Should You Buy, Sell Or Do Neither?


acquire-10-23-18.pngShould you acquire or be acquired? Some community banks are electing to do neither, and instead are attempting to forge a different path – pursuing niche business models. Each of these business models comes with its own execution and business risks. All of them, however, come with the same regulatory risk – whether the bank’s regulators will challenge or be supportive of the changes in the business model.

Some community banks are developing partnerships with non-bank financial services, or fintech, companies – companies that may have created an innovative financial product or delivery method but need a bank partner to avoid spending millions of dollars and years of time to comply with state licensing requirements. These partnerships not only drive revenue for the bank, but can also – if properly structured – drive customers as well. WebBank is a prime example of the change this model can bring. As of the close of 2007, WebBank had only $23 million in assets and $1 million in annual net income. Ten years later, WebBank had grown to $628 million in assets and $27.5 million in annual net income, a 39 percent annualized growth in both metrics.

Following the recession, bank regulators have generally been supportive of community banks developing new business models, either on their own or through the use of third party technology. As the OCC notes, technological changes and rapidly evolving consumer preferences are reshaping the financial services industry at an unprecedented rate, creating new opportunities to provide customers with more access to new product options and services. The OCC has outlined the principles to prudently manage risks associated with offering new products and services, noting that banks are motivated to implement operational efficiencies and pursue innovations to grow income.

Even though the new business model may not involve an acquisition, the opening of a new branch, a change in control, or another action that requires formal regulatory approval, a bank should never forge ahead without consulting with its regulators well before launching, or even announcing, its plan. The last thing your board will want is a lawsuit from unhappy investors if regulators shut down or curb the projected growth contemplated by a new business model.

Before introducing new activities, management and the board need to understand the risks and costs and should establish policies, procedures and controls for mitigating these risks. They should address matters such as adequate protection of customer data and compliance with consumer protection, Bank Secrecy Act, and anti-money laundering laws. Unique risks exist when a bank engages in new activities through third-party relationships, and these risks may be elevated when using turnkey and white-label products or services designed for minimal involvement by the bank in administering the new activities.

The bank should implement “speed bumps” – early warning indicators to alert the board to issues before they become problems. These speed bumps – whether voluntary by the bank or involuntary at the prompting of regulators – may slow the bank’s growth. If the new business model requires additional capital, the bank should pay close attention to whether the projected growth necessary to attract the new investors can still be achieved with these speed bumps.

Bank management should never tell their examiners that they don’t understand the bank’s new business model. Regardless of how innovative the new business model may be, the FDIC and other bank regulators will still review the bank’s performance under their standard examination methods and metrics. The FDIC has noted that modifying these standards to account for a bank’s “unique” business plan would undermine supervisory consistency, concluding that if a bank effectively manages the strategic risks, the FDIC’s standard examination methods and metrics will properly reflect that result.

Banks also need to be particularly wary of using third-party products or services that have the effect of helping the bank to generate deposits. Even if the deposits are stable and low-cost, and even if the bank does not pay fees tied to the generation of the deposits, the FDIC may say they are brokered deposits. Although the FDIC plans to review its brokered deposit regulations, it interprets the current regulations very broadly. Under the current regulations, even minor actions taken by a third party that help connect customers to a bank which offers a product the customer wants can cause any deposits generated through that product to be deemed brokered deposits.

Community banks definitely can be successful without acquiring or being acquired. However, before choosing an innovative path a bank should know how its regulators will react, and the board should recognize that although regulators may generally be supportive, they do not like to be surprised.

How AML Compliance Could Soon Change


AML-9-21-18.pngDespite major changes in compliance obligations starting with the Dodd-Frank Act through the more recent Economic Growth, Regulatory Relief, and Consumer Protection Act, requirements related to anti-money laundering (AML) compliance have remained largely unchanged.

The last major revision of AML compliance requirements was in 2001 with the U.S.A. PATRIOT Act amendments to the Bank Secrecy Act. This era may be coming to an end with the reintroduction earlier this summer of H.R. 6068, Counter Terrorism and Illicit Finance Act (CTIFA), and the convergence of market developments.

