A Bank CEO Manages the Risks of Doing Business with Fintechs



Not all banks are comfortable taking on the risks of partnerships with startup fintech companies. Mike Butler is the president and CEO of Radius Bank, a $1 billion asset, Boston-based bank with three offices, and a national customer base serviced through innovative online and mobile technology. He explains how he handles the risk of doing business with fintech companies.

The video includes information on:

  • Radius Bank’s Approach to Vendor Risk Management
  • Regulatory Concerns
  • The “Wall” That Protects Customer Data
This article first appeared in the Bank Director digital magazine.

Avoiding Pitfalls in Your Bank’s Data Processing Agreement


vendor-management-9-23-15.pngA bank’s core processing agreement is often, by far, its most significant vendor agreement. These lengthy and complex agreements are commonly weighted heavily in favor of the vendor and can be rife with traps, such as steep change-in-control and early termination penalties. Nonetheless, many banks enter into core processing agreements without prior review by counsel, or even reading the agreement themselves. In the current regulatory environment, which stresses and scrutinizes vendor risk management and diligence, a bank’s failure to review and negotiate its core processing agreement could easily result in regulatory criticism, as well as unanticipated costs and potential liability.

In the past few years, the bank regulatory agencies have issued new or updated guidance related to vendor diligence and risk management. In those issuances, the regulators express concern that banks’ vendor risk management practices may be inadequate, citing instances in which management has failed to properly assess and understand the risks and costs of their vendor relationships. Regulators are concerned that banks may enter into agreements that are detrimental to the bank’s employees, customers or other stakeholders. Banks are expected to have risk management processes that correspond with the level of risk and complexity of their vendor relationships. Those processes include due diligence, careful vendor selection, contract negotiation, proper termination mechanisms and ensuring proper oversight. Regulators further expect banks to have more comprehensive and rigorous oversight of management of third-party relationships that involve critical activities, which may include significant bank functions, such as payments, clearing, settlements and custody, or significant shared services, such as information technology.

Regulators conducting bank examinations expect to see adequate risk management policies and procedures in place. Proper due diligence, negotiation, and oversight for data processing contracts should be integral to those procedures. Contrary to what many may think, the terms of data processing agreements are negotiable. Some of the most unfavorable terms may be eliminated simply by emphasizing the regulatory or business necessity for those changes during negotiations. Key terms to address in the negotiation process include termination provisions, regulatory provisions, audit rights and performance standards, among others.

A less obvious concern with core processing agreements arises in the context of a bank merger or acquisition. Steep termination fees in a data processing contract can change the economics of a bank acquisition transaction, making the selling bank a less attractive target and negatively impacting shareholder returns on the sale. It is typical for the initial proposal of a data processing agreement to include contract termination fees equal to roughly 80 percent of the remaining fees payable during the term of the contract. In most cases, these termination fees are negotiable, and data processing providers may be receptive to a graduated termination fee schedule, such that termination fees are less severe later in the term of the contract. In addition, termination fee calculations in core processing agreements are often complex. As such, it will be important for bank management to understand the practical implications of those calculations. Data processing providers will often attempt to recoup any past credits or rebates through the termination fee formula. Understanding and negotiating these termination provisions on the front end can save millions of dollars for the acquiring bank, and ultimately increase returns for the bank’s shareholders.

If your bank is considering a new data processing vendor, or reaching the expiration of your current term and considering renewing with your old vendor, you should work through your regulatory vendor risk management and due diligence checklists before entering into a new contract. We further encourage you to identify a dedicated team, with access to bank counsel, to review and negotiate any proposed agreement. If your institution is considering a future sale or other business combination transaction, then negotiating your data processing contract is of paramount concern. Ultimately, an ignored termination provision in your core processing agreement has the potential to undermine a potential merger or materially impair shareholder returns.

Doing an Acquisition? Don’t Forget the CRA Rating


bank-ratings-9-2-15.pngAs we move further away from the recent economic crisis, an increasing number of financial institutions are considering becoming buyers or sellers. It is therefore important that potential acquirers position themselves to be attractive suitors, and sellers demonstrate that they are healthy candidates. Although much of this focus is directed toward an institution’s overall safety and soundness and numerous other factors, one issue that should not be overlooked is its record of meeting the credit needs of its local communities when measured against the requirements of the Community Reinvestment Act.

CRA Primary Factors
There are two relevant factors related to CRA. First, an acquiring institution’s CRA rating can dictate whether a potential deal will receive regulatory approval. Depending on the severity, a potential acquirer with a less than “satisfactory” rating, or even one with more narrow weaknesses in its CRA program, will find it difficult if not impossible to obtain regulatory approval for any transaction until it improves its rating and its internal CRA program. Also, the CRA condition of the seller is significant, and the buyer should determine how that will impact the bank after consummation.

Even an institution with an “outstanding” CRA rating can still face difficulties executing a transaction. The CRA allows individuals and community groups to take an active part in the regulatory application and approval process of a transaction by providing a mechanism for the submission of public comments regarding any perceived CRA compliance weakness or criticism of a party to the transaction. Because the CRA rating is publicly reported, unlike the institution’s other confidential examination ratings, this becomes an easy target. By taking advantage of the publicly available data concerning financial institutions, including CRA ratings, groups located far outside the acquirer’s market area can file comment letters that pass the very low threshold set by regulators to entertain these protests. In some cases, these activist groups have been able to extract significant commitments from acquirers just to get deals done.

Regulatory Approval Process
Most often, these public comments do not, in and of themselves, prevent an otherwise viable transaction from occurring. They can, however, significantly slow down a pending transaction. Under current procedures, written public comments are included as part of the record that the federal agencies review in the evaluation of an application for a transaction. In connection with these public comments, the regulators may make several requests for additional information before ultimately determining whether those public comments will impact their approval of the proposal. This process can take several months, and can even drag on for significantly longer. From deal uncertainty, to the potential that key talent will leave in the wake of a long transition, to the potential for major shifts in the market or rapid economic change, delaying the closing of a transaction while this process unfolds can be quite costly and damaging for the parties involved.

The importance of the CRA comment process to banking M&A has existed for decades, although historically, it generally has been confined to transactions involving very large financial institutions, such as the recent CIT Group-OneWest Bank acquisition. With the current paucity of larger bank transactions, smaller deals are attracting more public scrutiny and suffering significant delays of, in some cases, many months. Discussions and negotiations with the regulators on this issue may be difficult and frustrating. If CRA comments are submitted to regulators for a particular transaction, it is important to quickly develop with legal counsel a clear strategy to address and resolve any issues that have been raised.

Practical Takeaways
To mitigate the CRA risk in M&A transactions, the following are some strategies that an organization should consider, either as a buyer or a seller:

  • Continue to develop a strong CRA program and strategy.
  • Proactively develop or deepen relationships with local community groups.
  • Be extremely careful and consult with legal counsel when deciding whether and how to respond to broad “informational” questionnaires from community groups.
  • Engage with banking regulators early in the transaction process regarding each party’s CRA status, strengths and potential challenges.
  • In the transaction agreement, consider specifically providing for community-based outreach or support programs following the transaction.
  • Provide clear evidence of community support by both parties, pre- and post-transaction, in the deal announcement.
  • Take all protests seriously, and be cognizant that all communication and information may become public.