Worthen National Bank, a small bank, in the 1980s. Through consolidation, that bank eventually became a part of Bank of America Corp. He joined Simmons’ board in 1997. Years later, Simmons’ longtime CEO Tommy May had to step down because of illness. 

The board asked Makris to take the top job. Close to a decade later, the bank has grown from under $4 billion in assets to more than $27 billion in assets, mostly through strategic acquisitions. 

He talks in this episode of The Slant Podcast about market share and how lessons from sports can help navigate life and career. Due to technical difficulties, this conversation has been abbreviated.

This episode, and all past episodes of The Slant Podcast, are available on Bank Director.comSpotify and Apple Music.

3 Common Insurance Gaps at Banks

Banks must take risk management seriously – and part of managing risk is properly insuring property and casualty risk. Below are the three critical, yet commonly overlooked, areas that institutions should be aware of in addressing their property and casualty insurance program.

1. Think Deeply About the Bank’s Entire Risk Profile
Banks are a complicated risk entity without a cookie-cutter insurance blueprint. The bank business model makes banks a natural target for criminal acts, while daily operations leaves the bank exposed to a host of liability claims. We have also recently seen an increase in regulatory scrutiny related to banks, especially banks’ cyber exposure. Another factor working against the bank is the lack of set standards, guidance and/or oversight of their insurance program. These factors combined make banks particularly complicated to insure competently.

It is imperative that banks consider the entirety of their risks in ensuring they have appropriate coverage and limits. Risk factors to consider include ownership structure, recent financial performance, geographic location, loss history, makeup of the board and management, business model and growth projections. When these factors are considered together, a bank can more completely insure its risks as many of the core coverage lines (and policy forms) are unique only to commercial banks.

2. Cyber Exposure Needs to Be Addressed Under Three Separate Policies
When most banks hear cyber insurance, they think of their cyber liability policy. Most carriers consider this computer systems fraud and it is intended to respond to electronic claims when the bank’s funds are lost or stolen. A typical non-bank cyber liability policy will also include a crime component for electronic losses like fraudulent instruction and electronic funds transfer fraud.

However, there are additional coverages specifically available to banks for cyber loss. The second is the bank’s FI Bond. This is a broader policy and can carry much higher limits. Other coverages under the FI Bond include computer systems fraud such as hacker and virus destruction, as well as voice initiated transfer fraud. There is also an option to insure “social engineering” claims through the bond FI policy.

The third policy that may apply in a cyber loss is the bankers professional liability (BPL). If a bank does not carry social engineering on their bond and a customer’s account is hacked through its own system (opposed to the bank’s) the FI bond likely will not cover the customer’s stolen money. A BPL may provide coverage for depositor’s liability in this case.
Bank should make sure that all three of these policies have adequate limits, do not have overlapping coverage, and also do not leave any gaps in coverage.

3. The Areas of Greatest Exposure
Although cyber and D&O are often the first two areas of insurance a bank focuses, we believe more attention should be paid to the bankers professional liability policy. In the most basic sense, BPL covers the bank for losses arising from any service the bank provides to a customer, aside from lending activity. It’s often colloquially called Bankers E&O and is essentially broad form negligence coverage.
Conversely, lender liability is intended to cover that which BPL excludes: wrongful acts arising from a loan or lending activity. It is important that banks have lender liability included within the BPL.

There are two main reasons BPL/lender liability are important:
1. The most frequent claim for banks falls under the BPL/lender liability. In 2021, 51% of bank liability claims fell under BPL or lender liability. Cyber liability and D&O claims constituted 8% and 12% of claims, respectively.
2. Since they are usually insured under the same insuring agreement, they also usually share one limit. A borrower suit that turns into a paid claim would also erode the BPL limit.

Most peer group average BPL and lender liability limits are relatively low; it’s recommended that banks keep their limit at or slightly above average, at a minimum.

Given the complex factors above, how can you know if your bank is protected? Consider the following questions:

  • Are my financial institution and its officers protected from all the types of risk that could hurt us?
  • Do I have a partner I trust to complement my unique business and offer integrated solutions that offer the right amount of coverage?
  • How much time, productivity and fees does it cost the bank to have relationships with multiple brokers and advisors?