Although the reintroduced CTIFA bill removes a prior provision that would have required beneficial ownership information for new corporations to be collected and provided to FinCEN, the revised CTIFA would make a number of other significant changes to AML compliance requirements:

  • Increase the filing thresholds for currency transaction reports from $10,000 to $30,000 and for suspicious activity reports (SARs) from $5,000 to $10,000;
  • Require the Secretary of the Treasury to undertake a formal review of the information reporting requirements in the BSA to ensure the information is “of a high degree of usefulness” to law enforcement, and to propose changes to reduce regulatory burden;
  • Reduce impediments to the sharing of SAR information within a financial group, including with foreign branches, subsidiaries, and affiliates;
  • Create a process for FinCEN to issue no-action letters concerning the application of the BSA or any other AML law to specific conduct, including a statement whether FinCEN has any intention of taking an enforcement action with respect to such conduct;
  • Encourage the use of technological innovations such as artificial intelligence in AML compliance;
  • Establish an 18-month safe harbor from enforcement of FinCEN’s beneficial ownership and customer due diligence rule, which became effective in May 2018; and
  • Commission studies on the effectiveness of current beneficial ownership reporting regimes and cost-benefit analyses of AML requirements.

Although the CTIFA’s prospects for passage are uncertain, several of its provisions track market developments that are already bringing about change. First, innovative technologies such as artificial intelligence and blockchain increasingly are being leveraged for AML compliance solutions.

Artificial intelligence has the potential to transform terabytes of customer information into actionable AML insights including, for example, customizable pre-drafted suspicious activity report templates or customer risk profiles. These risk profiles update in real time in support of the new customer due diligence “pillar” of AML compliance. Blockchain and other distributed ledger technologies may be deployed to create standardized digital identities for customers to expedite and safeguard KYC and authentication processes.

Second, banks already are taking a hard look at their CTR and SAR processes to determine the ratio of meaningful information to noise that has been included in these reports. This augmented reporting will result in a direct benefit to the network of federal government agencies tasked with analyzing reports to find information with a high degree of usefulness in law enforcement investigations.

Third, banks are increasingly providing services to new types of high-risk businesses, such as marijuana-related businesses (“MRBs”) and cryptocurrency companies. FinCEN has for each of these industries been a pioneer in issuing guidance relatively early in the industry’s lifecycle to explain how AML compliance obligations apply, but this guidance requires updating. As just one example, FinCEN’s three-tiered system for filing SARs applies when a bank provides banking services directly to an MRB, but there are less clear SAR filing guidelines when a bank provides services to a customer that provides services to MRBs or owns shares of an MRB.

Banks continue to use FinCEN’s administrative ruling request process or the supervisory process to obtain guidance for high-risk customers, albeit in an ad hoc, non-public way. This request process is less effective than the no-action letter process contemplated in the CTIFA.

The CTIFA, if enacted, would significantly change AML compliances. At the same time, innovation and new business opportunities, among other market developments, are already contributing to AML compliance enhancements. Regardless of whether the legislation passes, the industry appears to be entering an era of change.

Advice for New Bank Directors


governance-8-30-17.pngIf you have recently been appointed to a bank board, chances are you’re like most new directors in that you came from outside the industry and have little knowledge of banking other than what you might have learned as a customer. If, for example, you’re the owner of a local business that relies heavily on its banking relationships to keep the enterprise going (as most small businesses do), you will certainly have an opinion about what constitutes good customer service. And also you bring your own judgment and life experience outside of banking to the task, which will no doubt be very valuable to the board. But to be an effective bank director, you’re going to have broaden your knowledge base considerably when it comes to banking. Good judgment isn’t enough. There are certain things that you will need to know.

Learning is a life-long exercise, and for as long as you serve on a bank board there will always be new things to learn. But here are four areas that I think new directors should give extra attention to:

Learn About Regulation.
Banking is a complicated and highly regulated industry, and banks can pay a steep price for their compliance sins. Take the time to understand the industry’s regulatory structure and the expectations of your bank’s primary regulators, which will vary depending on the size of your institution and whether it has a state or national charter. Also, zero in on the regulations that can have the greatest impact on your bank (for example, the Bank Secrecy Act and the various consumer protection rules). The regulators will hold your board accountable for any serious compliance violations, so it’s not a responsibility to be taken lightly.

Learn How Your Bank Works.
Banking is very different from most other businesses like, say, manufacturing and retailing, or professional services like accounting and lawyering. Yours is a governance rather than an operating role, but you should still learn how your bank works inside and out so you can engage fruitfully with management. Learn how your bank makes most of its money and where its greatest risks lie. Service on the board’s audit committee would provide a very powerful introduction to the workings of your bank, because there’s very little that the audit committee doesn’t get involved in.

