Practical Tips on Artificial Intelligence Risk Management

The world is abuzz with artificial intelligence (AI) and advanced AI chatbots. Unfortunately, regulation rarely keeps up with the breakneck pace of change in the technology world. This leaves many financial institutions wondering how to take advantage of the seemingly endless possibilities of AI without ending up in regulatory hot water.

Even if your financial institution is not ready to dive headfirst into this enticing world, your employees may be curious about what the hype is all about and exploring it on their own. In addition, some of your third parties may be exploring these possibilities as well. Here are three things every financial institution should be doing today to address the future impact of AI:

1. Updating the financial institution’s acceptable use policy to address AI.
Given the rising popularity and curiosity associated with AI, it is critical to provide employees with guidance about your financial institution’s stance on the use of AI. Some areas your financial institution should address in your Acceptable Use Policy and IT program include:

  • Restricting the use of customer data within AI programs without the prior knowledge and approval of Information Security Department.
  • If public AI sites such as Chat GPT are accessible by employees, defining what activity is permissible on these sites. Some examples may include drafting communications or policies, brainstorming ideas, or analyzing publicly available information.
  • Requiring that all AI outputs are reviewed to verify that the information is accurate and correct.

2. Understanding how AI intersects with current regulation.
Although financial regulatory agencies have yet to publish any regulation related to AI, the United States government has been pushing for guidance. The first installment of it came from the National Institute of Standards and Technology (NIST) in the form of an Artificial Intelligence Risk Management Framework, published in January 2023.  In less than 35 pages, it offers a resource to help manage AI risks for organizations designing, developing, deploying, or using AI systems. The framework provides the readers with a method for evaluating and assessing risks associated with AI through common risk management principles that include: govern, map, measure and manage. In addition, the appendix provides a useful summary of how AI risks differ from those of traditional IT systems.

Another resource that mentions AI is the Office of the Comptroller of the Currency’s Model Risk Management Handbook. On Page 4 of the handbook, it describes how users should evaluate systems using AI/machine learning and that these systems may be considered a model. It goes on to state that “even if your financial institution determines that a system using AI is not a model, risk management should be commensurate with the level of risk of the function that the AI supports.”

3. Gaining an understanding of how third parties use and manage AI risks.
Given the dramatic potential for change presented by AI, many technology providers are carefully deliberating how to incorporate and utilize AI within their pre-existing systems or to launch new products. It is important that bank boards and management teams gain an understanding of what third parties are doing and how they are developing appropriate risk management programs.

Long standing financial institution model providers, in areas such as the Bank Secrecy Act or asset and liability management, have a deep understanding of model risk management guidance requirements and often provide certification reports that provide your financial institution with comfort over their model’s inner workings. However, the majority of technology vendors incorporating AI into their products may not be as versed in financial institution regulation and may not hold the view that their products are models — leaving them with nothing to show you. This is why it is critical to talk to third parties early and understand their future plans, to start the discussion about risk management and assurance early.

Like so many other things going on in this rapidly changing world, AI presents new and unique risks — but there is no reason that financial institutions can not setup effective risk management programs to properly identify and monitor these emerging risks. The key is keeping an eye on the horizon and taking the proper incremental steps to continue evolving and maturing your financial institution’s risk management program.

What Boards Should Know About the Bank Secrecy Act

All financial institutions are subject to the Bank Secrecy Act, the primary anti-money laundering law in the U.S., but compliance programs vary widely depending on a particular bank’s size and complexity. Boards in particular are responsible for overseeing their bank’s BSA/AML compliance program and ensuring a culture of compliance throughout the organization, says Ashley Farrell, director in the risk advisory practice at Baker Tilly. And weak compliance can have serious implications for a bank.

To learn more, see Unit 33: BSA/AML Compliance Primer in Bank Director’s Online Training Series.

Compliance Success Following the Small Business Lending Rule

The Consumer Financial Protection Bureau finalized its 1071 rule at the end of March 2023. Financial institutions can soon expect an unprecedented level of scrutiny around data collection and reporting.

The 1071 ruling is a top regulatory compliance concern expressed by executives, surpassing even Bank Secrecy Act and anti-money laundering rules and obligations associated with the new credit loss standard. It serves two main purposes: it more strictly enforces fair lending laws by providing tracking of small business credits, and it enables creditors to more accurately identify and support women and minority-owned business needs within their communities.

This additional level of regulatory oversight presents unique challenges for banks that will need to implement system and staffing changes in the 18 months following the announcement.

The next steps are deceptively simple but banks must adhered to them in order to create successful systems, procedures and facilitate scalability after the rule goes into effect.

Familiarize and Analyze
First, bankers must determine whether their institution is covered under the 1071 data collection rule. If your bank has originated at least 25 credit transactions to small businesses in the 2 preceding calendar years, you will likely be beholden to these new regulations. If you are unsure whether you qualify, it’s recommended to err on the side of caution.

After your bank determines that it’s subject to the new regulations, it is imperative to become aware of the things you can and cannot ask borrowers in accordance with 1071. Analyzing efforts must include reviewing all small business loan portfolios — things like credit lines, credit cards, merchant cash advances and loans — and creating detailed reports for businesses that will be impacted by the new ruling.

Determine Procedures and Data Collection Standards
A main indicator of success is data integrity. To ensure data integrity, a bank’s policy must include detailed procedures with marked responsibilities and a comprehensive understanding of the institution’s compliance goals by all staff members.

In order to collect strong data, banks may need to implement a robust collection system. Not only must they include loan numbers, types, purposes and pricing in a borrower’s portfolio, they need to include data specifically related to credit, as well as applicable demographic data points. This means training staff in these new procedures, which takes significant amounts of time and money. Institutions predict they may have to double their staff — which on its own does not guarantee the quality of data will be consistent.

One option leaders have are leveraging efficient machine learning systems to stay ahead of the curve and produce quality data while reducing staffing costs.

Automate to Improve Outcomes
Though the 1071 ruling will include starter tools like sample tracking sheets, data integrity will become even more difficult for banks to maintain over time. Manual processes that require human review are prone to error; decreased data integrity will impact any bank’s ability to successfully navigate regulatory reviews and audits.

Deana Stafford is a senior vice president and director of CRA and Fair and Responsible Lending at First National Bank Texas, the community bank unit of Killeen, Texas-based First Community Bancshares. Stafford’s colleagues already use automation to help scrub date related to the Home Mortgage Disclosure Act. Now, with the 1071 regulations, automation is on Stafford’s mind.

“We have already added one full-time staff, citing 1071 and the expansion of CRA data collection and reporting after reading the rules, but there is no way we can double our staff,” says Stafford. “Automation is the best long-term solution.”

Third-party tools that specialize in compliance systems and mitigating risk are the solution. Automation can easily find, consolidate and track the over 30 reported data points under the new rule, and is key to banks efficiently using both staff and resources. Verifying income and extracting data from verified documents can be done by a machine learning system that is embedded into existing digital onboarding infrastructure at a pace much faster and more accurate than a bank employee. Machine learning can shrink labor costs, increase lending capacity and guarantee data integrity; automating monotonous and time-consuming processes is the next logical step toward optimization in the financial industry.

The final 1071 rule is top of mind for financial industry professionals. Leaders must take a close look at their systems and make plans that allow them to stay competitive and compliant. Institutions must invest in intelligence systems to achieve fair lending compliance standards. Addressing current and future compliance issues with automation is the most effective way to avoid skyrocketing time and labor costs.

