Here’s What Bankers Are Asking About Risk Committees


committee-6-13-18.pngOne of the central topics of conversation at this week’s Bank Audit & Risk Committees Conference hosted by Bank Director in Chicago is whether a bank’s board of directors should have a risk committee separate from its audit committee. And for banks that have already established a risk committee, the question is what responsibilities should be delegated to it.

In one respect, the question of whether a bank should establish a risk committee seems easy to answer because it’s clearly delineated in the regulations. Under the original Dodd-Frank Act of 2010, banks with more than $10 billion in assets are required by law to have one, though that threshold was raised to $50 billion in legislation enacted last month designed to ease the burden of the post-financial crisis regulatory regime on smaller banks.

There is a general consensus among attendees at this year’s conference that a bank shouldn’t base its decision to establish a risk committee solely on a size threshold. “Now that we have a risk committee, I don’t know how we did it without one,” said Tom Richovsky, chairman of the audit committee at United Community Banks, a $12.3-billion bank based in Blairsville, Georgia.

Rob Azarow, a partner at Arnold & Porter, says the decision should be informed by two factors in addition to size. The first is the complexity of a bank, with the presumption being that a bank with a more complex business model should establish a risk committee sooner than a bank with a less complex model. The second factor is dollars and cents—namely, whether a bank has the internal resources at its disposal to essentially split its existing audit committee into two.

It’s worth noting as well, as Azarow points out, that even under the new legislation, the Federal Reserve retains the authority to require a bank to implement a risk committee, irrespective of size. Another point to keep in mind is that even for banks not required as a result of their size to establish a risk committee, once established, it is subject to regulatory oversight.

Approximately half the banks at this year’s Bank Audit & Risk Committees Conference have both types of committees—audit and risk—with many of the others still weighing the pros and cons of establishing both.

Deciding whether to have a risk committee is only half the battle; the other half involves deciding exactly what that committee should do. Should it be vested with all risk-related questions, thereby usurping the authority over those questions from other committees? Or should the other committees retain their authority of relevant risks, while the risk committee then plays the role of overseeing an aggregated view of those risks?

This distinction is clearest in the context of the credit committee, for example. One of the fundamental purposes of a credit committee is to gauge credit risk. It isn’t uncommon, for instance, for a bank to require its credit committee to approve especially large loans. Would the risk committee now handle this?

Generally, the answer is no. The role of the risk committee when it comes to credit risk is broader, focused on concentration risk as opposed to the risk associated with individual credits.

Another place this comes up is in the context of technology and information security. While the audit committee would retain the authority to ensure that current laws, regulations and best practices are being abided by, the risk committee would be more focused on looming threats.

Deciding which responsibilities fall under the risk committee as opposed to, say, the audit and credit committees seems to boil down to the question of whether the issue is backward-looking or forward-looking, tactical or strategic. Issues that are forward-looking and strategic should go to the risk committee, with the rest remaining under the jurisdiction of their home committees.

To be clear, conclusions on when and how to charter a risk committee are far from settled. There are rough best practices, but no overarching consensus in terms of bright lines. Even banks that have established separate risk committees with clearly delineated duties are still in a process of adjustment. They’re happy with their decision to do so, but they recognize that this is more of an evolution than a revolution.

Health Check of Governing Documents


governane-3-23-18.pngLike laws and regulations applicable to financial institutions, corporate governance best practices are not static concepts. Instead, they are constantly evolving based on changes in the law, the regulatory framework and investor relations, among other matters. When was the last time the governing documents of your financial institution were reviewed and updated? The governing documents of many financial institutions were prepared decades ago, and have not evolved to reflect or comply with current laws, regulations, and corporate governance best practices. In fact, in the course of advising financial institutions, we have come across numerous governing documents that were prepared prior to the Great Depression. Although such documents may still be legally effective, operating under them may subject your financial institution and its board of directors to certain legal, regulatory and business risks associated with antiquated governance practices. As such, reviewing and, if necessary, updating your financial institution’s corporate governance documents is not just a matter of good corporate governance but also an exercise in risk mitigation.

