Say Hello to Open Data Sharing


welcome.png

Banking customers are demanding more and more access to innovative fintech services and applications that are making their financial lives easier. Big banks are responding by embracing the trend of open data, allowing fintech companies to access user information to provide a more seamless customer experience. One needs to look no further than the recent data sharing agreements with Intuit reached by Wells Fargo and JPMorgan Chase.

A big reason that Wells and Chase make agreements like these is to knit innovative fintech services, like Mint.com (recently acquired by Intuit) more tightly into their service offerings. By providing fintech app providers like Mint.com with access to customer data through an open application programming interface (API), banks like Wells Fargo can better integrate customers who use Mint.com into their own ecosystem.

But the question is, will the trend of open data sharing benefit certain banks or fintechs over others? What are the consequences forbig banks that are slow to make their data accessible? And in the end, will regulators leave them any choice?

Big banks are adopting open data primarily for three reasons. First, they’re trying to reassure clients from an ethics and security standpoint. By opening their data to third parties, they’re demonstrating that security measures are adequate and they’re not afraid of transparency.

Second, bringing new customers who are attracted by the bank’s fintech offerings into their ecosystems creates the opportunity to upsell and cross-sell those users more traditional products like mortgages and business loans. Finally, big banks want to leverage fintech technology and innovation to expand their service offerings, without incurring the cost of internal innovation. Banks like Chase can then focus their internal IT development resources on back-end functions to support customer facing technology.

But in a world where fintechs are in an arms race to onboard users, and banks are all too happy to partner with the “next best thing” in fintech, will there be enough room in the marketplace for everyone? Big banks will obviously be able to survive in this environment, with the money and resources to cement data sharing agreements with the best fintechs. Niche fintechs will also have an enormous amount of leverage. For instance, peer-to-peer lending platforms like SoFi that are challenging traditional big bank lending will have their choice of who to partner with and how much they’re able to command. It’s the mid- to lower-sized banks and credit unions that might be challenged, as they simply don’t have the resources to adopt the “Banking as a Platform” mentality that Chase and Wells Fargo are moving towards with their data sharing strategy.

There are reasons why banks might be skeptical of the open data era. Security and privacy of data, along with the issue of who “owns” customer information being the primary concerns. However, legacy institutions that are slow to open their APIs to fintechs will likely experience negative consequences.

The cost for banks to innovate and develop products like Mint and QuickBooks (under the Intuit umbrella), are extremely high. To compete with Chase and Wells Fargo in terms of similar personal finance and accounting software, banks would have to divert significant amounts of internal IT resources away from critical areas like security and back-end infrastructure. Moreover, even if banks do successfully develop similar technologies on their own, they’re missing out on the user and customer base that fintechs have already established. As of 2016, Mint.com had over 20 million users, a number that would be nearly impossible for even a very large bank to reach on its own with an internally developed and branded application.

The Consumer Finance Protection Bureau (CFPB), has already outlined its plans to advocate for open data sharing. And in fact, the trend has already been set abroad, with the European Community adopting the Directive on Payment Services Regulation (known as “PSD2”). PSD2 was implemented to encourage competition in the fintech ecosystem, and to make it easier for third-party technology providers to gain access to customer financial data. The end goal is to enhance the benefit that consumers get from banks and fintechs, and the CFPB is rowing hard in that direction.

In recent remarks at the Money 20/20 Conference in Las Vegas, CFPB Director Richard Cordray made clear that banks that don’t open their data to third parties are not operating transparently, nor in the best interests of their clients. Moreover, he believes that the CFPB can force all banks to adopt open APIs due to certain provisions in the Dodd-Frank Act. The CFPB also realizes the increasing prevalence of mobile banking, and wants to ensure those third-party mobile apps have adequate access to bank-end customer data to best serve consumers on their smartphones.

Globally, all signs point towards more open data sharing relationships between big banks and fintechs. The winners will be banks that focus on opening up sooner, rather than later, and partnering with fintechs that serve their customers’ core needs. Banks whose core business is investing, for instance, should focus on opening and partnering with investing fintechs that their customers are probably already using, such as the low-cost trading platform Robin Hood. Mature fintechs will also benefit, as they’ve already built a user base and can scale even more once they’re part of a Chase or Wells Fargo type ecosystem. Finally, legacy banking customers who seek simplicity in their experience will be big winners. Customers of big banks will begin to have access to fintech applications, technology and innovation in a “one stop shop” fashion. In the end, the CFPB doesn’t look like it will give banks much of a choice, so it’s up to them to embrace the trend or risk falling behind the competition.

The Perfect Complement: Community Banks and Alternative Lenders


lenders-2-8-17.pngArmed with cost and process efficiency, greater transparency, and innovative underwriting processes, alternative lenders are determined to take the lending space by storm. Alternative small business lenders only originated $5 billion and had a 4.3 percent share of the small business lending market in the U.S. in 2015. By 2020, the market share of alternative lenders in small business lending in the U.S. is expected to reach 20.7 percent, according to Business Insider Intelligence, a research arm of the business publication.