Insurance is complex. Threats to the security of your financial organization are ubiquitous. You should have an expert to help you navigate the process and build a tailored solution for your institution.

Asking the Right Questions About Your Bank’s Tech Spend

Bank Director’s 2022 Technology Survey, sponsored by CDW, finds 81% of bank executives and board members reporting that their technology budget increased compared to 2021, at a median of 11%. Much of this, the survey indicates, ties to the industry’s continued digitization of products and services. That makes technology an important line item within a bank’s budget — one that enables bank leaders to meet strategic goals to serve customers and generate organizational efficiencies.

“These are some of the biggest expenditures the bank is making outside of human capital,” says John Behringer, risk consulting partner at RSM US LLP. The board “should feel comfortable providing effective challenge to those decisions.” Effective challenge references the board’s responsibility to hold management accountable by being engaged, asking incisive questions and getting the information it needs to provide effective oversight for the organization.  

Banks budgeted a median $1 million for technology in 2022, according to the survey; that number ranged from a median $250,000 for smaller banks below $500 million in assets to $25 million for larger banks above $10 billion. While most believe their institution spends enough on technology, relative to strategy, roughly one-third believe they spend too little. How can boards determine that their bank spends an appropriate amount?

Finding an apples to apples comparison to peers can be difficult, says Behringer. Different banks, even among peer groups, may be in different stages of the journey when it comes to digital transformation, and they may have different objectives. He says benchmarking can be a “starting point,” but boards should delve deeper. How much of the budget has been dedicated to maintaining legacy software and systems, versus implementing new solutions? What was technology’s role in meeting and furthering key strategic goals? 

A lot of the budget will go toward “keeping the lights on,” as Behringer puts it. Bank of America Corp. spends roughly $3 billion annually on new technology initiatives, according to statements from Chairman and CEO Brian Moynihan — so roughly 30% of the bank’s $11 billion total spend.

For banks responding to the survey, new technology enhancements that drive efficiencies focus on areas that keep them safe: For all banks, cybersecurity (89%) and security/fraud (62%) were the top two categories. To improve the customer experience, institutions have prioritized payments capabilities (63%), retail account opening (54%), and consumer or mortgage lending (41%).

Benjamin Wallace says one way board members can better understand technology spend is to break down the overall technology cost into a metric that better illustrates its impact, like cost per account. “For every customer that comes on the board, on average, let’s say $3.50, and that includes the software, that includes the compensation … and that can be a really constructive conversation,” says Wallace, the CEO of Summit Technology Group. “Have a common way to talk about technology spend that you can look at year to year that the board member will understand.”

Trevor Dryer, an entrepreneur and investor who joined the board of Olympia, Washington-based Heritage Financial Corp. in November 2021, thinks boards should keep the customer top of mind when discussing technology and strategy. “What’s the customer’s experience with the technology? [W]hen do they want to talk to somebody, versus when do they want to use technology? When they do use technology, how is this process seamless? How does it align with the way the bank’s positioning itself?” If the bank sees itself as offering high-touch, personal service, for example, that should be reflected in the technology.

And the bank’s goals should drive the information that floats back to the boardroom. Dryer says $7.3 billion Heritage Financial has “great dashboards” that provide important business metrics and risk indicators, but the board is working with Chief Technology Officer Bill Glasby to better understand the impact of the bank’s technology. Dryer wants to know, “How are our customers interacting with our technology, and are they liking it or not? What are the friction points?” 

Some other basic information that Behringer recommends that bank leaders ask about before adopting new technology include whether the platform fits with the current infrastructure, and whether the pricing of the technology is appropriate. 

Community banks don’t have Bank of America’s $11 billion technology budget. As institutions increase their technology spend, bank leaders need to align adoption with the bank’s strategic priorities. It’s easy to chase fads, and be swayed to adopt something with more bells and whistles than the organization really needs. That distracts from strategy, says Dryer. “To me, the question [banks] should be asking is, ‘What is the problem that we’re trying to solve for our customers?’” Leadership teams and boards that can’t answer that, he says, should spend more time understanding their customers’ needs before they go further down a particular path. 

The best companies leverage technology to solve a business problem, but too many management teams let the tail wag the dog, says Wallace. “The board can make sure — before anyone signs a check for a technology product — to press on the why and what’s driving that investment.” 