Certain common—yet often alarming—issues may arise from the use of outdated governing documents. These include:

  • Indemnification provisions may be inconsistent with and unenforceable under applicable law. Likewise, most governing documents also contain provisions providing for the advancement of expenses to directors and officers in connection with legal actions relating to their service to the financial institution. In addition to legal compliance concerns, these provisions should be carefully drafted to ensure that the financial institution is not required to advance expenses to such officer or director with respect to a lawsuit between such person and the financial institution.
  • Voting procedures may be inconsistent with applicable law and/or best practices. These practices may also be inconsistently defined and conflict with relevant governing documents of a single financial institution.
  • Procedures to prevent or discourage shareholder activism or a hostile takeover of your financial institution could be inadequate.
  • Rights of first refusal or equity purchase rights contained in different, but operative, agreements among shareholders and the financial institution could be inconsistent.
  • Provisions limiting the liability of directors and officers of your financial institution may be inconsistent with and unenforceable under applicable law, or such provisions inadvertently may be more restrictive than permitted under applicable law.
  • Non-competition and non-solicitation provisions contained in various agreements applicable to the same director or executive officer could compete with one another.
  • Shareholder agreements for financial institutions could be structured in a fashion such that the Federal Reserve deems the agreements themselves to qualify as a bank holding company under the Bank Holding Company Act of 1956. For instance, based on guidance previously issued by the Federal Reserve, this unexpected outcome could occur if your financial institution’s shareholder agreement contains a buy-sell provision and is perpetual in term. These are common terms of shareholder agreements designed to protect a financial institution’s Subchapter S election, so bank holding companies that are Subchapter S corporations are being required by the Federal Reserve to amend their shareholder agreements to limit the terms to 25 years. Without such an amendment, the Federal Reserve takes the position that a Subchapter S shareholder agreement, in and of itself, can be deemed a bank holding company.

The board of directors and management team can protect the financial institution from these risks by following a few simple steps to update its governing documents.

  • Locate your governing documents. These could include the financial institution’s articles or certificate of incorporation, bylaws, committee charters, shareholder agreements, buy-sell agreements, corporate governance guidelines or policies, intercompany agreements, and tax sharing agreements.
  • Review and analyze the financial institution’s governing documents to identify any risks or areas for improvement, or areas that could be updated to reflect current laws and to incorporate current best practices.
  • Revise the financial institution’s governing documents to mitigate identified risks, address legal deficiencies and reflect current best practices.
  • Develop a procedure for monitoring changes in applicable laws and best practices that affect the institution, and implement an ongoing process for addressing any such changes in a timely manner.
  • Finally, designate a committee of the board of directors (e.g. the governance committee) or a member of the management team to manage the monitoring procedure established for this purpose.

Although simple, following these steps will help to prevent or mitigate many of the legal, regulatory and business risks that may arise as a result of operating under outdated governing documents and, more importantly, strengthen your financial institution’s corporate governance practices in a manner that better positions the board of directors and management to effectively oversee your financial institution and protect against unwanted shareholder activism.

Driving Profitability by Keeping Score


profitability-2-19-18.pngTwo thousand and seventeen proved to be a pretty good year for banks, and 2018 promises to be even better. While the economic environment of lower taxes, rising rates and promises of deregulation have driven up valuations, the secret sauce that produces results still eludes many. The answer lies deep within banks and can be realized by implementing balanced scorecards throughout that hold people accountable for performance and provide targets for success that drive the bottom line.

Developing benchmarks by individual business lines to enforce accountability can help them improve their staffing, processes and strategies, and often exposes low performers and manual processes that negatively impact profitability. Although this seems logical, in practice few banks have had success in figuring out these scorecards.

The following best practice tips will help in creating these metrics, setting appropriate goals and designing an effective overall performance management strategy.