Being able to understand customer-associated risk by relying on alternative data and sophisticated algorithms allowed alternative lenders to expand the borders of eligibility, whether for private clients or small businesses. In fact, a Federal Reserve survey of banks in 2015 suggests that online lenders approved a little over 70 percent of loan applications they received from small-business borrowers—the second-highest rate after small banks, which approved 76 percent, and much higher than the 58 percent approved by big banks.

Coming so close in approval rates to banks and having lent billions employing a different, more efficient business model inevitably created an interest from banks. Some of the largest institutions have been taking advantage of the online lenders’ technology, but community and regional banks are still in the early stages of exploring partnership opportunities. While concerns over those types of partnerships are understandable, there are also important positive implications, which we will explore further.

Cost-Efficient Capital Distribution Channel
Online marketplaces represent an additional, cost-efficient channel for capital distribution, expanding the potential customer base. An opportunity to grow loan portfolios with minimal overhead and without the need for adoption or development of resource-consuming technology, led to a partnership between Lending Club and BancAlliance, a nationwide network of about 200 community banks. The partnership allowed banks to have a chance at purchasing the loans originated by Lending Club, and, in case those loans did not meet the requirements, they were offered to a larger pool of investors. Banks also have an opportunity to finance loans from a wider Lending Club portfolio.

Examples of partnerships also include Prosper and the Western Independent Bankers. These partnerships give more banks an opportunity to offer credit to their customers, and more consumers access to affordable loans.

Portfolio Diversification and Customer Base Expansion
Alternatives lenders can offer an easy application process, a quick decision and rapid availability of funds due to an alternative approach to the underwriting process. Use of alternative data to assess creditworthiness is an inclusive approach to loan distribution. In 2015, in the U.S., there were 26 million credit invisible consumers. Moreover, the Consumer Financial Protection Bureau suggests that 8 percent of the adult population has credit records that you can’t score using a widely-used credit scoring model. Those records are almost evenly split between the 9.9 million that have an insufficient credit history and the 9.6 million that lack a recent credit history.

Paul Christensen, a clinical professor of finance at Northwestern University’s Kellogg School of Management, believes there are positive implications for companies leveraging alternative data to make a credit decision.

“For companies, alternative credit rating is about reducing transaction costs. It’s about figuring out how to make profitable loans that are also affordable for most people—not just business owners,” he said in a September 2015 article.

For community banks, as regulated institutions, partnerships with alternative lenders that extend credit to parts of the population perceived as not creditworthy is an opportunity to reach new consumer segments and contribute to inclusive growth and resilience of disadvantaged households.

Customer Loyalty
Two Federal Reserve researchers noted in a 2015 paper that community banks can increase customer loyalty by referring customers to alternative lenders when banks cannot offer a product that meets the customer’s needs. “By providing customers with viable alternatives? it is more likely that these customers will maintain deposit and other banking relationships with the bank and return to the bank for future lending needs,” the researchers emphasized.

Access to Knowledge, Expertise and Technology
While the extent of integration may vary, one of the most important elements of partnerships that carry long-term organizational and industry benefits is mutual access to knowledge, expertise and technology. The combination of banks’ and alternative lenders’ different business models with an understanding of mutual strengths allows the whole industry to transform and provide the most efficient, consumer-facing model.

The Banking Themes of 2017: What to Expect


bank-trends-2-3-17.pngAfter the anemic economic growth and overregulation of the past decade, what banking themes can we expect in 2017 amid current market optimism?

Rates
For an immediate impact, Trump and the Republican Congress need to lower the corporate tax rate first. Other policy agendas will have long-term effects. The true unemployment rate is over 10 percent, not 4.6 percent, when factoring in a normal labor participation rate, which is currently close to a 40-year low. Almost all employment growth from 2005 to 2015 is part-time, temporary or contract work. The economy is still not well, yet inflation continues to build, for example, with rising healthcare costs, government services and education costs. Most assets are overpriced with artificially low rates contributing to a torrid stock market and average price/earnings ratios at a 20-year high. This should keep rate hikes to 1 or 2 percentage points versus the 3 or 4 percentage points most are predicting. Rate hikes will create a nominal positive effect on net interest margin for banks of 5 to 10 basis points.

Credit
Corporate debt ratios are higher, particularly those with high yield. Most banks have thankfully chased high grade customers and credit since the crash. However, many are at or over the 300 percent real estate or 100 percent construction and development loan thresholds. Expect a real estate pullback. If the stock market retreats 5 to 10 percent, a mild recession may result. We are due for a credit correction over the next 6 to 18 months. It will hurt non-bank lenders more than banks. Loan growth should remain steady and provisions need to increase.