Learn About Technology and Try to Embrace It.
Technology tends to be a black hole for most boards. Most people in their 60s and 70s, which fits the profile of many directors who serve on bank boards, don’t understand or use technology as comfortably as those who are 20 or 30 years younger. The problem is that banking is undergoing a technological revolution that goes well beyond mobile (which gets most of the attention these days) and touches almost every area of the bank. Directors need to understand how these trends are likely to impact their institution. Some banks try to recruit at least one tech-savvy director to their board, but these people are hard to find—and even if you find one, you can’t delegate the responsibility to understand technology to that person. Regular board-level briefings from your bank’s chief technology officer, attendance at industry conferences and a commitment to read up on the topic can all help educate you. Also, experiment with some of the consumer technology that has come into financial services in recent years. If you have an iPhone, activate its wallet feature. Open a Venmo account and use it. And if you don’t use your own bank’s mobile banking app, shame on you!

Learn About Cybersecurity.
As banks become more digital, their cyber risk profile will increase ipso facto. Trying to lessen the risk by resisting the push toward digital banking isn’t a rational strategy because your institution will be left behind. The U.S. economy and our national culture are all being profoundly impacted by the digital phenomenon, and it’s a game that all banks simply have to play. Your role as a director is to make sure your bank has a good cybersecurity program and team in place, that the program conforms to the latest industry standards and regulatory expectations, and that the board is being briefed regularly.

These are not the only critical areas that new directors need to understand, of course, but they would be on my short list of things to go to school on if I had just joined a bank board. Congratulations and good luck!

Regulatory Issues to Watch In 2018


regulation-5-22-18.pngAs 2018 unfolds, all eyes in the financial services industry continue to look to Washington,D.C. In addition to monitoring legislative moves toward regulatory reform and leadership changes at federal regulatory agencies, bank executives also are looking for indications of expected areas of regulatory focus in the near term.

Regulatory Relief and Leadership Changes
Both the U.S. House of Representatives and the Senate began 2018 with a renewed focus on regulatory reform, which includes rollbacks of some of the more controversial provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act, the sweeping reform passed after the 2008 financial crisis. These legislative actions are ongoing, and the final outcomes remain uncertain. Moreover, even after a final bill is signed, regulatory agencies will need time to incorporate the results into their supervisory efforts and exam processes.

Meanwhile, the federal financial institution regulatory agencies are adjusting to recent leadership changes. The Federal Reserve (Fed), Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), and Consumer Financial Protection Bureau (CFPB) have new leaders in place or forthcoming, some of whom have been vocal supporters of a more “common sense” approach to financial regulation and who generally are supportive of regulatory relief. In the case of the CFPB, the ultimate direction of the agency could remain uncertain until a permanent director is appointed later in 2018.

Regulators’ Priorities in 2018
Notwithstanding the regulatory reform efforts, following are some areas likely to draw the most intense scrutiny from regulatory agencies during 2018 examination cycles:

Credit-related issues. While asset quality continues to be generally sound industrywide, concerns over deteriorating underwriting standards and credit concentrations continue to attract significant regulatory attention, accounting for the largest share of matters requiring attention (MRAs) and matters requiring board attention (MRBAs).

The federal banking regulators have encouraged banks in recent months to maintain sound credit standards within risk tolerances, understand the potential credit risks that might be exposed if the economy weakens, and generally strengthen their credit risk management systems by incorporating forward-looking risk indicators and establishing a sound governance framework. At the portfolio level, regulators are particularly alert to high concentrations in commercial real estate, commercial and industrial, agriculture, and auto loans, according to the FDIC.

Information technology and cybersecurity risk. The Federal Financial Institutions Examination Council (FFIEC) updated its Cybersecurity Assessment Tool in May 2017. Although its use is voluntary, federal and state banking regulators typically consider a bank’s use of the FFIEC tool or some other recognized assessment or framework as part of their assessment of an organization’s cybersecurity risk management, controls, and resilience.

On a broader scale, in February 2018, the Department of Justice announced a new cybersecurity task force. Although the task force is not directed specifically at the financial services industry, its first report, expected to be released this summer, could provide useful insight into the scope of the task force’s activities and potential guidance into what types of regulatory actions and controls to expect in the coming years.

Bank Secrecy Act and anti-money laundering (BSA/AML) compliance. The industry has seen a steady increase in enforcement actions—some of which have included severe sanctions— when regulators perceived banks had pared back resources in this area too severely. Compliance with Office of Foreign Assets Controls (OFAC) requirements and efforts to prevent terrorist financing are also continuing to draw regulatory scrutiny.