Keep it Simple: Every department should be working with five to seven (not 20) easy-to-track metrics. Too much detail can cause confusion as well as create more work than it’s worth to calculate. For example, tracking the average time customers wait in line in branches is next to impossible and non-productive, but tracking call center hold times is much easier and most likely exists in a canned report today.

Take a Balanced Approach: A mixture of efficiency, quality and risk benchmarks provides a good balance. The following example of a balanced scorecard in mortgage lending illustrates risk metrics including approval rates, average credit score, client service metrics for turnaround times and efficiency metrics for production of loan officers, processors and underwriters.

metric-chart.pngFocus on the Outliers: Tracking performance is only the first step in developing a scorecard system. As the performance culture matures and as data trends become clearer, identifying outliers and improving performance in those areas is the key. Becoming a high performer sometimes means changing an underlying process or technology. But it can also come down to one or two individuals who are driving either high or low performance. Digging in to understand those variants can pay significant dividends. For example, in our sample scorecard, one loan officer was doing 15 loans per month while others were doing three to four.

While compensation structure can account for some of this variance, the opportunity cost to get those lower performers up to at least average can be significant. It turns out that the officer doing 15 loans per month had reached out to marketing for lists of clients new to the bank that had mortgages at other institutions and was cross-selling those in his market while the others had no idea the information was available.

When it comes to revenue generation, most banks have squeezed expenses and capitalized on the low-hanging fruit. The next step is to drive the bottom line through well-thought-out business line scorecards that produce actionable data to improve performance. The goal is to use these key performance indicators to drive better processes, strong customer service, less risk and higher returns to shareholders.

Improving Workflow Saves Time and Money


workflow.png

Progressive banks add new features and functionalities on a regular basis. Most can attest to a long technology wish list, but bankers and their technology partners must be careful not to lose sight of what’s most important: the employee and customer experience. The multitude of disparate departments, systems and protocols that drive banks can be intricately interwoven and inherently inefficient. Standard workflows can involve the shuffling of paper and manual data entry, passing responsibility back and forth between numerous divisions with a general lack of ownership that creates longer turnaround and service times.

In an environment where bankers are regularly challenged to do more with less, improving workflows can be a goldmine for process efficiencies, regaining resources and creating an optimal user experience. Too often, banks just continue to hire staff to run redundant, menial processes, which only serves to put a band aid on the problem while still absorbing an inordinate amount of time and resources. The problem compounds as banks grow larger in size and are faced with scaling and combining already burdensome procedures.

Banks and vendors alike must consider new approaches to how they’ve done things in the past and address these inefficiencies. Most procedures that involve multiple steps, departments and systems can be streamlined into a simpler, expedited process. Think about the implications here: streamlining and automating the viewing, refiling, printing and indexing of documents for a bank with approximately 40,000 actions each month would save employees dozens of work hours a month, translating into tens of thousands of dollars in annual cost savings.

There are many practices banks can easily adapt for efficiency gains. The first step is to evaluate current processes with a careful eye for redundancies and bottlenecks. You can’t fix what you don’t know is broken, so begin by identifying the problems and determining their cause. During this step, it’s important to consult employees from all areas of the bank to gain sight of the bigger picture.

Next, prioritize where to focus first. Starting with a few targeted projects will give you a firm understanding of how to create and implement proper workflows, straightening out any kinks and asking any questions before tackling larger and more numerous projects. Workflows can be applied to nearly every area of banking, so it’s important to have a strategy in place or it may become overwhelming.

The Bank of Missouri, headquartered in Perryville, Missouri, recently teamed with Jack Henry Banking, its core technology provider, to transform its internal processes with a workflow solution. The bank recently surpassed $1.3 billion in assets in just six years through both acquisitions and organic growth. Its branch infrastructure also increased from 13 to 23 (soon to be 26) locations. This growth and merger of cultures came with some inevitable growing pains, most notably the need to standardize processes and optimize efficiency.