Capital
If bank stock prices can stay above 16 times earnings, expect more initial public offerings (IPOs) due to pent-up demand from 2016. Many banks are trading at 20 times price to earnings or more, and banks are in favor with investors. Bank stocks have been a greed and fear trade since 2008 with a near 100 percent correlation. Consumer and investor confidence is running high presently. Optimism abounds about interest rates, the economy, tax cuts and deregulation. While it all seems to be priced into bank stocks right now, investing in government optimism versus company fundamentals feels a bit awkward at best. Expect a pullback, but for the sector to remain strong with good, core earnings growth of 15 percent or more and with more IPOs in quarters two through four. There has been an increasing interest from yield-starved investors in bank stock loans, subordinated debt and preferred stock. Expect that to continue.

M&A
The volatility in the markets in 2016 were driven by China, energy, and Brexit, so renewed confidence could be a good thing for M&A. Do prospective sellers, frustrated with lackluster returns and burdensome regulations, have newfound optimism and upward price exit expectations? Perhaps, but there is room to run here. Volume was down 10 percent in 2016 with 242 deals. But there was an increase in exits or restructuring, as private equity investments matured and investor activists pressured banks to sell. Confidence and high buyer currency should lead to increased volume in 2017, especially given the seller expectations being average to below average, while buyer currencies are at 20-year highs. But if volatility and fear get too high, then M&A will slow.

Deposits
One or two rate hikes shouldn’t be an issue as bankers will wait to raise rates on deposits. At some point, depositors will gain confidence in the market and push for higher returns. This will be interesting as many bankers think they have core deposits, even though they don’t, and will realize they have a liquidity problem when the deposits run.

Regulatory
Complaints about the Dodd Frank Act are still rampant industry wide, but bankers will be found thinking, “Hey, I’ve spent the money and adjusted. I need certainty, not uncertainty.” While there are still parts of Dodd-Frank that haven’t been implemented, deregulation could be the developing theme. Also, what happens to the Consumer Financial Protection Bureau? This is an entity which basically usurped power from the other regulatory agencies, and plenty of senators and representatives would like to curtail its power.

Customers
Lastly, banks will have to work on improving customers’ experience. Take note of the retail industry. After a robust Christmas shopping season, Macy’s is closing 59 stores and Sears even more. If your product is clothing at a good price, then online retailers have stolen your product. Retail needs to provide an experience to differentiate. Some banks are already delivering a coffee shop or networking experience. Amid the fake news perpetuated online, and failed deliverables from Wall Street, the country is desperate for a trusted refuge and harbor of safety they can believe in. Perhaps, banks that deliver an experience anchored in a theme of trust will do well.

 

Does the Sharp Increase in Bank Stock Prices Create a Seller’s Dilemma?


stock-1-30-17.pngOh, what a difference a year can make. Or more to the point, what a difference just three months can make. At Bank Director’s Acquire or Be Acquired Conference last year, bank stocks were in the proverbial dumpster having been thoroughly trashed by declining oil prices, concerns about an economic slowdown in China and the slight chance that the slowly growing U.S. economy could be dragged into a recession in the second half of 2016.

Oil prices have since firmed up somewhat and the U.S. economy did not experience a downturn in the second half of the year, but all things considered, 2016 was a bumpy ride for bank stocks—until November 8, when Donald Trump’s surprise victory in the presidential election sent bank stock prices rocketing skyward. Valuations have been slowly recovering ever since the depths of the financial crisis in 2008, with some dips along the way. But since election day, stocks for banks above $250 million in assets have increased 21.2 percent to 24.8 percent, depending on their specific asset category, according to data provided by investment bank Keefe, Bruyette & Woods President and Chief Executive Officer Tom Michaud, who gave the lead presentation on the first day of the 2017 Acquire or Be Acquired Conference in Phoenix, Arizona.

What’s driving the surge in valuations is lots of promising talk about a possible cut in the corporate tax rate and various forms of deregulation, including the possible repeal of the Dodd-Frank Act and dismantling of the Consumer Financial Protection Bureau (CFPB). These tantalizing possibilities (at least from the perspective of many bankers), combined with the expectation that a series of interest rate increases by the Federal Reserve this year could ease the banking industry’s margin pressure and further boost profitability, has been like a liberal application of Miracle Grow to bank stock prices.

Michaud made the intriguing observation that investor optimism over what might happen in 2017 and 2018—but hasn’t happened yet—accounts for much of the jump in valuations since the election. “In my opinion, a lot of the good news is already in the stocks even though a lot of it hasn’t happened yet,” Michaud said. In fact, virtually none of it has happened yet. Investors have already priced in much of the increase in valuations resulting from a tax cut, higher interest rates and deregulation as if they have already occurred, which makes me wonder what will happen to valuations if any of these things don’t come through. I assume that valuations would then decline, although no one knows for sure, least of all me. But it should be acknowledged that the attainment of some of the already-priced-in-benefits of a Trump presidency, such as getting rid of Dodd-Frank and the CFPB, would have to overcome fierce opposition from Congressional Democrats while others, such as the combination of a corporate tax cut and a massive infrastructure spending program (which Trump has also talked about) would have to get past fiscally conservative Congressional Republicans. You’re probably familiar with the old saying that investors buy on the rumor and sell on the news. This could end up as an example of investors buying on the promise and selling on the disappointment.