Forty-five percent of respondents worry that their bank relies too heavily on outdated technology. While the board doesn’t manage the day-to-day, directors can ask questions in line with strategic priorities. 

Ask, “’Are we good at patching, or do we have a lot of systems where things aren’t patched because systems are no longer supported?’” says Behringer. Is the bank monitoring key applications? Have important vendors like the core provider announced sunsets, meaning that a product will no longer be supported? What technology is on premises versus hosted in the cloud? “The more that’s on prem[ises], the more likely you’ve got dated technology,” he says.

And it’s possible that banks could manage some expenses down by examining what they’re using and whether those solutions are redundant, a process Behringer calls “application rationalization.” It’s an undertaking that can be particularly important following an acquisition but can be applied just as easily to organic duplication throughout the organization. 

A lack of boardroom expertise may have members struggling to have a constructive conversation around technology. “Community bank boards may not have what we would consider a subject matter expert, from a technology standpoint,” says Behringer, “so they don’t feel qualified to challenge.” 

Heritage Financial increased the technology expertise in its boardroom with the additions of Dryer and Gail Giacobbe, a Microsoft executive, and formed a board-level technology committee. Dryer led Mirador, a digital lending platform, until its acquisition by CUNA Mutual Group in 2018. He also co-founded Carbon Title, a software solution that helps property owners and real estate developers understand their carbon impact. 

Experiences like Dryer’s can bring a different viewpoint to the boardroom. A board-level tech expert can support or challenge the bank’s chief information officer or other executives about how they’re deploying resources, whether staffing is appropriate or offer ideas on where technology could benefit the organization. They can also flag trends that they see inside and outside of banking, or connect bank leaders to experts in specific areas. 

“Sometimes technology can be an afterthought, [but] I think that it’s a really critical part of delivering banking services today,” says Dryer. “With technology, if you haven’t been in it, you can feel like you’re held captive to whatever you’re being told. There’s not a really great way to independently evaluate or call B.S. on something. And so I think that’s a way I’ve been trying to help provide some value to my fellow directors.”  

Less than half of the survey respondents say their board has a member who they’d consider a tech expert. Of the 53% of respondents who say their board doesn’t have a tech expert, just 39% are seeking that expertise. As a substitution for this knowledge, boards could bring in a strategic advisor to sit in as a technologist during meetings, says Wallace. 

On the whole, boards should empower themselves to challenge management on this important expense by continuing their education on technology. As Wallace points out, many boards play a role in loan approvals, even if most directors aren’t experts on credit. “They’re approving credit exposure … but they would never think to be in the weeds in technology like that,” he says. “Technology probably has equal if not greater risk, sometimes, than approving one $50,000 loan to a small business in the community.”

The ways in which banks leverage technology have been featured recently in Bank Director magazine. “Confronting the Labor Shortage” focuses on how M&T Bank Corp. attracts and trains tech talent. “Community Banks Enter the Venture Jungle” examines bank participation in fintech funds; a follow-up piece asks, “Should You Invest in a Venture Fund?”  Some institutions are evaluating blockchain opportunities: “Unlocking Blockchain’s Power” explores how Signature Bank, Customers Bancorp and others are leveraging blockchain-based payments platforms to serve commercial customers; risk and compliance considerations around blockchain are further discussed in the article, “Opportunities — and Questions — Abound With Blockchain.” 

Technology is an important component of a bank’s overall strategy. For more information on enhancing strategic discussions, consider viewing “Building Operational Resiliency in the Midst of Change” and “Board Strategic Leadership,” both part of Bank Director’s Online Training Series.   

Bank Director’s 2022 Technology Survey, sponsored by CDW, surveyed 138 independent directors, chief executive officers, chief operating officers and senior technology executives of U.S. banks below $100 billion in assets to understand how these institutions leverage technology in response to the competitive landscape. Bank Services members have exclusive access to the complete results of the survey, which was conducted in June and July 2022. 

Current Compliance Priorities in Bank Regulatory Exams

Updated examination practices, published guidance and public statements from federal banking agencies can provide insights for banks into where regulators are likely to focus their efforts in coming months. Of particular focus are safety and soundness concerns and consumer protection compliance priorities.

Safety and Soundness Concerns
Although they are familiar topics to most bank leaders, several safety and soundness matters merit particular attention.