The Bank of Missouri worked closely with Jack Henry to automate arduous multi-step processes, both internal and customer facing. Its goal was to significantly improve its efficiency ratio and make a positive contribution to the bottom line by creating consistent, cost effective processes that reduce operational risk and unnecessary expense.

After taking the time to learn how to identify problem areas and create appropriate workflow solutions, The Bank of Missouri now has 17 workflows in production, enabling it to eliminate redundant data entry, boost visibility and streamline processes across several areas of the institution, including HR, IT, deposit operations, loans, retail and more.

An example of the bank’s success is how it transformed the deposit fee refund process. Front office staff had to print, manually fill out and scan documents before the reversal process was performed by back office staff who also imaged and indexed the document, consuming a large amount of time and manual effort. With its workflow solution, multiple steps and searches are now automated and approved. This workflow alone is currently saving the bank approximately 54 hours and $1,000 per month, yielding an annual savings of $12,000.

In addition to creating unrealized efficiencies, leveraging a workflow solution can also allow banks to channel resources that were previously spent on burdensome tasks into more strategic and customer facing activities. When bank employees are empowered to add and cultivate skillsets, they’re more likely to feel valued and stay with their institution longer. Returns such as this can prove to be indispensable for any well run financial institution.

Dedicating just a small portion of resources to improving the back office can make a monumental impact. If the only reason for your processes is history, they may be outdated. Revamping workflows to streamline procedures and optimize efficiency is an integral component of any modern and progressive bank.

Chris Congiardo, systems analyst manager for The Bank of Missouri, is theco-author of this piece.

Handling Today’s Top Risk Challenges



Cybersecurity and compliance are the top two areas of concern for the bank executives and directors responding to Bank Director’s 2017 Risk Practices Survey, sponsored by FIS. What are the best practices that boards should implement to mitigate these risks? In this video, Sai Huda of FIS highlights the survey results and details how boards can stay proactive.

  • Cybersecurity and Compliance Gaps
  • Five Cybersecurity Best Practices
  • Three Ways to Strengthen Internal Controls

Cybersecurity Governance: How to Protect the Bank


cybersecurity-12-23-16.pngModern banking increasingly relies upon technology and the internet to manage and streamline business operations. With increased dependence on technology comes an increased risk of security threats. Kaspersky Lab reported it had detected 323,000 malware files per day using its software in 2016. This number is 4 percent higher than in 2015.

The impact of a successful cyberattack is often quite damaging: legal liabilities, brand reputation, lack of trust from customers and partners, and ultimately, revenue. The average cost of a data breach is now up to $4 million, according to a 2016 Ponemon study.

Banks are responsible for more data than ever and as data use continues to grow, banks face the challenge of properly creating strategies, frameworks and policies for keeping sensitive data secure. Meanwhile, criminals develop new and sophisticated tactics to target valuable data.

Security is, and should be, a concern for all employees. However, leadership must be responsible for establishing and maintaining a framework for information security governance. Information security governance is defined as a subset of enterprise governance that provides strategic direction, ensures objectives are achieved, and manages risks while monitoring the success or failure of the IT security program.

Whether it is the board of directors, executive management or a steering committee that is involved—or all of these—information security governance requires strategic planning and decision-making.

Best Practices
Despite the threats of cyberattacks and data breaches, banks can take proactive steps to better position themselves for successful security governance. What follows are five strategic best practices for information security governance:

1. Take a holistic approach.
Security strategy is about aligning and connecting with business and IT objectives. A holistic approach can provide leadership with more levels of control and visibility.

What data needs to be protected? Where are the risks? Take a unified view of how information security impacts your organization and how employees view security. Get early buy-in from key stakeholders, such as those in the IT, sales, marketing, operations and legal departments. Scope out what data needs to be protected and how that fits into the larger picture.

2. Increase awareness and training.
Although developed by leadership, information security governance speaks to all employees within the organization and requires continued level of awareness. Governance creates policies and assigns accountabilities, but each member is responsible for following the security standards.