Managing Credit Risk Without Overburdening Resources

Increased labor costs and related challenges such as talent acquisition have affected all industries, including banks. Additionally, banks are facing potential deteriorating credit quality, growth challenges amid tightening credit standards and increased scrutiny from regulators and auditors.

Loan origination, portfolio management and credit quality reviews are key areas to successfully managing increasing credit risk. It’s critical that banks understand their risk appetite and credit risk profile prior to making any changes in these areas. You should also discuss any material changes you plan to implement with your regulatory agencies and board, to ensure these changes don’t create undue risks.

Lending
Originating new loans doesn’t have to be cumbersome and complex for both the bank and the client. The risk and rewards are a delicate balancing act. And not all loans require the same level of due diligence or documentation.

Banks might want to consider establishing minimum loan documentation requirements and underwriting parameters based on loan amounts. This can put them at a competitive advantage compared to financial institutions requiring more documentation that can increase the loan processing time.

Centralizing the loan origination process for less complex and smaller loan amounts can streamline the workflow, potentially helping with consistency and efficiency and allow less-experienced staff to process loans.

Automation may be useful if your bank has a high volume of loan origination requests. The board should consider conducting, or hiring a consultant to complete, a cost-benefit analysis that could consider automating various aspects of the underwriting process. You may find automation is not only cost effective but might reduce human errors and improve consistency in credit decisions.

Portfolio Management
Ongoing management of the loan portfolio also doesn’t have to be time consuming. Not all loans are created equal or create equal risk for the bank; ongoing management should correspond to the risk of the loan portfolio. Consider evaluating the frequency of the internal loan reviews based on various risk attributes, including risk ratings, loan amounts and other financial and non-financial factors.

Internal Credit Reviews
An annual internal credit review might be all that’s necessary for loans that have lower risk attributes, such as small-dollar loans, loans secured by readily liquid collateral and loans with strong risk ratings. Banks should instead conduct more-frequent internal reviews on larger loans, loans in higher-risk industries, highly leveraged loans, marginal performing loans and adversely risk rated loans.

When completing frequent reviews, focus on key ratios relevant to the borrower and monitor and identify financial trends. An internal review doesn’t necessarily require the same level of analysis as an annual review or effort performed at loan origination.

Payment performance or bulk risk rating could be an alternative for banks that have a high volume of small-dollar loans. These types of loans are low risk, monitored through frequent reporting that uses payment performance and require minimal oversight.

Finally, centralizing the portfolio management might be appropriate choice for a bank and can create efficiencies, consistencies in evaluation and reduce overhead expenses.

Credit Quality Reviews
From small borrowers to national corporate clients, there are many creative ways that banks can achieve loan coverage in credit quality reviews while retaining the ability to identify systemic risks.

Banks can accomplish this through a risk-based sampling methodology. Rather than selecting a single risk attribute or a random sample within the loan population, you may be able to get the same portfolio coverage and identify risks with the following selection process. Focus on selecting credits that have multiple risk attributes, such as:

  • Borrowers with large loan commitments, high line usage, unsecured or high loan-to-value, adversely risk rated and high-risk industries.
  • Select credits with a mix of newly originated and existing loans, new underwriters and relationship managers, various loan commitment sizes and property types and collateral.

Consider credits within the Pass range that may have marginal debt service coverage ratios — typically the most common multiple risk attributes for identifying risk rating discrepancies — or are highly leveraged, unsecured or lack guarantor support.

Targeted Review
More targeted reviews can offer banks additional portfolio coverage. These types of reviews require less time to complete, giving institutions the ability to also identify systemic trends. Below are some things to consider when selecting a targeted review.

  • Select a sample of loans with multiple risk attributes and confirm the risk ratings by reviewing the credit write-up for supporting evidence and analysis.
  • Complete a targeted review of issues identified in the previous risk-based sampling reviews.

Finally, for banks that have recently acquired a loan portfolio, review the two banks’ credit policies and procedures and determine where the are differences. Select loans that are outliers or don’t meet the acquirer’s loan risk appetite.

Boardroom Battle

The following feature appeared in the second quarter 2023 edition of Bank Director magazine. It and other stories are available to magazine subscribers and members of Bank Director’s Bank Services Membership Program. Learn more about subscribing here.

Few banks can tout a success story as enviable as Cherry Hill, New Jersey-based Commerce Bancorp.

Anyone who invested in Commerce back in 1973, when Vernon Hill II founded the bank, saw their investment grow 470 times by 2007, when the bank sold to TD Bank Financial Group, he says. “The 34-year annual return to our shareholders was 23% a year. … If you look at the growth numbers of Commerce, there was nobody even close to it.” The bank went from a single location with just nine employees to almost $50 billion in assets, more than 12,000 employees and 470 branches — or stores, as Hill calls them.

It accomplished this by focusing on growth, at a rate of $18 million in deposits annually, according to Hill. A “Philadelphia” magazine article from 2006, titled “Vernon the Barbarian,” described Hill rallying his troops — the thousands of bank employees attending the company’s “Wow” awards, which gave out honors such as “Best Teller.” With employees cheering him on, he told the crowd, “Most of you know that each year, we go and save another part of America that’s not served by Commerce.” A Lehman Brothers analyst covering the bank at the time likened its expansion to “the Mongolian horde coming across the plains, threatening the Roman Empire.”

Commerce won so many customer accounts because it focused on taking a retail approach to banking, offering a high level of service. Billed as “America’s Most Convenient Bank,” Commerce branches were open seven days a week. They welcomed dogs in branches and gave out dog biscuits. And Hill isn’t a cost-cutter — he likes his branches to be well designed, in the best locations and stocked with free pens that advertise the bank. Hill boasts that Commerce gave away 28 million pens a month to anyone who came in the branch.

But the years since have been fraught with trouble. Described as the “greatest retail banker of our lifetime,” Hill has been embroiled in lawsuits, a boardroom battle, regulatory actions and activist campaigns. Hill hasn’t been able to create the same magic since, and shareholders have suffered.

In 2007, Hill lost his job at Commerce under pressure from the Office of the Comptroller of the Currency, according to a Securities and Exchange Commission filing. Hill had used a real estate firm he owned with family members to scout locations for Commerce branches; his wife’s design firm, InterArch, was contracted for the company’s design and branding. The OCC placed restrictions on related-party transactions that would have prolonged the branch application process.

Months later, TD announced that it would acquire Commerce in an $8.5 billion transaction. The deal was an important step in the Canadian bank’s own growth in the U.S., doubling its U.S. footprint. TD kept the “America’s Most Convenient Bank” slogan, which it uses to this day.

As an investor with more than 6 million Commerce shares, Hill had done well for himself. But after more than three decades running a bank, he suddenly had nothing to do. “I couldn’t work for somebody else,” he tells me. So in 2008, Hill invested in sleepy little Republic First Bancorp, a small competitor to Commerce that at the time had less than $1 billion in assets and a handful of branches primarily centered around its headquarters in Philadelphia. He began acting as an advisor to the bank’s leaders, including then-CEO and founder Harry Madonna. Then two years later, in 2010, he crossed the pond to found Metro Bank in the U.K., leveraging the same model that made Commerce a success.

At Metro Bank, the stock saw steady growth from its 2016 IPO before going into a free fall in the latter half of 2018; it hasn’t recovered. Republic’s stock has also been beleaguered. Back in the Commerce days, Hill’s customer-friendly, growth-focused approach was revolutionary. His friend, longtime bank investor Tom Brown, is the one who describes him as the “greatest retail banker of our lifetime.” But even he admits Hill can have a difficult personality.