  • Bank Secrecy Act/anti-money laundering (BSA/AML) laws. After the Federal Financial Institutions Examination Council updated its BSA/AML examination manual in 2021, recent subsequent enforcement actions issued by regulators clearly indicate that BSA/AML compliance remains a high supervisory priority. Banks should expect continued pressure to modernize their compliance programs to counteract increasingly sophisticated financial crime and money laundering schemes.
  • In November 2021, banking agencies issued new rules requiring prompt reporting of cyberattacks; compliance was required by May 2022. Regulators also continue to press for multifactor authentication for online account access, increased vigilance against ransomware payments and greater attention to risk management in cloud environments.
  • Third-party risk management. The industry recently completed its first cycle of exams after regulators issued new interagency guidance last fall on how banks should conduct due diligence for fintech relationships. This remains a high supervisory priority, given the widespread use of fintechs as technology providers. Final interagency guidance on third-party risk, expected before the end of 2022, likely will ramp up regulatory activities in this area even further.
  • Commercial real estate loan concentrations. In summer 2022, the Federal Deposit Insurance Corp. observed in its “Supervisory Insights” that CRE asset quality remains high, but it cautioned that shifts in demand and the end of pandemic-related assistance could affect the segment’s performance. Executives should anticipate a continued focus on CRE concentrations in coming exams.

In addition to those perennial concerns, several other current priorities are attracting regulatory scrutiny.

  • Crypto and digital assets. The Federal Reserve, the Office of the Comptroller of the Currency, and the FDIC have each issued requirements that banks notify their primary regulator prior to engaging in any crypto and digital asset-related activities. The agencies have also indicated they plan to issue further coordinated guidance on the rapidly emerging crypto and digital asset sector.
  • Climate-related risk. After the Financial Stability Oversight Council identified climate change as an emerging threat to financial stability in October 2021, banking agencies began developing climate-related risk management standards. The OCC and FDIC have issued draft principles for public comment that would initially apply to banks over $100 billion in assets. All agencies have indicated climate financial risk will remain a supervisory priority.
  • Merger review. In response to congressional pressure and a July 2021 presidential executive order, banking agencies are expected to begin reviewing the regulatory framework governing bank mergers soon.

Consumer Protection Compliance Priorities
Banks can expect the Consumer Financial Protection Bureau (CFPB) to sharpen its focus in several high-profile consumer protection areas.

  • Fair lending and unfair, deceptive, or abusive acts and practices (UDAAP). In March 2022, the CFPB updated its UDAAP exam manual and announced supervisory changes that focus on banks’ decision-making in advertising, pricing, and other activities. Expect further scrutiny — and possible complications if fintech partners resist sharing information that might reveal proprietary underwriting and pricing models.
  • Overdraft fees. Recent public statements suggest the CFPB is intensifying its scrutiny of overdraft and other fees, with an eye toward evaluating whether they might be unlawful. Banks should be prepared for additional CFPB statements, initiatives and monitoring in this area.
  • Community Reinvestment Act (CRA) reform. In May 2022, the Fed, FDIC, and OCC announced a proposed update of CRA regulations, with the goal of expanding access to banking services in underserved communities while updating the 1970s-era rules to reflect today’s mobile and online banking models. For its part, the CFPB has proposed new Section 1071 data collection rules for lenders, with the intention of tracking and improving small businesses’ access to credit.
  • Regulation E issues. A recurring issue in recent examinations involves noncompliance with notification and provisional credit requirements when customers dispute credit or debit card transactions. The Electronic Fund Transfer Act and Regulation E rules are detailed and explicit, so banks would be wise to review their disputed transaction practices carefully to avoid inadvertently falling short.

As regulator priorities continue to evolve, boards and executive teams should monitor developments closely in order to stay informed and respond effectively as new issues arise.

You Could Get Sued

Welcome to a bank board. This is an exciting time to be serving. Oh, and do you have a director’s liability insurance policy, in case you’re sued?

Serving on a bank board can be a rewarding experience: think about the service you’re doing for your community, the connections you’re making and the businesses you’re learning about. It can also be quite frightening. Directors can and do get sued — especially public company directors.