Here’s the dilemma I think this sharp increase in valuations poses in terms of selling your bank or raising capital. If you’re an optimist, you probably will wait for another year or two in hopes of getting an even higher price for your franchise or stock. And if you’re a pessimist who worries about the sustainability of this industry-wide rise in valuations and the possibility that most of the upside from Trump’s election has already been priced into your stock, I think you’ll probably take the money and run.

Bank Regulatory Update: Three Things to Think About for 2017


regulation-1-18-17.pngSignificant regulatory changes continued to affect the banking industry in 2016. The industry generally has moved beyond implementing the requirements of the Dodd-Frank and Wall Street Reform and Consumer Protection Act, but regulatory expectations continue to rise, with increased emphasis on each institution’s ability to respond to and withstand adverse economic conditions. Regulatory supervision, often through oversight from multiple agencies, is becoming more focused on supporting compliance efforts with strong corporate cultures within the institution. Managing regulatory compliance risk for a financial institution has never been more complex.

Looking forward to 2017, regulators are expected to continue to ramp up expectations in several areas. Industry stakeholders undoubtedly will be watching closely as the new administration takes control of the White House. However, regulators are expected to continue to increase their emphasis on three areas: cybersecurity risk, consumer compliance and third-party risk management.

1. Cybersecurity Risk
Cybersecurity is likely to remain a key supervisory focal point for regulators in 2017. Regulatory officials have stressed that cybersecurity vulnerabilities are not just a concern at larger financial institutions: small banks also are at risk. As such, financial institutions of all sizes need to improve their ability to more aptly identify, assess and mitigate risks in light of the increasing volume and sophistication of cyberthreats.

The Federal Financial Institutions Examination Council (FFIEC) agencies have established a comprehensive cybersecurity awareness website that serves as a central repository where financial services companies of all sizes can access valuable cybersecurity tools and resources. The website also houses an FFIEC cybersecurity self-assessment tool to help banks identify their risks and assess their cybersecurity preparedness. The voluntary assessment provides a repeatable and quantifiable process that measures a bank’s cybersecurity preparedness over time.

2. Consumer Compliance
The Consumer Financial Protection Bureau (CFPB)—now a more mature entity—is having a dramatic impact on the supervisory processes around consumer financial products. While the CFPB conducts on-site consumer exams for financial institutions with more than $10 billion in assets, it also has begun to work with regulators in consumer supervisory efforts in smaller banks. The CFPB also has issued a significant number of new and revised consumer regulations that apply to institutions of all sizes. Some of the more onerous requirements center on mortgage lending and truth-in-lending integrated disclosures (TRID).

The CFPB also continues to cast a wide net when it comes to gathering consumer complaints about financial products and services through its consumer complaint database. The latest snapshot shows the database contains information on more than one million complaints about mortgages, student loans, deposit accounts and services, other consumer loans, and credit cards.

CFPB examiners often use complaints received through the database as a channel for reviewing practices and identifying possible violations. This continued pressure has forced financial institutions to ensure their compliance management systems are supported by effective policies, procedures and governance. But keep in mind, it’s even more important now to adequately aggregate, analyze and report customer-level data, so your institution can identify and remediate problems before the regulators come after you, and so you don’t get accused of “abusive” practices under the Dodd-Frank Act.

3. Third-Party Risk Management
As a component of safety and soundness examinations, effective third-party risk management is regarded as an important indicator of a financial institution’s ability to manage its business. As a result, regulatory examinations consistently include an element of third-party risk management, and all of the federal bank regulators have issued some form of guidance related to third-party risk. The Federal Reserve’s (Fed’s) SR 13-19 applies to all financial services companies under Fed supervision. The Fed guidance focuses on outsourced activities that have a substantial impact on a bank’s financial condition or that are critical to ongoing operations for other reasons, such as sensitive customer information, new products or services, or activities that pose material compliance risk.

Guidance from the Office of the Comptroller of the Currency (OCC) on third-party risk (Bulletin 2013-29) generally is more comprehensive than the Fed guidance and requires rigorous oversight and management of third-party relationships that involve critical activities. The OCC bulletin specifically highlights third-party activities outside of traditional vendor relationships.

Outlook
The critical areas discussed here are just a few for which banks need to expect more regulatory scrutiny in 2017. While there are early indicators that some elements of Dodd-Frank and other regulatory requirements could be pared back as the new administration takes control of the White House, the industry will need to closely monitor any changes and adjust compliance efforts accordingly.

Fintech Lenders Under Fair Lending Scrutiny


lending.png

One of the many concerns surrounding fintech lenders is that they are not as tightly regulated as traditional banks and are not bound as firmly by the provisions of the Fair Lending Act. The Federal Trade Commission has expressed concerns about many of the lending practices of fintech companies, saying in a recent statement that “the use of big data analytics to make predictions may exclude certain populations from the benefits society and markets have to offer.” Using big data to cherry pick loan candidates may be seen as discriminatory and could end up increasing regulatory scrutiny of fintech lenders as some see their underwriting practices as not being much different than redlining.