David Slackman, a former Commerce executive, believes Hill is often misunderstood. “Vernon is extremely confident in the model and extremely confident in his ability to be successful with it, and can therefore sometimes come across as seeming inflexible,” he says. He describes Hill as an exact but supportive and loyal boss who ended conversations with his top officers by saying, “Don’t do anything stupid.” That was a warning not to stray away from the Commerce model, Slackman recalls.

“My personality is strong,” Hill says. Commerce was frequently compared to Apple back in the day, which was run by another passionate business leader, Steve Jobs. It’s clear — from talking to Hill, reading his books and digging into his banks — that he’s committed to his approach to banking.

But relationships devolved at Republic over the years. Madonna says Hill — who eventually became CEO before resigning 18 months later — held his bank hostage due to a perfect split in the boardroom: three directors backing Hill, and four backing Madonna. Madonna says Hill operated without effective board oversight due to the division in the boardroom.

But in a lawsuit filed against Republic and Madonna’s faction of directors, Hill and former director Barry Spevak contend that it was Madonna’s group that had the board deadlocked, with Hill’s directors “intentionally and systematically prevented” from participating in board deliberations.

Back before that became an issue, in 2008, Republic needed capital, and it needed a new direction. Like many banks in the financial crisis, Republic had experienced losses in its loan portfolio, says Frank Schiraldi, a managing director and senior research analyst at Piper Sandler & Co. “Vernon came along as really a savior,” he explains. Hill says he invested $6 million. “With [Hill] now being a large owner, he had the opportunity to push his old Commerce strategy as sort of a reboot. And initially, it was very well received.” Madonna describes Republic in those days as a “garden-variety community bank.” He says Hill persuaded him to turn Republic into a “deposit-driven organization” with an expanded branch footprint. Hill’s ownership gained him the right to designate a board member, Theodore Flocco Jr. — a former senior audit partner at Ernst & Young who had advised Commerce, and someone Hill considered a friend.

“When I invested in Republic, they were a broken bank, troubled. They needed capital, they needed [our] model, they needed people,” says Hill. “I came in and invested on the terms that I would install — with their approval — what we call ‘The Power of Red.’” Hill’s branding campaign eventually included a big red ‘R’ for Republic; Commerce had a similar big red ‘C.’

“It was an opportunity for me to invest and use the Commerce model to expand Republic and serve the same markets we had served at Commerce,” he says. But, “it’s harder to convert something than it is to build it from scratch.”

Meanwhile, Madonna was still running Republic while Hill was in London recreating the old Commerce model from the ground up at Metro Bank. And he was doing that with Shirley Hill, his wife and “branding queen” who owned the firm InterArch, responsible for branding, marketing and design at Hill’s banks — Commerce, Republic and Metro.

Hill describes his wife’s involvement as a whole package adding value, similar to the way Apple designs its products and experience. “She does architecture, construction, marketing and branding. And the value of that is not one branch. It’s all united together,” explains Hill. Metro paid InterArch over £20 million over the five-year period preceding the Hills’ departure in 2019, according to the bank’s annual reports.

“Everybody knows we have to get third-party reviews on the pricing,” Hill says of the InterArch relationship, something that occurred at both banks.

Hill stresses that InterArch was worth every penny and just as important to his banking model as his dog, Sir Duffield II, or Duffy — a Yorkshire terrier who has featured heavily in promotions for Republic and Metro. “My dog’s more well known than me,” Hill jokes. At Metro, Duffy joined the Hills in welcoming customers — and their dogs — at the bank’s grand openings. A Duffy float made its way through London parades. The Yorkie even had a column in the bank’s newsletter, and a Twitter account featuring him visiting bank branches and dining with Ann Coulter. “Everybody knows Duffy; he goes everywhere,” says Hill. The dog-friendly branches also appealed to customers, he says. “The customers take that to mean, ‘If you love my dog, you must love me.’”

It was the original Sir Duffield, visiting a competing bank’s branch with Shirley Hill in 2001, who inspired Vernon Hill’s dog-friendly approach. She was stopped at the front door and told that her pup wasn’t allowed. Hill decided being open to dogs was another way to disrupt banking and set his banks apart.

Despite the known issues around related-party transactions, Republic offered Hill the chair role in 2016, ramping up his involvement with the bank. “We were very aware of his relationship,” says Madonna. “Consultants were brought in to look at the contracts, to make sure they were fair market value, and that things were done in accordance with laws and regulations, and that they were in the best interest of the bank.” InterArch billed Republic $2.2 million for marketing, design and similar services from 2019 through 2021, according to an SEC filing.

Charles Elson, founding director of the Weinberg Center for Corporate Governance at the University of Delaware, sees a huge conflict for any public company doing business with a spouse or family member of a CEO or director — even if all parties appear satisfied with the arrangement. “You’re going to face all kinds of accusations of unfair dealing,” he says. “I can’t imagine a board being counseled that it was OK to do that. That’s strange.”

But while Hill was chairman, he was still spending most of his time in Europe building Metro Bank, according to Madonna. That changed in 2019, with Hill’s resignation from the U.K. bank after Metro disclosed that it had misclassified commercial loans, leading to a £900 million increase in risk-weighted assets. Put simply, Metro classified those loans as less risky than regulators thought they were; riskier loans require more capital.

Metro Bank shares dropped precipitously when the bank disclosed the issues in January and continued to fall through the year. The stock peaked at more than £40 in March 2018; it was valued at less than £1.50 as of Feb. 28, 2023, on the heels of Brexit and the Covid-19 pandemic. Shareholders began calling for Hill’s resignation; he stepped down as Metro’s chairman in October 2019, and resigned from the board by the end of the year — along with Metro CEO Craig Donaldson, who’d run the bank by Hill’s side since its founding in 2010. “It was a misinterpretation of the rules,” Donaldson told Bloomberg at the time, calling it an “isolated incident” that the bank was seeking to rectify.

Issues with the bank’s regulators took years to resolve, and included a £5.4 million penalty to the Prudential Regulation Authority and a £10 million fine to the Financial Conduct Authority.

“What happened in London really didn’t involve me,” Hill says. “Their capital system [in the U.K.] is way different than ours; there was nothing about our model.”

Following his departure from Metro, Hill became increasingly involved in day-to-day operations and decision-making at Republic. “He really was trying even harder to prove that what he was doing [at] Metro Bank was right and not wrong, and he doubled down on pushing for more and more deposits that we couldn’t put to use,” Madonna says. “That’s when it turned hostile.”

The Paycheck Protection Program — in many ways a boon to community banks in 2020 — revealed divides in the Republic boardroom. Madonna says he and some of the other directors wanted to use the influx in deposits from PPP loan customers to return expensive government funding, reducing the bank’s costs and improving its loan-to-deposit ratio. “Instead, [Hill] went out and purchased a lot of long-term, mortgage-backed securities” at low interest rates, Madonna says. Loans were already a low percentage of the bank’s assets compared to peer institutions, due to Hill’s preference to leverage securities.

Much like institutions with long-term, low rate bonds and securities on the books, Republic First was negatively affected when the Federal Reserve began its series of inflation-fighting interest rate increases in early 2022. Republic’s accumulated other comprehensive income, influenced by bond prices, amounted to a negative $148 million as of Dec. 31, 2022, according to S&P Global Market Intelligence; securities accounted for 43% of the bank’s assets.