Consumer lending practices. Regulatory priorities in this area are likely to remain somewhat fluid given the leadership changes occurring at the CFPB, where a permanent director is to be appointed by September. Additionally, legislative efforts that could affect the structure and authority of the bureau also are underway.

Third-party and vendor risk management. It has been nearly five years since the OCC released OCC Bulletin 2013-29, which expanded the scope of banks’ third-party risk management responsibilities and established the expectation for a formal, enterprise-wide third-party risk management effort. Since then, regulatory agencies have issued several follow-up publications, such as OCC Bulletin 2017-7, which spells out supplemental exam procedures. Also in 2017, the FDIC’s Office of Inspector General issued a report with guidance regarding third-party contract terms, business continuity planning, and incident response provisions, and the Fed published an article, “The Importance of Third-Party Vendor Risk Management Programs,” which includes a useful overview of third-party risk issues.

Despite the industry’s hopes for regulatory relief in some areas, all financial services organizations should continue to focus on maintaining sound risk management policies and practices that reflect today’s environment of continuing change and growing competitive pressures.

How Technology Alters the Reality of Regulatory Compliance


regtech-4-18-18.pngIn case you haven’t noticed, regulatory compliance is expensive. The banking industry spends an estimated $60-$70 billion a year on compliance, and many banks complain they have been forced to expand their compliance staffs in recent years just to keep up with the increase in regulations. Indeed, compliance-related activities can account for nearly 20 percent of a bank’s overhead.

The compliance function is also critically important. The three federal prudential bank regulators consider a poor compliance track record to be an indictment of a bank’s overall management capability, and they will severely punish any bank that has a significant compliance violation, especially of the Bank Secrecy Act (BSA) and related anti-money laundering (AML) regulations. Among the negative ramifications of a serious BSA violation is the inability to consummate an acquisition or execute a major business expansion. The poster child for this nightmare scenario is probably M&T Bank Corp., which acquired Hudson City Bancorp in July 2012 but was prevented by the Federal Reserve from completing the acquisition until November 2015 after the Fed uncovered deficiencies in M&T’s BSA program after the deal had been announced.

These and other issues will be topics of discussion at Bank Director’s 2018 The Reality of RegTech event, which takes place at the Nasdaq MarketSite April 18 in New York’s Times Square. Presentations focusing on regtech include an examination of some of the technologies impacting AML and know-your-customer (KYC) rules, and how artificial intelligence can be incorporated into a bank’s compliance program.

Compliance requirements like BSA, the Community Reinvestment Act, the Fair Lending Act, the Home Mortgage Disclosure Act and vendor management lend themselves well to the use of technology because they often involve large amounts of data and repetitive tasks, and the application of regtech solutions to these activities can lead to improvements in accuracy, efficiency and costs.

However, the promise of lower compliance costs may take longer to materialize since the initial investment in new technology, the time to train the compliance staff with the technology and for them to become proficient could actually raise a bank’s compliance costs in the short run. In fact, in Bank Director’s 2018 Risk Survey, 55 percent of the participating directors and senior bank executives say their compliance budget actually increased after the introduction of new technology, while 27 percent say it had no effect and just 5 percent said it decreased.

The compliance function is not the only area where technology is increasingly being used to improve bank performance. Advanced tools also help senior executive teams and boards of directors improve their management and oversight of a variety of risk exposures. The risk management challenge is not unlike the compliance challenge in that there are often large amounts of data to manage and analyze—particularly in an area like credit risk—and technology can both accelerate and improve data aggregation and analysis. The Reality of RegTech event will also offer presentations on the integration of solutions to manage credit risk, emerging enterprise risk management solutions, and advancements in operational risk management.

2018 Risk Survey: Technology’s Impact on Compliance


regtech-3-19-18.pngIn addition to better meeting the needs of consumers, technology’s promise often revolves around efficiency. Banks are clamoring to make the compliance function—a significant burden on the business that doesn’t directly drive revenue—less expensive. But the jury’s out on whether financial institutions are seeing greater profitability as a result of regtech solutions.

In Bank Director’s 2018 Risk Survey, 55 percent of directors, chief executive officers, chief risk officers and other senior executives of U.S. banks above $250 million in assets say that the introduction of technology to improve the compliance function has increased the bank’s compliance costs, forcing them to budget for higher expenses. Just 5 percent say that technology has decreased the compliance budget.