Constant training and education on security best practices is vital. The cyberthreat landscape is rapidly changing and employees, and company training, must keep up. This way, if new threats emerge, you will be prepared.

3. Monitor and measure.
Information security governance should never have a “set it, then forget it” approach. It’s about ongoing assessment and measuring. Monitoring ensures that objectives are being achieved and resources are appropriately managed. What security governance policies are working? Which policies are not?

Conduct mock data breach scenarios to test the efficacy of corporate teams and company incident response plans. Test results can reveal strong and weak links—what the bank needs to concentrate on, and what security governance policies work well under pressure.

4. Foster open communication.
Stakeholders should feel they can openly communicate directly with leadership, even when sharing bad news. Open communication promotes trust and brings a higher level of visibility throughout. Engagement is key. Consider creating a steering committee comprised of executive management and key team leads (IT, marketing, finance, PR, legal, operations, etc.) to review and assess current security risks.

5. Promote agility and adaptability.
Gone are the days of monolithic, cumbersome governance; banks need to adapt quickly to meet the changing tide of security threats. IT management, which is typically concerned with making tactical decisions to mitigate security risks, might have some hands-on experience and opinions about the effectiveness of a particular security policy, but their recommendations can only go so far without C-suite support. Leadership must quickly determine how to implement suggested changes throughout the bank. And if a security governance policy is ineffective, leadership must be willing to jettison the policy.

Overall, successful information security governance involves a continuous process of learning, revising and adapting. Banks need to be proactive and strategic with their security posture. Threats and incidents are inevitable, but moving strategic security governance to the forefront of your organization can help protect valuable information.

Download the full Diligent white paper: Five Best Practices for Information Security Governance.

Bank Boards Should Focus on Commercial Real Estate Concentrations


risk-management-10-10-16.pngBank boards should make sure they are reviewing their policies and practices related to commercial real estate (CRE) lending. Regulators have made clear that CRE concentration risk management will be a focus at exam time.
While many banks are approaching the CRE limits that trigger regulatory scrutiny, they are often not following best practices for managing concentration risk, particularly in stress testing, Comptroller of the Currency Thomas J. Curry warned recently in a speech.

As a result, the Office of the Comptroller of the Currency elevated CRE concentration risk management to “an area of emphasis” in its latest Semi-Annual Risk Perspective. The Federal Deposit Insurance Corp. also reports that CRE-related informal enforcement actions known as Matters Requiring Board Attention are increasing.

The OCC says that CRE portfolios have seen rapid growth, “particularly among small banks.” The decision to emphasize CRE concentration risk management follows a statement from all three prudential regulators late last year that they would “pay special attention to potential risks associated with CRE lending” in 2016. Regulators said they could ask banks to raise additional capital or curtail lending to mitigate the risks associated with CRE strategies or exposures.

At the same time we are seeing this high growth, our exams found looser underwriting standards with less-restrictive covenants, extended maturities, longer interest-only periods, limited guarantor requirements, and deficient-stress testing practices,” Curry said in announcing the new emphasis.

Proper stress testing is crucial to managing CRE concentrations—but stress testing is the right tool for the job, it’s not the job itself. Too many banks think they can solve the CRE problem with stress testing alone. Here’s how they are doing it wrong:

  1. Only the CRE loan portfolio is being stress tested, which does a disservice to parts of the bank that are strong.
  2. Data gathering for stress testing each loan is a nightmare. Most banks don’t have it centralized. This will be an issue for banks when the Financial Accounting Standard Board’s new Current Expected Credit Loss standard (CECL) is implemented as well.
  3. Banks are treating the stress tests as a check-the-box exercise, without including top management to guide the process or use the results to position the bank for success.
  4. Management doesn’t understand the results, so they are not in a position to have effective conversations with examiners about why the tests are important.
  5. Most banks are not applying the stress test results toward strategic and capital planning.