Gerron S. Levi, the director of policy and government affairs for the National Community Reinvestment Coalition, also expressed concerns about the practices of the fintech lenders in recent testimony before the House Subcommittee on Financial Institutions and Consumer Credit, telling legislators “We see echoes of the early days of the subprime mortgage boom, in which rapidly growing nonbank mortgage lenders innovated in the worst possible way by loosening credit standards, layering significant and multiple forms of risk, and causing financial harm to borrowers who could ill afford to repay the loans. If lightly regulated nonbank small business lenders, including fintech firms, are left unchecked, our fear is the impact may be the same: millions of small businesses stuck with exploding loans they can’t afford, and the American taxpayer left on the hook to clean up the mess.”

While the ability of fintech lenders to quickly process and fund loans may be seen as an improvement over the much slower process used by most banks, and is also seen by many as an opportunity to expand credit offerings to a wider percentage of the public, there are drawbacks. The algorithms that are used to find the very best borrowers would stand a good chance of being found to be discriminatory under the requirements of the Fair Lending Act. And some fintech lenders are targeting consumers with low or no FICO scores and charging extremely high-interest rates—which some regulators consider to be a form of predatory lending.

We already see the various regulatory agencies take a deeper look at the fintech lending industry. The Consumer Financial Protection Bureau in July entered into a consent order with Flourish, a fintech lender that the agency said had violated several regulations including the Consumer Financial Protection Act and the Fair Credit Reporting Act. The order required Flourish to deposit $1.93 million in an escrow account to repay customers, and the company was fined an additional $1.8 million.

The biggest problem facing fintech lenders is that most of them have not yet been all the way through a credit cycle, so we have no idea how they will react when an economic event causes liquidity to dry up. They do not have access to depository funding and rely on credit facilities, whole loan sales and securitizations to fund originations. These sources of financing have a tendency to evaporate when markets become volatile, and many fintech lenders could be forced to seek partnerships with other lenders or the banks themselves.

In many ways, that would be the perfect solution for this potential liquidity problem. Community and regional banks are very interested in adding new technology that will allow them to offer more online products and services as well as cut costs and speed up loan processing. Banks are actively looking to accomplish this by partnering with, or in some cases acquiring, fintech lenders. According to a recent survey conducted by the law firm Manatt, Phelps & Phillips, 88 percent of those surveyed think that in a decade the banking world will be one where traditional banks are partnering with fintech companies in a mostly collaborative environment

Fintech lenders choosing to partner with banks will come under closer regulatory scrutiny as their lending practices will have to be in line with the regulations under which banks operate. Regulators have also expressed growing concern about data security, and that will be a large issue that both the banks and fintech companies will have to address.

Regulatory challenges are going to continue to increase for fintech lenders. For many of them, the most practical course of action will be to partner with community and regional banks. For that to happen, however, their strategies and operations will have to be modified so the marketing programs and loan approval algorithms have no hint of discriminatory or predatory lending practices.

Should You Do Business With Marketplace Lenders?


Lenders-12-9-16.pngThe shift away from the traditional banking model—largely due to technological advances and the growing disaggregation of certain bank services—has contributed to the rise of the marketplace lending (MPL) industry. The MPL industry, in particular, offers consumers and small businesses the means by which to gain greater access to credit in a faster way. MPL, despite its increasing growth, has managed to stay under the radar from regulatory oversight until recently. However, in a short span of time, federal and state regulators—the Department of the Treasury, Office of the Comptroller of the Currency (OCC), Consumer Financial Protection Bureau (CFPB), the Federal Deposit Insurance Corporation (FDIC) and California Department of Business Oversight, for example—have begun to weigh the benefits and risks of MPL, with the OCC, for example, going so far as to announce its intention to grant special purpose national bank charters to fintech companies.

Given the evolving nature of the industry and its regulation, in this article, we discuss three key issues for MPL participants to consider. First, we discuss the regulatory focus on the third-party lending model. Second, we consider the potential fair lending risks. Third, we focus on considerations related to state usury requirements. We conclude with a few thoughts on what to expect in this changing landscape.

Third-Party Lending Model
The MPL model traditionally operates with three parties: the platform lender, the originating bank and investors purchasing the loans or securities. Based on the reliance on originating banks in the MPL structure, the FDIC, CFPB and others increasingly have considered the risks to banks from these third-party relationships. In particular, regulators appear to be concerned that banks may take on additional risk in these relationships, which are potentially similar to the lending model rejected by a U.S. District Court judge earlier this year when deciding CashCall was the real lender in dispute, not a tribal lender set up in South Dakota. Thus, the FDIC, for example, in its recent Guidance for Managing Third-Party Risk, asks institutions engaged in such third-party relationships to appropriately manage and oversee these third-party lenders before, during and after developing such a relationship. In addition, certain originating banks have also taken to retaining some of the credit risk to mitigate concerns that the MPL may be considered the true lender.