“When you have a lot of low-cost deposits, you look at ways to invest it. Sometimes you make loans; sometimes you buy bonds,” says Hill. The bank couldn’t safely grow loans as fast as it could grow deposits; he favored government mortgage-backed securities as an alternative to loan generation. “When you have excess funding, what do you do with it? In the current environment, buying government mortgage-backed securities is the best way,” Hill says.

The AOCI effects plaguing many banks are more pronounced at Republic due to its model, says Schiraldi.
Beyond the bank’s securities portfolio, Hill wanted to build expensive, $7 million branches, according to Madonna — significantly more expensive than the average branch cost of $1.8 million, per a 2019 survey by the consulting firm Bancography.

But Hill has a different view. “The retailers that win in life are the ones that have the highest sales per store,” Hill says, adding that deposits per branch at Republic were “extremely high.” Deposits were growing, he adds, by around $30 million a year per branch. In its 2021 annual report, Republic reported deposit growth over the prior three years at an average 30% annually.

But profitability metrics had been abysmally low for years and didn’t appear to be improving. In Bank Director’s annual performance rankings dating back to 2015 — the year before Hill became chairman — Republic has appeared toward the bottom of its peer group year after year.

Up until 2020, Madonna says the board was collegial. But some directors, including Madonna, were beginning to believe that Hill’s strategy wasn’t working. “It was our fiduciary obligation to periodically look at what the strategic alternatives were for the bank,” Madonna says. Hill alleges that the group wanted to sell the bank, something he vehemently opposed. Madonna says while this option wasn’t off the table, they weren’t seeking a buyer. But Madonna’s group of board members was growing skeptical of what he calls “extremely optimistic” forecasts put forth by Hill. “It was just growth, growth, growth,” says Madonna. “He had three directors that no matter what he said, they put their hands up and said, ‘Yes.’”

“The board meetings became poisonous,” he adds. Madonna describes deliberations as “personal and hostile.”

Directors felt they couldn’t ask questions, he says, claiming that Hill would leave the meeting or refuse to answer. “[H]e wasn’t a person who knew how to discuss things in a reasonable manner. He had his model, and everything had to fit his model.” Directors received the agenda the day before meetings, Madonna alleges.

Hill sees things differently, telling me that directors were prepared and involved. “We were active in moving our business plan along; we had multi-year plans,” he says. Directors may have debated and even disagreed on matters, but Hill characterizes meetings as “generally OK.”

But Madonna says that by February 2021, he had had enough — so, he stepped down as CEO and handed the reins to Hill.

Why make Hill CEO? Madonna says he was fed up with management receiving two sets of instructions, one from Hill and the other from Madonna. “You can’t run a bank that way,” says Madonna. “I said, ‘Hey, you want to run it, you run it.’” Madonna remained president and chairman emeritus of the holding company board.

Investors had noted Republic’s woes. Driver Management Co. — no stranger to running activist campaigns at community banks — had started purchasing the stock in October 2021. “We focus on banks where there is value that needs to be unlocked,” says Abbott Cooper, Driver’s founder and managing member.

Through 2022, the bank’s total shareholder return from 2016 — when Hill was elected chair — was down 50.3%, according to Schiraldi. Driver was soon joined by another investor group intent on pushing Hill out, led by George Norcross III, Gregory Braca and Philip Norcross. Both George Norcross and Braca worked under Hill back in the Commerce days. George led the bank’s insurance brokerage and served on the company’s board. Braca stayed with TD following the acquisition, eventually becoming CEO of TD’s U.S. operations.

Braca and the Norcross brothers — both influential in New Jersey politics — saw a struggling bank in a familiar footprint: Pennsylvania, New Jersey and New York. “With the right leadership, the right oversight and governance, the right strategy, this could be a winning organization,” says Braca. Like Driver, the Norcross brothers and Braca wanted Hill out — but they wanted Braca in as CEO.

As the Norcrosses and Braca escalated their campaign, the division in the boardroom became public. Madonna — with fellow board members Andrew Cohen, Lisa Jacobs and Harris Wildstein — issued a press release in March 2022, stating their concerns about “potential harmful actions” by the other half of the board. They asked that several proposals be tabled until after the 2022 annual shareholder meeting, including agreements around services provided by Shirley Hill’s firm, InterArch; the opening and renovation of new branches; and augmented severance payments connected to Hill’s service on the board and as CEO.

In the defamation lawsuit filed against Republic and Madonna’s faction, Hill and Spevak called the accusations levied by that group “knowingly false and defamatory,” noting that the board had approved the contract for InterArch year after year and that the opening of two new branches had been authorized years earlier.

As Elson points out, it’s hard for a board to get anything done when it’s split evenly between two factions.

Republic’s annual meeting, last held in April 2021, had been postponed. But the stalemate broke on May 11, 2022, with the death of Flocco, the board member and Hill’s longtime friend. Just two days later, the Madonna majority appointed him as interim chairman; Hill remained CEO and a member of the board. The battle wasn’t over — litigation followed, with the directors suing each other — but Flocco’s death spelled the beginning of the end for Vernon Hill’s tenure at Republic. Legal issues that stalled Madonna’s re-appointment as chairman were resolved in late June, favoring the Madonna faction. Hill stepped down as CEO, and the directors who had voted with Hill left the board.

Tom Geisel, the former CEO of Sun Bancorp and executive at Webster Financial Corp., was named CEO by the end of the year. Madonna says the company now aims to slow the growth, restructure the balance sheet and rein in costs.

But things remain unsettled at Republic. Driver resolved its activist campaign with the appointment of former Texas Capital Bancshares executive Peter Bartholow to the now seven-member Republic board. Late in 2022, Hill sued Republic over the continued use of the branding elements developed by InterArch for the bank, some of which featured Hill and Duffy. Madonna tells me Republic has moved away from Hill’s marketing style — though the big red ‘R’ remains.

And the Norcrosses and Braca still want a seat at the table. As of Feb. 27, 2023, the group proposed purchasing $100 million in stock, with board seats commensurate with its stake in the bank. But they’re willing to wait and see how Geisel performs as CEO. “You can’t just blame Vernon … at least he had a growth strategy,” says Braca. “Before [Hill], this was a sleepy little bank that had basically no growth.” He blames the legacy board, and questions whether Geisel will be empowered to effectively raise capital and turn the bank around, citing the lingering issues with Republic’s bond portfolio. “It’s a troubled situation, and it’s exactly why another bank can’t buy this place, because of the mark-to-market issues on that bond portfolio,” he says. “This was a board that oversaw a strategy that said, ‘We’re going to increase our costs and expenses, [and] raise deposits at a premium to what everyone else was paying at the time, which was nearly nothing.’ This was a board that oversaw all this.”

The bank still hasn’t held an annual meeting when this issue went to press, and it’s playing catch-up on its quarterly filings. Nasdaq has threatened to delist the stock as a result. On March 10, Republic announced a $125 million investment from a group that includes Castle Creek Capital; the asset manager will have the right to appoint a director.

And the board division has taken its toll on investors. Those include Hill, who owned almost 10% of the stock in March, and Madonna, but they also include smaller owners who truly believed in Hill’s vision. In the bank’s first quarter 2021 earnings call, a shareholder recalled a personal connection with Commerce. “Vernon, from the beginning, my mother used to work for you … I’ve been in the bank a long time. I’ve lost a lot of money.”

Why the Duty of Cybersecurity is the Next Evolution for Fiduciary Duties

Bank directors know they can be personally liable for breaches of their fiduciary duties.