Regtech solutions to comply with the Bank Secrecy Act, vendor management and Know Your Customer rules are widely used, according to survey respondents.

Accounting and consulting firm Moss Adams LLP sponsored the 2018 Risk Survey, which was conducted in January 2018 and completed by 224 executives and board members. The survey examines the risk landscape for the banking industry, including cybersecurity, credit risk and the impact of rising interest rates.

Fifty-eight percent say that the fiscal year 2018 budget increased by less than 10 percent from the previous year, and 26 percent say the budget increased between 10 and 25 percent. Respondents report a median compliance budget in FY 2018 of $350,000.

Additional Findings

  • Cybersecurity remains a top risk concern, for 84 percent of executives and directors, followed by compliance risk (49 percent) and strategic risk (38 percent).
  • Respondents report that banks budgeted a median of $200,000 for cybersecurity expenses, including personnel and technology.
  • Seventy-one percent say their bank employs a full-time chief information security officer.
  • Sixty-nine percent say the bank has an adequate level of in-house expertise to address cybersecurity.
  • All respondents say that their bank has an incident response plan in place to address a cyber incident, but 37 percent are unsure if that plan is effective. Sixty-nine percent say the bank conducted a table top exercise—essentially, a simulated cyberattack—in 2017.
  • If the Federal Reserve’s Federal Open Market Committee raises interest rates significantly—defined in the survey as a rise of 1 to 3 points—45 percent expect to lose some deposits, but don’t believe this will significantly affect the bank.
  • If rates rise significantly, 45 percent say their bank will be able to reprice between 25 and 50 percent of the loan portfolio. Twenty-eight percent indicate that the bank will be able to reprice less than 25 percent of its loan portfolio.
  • One-quarter of respondents are concerned that the bank’s loan portfolio is overly concentrated in certain types of loans, with 71 percent of those respondents concerned about commercial real estate concentrations.

To view the full results to the survey, click here.

Can Banks Find Growth Through Bitcoin?


bitcoin-1-5-18.pngInvestor speculation in the cryptocurrency market hit a fever pitch in 2017, setting one record high after another over the course of the year. Bitcoin—the most prominent and highly valued cryptocurrency—was valued at $998 on January 1, 2017, according to the cryptocurrency news source CoinDesk. By mid-December, it was closing in on $20,000. Bitcoin fell to $13,860 at the end of the year, but these gains are still remarkable. Other cryptocurrencies—notably Ethereum and Litecoin—saw similar gains in 2017, albeit at a lower price point.

CoinDesk-chart.png

Alan Lane, the chief executive of Silvergate Bank, bought his first Bitcoin in 2013. The $1.2 billion asset bank based in La Jolla, California, was seeking deposit niches to fund its loan growth, and the more he explored the cryptocurrency space, the more he realized that these companies were flush with venture capital cash but lacked banks willing to provide deposit accounts to these companies. Early on, Lane brought in a potential client in the cryptocurrency space to speak with a few members of his team about how cryptocurrency works, and the challenges these firms face in establishing banking relationships. In 2014, the bank started building deposit relationships with cryptocurrency and other financial technology firms. “It’s become a major line of business for us,” Lane says.

The bank developed a program to build these deposits while staying in the right lanes for regulatory compliance. The bank established an early dialogue with its regulators. “We invited our regulators in to walk through how we were approaching this [and] the kinds of analysis we were doing in terms of vetting the appropriate [regulations] as related to a particular customer that we might choose to bank,” says Lane. “That early dialogue with the regulators has continued.” He dismisses concerns that cryptocurrency businesses are inherently dangerous. “There are regulations on the books, and it’s up to us to figure out how those regulations apply and how we can do things in a safe and sound manner,” he says.

Cross River Bank, with $877 million in assets in Teaneck, New Jersey, provides settlement and treasury management services for the cryptocurrency exchange Coinbase—an active business, given Bitcoin’s rise. “We have a strong appetite for those kinds of relationships,” says Cross River CEO Gilles Gade. Due diligence for these relationships is rigorous. Clients must have an executive on staff dedicated to BSA/AML, and systems equipped to comply with the Bank Secrecy Act and related rules. Cross River has the internal expertise to monitor these transactions as well, and Gade characterizes the bank’s risk limits as conservative.