Fair Lending
Another potential area to consider relates to fair lending risks regarding extensions of credit in certain geographical areas, underwriting criteria and loan purchase standards. For example, the potential for fair lending risk may increase particularly with respect to the data collected on borrowers for underwriting purposes, for example, where the use of certain alternative criteria may inadvertently result in a disparate impact to protected classes. In addition, restrictions on lending areas or the types of loans sold to investors similarly could pose such issues.

State Usury Requirements
The recent Second Circuit decision in Madden v. Midland Funding LLC also highlights potential uncertainty regarding the MPL model. In Madden, the Second Circuit determined that a debt collection firm, which had purchased a plaintiff’s charged-off account from a national bank, was not entitled to the benefit of the state usury preemption provisions under the National Bank Act, despite originally being available to the originating national bank. Madden was appealed to the Supreme Court, which declined to hear the case. Thus, Madden has the potential to limit the ability for MPL firms to rely on their originating banks to avoid complying with state-by-state interest rate caps, as federal preemption would no longer apply to those loans later transferred to or acquired by such nonbank entities. Further, Madden increases the uncertainty regarding the originated loans that MPL firms may later sell to (or issue securities for) investors. While some lenders have chosen to carve out the Second Circuit (New York, Connecticut and Vermont) for lending and loan sale purposes, there is the continued risk that the decision may set a precedent in other circuits.

Conclusion
Even with the increasing scrutiny of the MPL industry, regulators appear to recognize the benefits of access to credit for borrowers. For example, the OCC, CFPB and the Treasury have indicated that any increase in regulation should be balanced with fostering innovation. This may be a potential signal on the part of regulators to adopt a framework by which financial innovation is incorporated into the traditional banking model. Thus, looking forward, we think the regulatory uncertainty in this space provides the opportunity for MPL participants to take a proactive approach in shaping regulatory policy for the industry.

CFPB Assumes ’Catalyst’ Role in Fintech Innovation


catalyst-1.png

In 2012, the Consumer Financial Protection Bureau (CFPB) recognized that the industry we now call fintech was starting to accelerate the delivery of cutting edge technology products to the financial services marketplace. The CFPB was aware that many of these offerings would make banking faster and easier for consumers and might also allow banks to perform their operations far more efficiently. At first blush, that seems like a win-win situation for consumers and the industry alike. However, the bureau was also aware that rapid growth of the largely unregulated fintech sector created the potential for abuse and fraud. The result was Project Catalyst, a program in which the bureau works with fintech firms to encourage the development of new consumer-friendly products while making sure these companies color inside the regulatory lines.

The CFPB released it first look at the achievements of the program in October. In “Project Catalyst report: Promoting consumer-friendly innovation,”the bureau outlined it efforts to work with fintech companies to develop consumer-friendly programs while avoiding potential regulatory pitfalls. In his preamble to the report, Director Richard Cordray noted that “As these efforts reflect, the Bureau believes innovation has enormous potential to improve the financial lives of consumers. At the same time, however, the Bureau recognizes that innovation cannot skirt the need for sufficient oversight and consumer protection.” While the CFPB wants to encourage financial innovation, it has endeavored to do so in a manner that keeps consumers and their money safe. So far the bureau would seem to be succeeding.

The report also outlines areas where the bureau has high interest and concerns. For example, payday lending products has been a concern for the CFPB from day one. These high-cost, short-term loans exploit lower-income and underbanked consumers who have cash flow issues. To reduce the need for these products the bureau has been encouraging the development of alternatives that help consumers better manage their finances to avoid the cash crunch that creates the need for a payday loan in the first place.

Underbanked and “credit invisible” consumers are a particular concern of the bureau. These individuals tend to be less sophisticated and are often easy prey for less scrupulous fintech companies. While they may not have a bank account, they do have smartphones and are targeted for payday loans, car title loans and other high-cost consumer loan products. Project catalyst has been actively working with fintech companies to find ways to deliver reasonably priced loans to the underbanked market on terms that are also favorable for the lender.

Building savings is also a key focus for the bureau. Project Catalyst is interested in working with companies that develop products that encourage savings and make it easier for customers to get and keep money in a savings account. Building tools that help consumers understand and utilize the budgeting and savings process is a key goal of the project and has been since the beginning. One of Project Catalyst’s first collaborations was with the personal finance website Simple to develop a program that helped consumers understand their spending habits and patterns.

Project Catalyst also highlights the need for improvements in mortgage servicing platforms. The bureau notes that many banks have just loaded new mortgage servicing platforms on the back of their current legacy system and that is not the optimum solution. The report comments that “These workarounds can be costly and are sometimes plagued by programming errors, failures in system integration or instances of data corruption. These failures cause consumer harm and increase the risk of data inaccuracies during loan transfers.” The CFPB is working with fintech companies to build new, more efficient technology platforms that will make the process easier and more consumer friendly.

Credit reporting and clarity are also a focus of the CFPB. Many credit users have no idea what is on their credit report and any technology that makes it easier to check credit scores and profiles is of interest to the bureau. It is also working with companies to develop products that help understand what types of behavior might improve or worsen their score.