Banks should use a combination of top-down and bottom-up stress testing to demonstrate to examiners that they can be trusted with elevated levels of CRE concentration. Key to that analysis is using loan-level data to analyze performance of the portfolio by vintage—e.g. the risk factors affecting loans change depending on the economic and market conditions on the date of origination—another lesson that will be important for banks when they implement CECL.

CRE concentration risk management best practices also include global cash flow analyses, an understanding of lifetime repayment capacities, proper appraisal reviews and ongoing monitoring of supply and demand. Banks must ensure that they have the right policies, underwriting standards and risk management policies to allow the board to monitor the concentration risk and understand the CRE limits. Appropriate lending, capital and allowance for loan and lease losses (ALLL) strategies are crucial.

Many banks are making the same mistakes when it comes to CRE concentration risk management, the FDIC reported in a recent teleconference. Besides insufficient stress testing, common weaknesses include:

  • Outdated market analyses that conflict with the bank’s strategic plans, either because the market data is wrong or not unique to the bank
  • Excessive limits
  • Poor concentration reporting and board documentation
  • Lax underwriting and insufficient loan policy exception programs
  • Appraisal review programs without sufficient expertise or independence
  • No CRE contingency plans
  • ALLL analyses that fail to consider CRE risks
  • No CRE internal loan review
  • Limited construction loan oversight

M&A can be an attractive solution to CRE issues for some community banks. Acquisitive banks, however, need to take special notice of the CRE concentration regulatory warning. Many potential acquisitions will result in concentrations that trigger special regulatory scrutiny, especially if they are cash-heavy transactions and are dilutive to tangible book value. Acquiring banks must be prepared to demonstrate that they have the capital management infrastructure to manage concentration risk.

The Four Habits of Successful Bank Compensation Committees


compensation-committee-6-17-16.pngCompensation committees are responsible for setting the foundation of a bank’s compensation program, subsequently impacting the bank’s underlying culture. The banking industry is more competitive than ever, so attracting and retaining top talent should be the number one priority. With a compensation committee that is educated on industry trends and modern-day compensation best practices, your bank will be on its way to developing programs that attract and retain top talent. Here are the top four best practices a bank’s compensation committee should consider.

1. Committee Members Should Take Steps to Stay Educated
Your committee members are responsible for staying aware of compensation trends. They need to always be in-the-know of complications, IRS penalties, and other factors with unintended consequences or expenses that can impact both the bank and the executives. Committee members should regularly review market trends in executive compensation; staying aware of banking trends as well as trends in other industries will better position the bank for success in recruiting, rewarding, and retaining talent. Your board should also be educated by the committee regarding your compensation philosophy and how the committee functions.

A few areas the compensation committee has direction over include equity grants, incentive structure, benefits, qualified plans, board compensation and other aspects of compensation. The directors should have a full understanding of structuring compensation plans, and if not, the committee should consult an adviser.

2. Establish the Duties and Responsibilities of Each Committee Member
In addition to staying educated, members of the compensation committee must have a framework for their efforts. This involves establishing the duties and responsibilities of each member, but before you begin, you’ll need to develop a compensation philosophy if you don’t already have one. Without an established compensation philosophy, your compensation committee will lack direction, clarity, and consistency regarding compensation practices. In addition to putting your philosophy in print, you should ensure that everyone on your committee understands it and is able to relay its message. The philosophy should be comprehensive as well as consistent with the culture of your bank, the interests of your shareholders and market trends.

3. Review the Committee’s Performance Quarterly
Quarterly, you should hold a meeting to assess the success of your committee. Check on what’s working and what isn’t with regards to committee function, meeting processes and other aspects. It’s important to look at whether you’re hitting benchmarks—and whether you’re attracting and retaining the talent you need to hit those benchmarks. There’s always room for improvement, so discuss what the committee may need to change in order for your bank to be more successful with recruiting and retention.