The liability of serving on a bank board can be so intimidating that many banks offer directors’ and officers’ liability insurance to help attract qualified members to their boards. Board members can face civil and criminal liability for their service. (D&O insurance typically doesn’t cover criminal liability, but you probably don’t need to worry. Criminal liability usually involves activities such as falsifying bank statements, committing fraud or accepting fees or favors in return for special treatment, such as lower rates, which I’m sure you’re not planning to do.)

The pay isn’t great either. While the directors serving on the largest banks in the nation certainly get paid in the six figures, Bank Director’s 2022 Compensation Survey, sponsored by Newcleus Compensation Advisors, proves that’s not the norm. The median fee per board meeting in 2021 was $1,000, with a $30,000 annual cash retainer and $20,292 in equity compensation.

Plus, the responsibilities are numerous. If I were to run you through the 126-page “Director’s Book” published by the Office of the Comptroller of the Currency for national banks, it would be impossible to sum up the duties of the board in an elevator pitch of 30 seconds or less. Indeed, this list of duties and responsibilities seems to expand with every crisis or change in the economy. 

Next week’s in-person Bank Board Training Forum, which begins with the Bank Director Certification Workshop on Sunday, Sept. 11, will delve into many of aspects of the roles and responsibilities of bank boards. Jack Milligan, editor-at-large for Bank Director, will lead the workshop. His article 2017 that examines the task of serving on a bank board is relevant today.

Regulators and stakeholders demand an increasing amount of attention and supervision from bank directors. But the overall responsibilities are the same: 

  • Set clear, aligned and consistent direction regarding the firm’s strategy and risk tolerance.
  • Actively manage information flow and board discussions.
  • Hold senior management accountable.
  • Support the independence and stature of independent risk management and internal audit.
  • Maintain a capable board composition and governance structure.

In the end, the task seems like a lot for a part-time job. But the rewards of such service are many. You get to steward a ship that’s instrumental to the success of your communities, providing fuel for its economic engine. The rewards of such service are a job well done. Serving on a bank board isn’t the perfect fit for everyone, but everyone who does should be proud.

Regulatory Crackdown on Deposit Insurance Misrepresentation

Federal banking regulators have recently given clear warnings to banks and fintechs about customer disclosures and the significant risk of customer confusion when it comes to customers’ deposit insurance status.

On July 28, 2022, the Federal Deposit Insurance Corporation and the Federal Reserve issued a joint letter to the crypto brokerage firm Voyager Digital, demanding that it cease and desist from making false and misleading statements about Voyager’s deposit insurance status, in violation of the Federal Deposit Insurance Act, and demanded immediate corrective action.

The letter stated that Voyager made false and misleading statements online, including its website, mobile app and social media accounts. These statements said or suggested that: Voyager is FDIC-insured, customers who invested with the Voyager cryptocurrency platform would receive FDIC insurance coverage for all funds provided to, and held by, Voyager, and the FDIC would insure customers against the failure of Voyager itself.

Contemporaneously with the letter, the FDIC issued an advisory to insured depository institutions regarding deposit insurance and dealings with crypto companies. The advisory addressed the following concerns:

  1. Risk of consumer confusion or harm arising from crypto assets offered by, through or in connection with insured banks. This risk is elevated when a nonbank entity offers crypto assets to the nonbank’s customers, while offering an insured bank’s deposit products.
  2. Inaccurate representations about deposit insurance by nonbanks, including crypto companies, may confuse the nonbank’s customers and cause them to mistakenly believe they are protected against any type of loss.
  3. Customers can be confused about when FDIC insurance applies and what products are covered by FDIC insurance.
  4. Legal risk of insured banks if a crypto company or other third-party partner of the bank makes misrepresentations about the nature and scope of deposit insurance.
  5. Potential liquidity risks to insured banks if customers move funds due to misrepresentations and customer confusion.

The advisory also includes the following risk management and governance considerations for insured banks:

  1. Assess, manage and control risks arising from all third-party relationships, including those with crypto companies.
  2. Measure and control the risks to the insured bank, it should confirm and monitor that these crypto companies do not misrepresent the availability of deposit insurance and should take appropriate action to address any such misrepresentations.
  3. Communications on deposit insurance must be clear and conspicuous.
  4. Insured banks can reduce customer confusion and harm by reviewing and regularly monitoring the nonbank’s marketing material and related disclosures for accuracy and clarity.
  5. Insured banks should have appropriate risk management policies and procedures to ensure that any services provided by, or deposits received from, any third-party, including a crypto company, effectively manage risks and comply with all laws and regulations.
  6. The FDIC’s rules and regulations can apply to nonbanks, such as crypto companies.