Through cases like In re Caremark International Inc. Derivative Litigation 698 A.2d 959 (Del. Ch. 1996), Stone v. Ritter, 911 A.2d 362 (Del. 2006), and Marchand v. Barnhill, 212 A.3d 805 (Del. 2019), Delaware courts have held boards responsible for failing to implement systems to monitor, oversee and ensure compliance with the law.

Recently, the Delaware Court of Chancery formally expanded those rules in In re McDonald’s Corporation Stockholder Derivative Litigation, Del. Ch. Ca. No. 2021-0324-JTL. The ruling established that the fiduciary duties of the officers of a Delaware corporation include a duty of oversight that is comparable to the responsibility of directors. These cases make clear that when the duty of oversight meets with the immense cybersecurity responsibilities of financial institutions, a duty of cybersecurity is added to the fiduciary responsibilities of directors and officers.

The lawsuit by 25 former McDonald’s employees alleged that corporate executives failed to address systemic harassment, leading to a hostile work environment. By allowing failure to oversee and monitor claims against the officers in that case, all corporate executives are now forced to take a leadership role in monitoring and addressing company-wide issues.

Given prior rulings in Delaware courts concerning the duty of oversight and officer fiduciary duties, the McDonald’s decision reiterates the importance of implementing robust compliance programs. It also clarifies that officers and directors must actively address compliance.

Cybersecurity is paramount among the myriad of compliance issues that all corporate officers and directors must address. For example, in 2019, In re Google Inc. Shareholder Derivative Litigation, the proceedings against Google’s parent company involved claims that the company’s board of directors and officers failed to discharge their oversight duties related to the 2018 Google+ security vulnerability. That suit settled for $7.5 million and the company agreed to implement significant governance reforms to address data privacy issues. Similarly, In re Yahoo! Inc. Shareholder Derivative Litigation, multiple cybersecurity breaches between 2013 and 2016 led to a shareholder derivative lawsuit, which settled for $29 million in 2019.

And, in the past year, multiple financial institutions, including Wells Fargo & Co., JPMorgan Chase & Co., and Bank of America Corp., faced lawsuits also seeking to hold their officers and directors personally liable for, amongst other things, failing to:

1. Protect customer data adequately.
2. Oversee the bank’s cybersecurity practices.
3. Prevent data breaches that exposed customer personal information.

In these cases, and many others, cybersecurity and data breaches have caused reputational damage for officers and directors and damaged the corporation’s relationships with customers and partners. In addition, these corporate leaders risk:

Breach of fiduciary duty claims. If directors or officers do not take reasonable steps to protect the corporation from a data breach, they risk breaching their fiduciary duties and could be held personally liable for the damages caused by the breach.
Accusations of Negligence. Directors and officers can be accused of negligence for failing to implement appropriate security measures, train employees on cybersecurity best practices and respond to a breach in a timely and effective manner.
Criminal prosecution. If directors and officers intentionally or recklessly cause a breach or fail to report it to the authorities, they may face criminal prosecution.
Regulatory penalties. Government or financial regulators can impose significant fines for cybersecurity failures.

And, just as the risks for directors and officers explode, they face an insurance whipsaw. First, directors’ and officers’ (D&O) insurance policies may include specific exclusions for cyber-related claims or require separate cyber insurance to cover these risks. Next, increased personal exposure for officers and directors will increase the likelihood facing lawsuits, increasing the premiums for D&O insurance. To protect themselves, directors and officers should insist on increased corporate governance protection, including:

• The prioritization by boards of cybersecurity and data privacy as crucial risk management areas, including putting proper reporting and monitoring systems into place.
• Requiring directors and officers to actively understand the evolving landscape of cybersecurity and data privacy risks and regulations.
• Corporate investment in appropriate cybersecurity measures and employee training to minimize the risk of data breaches as well as the associated legal and reputational risks.

To mitigate their risk of personal liability, corporate officers and directors must understand, implement and monitor the cybersecurity safeguards their financial institutions need. And, the courts have sent a clear message to bank directors and officers: To discharge your duty of cybersecurity, you must actively oversee and monitor institutional cybersecurity and data privacy programs.

FDIC Staffing Shortages Could Impact Banks

The Federal Deposit Insurance Corp. is facing a wave of retirements that could impact banks or complicate the agency’s ability to manage future crises, according to a recent report from its auditor.

The FDIC’s Office of the Inspector General flagged the agency’s changing workforce among several issues in its February 2023 report looking at top management and performance challenges the agency faces. More than 21% of the FDIC’s workforce was eligible for retirement in 2022, which is higher than the average eligibility rate of 15% at other government agencies. Within five years, the retirement eligibility rate at the agency will increase to 38%, according to the inspector general’s report.

“Without strategic workforce planning, retirements and resignations could result in the FDIC experiencing mission-critical skills and leadership gaps,” wrote the OIG.

Of course, being eligible for retirement doesn’t mean an employee will retire. Still, it’s an area of strategic concern for the agency. Retirement eligibility was higher among senior FDIC leaders and subject matter experts; within subject matter experts, 31% of employees with advanced IT expertise and 21% for employees with intermediate IT expertise were eligible to retire in 2022. This potential exodus of specialized knowledge “escalates at a time when cyber threats at banks and their [third-party service providers] are increasing,” the OIG wrote.

“Forfeiture of institutional knowledge is always a risk, and it’s especially a risk in a place like [the FDIC] because there are niche focus areas,” says John Popeo, a partner at The Gallatin Group and former FDIC legal division employee who was involved in 40 bank failures during the 2007-09 financial crisis. An exodus or retirement wave could create a knowledge gap among remaining agency staff, but Popeo thinks any dearth in knowledge would be temporary.

The FDIC’s workforce tends to grow and shrink throughout economic cycles, says William Isaac, who was chairman of the FDIC from 1981 to 1985 and is the current chairman of the Secura/Isaac Group. There were more than 12,000 banks when Isaac became chair; the FDIC would go on to close more than 1,300 institutions of financial institutions between 1980 and 1994 as part of the savings and loan crisis. The FDIC went on a hiring binge to deal with the increased resolution activity, Isaac says, expanding from about 3,000 when he joined in 1978 to a peak of 21,000 under his tenure. 

In addition to the wave of the retirements, the FDIC is also facing a question of who will replace them. The OIG also flagged in the report a potentially alarming trend that could have implications down the road: resignations among examiners-in-training. The four-year program that trains the next generation of examiners has seen “a substantial number” of resignations, above pre-pandemic levels. This brain drain could have a number of consequences for the agency: “Examiners play key roles in assessing the safety and soundness of banks, and it is costly for the FDIC to hire and train replacement examiners,” the report read. The FDIC invests about $400,000 to train each examiner. The OIG has previously identified a lack of clear goals to manage and track employee retention and made three recommendations to the agency; one recommendation remains unimplemented. 

Having too fewer examiners across too many banks can quickly create safety and soundness concerns. A 2020 paper from researchers at the Federal Reserve Board studied what happened when the ninth district of the Federal Home Loan Bank lost all but two field agents in the early 1980s who became responsible for oversight of almost 500 savings and loan institutions. The researchers found that it took the FHLB at least two years to build back up its supervision expertise, and that unsupervised S&Ls increased their risk-taking behaviors compared to institutions that received regular exams. Supervision gaps during this time led to about 24 additional failures, which cost the insurance fund about $5.4 billion — over $10 billion in 2018 dollars.