4. Engage Expert Consultants When Necessary
There’s a delicate balance that must be struck with compensation; it needs to be competitive enough to retain executives but as efficient as possible to drive shareholder value. With the increasing competition for talent and the rising costs of benefits like health care plans, many banks have been pre-funding benefits through plans such as bank-owned life insurance (BOLI). Choosing the best insurance carriers and structuring pre-funding plans is something that requires outside help from qualified consultants.

Professionals can help you determine competitive compensation packages and discern what investments will bring you the greatest return for the lowest risk.

If you don’t feel your compensation committee is hitting the mark, it’s time for something to change. Rewarding talent and funding those rewards is a complicated topic, so outside help from a compensation consultant who specializes in banking may be helpful to bring direction to your committee. If your committee follows these four best practices, you’ll be on a path to success applying your finest approach to compensation and benefits plans.

How Regulators Could Foster the Fintech Sector


fintech-innovation-3-30-16.pngRegulators can’t afford to wait any longer in developing a framework for their oversight of the fast-rising fintech sector. The number of fintech companies, and the amount of investment in them, is growing too rapidly for regulators to hope that they can supervise the sector by applying existing regulations for banks to fintech companies on an ad-hoc basis. That will only create gaps in regulators’ monitoring of the sector, and confusion among fintech companies trying to grasp the complexities of financial regulation in the U.S. Such gaps and confusion are already evident: Many fintech companies are failing to implement best practices in securing customer data, and many of them are also unaware of how existing regulations apply to them.

I addressed the security issue in a previous article, but regulators should be just as concerned with clearing up the confusion in the market. That’s because the government has a legitimate interest in encouraging fintech growth, which would be boosted by a clear regulatory framework. Some fintech companies serve customers that have been ignored by banks in recent years, bringing them into the financial system. For instance, companies like OnDeck Capital, Kabbage, Lendio, Square, and others are filling the credit needs of small businesses that banks have been hesitant to lend to ever since the Great Recession. Regulators should be careful about imposing standards that gash this new source of credit for underserved small businesses. Also, some new technologies that fintech startups are working on, like the blockchain, can improve regulation and compliance throughout the financial services industry.

Build Relationships Early
How can regulators help foster innovation without sacrificing security and integrity in the financial system? For one, they should start their interactions with fintech companies as early as possible to encourage innovation while also safeguarding customers. This means providing guidance to companies while they are still developing and experimenting with their solutions, so companies can incorporate compliance into their products early on. If regulators wait to offer guidance until after products have already been developed or released on to the market, then regulators will become an unnecessary obstacle to innovation.

U.K. regulators are taking steps to develop relationships with fintech startups early on to offer guidance on their solutions. At the end of 2014, the U.K.’s Financial Conduct Authority (FCA) announced it would launch a regulatory “sandbox” where fintech companies could test new solutions. When companies use the sandbox, the authority waives some of the compliance requirements normally applied to pilot tests for new products. Banks can also use the sandbox, and the authority guarantees that it won’t take enforcement action at a later date regarding any tests that the banks run. The sandbox experiment will go live later this year, and U.S. regulators should watch it carefully and explore similar initiatives.

Eliminating Confusion
Regulators also need to give fintech companies a hand in navigating the complexity of the U.S. financial regulatory system. There are so many different regulations and so many different agencies enforcing them, it creates a landscape that can easily overwhelm a small startup. Banks can sympathize with this issue; but fintech companies don’t have the compliance budget, knowledge and experience that banks do.

One way to eliminate all of this confusion would be to create a separate regulatory agency for fintech companies, but there are such a wide variety of fintech companies now offering solutions in almost every category of financial services, one agency couldn’t deliver effective oversight with such a broad scope of coverage.

Instead, existing regulators need to be more proactive in their outreach with fintech companies. Engaging with new startups as early in their development as possible will help with this. Regulators could further eliminate some of the confusion in the market by creating a central registry for newly formed fintech companies before they launch their products. The registry would collect some information about the company and its work. That information could then be used to determine which regulatory agencies it should report to, and provide some guidance on which requirements it must be mindful of.