Cross River Bank has developed APIs to facilitate cryptocurrency transactions, allowing the bank to quickly access the accounts of Coinbase users. “We never actually touch Bitcoin,” says Gade. Money is pulled from the Coinbase user’s bank account and deposited in a dedicated Coinbase account at Cross River. Coinbase then issues the desired cryptocurrency to the user. When the user wants to sell, the reverse of this process occurs, with the money in U.S. dollars landing in the user’s traditional bank account.

The banking industry has focused more attention on the potential of the underlying technology behind bitcoin—blockchain, a digital ledger by which participants can transfer assets without a centralized authority. “The underlying technology is where the real value is,” particularly for the banking industry, says Brent McCauley, a partner at the law firm Barack Ferrazzano. Blockchain could help the financial sector create efficiencies in several areas, from cross-border transactions to authenticating customer identities. And banks are actively testing concepts and working with the technology. “The blockchain is a technology which is a good technology. We actually use it. It will be useful in a lot of different things,” said Chase CEO Jamie Dimon last October, who has harshly criticized Bitcoin. “God bless the blockchain.”

Bitcoin has captured the attention of investors looking to cash in on the crypto-boom, but the volatility shown by Bitcoin and its crypto-brethren makes it an undesirable way pay for goods and services in the United States, or any other country with a stable currency. “The price has been skyrocketing, but for the most part, people are not using it for financial transactions,” says Jim Sinegal, an equity analyst with Morningstar. What seller wants to lose thousands of dollars if Bitcoin crashes, and what buyer is comfortable paying significantly more than an object is worth when the currency fluctuates?

As a result, few retailers accept Bitcoin as a method of payment. But as the payments landscape continues to evolve, bank boards and management teams would benefit from understanding cryptocurrency. Bitcoin transactions are public and traceable, for example. “Everybody can see the chain of title for Bitcoin, so it does provide some advantages that fungible currency doesn’t provide,” says McCauley. Central banks are exploring their own options for digital currency, and there are several cryptocurrency competitors to Bitcoin. Even if it doesn’t become a common form of currency in its own right, Bitcoin has blown the lid off the payments space. It would behoove directors serving on bank boards to consider what this means for their own institutions, and whether there’s a way to make a profit in this evolving space.

Disclosure: The writer owns a small stake in Bitcoin, Ethereum and Litecoin and manages her investment through her Coinbase account.

Banks Face Continuing Legal Challenge Servicing Marijuana Growers


marijuana-9-8-17.pngIn the past five years, marijuana has become big business in the United States. There are now eight states with fully legalized recreational marijuana. Couple that with the other 20-plus states with legalized medical marijuana and we have two-thirds of Americans living in states with some form of legal access to marijuana. Many of the remaining states have decriminalized possession of small amounts of marijuana. Currently, it is estimated there are approximately 200,000 full-time and part-time workers in the cannabis industry, with legal marijuana and marijuana-related businesses (MRBs) anticipated to account for revenues in the $50 billion range over the next few years.

However, marijuana remains illegal at the federal level under the Controlled Substances Act. Marijuana continues to be classified as a Schedule I narcotic, which is the highest and most dangerous drug classification. Schedule I drugs are those that have no known medicinal value and the federal government considers to be illegal in all respects. Included with marijuana in this classification are heroin, ecstasy, methaqualone and peyote.

The inconsistency between state and federal laws has caused much confusion and consternation, particularly for financial institutions. In states where marijuana is legal, financial institutions have made many requests for federal guidance on banking MRBs. In 2014, the Department of Justice and Financial Crimes Enforcement Network, or FinCen, responded to such requests with the so-called Cole Memorandum and guidance titled “BSA Expectations Regarding Marijuana-Related Businesses,” respectively. The Cole Memorandum states the federal government will not prosecute within the cannabis industry so long as companies (including banks) obey local and state laws and regulations. The FinCen guidance provided a procedure for filing Suspicious Activity Reports for known MRB bank customers.

Unfortunately, neither of these governs the three prudential federal bank regulators, particularly in the enforcement of Bank Secrecy Act and anti-money laundering rules. As a result, most banks will not touch marijuana-related deposits, make loans to marijuana businesses or permit the use of credit cards on their payment systems. Banks that do provide services to MRBs are very quiet about it. They typically limit the deposits to certain dollar amounts, and if there is any whiff of concern, the accounts are quickly closed. It is estimated that in 2016, about 300 financial institutions in this country knowingly provided deposit accounts to MRBs. Many of these institutions have long standing relationships with their MRB customers and often require them to sign confidentiality agreements to keep the relationship quiet. There has been much speculation on how many banks are unknowingly banking marijuana customers, though it is certain that many are.