Inexperienced examiners may also provide less effective oversight and may need to work alongside regulators with more tenure. The U.S. Department of the Treasury’s OIG flagged examiner inexperience in a 2018 material loss review concerning the 2017 failure of Chicago-based Washington Federal Bank for Savings. The bank was closed after the OCC was informed of, and subsequently confirmed, pervasive fraudulent activity. The OIG found supervision weaknesses in the OCC’s examination teams, including relying on inexperienced examiners and those in training to conduct exams on an institution that was deemed to be low risk.

Of course, the FDIC isn’t alone in its workforce management challenges, and it’s by no means an emergent issue. And in this regard, the FDIC shares a problem with banks, which also struggle to attract and retain talent. 

Seventy-eight percent of respondents to Bank Director’s 2022 Compensation Survey said it was harder in 2021 to attract and/or retain talent than in previous years. About three quarters of bankers and directors said they couldn’t find a sufficient number of qualified candidates, 68% cited rising wages in their markets and 43% were feeling the pressure from rising pay for key positions. 

Todd Phillips, principal at Phillips Policy Consulting and former senior attorney at the FDIC, points out that federal law requires that all banks be examined on-site every 18 months. “If there aren’t enough examiners because they have retired, the government has a difficult time meeting that requirement [and] … it’s going to be a whole lot more stressful on the bankers themselves,” he says. “As older hands retire, you’re going to have newer, less experienced examiners coming in, and they may be a lot slower.”

Isaac believes technology will be part of how the agency fulfills its safety and soundness oversight mandate, especially if workforce challenges persist. 

“I’m a firm believer that we cannot have a modern economy without a properly supervised and regulated banking system,” he says. “There’s going to have to be an examination force that’s highly effective, coupled with modern technology, to stay on top of banks. [They’ll] figure out how to do that — I don’t have any doubt of that.”

A Regulator Questions Long-Standing M&A Practice

There seems to be broad consensus that the way bank mergers are assessed should be updated. The question facing bank regulators and the industry is how. The Office of the Comptroller of the Currency recently grappled with the question in a Bank Merger Symposium it hosted on Feb. 10. 

“There is a robust ongoing debate about the effects of bank mergers on competition, on U.S. communities, and on financial stability,” said Ben McDonough, senior deputy comptroller and chief counsel at the OCC, at the symposium’s opening, delivering remarks prepared for Acting Comptroller Michael Hsu. “At the same time, many experts have raised questions about the ongoing suitability of the current bank merger standards at a time of intense technological and societal change.”

I wrote about how community banks and regulators think about mergers and acquisitions from a competitive perspective for the first quarter 2023 issue of Bank Director magazine. The competitive analysis conducted by regulators is arguably antiquated and overly focused on geography and on bank deposits, which has become less relevant in the face of digital innovation. 

“Regulators are beginning to revise M&A rules, but it’s unclear what impact that will have,” I wrote. “Everyone wants the market to remain competitive — the question is what vision of competition prevails.”

Regulators assess a deal application for the competitive effects of the proposed merger, and the convenience and needs of the communities to be served. The framework they use was last updated in 1995 and has its roots in a 1960s Supreme Court case and the Herfindahl-Hirschman index, or HHI, which was developed in the mid-1940s and early 1950s.

The measurement is calculated by squaring the market share of each firm in the market and then calculating the sum of the resulting numbers; four firms with shares of 30, 30, 20 and 20 have an HHI of 2,600, according to the U.S. Department of Justice. The HHI ranges from zero, which is a perfectly competitive market, to 10,000, or a perfect monopoly. Deals that increase a market’s HHI by more than 200, or where the HHI exceeds 1,800 post-merger, can trigger a review. The bank HHI calculation uses bank deposits as a proxy for bank activity within geographic markets that the Federal Reserve has drawn and maintained.

Hsu highlighted HHI in his opening comments at the symposium as a “transparent, empirically proven, efficient, and easily understood measure of concentration,” but said the decades-old metric may have become “less relevant” since the 1995 update. 

He pointed out how the “growth in online and mobile banking and rise of nonbank competitors” has made HHI, which uses bank deposits as the basis for its calculation, “a less effective predictor of competition.” 

M&A activity in rural banking markets is especially impacted by the HHI calculation. More than 60% of defined geographic banking markets in 2022 were already above the 1,800 threshold, according to a speech from Federal Reserve Governor Michelle Bowman in the same year — meaning any bank deal that would impact those markets could merit further scrutiny.

Some of themes around potential changes to the bank merger application process included “updated and clearly defined concentration, competition and systemic risk analysis,” along with new requirements around “increase[ing] transparency and tools to enforce community benefits commitments,” wrote Ed Mills, managing director of Washington policy for investment bank Raymond James & Associates, in a Feb. 13 note. 

Mills wrote that proposed updates to bank merger guidance “are likely coming soon,” but expects the more extensive changes that seek to “build a better mouse trap” to be a much longer process. His firm believes that current pending mergers are likely to be approved, and that slower approvals don’t necessarily indicate a moratorium. His report occurred in the same week that Memphis, Tennessee-based First Horizon Corp. extended its agreement to sell to Toronto-based TD Bank Corp., which will create a $614 billion institution, from Feb. 27 to May 27, 2023. That would make the sale occur more than a year after announcement. 

It’s still not clear where the agencies will land, and how their changes will impact community bank deal approvals, if at all. But for now, there seems to be consensus that geographic markets and bank deposits may not be the truest measures of competition, before or after a deal.

A Former Regulator Confronts Bears and More

Jo Ann Barefoot’s personal story is almost as interesting as her professional one. She’s fly fished on five continents, searched for wolves in the Arctic and been charged by a bear. She joined the Office of the Comptroller of the Currency in 1978 and became the first woman to serve as a deputy comptroller. She also took on a specialty in consumer regulation before it was as large a focus in financial regulation as it is now.

Her career was going well enough, but she decided to take a break to write two novels and spend more time with her three children. That decision was critical to her success — she says it supercharged her right brain when she needed it most.

The creation of the Consumer Financial Protection Bureau in 2011 propelled her back into the workforce. Suddenly, consumer regulation was a hot topic, and she went to work as a consultant for the financial industry. She’s since started several businesses, served on the boards of financial technology companies and now works as CEO of a nonprofit she co-founded, the Alliance for Innovative Regulation, which aims to make the financial system inclusive, fair and resilient through the responsible use of new technology. The group organizes events to help solve mutual problems for regulators and the financial industry.

She talks about the challenges for regulators, the group’s work, and a recent gathering where participants stumbled on a child pornography case that the group referred to law enforcement. Since then, regulators have credited the event with changing the way they track down this type of crime. “There’s a place for boldness if we’re going to change the world today,” she says.

Hear more from this unique former regulator in this edition of The Slant Podcast.

This episode, and all past episodes of The Slant Podcast, are available on BankDirector.com, Spotify and Apple Music.

Fifth Third’s Transformation

A few years ago, walls of black granite lined the entrance to Fifth Third Bancorp’s headquarters in downtown Cincinnati. Today, the entrance is an open atrium lined with artwork, a café and a small stage for the public to enjoy performances. Pithy reminders for employees dot the walls and elevator: “Be the bank people most value & trust,” and “Strengthen communities.”

As if to imply that the dark days at Fifth Third are behind it, a wall of windows lets light stream in. Fifth Third not only went through a physical renovation, but a financial one as well. The $205 billion bank’s performance was in the bottom half of peers eight and nine years ago. It’s now in the top quartile. It’s rebuilt its balance sheet and its reputation after the financial crisis, when its stock plummeted to about $1 per share and its ability to survive as an independent entity was in question.