Project Catalyst is also looking to improve the peer-to-peer payments process. The bureau is working with fintech providers to help people send money overseas, pay their bills or make purchases on a cost effective basis. It has also met with firms that are working on providing easily accessed price comparisons when sending money overseas so that people can find the cheapest and most convenient way to transfer cash to relatives back home.

While the CFPB’s mission is to help and protect all consumers, it is evident from the report that the bureau is very sensitive to the needs of the underbanked and less affluent consumers. This segment of the market has always been the target of fraud and predatory practices, and the introduction of mobile technology has made them more so than ever before. Fintech companies that develop programs to serve and protect this market will find the CFPB more than willing to help get their products to market.

The New FFIEC Information Security Examination Procedures: What Boards Should Be Doing Now


FFIEC-9-14--16.pngHow effective is your bank’s approach to information security, including cybersecurity? On September 9, the Federal Financial Institutions Examination Council (FFIEC) published new information security examination procedures. It is critical that boards and management teams quickly get up to speed on the new exam procedures so there are no surprises in the bank’s next exam that adversely impact earnings, capital or value creation.

The new exam procedures focus on assessing the quality and effectiveness of the bank’s information security program, including its culture, governance, security operations, with emphasis on cybersecurity, and assurance processes, such as self-assessments, penetration tests, vulnerability assessments and independent audits. The procedures contain eleven objectives for the examiners to attain.

The objective relating to security operations and cybersecurity is especially noteworthy, as it contains enhanced expectations. Both in the preamble and in the specific exam procedures, there is recognition that it is not a question of if, but when an attacker will break into the network, so banks need to enhance threat identification, monitoring, detection and response. Examiners will evaluate whether the bank has monitoring in place to identify malicious activity, a process to identify possible compromises in the bank’s systems, and whether it uses tools that reveal and trace an attacker’s actions, such as attack or event trees, to size up exposures and respond effectively.

While speaking on cybersecurity on the main stage at Bank Director’s 2016 Bank Audit and Risk Committees Conference in June, I electronically polled the bank directors and senior executives in attendance. The results from the 206 respondents indicate a need for banks to beef up cybersecurity to meet these enhanced regulatory expectations. While cybersecurity is a top concern for bank boards, seventy-seven percent indicated that they do not review cybersecurity at every board meeting. Fifty-nine percent of attendees said that detecting anomalous activity or threats from malicious insiders are the cybersecurity risks for which their bank is least prepared.

FFIEC.PNG
Source: 206 respondents, Bank Director Audit and Risk Committees Conference June 2016

When I asked how many had implemented ongoing reviews of the network visibility map for risk oversight, only 31 percent had done so. This map visually shows all assets inside the network and helps identify threats. Without this visual map, the bank will be managing its cyber risks in the blind.

What the Board Should Do
Here are five steps that boards should take to remain proactive regarding information security.

  1. Review cybersecurity at every board meeting. Cybersecurity must be handled as a strategic boardroom issue, not as a back-office IT issue.
  2. Use the new information security exam procedures to perform a self-assessment. Identify and eliminate any deficiencies well in advance of the next exam.
  3. Review the network visibility map at every board meeting to visually identify all assets and the risk mitigation in place to protect them.
  4. Task a “hunt” team to identify anomalies within the bank’s network, as described in the new exam procedures. On average, attackers roam inside the network undetected for more than 200 days. Eliminate the exposure using advanced analytics that can mine through millions of records and reveal the attacker and the entire exposure. Response must be prompt.
  5. Conduct ongoing but randomly scheduled social engineering and phishing simulation training to keep employee awareness heightened. Education can prevent employees from falling victim to real attacks and becoming the weakest link in the chain.

In March, the Consumer Financial Protection Bureau fined an online payment processor for engaging in unfair, deceptive or abusive acts and practices (UDAAP), due to its failure to implement an adequate information security program and protect consumer data. Other regulators have taken notice, and will not hesitate to assess enforcement actions for information or cybersecurity deficiencies using UDAAP or other enforcement tools available against banks and its technology providers. Information or cybersecurity lapses can cause irreparable harm to the bank, and tarnish its reputation instantly. The stakes are very high. Banks must stay one step ahead.

Compliance Costs: How Does Your Bank Compare?


compliance-9-8-16.pngBanks across the country are complaining about the costs of compliance, especially community banks, which have fewer resources.

Now, the Federal Reserve has done a detailed analysis of what those costs actually are. Taking a look at responses from more than 400 financial institutions surveyed in 2015 by the Conference of State Bank Supervisors, researchers Drew Dahl, Andrew Meyer and Michelle Clark Neely at the Federal Reserve Bank of St. Louis recently published findings that banks with less than $100 million in assets are spending roughly three times more relative to their expenses than banks from $1 billion to $10 billion in assets.

Those super-small banks spend roughly 8.7 percent of their noninterest expenses on compliance; while banks from $1 billion to $10 billion in assets spend 2.9 percent on average, the study found.