Some fintech companies will certainly be averse to more regulatory oversight. However, a more refined regulatory framework that ensures security and eliminates confusion will be a blessing for the fintech sector. Right now fintech regulation is a big question mark, and a critical risk for fintech investors. Removing that risk will improve investors’ confidence in the fintech sector, helping fintech companies gain the venture capital they need to get off the ground.

How Regulators Could Foster the Fintech Sector


Fintech-innovation.png

Regulators can’t afford to wait any longer in developing a framework for their oversight of the fast-rising fintech sector. The number of fintech companies, and the amount of investment in them, is growing too rapidly for regulators to hope that they can supervise the sector by applying existing regulations for banks to fintech companies on an ad-hoc basis. That will only create gaps in regulators’ monitoring of the sector, and confusion among fintech companies trying to grasp the complexities of financial regulation in the U.S. Such gaps and confusion are already evident: Many fintech companies are failing to implement best practices in securing customer data, and many of them are also unaware of how existing regulations apply to them.

I addressed the security issue in a previous article, but regulators should be just as concerned with clearing up the confusion in the market. That’s because the government has a legitimate interest in encouraging fintech growth, which would be boosted by a clear regulatory framework. Some fintech companies serve customers that have been ignored by banks in recent years, bringing them into the financial system. For instance, companies like OnDeck Capital, Kabbage, Lendio, Square, and others are filling the credit needs of small businesses that banks have been hesitant to lend to ever since the Great Recession. Regulators should be careful about imposing standards that gash this new source of credit for underserved small businesses. Also, some new technologies that fintech startups are working on, like the blockchain, can improve regulation and compliance throughout the financial services industry.

Build Relationships Early
How can regulators help foster innovation without sacrificing security and integrity in the financial system? For one, they should start their interactions with fintech companies as early as possible to encourage innovation while also safeguarding customers. This means providing guidance to companies while they are still developing and experimenting with their solutions, so companies can incorporate compliance into their products early on. If regulators wait to offer guidance until after products have already been developed or released on to the market, then regulators will become an unnecessary obstacle to innovation.

U.K. regulators are taking steps to develop relationships with fintech startups early on to offer guidance on their solutions. At the end of 2014, the U.K.’s Financial Conduct Authority (FCA) announced it would launch a regulatory “sandbox” where fintech companies could test new solutions. When companies use the sandbox, the authority waives some of the compliance requirements normally applied to pilot tests for new products. Banks can also use the sandbox, and the authority guarantees that it won’t take enforcement action at a later date regarding any tests that the banks run. The sandbox experiment will go live later this year, and U.S. regulators should watch it carefully and explore similar initiatives.

Eliminating Confusion
Regulators also need to give fintech companies a hand in navigating the complexity of the U.S. financial regulatory system. There are so many different regulations and so many different agencies enforcing them, it creates a landscape that can easily overwhelm a small startup. Banks can sympathize with this issue; but fintech companies don’t have the compliance budget, knowledge and experience that banks do.

One way to eliminate all of this confusion would be to create a separate regulatory agency for fintech companies, but there are such a wide variety of fintech companies now offering solutions in almost every category of financial services, one agency couldn’t deliver effective oversight with such a broad scope of coverage.

Instead, existing regulators need to be more proactive in their outreach with fintech companies. Engaging with new startups as early in their development as possible will help with this. Regulators could further eliminate some of the confusion in the market by creating a central registry for newly formed fintech companies before they launch their products. The registry would collect some information about the company and its work. That information could then be used to determine which regulatory agencies it should report to, and provide some guidance on which requirements it must be mindful of.

Some fintech companies will certainly be averse to more regulatory oversight. However, a more refined regulatory framework that ensures security and eliminates confusion will be a blessing for the fintech sector. Right now fintech regulation is a big question mark, and a critical risk for fintech investors. Removing that risk will improve investors’ confidence in the fintech sector, helping fintech companies gain the venture capital they need to get off the ground.