All of this legal uncertainty and risk has kept most banks out of the marijuana growing industry, leaving the business almost entirely cash-based. Many MRBs must find workarounds to deal with the cash they cannot deposit and the bills and taxes they must pay. Retailers have methods for hiding cash, including the purchase of armored cars and warehouses where cash can be stored. Many in the business have created their own security forces enlisting motorcycle gangs and former police or military personnel to protect their cash. Employees also are paid in cash, so pay day is staggered in order to prevent robberies. Taxes must be paid in person and are subject to penalties for cash payment. In addition, those who pay their taxes in cash are not eligible to take deductions, so they are paying taxes on gross revenue amounts, though it is difficult to determine (or audit) what those gross amounts really are. Many states are realizing this cash-based business is ripe for organized crime involvement.

With traditional banking mostly out of the picture, many entrepreneurs are working on technical alternative payment platforms as a way around old fashioned banking relationships. Some are using or developing crypto-currency platforms like Bitcoin and, more recently, Potcoin. These are only limited solutions to not having a deposit account or the ability to accept credit card payments. Others are trying to use stored value cards, cell phone apps and other mechanisms. Currently, no alternatives have caught on with the public or the industry. Alternative lenders, including individuals, private equity firms and loan sharks also have stepped in to provide expensive financing to the industry.

The Trump administration does not seem keen on legalizing marijuana, and Attorney General Jeff Sessions appears to be leaning toward increased enforcement. There are numerous bills in Congress to legalize marijuana and permit MRBs to be banked, but it is not clear whether any of these will pass. Until then, most banks will continue facing legal issues and continue avoiding the burgeoning and lucrative marijuana industry.

What Recent Deals Say about the Federal Reserve’s Focus on Fair Lending


lending-5-31-17.pngFair lending compliance and community benefit plans are increasingly important factors in the merger and acquisition (M&A) approval process. In 2016 and the first quarter of 2017, the Board of Governors of the Federal Reserve System (Federal Reserve) approved 20 bank or bank holding company M&A applications. Fair lending compliance history was an essential element of the regulatory analysis in these cases. While the Federal Reserve focused on compliance issues beyond fair lending —such as the Bank Secrecy Act, overdraft policies, residential servicing, commercial real estate concentration, and enterprise risk management—fair lending was one of the hottest compliance issues that arose from the merger approval process. Regulators also are reviewing applicants’ combined compliance programs and controls to ensure that the resulting institution will be properly suited to protect against the new risks created through the transaction, particularly where the transaction will result in an acquirer crossing a key regulatory growth threshold. For example, the Bank of the Ozarks received regulatory approval for two M&A transactions in early 2016 and crossed the $10 billion asset threshold while both acquisition applications were pending. As evidenced by the Bank of the Ozarks approval order for the larger acquisition, fair lending compliance was a significant factor in the Federal Reserve’s evaluation of the transaction.

Moreover, many of the institutions that obtained Federal Reserve approval for an acquisition during this period demonstrated a commitment to fair lending compliance beyond receipt of a satisfactory or outstanding Community Reinvestment Act (CRA) rating. Nearly all approved applicants had a designated CRA officer and/or CRA committee, and several applicants described detailed plans for improving community lending in particular assessment areas.

Community Benefit Plans Emerge as Important Factor for Regulatory Approval
The 2016 and 2017 M&A approvals also revealed the role of formal community benefit plans, as most clearly demonstrated in KeyCorp’s acquisition of First Niagara Financial Group, and Huntington Bancshares’ acquisition of FirstMerit Corporation. These two transactions received a considerable number of public comments focused on CRA and fair lending, and these large financial institutions used community benefit plans as an effective tool to demonstrate their commitment to fair lending compliance.

KeyCorp worked closely with various community organizations to develop a community benefit plan that was announced in March 2016, prior to KeyCorp’s receipt of regulatory approval for its merger. Under the KeyCorp plan, KeyCorp committed to lending $16.5 billion to low- and moderate-income communities over a five-year period, with up to 35 percent of the total commitment targeted at the areas where KeyCorp and First Niagara overlapped in New York, and to maintaining a vital branch and administrative footprint in western New York. Similarly, after submitting its merger application, Huntington adopted a community benefit plan committing to invest $16.1 billion in its communities, including low- and moderate-income communities, over a five-year period.