At a time when crypto companies are increasingly criticized for courting perceived excessive risk and insufficient transparency in their business practices, the FDIC and other banking agencies are moving to ensure that these companies’ practices do not threaten the banking industry or its customers. On Aug. 19, the FDIC issued letters demanding that five crypto companies cease and desist from making false and misleading statements about their FDIC deposit insurance status and take immediate corrective action.

In addition to the FDIC’s suggestions in its advisory, we suggest both banks and fintech vendors consider the following measures to protect against regulatory criticism or enforcement:

  1. Banks should build the right to review and approve all communications to bank customers into their vendor contracts and joint venture agreements with fintechs and should revisit existing contracts to determine if any adjustments are needed.
  2. Banks should consult with legal counsel as to current and expected regulatory requirements and examination attitudes with respect to banking as a service arrangements.
  3. Fintechs should engage with experienced bank regulatory counsel about the risks inherent in their business and contractual arrangements with insured banks by which the services of the fintech is offered to bank customers.
  4. Banks should conduct appropriate diligence as to their fintech partners’ compliance framework and record.

Additionally, should a bank’s fintech partner go bankrupt, the bank should obtain clarity — to the extent that it’s unclear — as to whether funds on deposit at the bank are property of the bankruptcy estate or property of a non-debtor person or entity; in this case, the fintech’s customers. If funds on deposit are property of non-debtor parties, the bank should be prepared to address such party’s claims, including by obtaining bankruptcy court approval regarding the disposition of such funds on deposit. Additionally, the bank may have claims against the bankrupt fintech entity, including claims for indemnity, and should understand the priority and any setoff rights related to such claims.

The Community Bank Board Guide to Crossing $10 Billion

Community banks that have weathered the economic extremes of the coronavirus pandemic and a rapidly changing interest rate environment may find themselves with another important looming deadline: the $10 billion asset threshold.

In 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act (often called Dodd-Frank) created a regulatory demarcation for banks above and below $10 billion in assets. In 2018, regulatory reform lessened one of the more-stringent expectations for $10 billion banks, but failed to eliminate many of the other regulatory burdens. Experts that have worked with banks to cross the divide since the law went into effect recommend that institutions around $5 billion begin preparing for the costs and expectations of being a larger bank.

“The list of changes when going from $9.9 billion to $10 billion isn’t long. It’s the significance of those changes that can create challenges if not appropriately planned for,” writes Brandon Koeser, financial services senior analyst with RSM US LLP, in an email. “Banks need to take a thorough look at their entire institution, including people, processes and risk oversight.”

The pandemic may have delayed or complicated the work of banks who are preparing to cross the threshold. Anna Kooi, a partner and national financial services industry leader at Wipfli, says she has clients at banks whose growth accelerated over the last two years and are approaching the $10 billion asset line faster than expected.

Bank Director has assembled a guide for boards that reviews some areas that are impacted by the threshold, along with questions directors can use to kick off conversations around preparation.

Lost Income
The Dodd-Frank Act’s Durbin Amendment capped the interchange fees on debit card transactions that banks above $10 billion can charge; interchange fees are not reduced for banks under $10 billion. The capped fees have cost card issuers nearly $106 billion in interchange revenue since 2012, including an estimated $15.2 billion in 2020, according to an Electronic Payments Association analysis in August 2021 using data from the Federal Reserve.

Banks preparing to cross $10 billion should analyze how big the reduction of debit interchange revenue could be, as well as alternatives to make up for that difference, Kooi says. The interchange cap impacts banks differently depending on the depositor base: commercial banks may not miss the income, while institutions with a larger retail base that use their debit cards may experience a significant hit. Banks that have more time to consider alternatives will be better positioned when the interchange cap goes into effect, she says.