2014 Mean Compliance Expenses

  Asset Size Categories
<$100M $100M to $250M $250M to $500M $500M to $1B $1B to $10B
Data Processing Expense $27.6
1.5%
$36.8
0.9%
$82.0
0.9%
$108.7
0.6%
$188.3
0.4%
Legal Expense $4.6
0.2%
$5.9
0.1%
$20.0
0.2%
$47.4
0.2%
$134.9
0.2%
Accounting Expense $19.9
1.1%
$31.6
0.7%
$45.6
0.5%
$57.7
0.3%
$188.2
0.3%
Consulting Expense $11.7
0.6%
$18.2
0.4%
$24.0
0.3%
$43.4
0.2%
$129.1
0.2%
Personnel Expense $100
5.3%
$176
3.9%
$312
3.4%
$507
2.8%
$1,203
1.8%
Total Expense $163.8
8.7%
$268.5
5.9%
$483.6
5.3%
$764.2
4.2%
$1,843.5
2.9%
Number of Banks 113 154 121 45 36

Source: Federal Reserve.
NOTES: The sample consists of 469 commercial banks with assets under $10 billion that responded to the Conference of State Bank Supervisors’ survey in 2015 on operations in 2014 and for which complete data are available. Dollar amounts, expressed in thousands, represent means for banks in varying categories. Percentages are means within a category of the ratios of dollar amounts to overall noninterest expenses.

Arthur Johnson, chairman of United Bank in Grand Rapids, Michigan, says the notion that regulations are scalable based on the size of the institution “just isn’t true.” His bank, which has $560 million in assets, is contending with new mortgage disclosures and regulations put forth by the Consumer Financial Protection Bureau as part of the Dodd-Frank Act. People getting a residential mortgage these days have to look at paperwork that’s a quarter of an inch thick. Mortgage is a big part of the bank’s business model, so giving up on it is not an option, he says. Households want a checking account and they want a residential mortgage. “If we can have those two relationships we can feel we will be the primary institution for that household,’’ he says.

For the most part, mortgage activity has not been curtailed. A recent GAO report found that while banks say new regulations coming out of the Dodd-Frank Act have negatively impacted their banks, and their ability to offer some products such as nonqualified mortgages, the level of mortgage lending is actually on the increase.

“The results of surveys we reviewed suggest that there have been moderate to minimal initial reductions in the availability of credit among those responding to the various surveys and regulatory data to date have not confirmed a negative impact on mortgage lending,” the report said.

Paul Schaus, president and CEO of CCG Catalyst, a consulting group, says banks tell him frequently that they are spending more money on compliance than years past. Ten years ago, a community bank might have one compliance officer and a $200,000 budget for compliance. Now, it has five to six employees and a $1 million budget, even though nothing else has changed about the bank.

Some of the biggest compliance headaches involve the Bank Secrecy Act, he says. Even though the law is the same as it has been for many years, enforcement has become tougher, he says. Banks are buying monitoring systems to track transactions, which when first installed, trigger an avalanche of activity that must be analyzed by employees.

He thinks the costs of compliance are among several issues leading to more consolidation among banks. A bank with $400 million in assets can merge with another bank and become one with $800 million in assets that combines its compliance functions.

Another solution short of merging is to narrow the bank’s focus and cut costs that way. A lot of small, community banks still are trying to be everything to everyone, and that’s not going to cut it, Schaus says. “You need to differentiate yourself,’’ he says.

Johnson says his bank is looking at its options to grow to become more efficient, which might mean buying another bank. With five full-time employees working on compliance, two of them lawyers, the cost of compliance has become quite high. “I’ve been here for 45 years and I never thought we’d be big enough to hire our own in-house lawyer,’’ he says.

Julie Stackhouse, the executive vice president for banking supervision at the St. Louis Fed, says she hears all the time that community banks are struggling under the weight of compliance, but they have other problems too, including low interest rates and slow growth in many of the small communities where they do business.

“The costs clearly are being attributed to consumer compliance laws and regulations, and there have been several new ones; and the ongoing costs of BSA and anti-money laundering legislation, which has been here for some time,” she says. She says banks are spending more on computer systems to help with compliance and BSA.

Highly Rated Banks Don’t Spend More
Further, researchers analyzed whether banks who spend more on compliance have better management ratings on regulatory exams than banks who spend less. Apparently, that wasn’t the case. Other factors, such as the ability of management, the audit committee and auditors to work together to properly focus oversight attention, may better determine management ratings than the sheer number of dollars you spend on compliance, the researchers found.

In fact, for very highly rated banks under $100 million in assets, which received a “1” rating on their management score, the spend was about 6.8 percent of noninterest expenses, compared to 9.1 percent on average for everybody else in their size category.

There are obviously problems comparing your banks with others in your asset class. Some banks may have relatively high expenses because they do business in expensive cities such as San Francisco, or because they have expensive but highly profitable business models, so it doesn’t always make sense to compare your bank with an average.

Overall, though, Stackhouse thinks the study will be very useful. “Having research that supports analysis of the issues is going to be very useful for us going forward,’’ she says.