Today’s Fifth Third has accomplished a vast financial comeback as well as a digital transformation executed in part by former CEO Greg Carmichael and Tim Spence, who in July became the youngest CEO among the 20 largest commercial banks in the country.

“That was the major task of the last five, six years: Return the bank to a place where it had the right to flex its muscle a little bit and go achieve great outcomes,” says Fifth Third’s Chief Strategy Officer Ben Hoffman. “Now the question for Tim is, ‘What do you do with that?’”

As if to emphasize the changes, Spence decided our interview would not take place in a conference room. He moved us to the open-office innovation studio that shares the same floor as the executive suite inside Fifth Third’s headquarters tower on Fountain Square. “Those of us who are here today get to operate on a platform that’s going to allow us to think about growth,” Spence says in hushed tones, so as not to disturb the employees working on computers around us. “How do we grow the business organically?”

To understand what happened at Fifth Third, you have to go back in time. Although the bank traces its roots back to The Bank of the Ohio Valley in 1858, it really began growing considerably in the 1980s. Its formidable former CEO, George Schaefer Jr., a West Point graduate and Vietnam War veteran, ran the bank starting in the 1990s until 2007. He created a hard-driving sales culture and had a reputation for frugality.

One reporter described his office furniture as not so much antique as shopworn. He was religious about making sure every employee wore the iconic 5/3 pin on their lapels. One former employee told me the bank was so conservative that women weren’t allowed to wear pantsuits. But it was also one of the top performing banks in the country.

Boosted by a high stock price multiple, Schaefer went on a buying spree that enlarged the bank’s footprint. In the 1990s alone, Fifth Third bought 21 other banks. By 1999, the bank had 384 banking centers in Florida, Ohio, Indiana and Kentucky, according to the company.

“Back in the 1990s, Cincinnati had two of the most highly regarded banks in the country,” says R. Scott Siefers, managing director and equity analyst at Piper Sandler & Co. “It was Fifth Third and Star Bank, which is now part of U.S. Bancorp in Minneapolis … they both had high multiples. Fifth Third might trade at 20 or 25 times earnings and would buy these companies at say, 10 or 12 times earnings. The math just worked fabulously because of the disparity. These deals were so accretive to earnings.”

But some of the deals didn’t work out so well, and investors became more cautious on the company, Siefers says. The financial crisis of 2007-08 came along, and Fifth Third was hit hard. Although the bank didn’t get into subprime lending, management was caught off guard by the sheer loss of value in the real estate industry and the collapse of the mortgage market.

Also, what regulators and the public demanded of banks changed dramatically, remembers Kevin Kabat, who was CEO from 2007 to 2015. Becoming CEO in 2007 was less than ideal. Kabat recalls that he had one good quarter before the crisis hit.

“It was stressful, to say the least,” he says. “We were probably the second most picked-on company after [National City Corp.], which went out of business.”

Congress passed the largest financial law in decades, the Dodd-Frank Act, in 2010.

“[The crisis] broadened in a much bigger way the definition of success,” Kabat says. “In [earlier] days, there was only one thing that mattered; it was earnings per share, period. There was not a lot of conversation about much else … I think what really changed from that perspective was the definition of success. The regulators had a stronger opinion about success. Your customers had a strong opinion of success. Your politicians and community leaders had a much different perspective of what success meant. It created a three-dimensional viewpoint of success, where we were pretty one-dimensional before that.”

Kabat recapitalized the business, with then-Chief Operating Officer Carmichael, and focused on changing the culture and de-risking the balance sheet. “When I joined the company, it was clear that the sales orientation, the sales focus was the No. 1 focus,” Kabat says. “We changed it from a sales focus to a customer focus. It’s not just what the next product is; it’s how the customer feels. How do they judge us? What’s their loyalty? And we began to measure all those things.”

There’s at least one entity that doesn’t believe Fifth Third totally changed: the Consumer Financial Protection Bureau. As of press time, the bureau continues to litigate its 2020 lawsuit against Fifth Third that accuses the bank of imposing sales goals on employees that resulted in unauthorized account openings for several years following the financial crisis, similar to practices at Wells Fargo & Co. that gained attention in 2016. The CFPB accuses Fifth Third of failing to take adequate steps to detect and stop the practices, or remediate harmed consumers.

Fifth Third countered in public statements that those accounts involved less than $30,000 in improper charges that were waived or reimbursed years ago. The company currently does not have sales quotas or product-specific targets for retail employees, nor does it reward them for opening unauthorized accounts. “Starting in 2011 and 2012 and 2013, the measures we took since that point in time ensured we had a culture that put the customer at the center,” Spence says, adding that the company doesn’t comment on pending litigation.

It wasn’t just Fifth Third’s sales culture that was under the microscope. When Greg Carmichael arrived in 2015, the bank was in better shape, but it was trading at book value. Profitability was stoked by ownership of a payments business called Vantiv, but lots of investors discounted that value. Carmichael asked investors what they liked about Fifth Third and what they thought its issues or challenges were. Then, he and his management team studied banks that performed well through economic cycles, looking for their similarities. “Listen, it wasn’t rocket science,” says the matter-of-fact Carmichael, who is now executive chairman of the board. “You need a balance sheet that’s going to perform well when the credit cycle turns. You need a balance sheet that’s going to throw off strong returns, so you need to make sure you’re banking the right clients, and you have the full relationship. You need your fee businesses to be a larger portion of your business to offset low-rate environments.”

The management team committed to becoming a bank that would perform well through various interest rate environments and through the inevitable downturns. Carmichael and his team began to build larger fee income businesses, such as mortgages, capital markets and private banking. He committed the bank to quantifiable financial goals, such as return on tangible common equity and return on assets. “We communicated that strategy with financial targets, and we told our investors to hold us accountable, told our board to hold us accountable. And we also asked our employees to hold us accountable, hold themselves accountable for executing to this strategy. That was critical,” he says.

Still, investors weren’t always pleased. After Fifth Third announced the acquisition in 2018 of one of the larger banks in Chicago, MB Financial, for 2.8 times tangible book value, the stock price fell and didn’t recover fully until the end of 2019. “What they didn’t like is we paid a lot for it,” Carmichael says, “We proved them wrong … I would do that deal in a heartbeat at the same price again, and I wouldn’t bat an eye.”

The other thing Carmichael did was start building the bank’s portfolio of high-quality commercial and industrial loans in Texas and California, even in regions that didn’t have Fifth Third retail branches, says Christopher Marinac, director of research for Janney Montgomery Scott, who follows the company. The management team has been focused particularly on expanding the bank and its branches into growth markets in the Southeast.

The focus has paid off so far. Fifth Third placed No. 5 among the 33 commercial banks above $50 billion in assets in Bank Director’s RankingBanking study last year, based on return on average assets, return on average equity, capital adequacy, asset quality and one-year total shareholder return in 2021. For calendar year 2020, it was building reserves for the pandemic and ranked No. 21 on a similar Bank Director ranking called the Bank Performance Scorecard. For calendar year 2019, it ranked sixth.