Regulatory Expectations
Banks over $10 billion in assets gain a new regulator with a new round of exams: the Consumer Financial Protection Bureau. While other banking regulators tend to focus on prudential safety and soundness, the CFPB aims to promote “transparency and consumer choice and preventing abusive and deceptive financial practices” among markets for financial services and products, according to the agency’s mission statement. This exam shift means banks may want to reach out to consultants or other external partners that have familiarity with the CFPB to prepare for these exams.

“The focus is going to be more intense in certain areas,” says Adam Maier, partner and co-chair of Stinson’s banking and financial services division. “They’re going to bring in a different regulatory approach that is very unique, and at times, can be difficult.”

Expectations from other regulators may also increase, and increased scrutiny could lead to a higher risk that examiners discover something at a bank that needs to be addressed.

“A guaranteed place of focus from regulators will be over the bank’s risk program,” Koeser writes. “Undertaking an assessment of the risk management function, including the risk program, staffing levels and quality of talent will be key. In a new world above $10 billion, the old mantra of ‘If it isn’t broke, don’t fix it,’ won’t fly.”

While banks don’t have to participate in the annual Dodd Frank Act Stress Test, or DFAST, exercise until they are $100 billion, regulators may want to see evidence that the bank has some way to measure its credit and capital risk exposure.

“What I’ve heard [from] banks is the regulators, the OCC in particular, still want to talk about stress testing, even though [the banks] don’t have to do it,” Maier says. “I would follow the lead of your primary regulator; if they want you to still demonstrate something, you still have to demonstrate it.”

And importantly, the Dodd-Frank Act mandates that bank holding companies above $10 billion have a separate board-level risk committee; this provision was changed to $50 billion in the 2018 financial reforms bill. The committee must have at least one risk management expert who has large-company experience.

Staffing and Systems
Heightened regulatory expectations may require a bank to bring on new talent, whether it’s for the board or the executive team. Some titles Kooi says a bank may want to consider adding include a chief risk officer, chief compliance officer and a chief technology officer — all roles that would figure into a robust enterprise risk management framework. These specialty skill sets may be difficult to recruit locally; Kooi says that many community banks preparing for the threshold retain a recruiter and assemble relocation packages to bring on the right people. Oftentimes, banks seek to poach individuals who have worked at larger institutions and are familiar with the systems, capabilities and expectations the bank will encounter.

Additionally, boards will also want to revisit how a bank monitors its internal operational systems, as well as how those systems communicate with each other. Maier says that banks may need to bulk up their compliance staff, given the addition of the CFPB as a regulator.

M&A Opportunities
A number of banks have chosen to cross $10 billion through a transaction that immediately offsets the lost revenue and higher compliance expenses while adding earnings power and operational efficiency, writes Koeser. M&A should fit within the bank’s strategic and long-term plans, and shouldn’t just be a way to jump over an asset line.

Banks that are thinking about M&A, whether it’s a larger bank acquiring a smaller one or a merger of equals, need to balance a number of priorities: due diligence on appropriate partners and internal preparations for heightened regulatory expectations. They also need to make sure that their prospective target’s internal systems and compliance won’t set them back during integration.

Additionally, these banks may need to do this work earlier than peers that want to cross the threshold organically, without a deal. But the early investments could pay off: An $8 billion institution that is prepared to be an $11 billion bank after a deal may find it easier to secure regulatory approvals or address concerns about operations. The institution would also avoid what Maier calls “a fire drill” of resource allocation and staffing after the acquisition closes.

Questions Boards Should Ask

  • Do we have a strategy that helps us get up to, and sufficiently over, $10 billion? What is our timeline for crossing, based on current growth plans? What would accelerate or slow that timeline?
  • Will the bank need to gain scale to offset regulatory and compliance costs, once it’s over $10 billion?
  • What do we need to do between now and when we cross to be ready?
  • What role could mergers and acquisitions play in crossing $10 billion? Can this bank handle the demands of due diligence for a deal while it prepares to cross $10 billion?
  • Are there any C-level roles the bank should consider adding ahead of crossing? Where will we find that talent?
  • Do we have adequate staffing and training in our compliance areas? Are our current systems, processes, procedures and documentation practices adequate?
  • How often should the board check in with management about preparations to cross?
  • Have we reached out to banks we know that have crossed $10 billion since the Dodd-Frank Act? What can we learn from them?

Article was updated on Nov. 15, 2022, to reflect that $50 billion banks are now mandated to have a board-level risk committee.