Notwithstanding the Federal Reserve’s reliance on the KeyCorp and Huntington community benefit plans in concluding that the relevant institutions are meeting the credit needs of the communities they serve, the Federal Reserve noted in the Huntington approval order that “neither the CRA nor the federal banking agencies’ CRA regulations require banks to make pledges or enter into commitments or agreements with any organization.” Accordingly, the Federal Reserve likely will not require a bank to make any community investment pledge to any organization in the absence of significant negative comments or, more importantly, adverse examination findings or a pending enforcement action. Nevertheless, given their apparent benefits, both for Federal Reserve applications and for general community and regulator relations, community benefit plans likely will remain a factor in the approval process for bank mergers that attract community groups’ attention—and likely will help expedite the approval process in the face of adverse community group comments.

Outlook
The 2016 and early 2017 merger approvals make clear that a comprehensive fair lending strategy, which may or may not include a community benefit plan, is likely to be well received by the regulators and considered in applicable approval analyses. We expect the regulatory staff of each of the federal banking regulators to continue to focus on fair lending compliance and that community groups will continue to comment actively on the fair lending compliance issues of bank M&A acquirers and attempt to influence their activities.

OCC Fintech Charter: Considerations for Banks


fintech-4-12-17.pngThe Office of the Comptroller of the Currency (OCC) recently announced it would move forward with a plan to grant special purpose national bank charters to qualifying financial technology companies. The OCC has solicited comments on the proposal, which it will evaluate to determine whether to formally adopt the process for granting fintech charters. If adopted, companies granted such a charter would become national banks regulated by the OCC, with the attendant regulatory obligations and oversight, and would no longer need to partner with traditional banks to take advantage of preemption of certain state laws. As noted by the OCC Chief Counsel Amy Friend, the first charter may be granted in the first half of 2017.

General Requirements
Under the proposed rule, for a company to qualify for a fintech charter, it must have the appropriate corporate structure, engage solely in bank-permissible activities and adhere to certain regulatory requirements.

Generally, national bank charters subject their holders to specific standards and federal oversight such that the firm can conduct business nationally. Because the proposed fintech charter would be granted under the National Bank Act (NBA), fintech companies would need to adhere to the statute’s governance requirements. For example, a fintech firm chartered by the OCC would need to have a minimum of five board members.

In addition, fintech charter holders only would be permitted to engage in activities authorized by OCC regulations and associated interpretations. These activities can include, among others, lending money, issuing debit cards and facilitating payments, but also investment advisory services and certain brokerage activities. If a given activity is not clearly permitted by the OCC, the firm could seek permission from the OCC, which grants approval of new activities on a case-by-case basis. Beyond OCC regulations, the new charter would impose other laws on a chartered fintech firm, such as the Bank Secrecy Act and related anti-money laundering laws, as well as certain enhanced prudential standards under the Dodd-Frank Act if applicable.

Moreover, a fintech charter holder will be required to meet various supervisory requirements, including that it maintain a business plan documenting its activities, such as with respect to financial inclusion; have a governance structure that reflects the expertise, financial acumen and risk management necessary in light of the proposed business lines; effectively manage compliance risks, such as consumer protection and anti-money laundering; and address potential recovery and resolution. In addition, a fintech firm would need to maintain capital and liquidity commensurate with the risk and complexity of the proposed businesses, including any off-balance sheet activities.

Despite the many requirements the OCC is likely to impose when granting a fintech charter, fintech-chartered companies would have the advantage of no longer being required to register with or become licensed in each state where they conduct business. As enjoyed by national banks, the fintech charter generally would give a company the benefit of preemption under the NBA. Among other features, this would allow the exportation of interest rates from a bank’s home state to other states regardless of the home state’s usury restrictions.

Various stakeholders have reacted to the proposal with differing views. For example, the New York Department of Financial Services submitted a comment letter opposing the proposal and arguing that state regulators are the best equipped to regulate the fintech industry. Others in the industry have voiced their support.

Considerations for Existing Banks
Banks may see fewer partnerships with fintech companies as a result of the fintech charter because NBA preemption means that fintech firms no longer need a bank to obtain the advantage of state law preemption.

The fintech charter holders would not have a material competitive advantage with respect to banks because they are subject to the full panoply of OCC regulation and supervision.

Banks may consider seeking their own fintech charter, perhaps through an affiliate, if particular business lines might benefit or if they are currently chartered in one or only a few states in order to expand their national presence.