After Carmichael transformed the bank, he handed the reins to Spence last summer. But before that, he had executed a two-year succession plan that involved rotating Spence through different roles to see if he could lead major businesses for the bank, bringing him to investor meetings and signifying to the world that Spence was his likely successor. “So, when I actually made the announcement [that] I was stepping down in a handful of months, there was no surprise who the person was, there was no issue with confidence that Tim couldn’t step right in, because he’s been part of [the] strategy,” Carmichael says. The choice was unusual. Instead of picking someone as a potential successor who had 20 or 30 years of service in banking, Carmichael picked someone he had hired from the consulting firm Oliver Wyman as his chief strategy officer in 2015, when Spence was still in his 30s. “He was much younger than I thought he was,” Carmichael says. “But he is well beyond his years in both maturity and leadership, and knowledge base of the banking sector. So, I never thought of Tim as a young man. I always thought of him as a seasoned leader.”

Spence was an unusual pick for another reason. He had a background in the tech sector. Spence learned how to code at the same time he learned how to write, in the first grade, although he never worked as a programmer.

The son of a financial advisor and a flight attendant who divorced, he wasn’t sure what he wanted to do. He grew up in Portland, Oregon, and got a bachelor’s degree in economics and English literature from Colgate University, a private school in New York. While in school, he asked his dad to send him a copy of an Oregon business journal and wrote letters to the paper’s list of the 50 fastest growing tech companies, offering to work for free if there was a possibility of long-term employment. He started out at a small startup as a finance intern, working his way up in corporate development and management before moving to a bigger tech company. But after years at tech firms, he reached a point where he would “sit and listen to our customers, and hear them describe big opportunities and challenges. We were this little component solution. I wanted to have the opportunity to help work on the big things, not just the pieces.”

He got a job at Oliver Wyman and worked there for about a decade, becoming a senior partner of its financial services practice and doing work for its client Fifth Third before Carmichael offered him a job. Given the costs of hiring a consulting firm, Carmichael joked at the time that the hire was a money-saving measure. “He’s very thoughtful in his approach,” Carmichael says. “He [is] very detail oriented when he gets into a subject matter, and he can go very deep, which I was really, really impressed with. And then his listening skills, he listens and that’s also not a trait many consultants have.”

Carmichael says that when he decided to develop Spence as the potential next CEO, he was looking for someone who really understood technology’s impact on financial services. “He really had appreciation for the technology space and a passion for leveraging technology for the success of our business,” Carmichael says. “And I just thought that was also an extremely important attribute and skill set to have, when you think about the future of a bank CEO.”

Spence has a round, boyish face, but he’s tall enough to be a basketball player. Moving through the open offices, employees stopped what they were doing to watch him walk past. “Tim’s mind is all over the place, and I don’t mean in a sloppy, disorganized way,” says Steve D’Amico, who worked for Spence as chief innovation officer for a year and a half, starting in 2016. “He’s a very diverse thinker, bringing lots of unusual ideas to bear.”

Ben Hoffman, Fifth Third’s chief strategy officer, says that Spence has the ability to identify what matters and what doesn’t. “My belief is that Tim’s superpower is focus,” Hoffman says. He’s not a micromanager, but he’s deeply interested in the details. “There have been multiple times where he’s asked me a question about footnote seven on page 87, in the appendix of a presentation.”

One of the details Spence is intensely interested in is the particulars of digital transformation. Spence wants to learn from the best examples of technology and customer service across all industries, not necessarily in banking. “If we need engineers, what does the best employer for an engineer look like?” Hoffman says. “We spend a lot more time thinking about JPMorgan [Chase & Co.] and Goldman Sachs [Group] and LendingClub [Corp.], and the credit funds, candidly, then we do about the traditional regional bank peers.” A few years ago, the bank designed a new consumer deposit account. The walls were filled with sticky notes as staffers wrote down the best brands for customer experiences, among them, Delta Air Lines, Hertz, Domino’s Pizza and Zappos.com.

Then, they came up with ideas about what the app should do, Hoffman says.

Chief Digital Officer Melissa Stevens was deeply involved in launching the bank’s Momentum Banking consumer deposit account product in 2021, all of it built in-house. Notably, it’s not called a checking account. It has an automatic savings tool and free access to wages up to two days in advance with direct deposit, even for gig workers. The account also gives customers additional time to make a deposit to avoid overdrafts and the ability to get an advance of funds against future pay. It has no minimum deposit opening amount, and it costs $0 per month.

Although none of those features are hugely unique in the world of fintechs, what is unique is Fifth Third’s approach to fintech partnerships. Fifth Third is a superregional bank with a tech budget of more than $700 million last year, growing at a compound annual rate of 10%. “They’re not going to have the technology budget of a Chase or a Bank of America [Corp.],” says Alex Johnson, creator of the Fintech Takes newsletter. “And they can’t keep up with those banks if they insist on building everything themselves. But if they can focus their own development resources just on the things that they can’t get by partnering or buying, they can have a much more efficient technology budget where they get more per dollar out of their tech budget because it’s more focused on the highest priorities.” That’s not easy to do, because it’s hard to tell a chief technology officer not to build what that person wants to build, Johnson adds. “I think Fifth Third, for the most part, has managed to sidestep that problem from of an internal politics perspective and just be really aligned from the top down on what their strategy is,” he says.

Fifth Third works with fintech partners for years before it decides, in some cases, to buy them. Hoffman’s team is responsible for venture capital funding and partnerships with fintechs. The bank was an early investor in 2018, for example, in Provide, a digital lending platform for medical practices, according to a 2022 article by Bonnie McGeer for Bank Director’s FinXTech.com division. The bank announced a deal to buy Provide in 2021 and purchased another fintech that finances solar panels in 2022. “I think the other competency you have to have if you’re going to do this well is you have to be really good at partnering and acquiring technology,” Johnson says. “Some of the best technology out there is coming from fintech companies, and most banks have no idea how to work with fintech companies.”

Spence’s job is to get the company’s managers and employees to think differently, and he sees working with fintechs as part of that strategy. “The single best way to do that,’’ he says, was to partner with and invest in fintechs who could help the bank’s employees grow. “One of the big mental model changes that has to still trickle into our industry is this idea of product life cycle management … [Instead of] build it and launch it and leave it, we have to move much more into a software-oriented mindset, where you develop a product and then every six to 12 months, you make it better.”

Spence acknowledges that he’s in an enviable position compared to his predecessors. He was handed a banking franchise in good shape and now needs to sustain it. “What Greg did was remarkable,” Spence says. “We need to continue the focus on profitability and operational excellence and resilience through cycles. We need to maintain those disciplines. We need to grow organically and take advantage of opportunities, particularly in terms of technology that allows us to inhabit a different position in people’s lives.”

Despite the focus on innovation, analysts such as Siefers get the impression that Spence is equally focused on careful, strategic thinking when it comes to the bank’s balance sheet. He doesn’t get the impression that Fifth Third is interested in big gambles, and the bank seems well positioned even heading into a potential downturn.

“Kevin [Kabat] and then Greg Carmichael, they’ve been in reputation rebuild mode for the better part of the last decade,” Siefers says. “And they’ve done so quite successfully, particularly during Greg’s tenure. And ideally, that continuity will continue with Tim.”

Marinac also thinks the bank is well positioned given rising rates. “I think their ability to reset loan yields is better than other banks,” he says. “The industry is craving new ideas, new approaches, whether it’s taking out costs or building these new lending channels, or kind of rethinking the business. That’s where Tim comes in … 85% of banks follow and 15% lead. I think Fifth Third is demonstrating that they’re a leader.”

This article has been updated to reflect that Tim Spence was a senior partner in the financial services practice at Oliver Wyman.

The following feature appeared in the first quarter 2023 edition of Bank Director magazine. It and other stories are available to magazine subscribers and members of Bank Director’s Bank Services Membership Program. Learn more about subscribing here.