Bank Regulatory Update: Three Things to Think About for 2017


regulation-1-18-17.pngSignificant regulatory changes continued to affect the banking industry in 2016. The industry generally has moved beyond implementing the requirements of the Dodd-Frank and Wall Street Reform and Consumer Protection Act, but regulatory expectations continue to rise, with increased emphasis on each institution’s ability to respond to and withstand adverse economic conditions. Regulatory supervision, often through oversight from multiple agencies, is becoming more focused on supporting compliance efforts with strong corporate cultures within the institution. Managing regulatory compliance risk for a financial institution has never been more complex.

Looking forward to 2017, regulators are expected to continue to ramp up expectations in several areas. Industry stakeholders undoubtedly will be watching closely as the new administration takes control of the White House. However, regulators are expected to continue to increase their emphasis on three areas: cybersecurity risk, consumer compliance and third-party risk management.

1. Cybersecurity Risk
Cybersecurity is likely to remain a key supervisory focal point for regulators in 2017. Regulatory officials have stressed that cybersecurity vulnerabilities are not just a concern at larger financial institutions: small banks also are at risk. As such, financial institutions of all sizes need to improve their ability to more aptly identify, assess and mitigate risks in light of the increasing volume and sophistication of cyberthreats.

The Federal Financial Institutions Examination Council (FFIEC) agencies have established a comprehensive cybersecurity awareness website that serves as a central repository where financial services companies of all sizes can access valuable cybersecurity tools and resources. The website also houses an FFIEC cybersecurity self-assessment tool to help banks identify their risks and assess their cybersecurity preparedness. The voluntary assessment provides a repeatable and quantifiable process that measures a bank’s cybersecurity preparedness over time.

2. Consumer Compliance
The Consumer Financial Protection Bureau (CFPB)—now a more mature entity—is having a dramatic impact on the supervisory processes around consumer financial products. While the CFPB conducts on-site consumer exams for financial institutions with more than $10 billion in assets, it also has begun to work with regulators in consumer supervisory efforts in smaller banks. The CFPB also has issued a significant number of new and revised consumer regulations that apply to institutions of all sizes. Some of the more onerous requirements center on mortgage lending and truth-in-lending integrated disclosures (TRID).

The CFPB also continues to cast a wide net when it comes to gathering consumer complaints about financial products and services through its consumer complaint database. The latest snapshot shows the database contains information on more than one million complaints about mortgages, student loans, deposit accounts and services, other consumer loans, and credit cards.

CFPB examiners often use complaints received through the database as a channel for reviewing practices and identifying possible violations. This continued pressure has forced financial institutions to ensure their compliance management systems are supported by effective policies, procedures and governance. But keep in mind, it’s even more important now to adequately aggregate, analyze and report customer-level data, so your institution can identify and remediate problems before the regulators come after you, and so you don’t get accused of “abusive” practices under the Dodd-Frank Act.

3. Third-Party Risk Management
As a component of safety and soundness examinations, effective third-party risk management is regarded as an important indicator of a financial institution’s ability to manage its business. As a result, regulatory examinations consistently include an element of third-party risk management, and all of the federal bank regulators have issued some form of guidance related to third-party risk. The Federal Reserve’s (Fed’s) SR 13-19 applies to all financial services companies under Fed supervision. The Fed guidance focuses on outsourced activities that have a substantial impact on a bank’s financial condition or that are critical to ongoing operations for other reasons, such as sensitive customer information, new products or services, or activities that pose material compliance risk.

Guidance from the Office of the Comptroller of the Currency (OCC) on third-party risk (Bulletin 2013-29) generally is more comprehensive than the Fed guidance and requires rigorous oversight and management of third-party relationships that involve critical activities. The OCC bulletin specifically highlights third-party activities outside of traditional vendor relationships.

Outlook
The critical areas discussed here are just a few for which banks need to expect more regulatory scrutiny in 2017. While there are early indicators that some elements of Dodd-Frank and other regulatory requirements could be pared back as the new administration takes control of the White House, the industry will need to closely monitor any changes and adjust compliance efforts accordingly.

Fintech Lenders Under Fair Lending Scrutiny


lending.png

One of the many concerns surrounding fintech lenders is that they are not as tightly regulated as traditional banks and are not bound as firmly by the provisions of the Fair Lending Act. The Federal Trade Commission has expressed concerns about many of the lending practices of fintech companies, saying in a recent statement that “the use of big data analytics to make predictions may exclude certain populations from the benefits society and markets have to offer.” Using big data to cherry pick loan candidates may be seen as discriminatory and could end up increasing regulatory scrutiny of fintech lenders as some see their underwriting practices as not being much different than redlining.

Gerron S. Levi, the director of policy and government affairs for the National Community Reinvestment Coalition, also expressed concerns about the practices of the fintech lenders in recent testimony before the House Subcommittee on Financial Institutions and Consumer Credit, telling legislators “We see echoes of the early days of the subprime mortgage boom, in which rapidly growing nonbank mortgage lenders innovated in the worst possible way by loosening credit standards, layering significant and multiple forms of risk, and causing financial harm to borrowers who could ill afford to repay the loans. If lightly regulated nonbank small business lenders, including fintech firms, are left unchecked, our fear is the impact may be the same: millions of small businesses stuck with exploding loans they can’t afford, and the American taxpayer left on the hook to clean up the mess.”

While the ability of fintech lenders to quickly process and fund loans may be seen as an improvement over the much slower process used by most banks, and is also seen by many as an opportunity to expand credit offerings to a wider percentage of the public, there are drawbacks. The algorithms that are used to find the very best borrowers would stand a good chance of being found to be discriminatory under the requirements of the Fair Lending Act. And some fintech lenders are targeting consumers with low or no FICO scores and charging extremely high-interest rates—which some regulators consider to be a form of predatory lending.

We already see the various regulatory agencies take a deeper look at the fintech lending industry. The Consumer Financial Protection Bureau in July entered into a consent order with Flourish, a fintech lender that the agency said had violated several regulations including the Consumer Financial Protection Act and the Fair Credit Reporting Act. The order required Flourish to deposit $1.93 million in an escrow account to repay customers, and the company was fined an additional $1.8 million.

The biggest problem facing fintech lenders is that most of them have not yet been all the way through a credit cycle, so we have no idea how they will react when an economic event causes liquidity to dry up. They do not have access to depository funding and rely on credit facilities, whole loan sales and securitizations to fund originations. These sources of financing have a tendency to evaporate when markets become volatile, and many fintech lenders could be forced to seek partnerships with other lenders or the banks themselves.

In many ways, that would be the perfect solution for this potential liquidity problem. Community and regional banks are very interested in adding new technology that will allow them to offer more online products and services as well as cut costs and speed up loan processing. Banks are actively looking to accomplish this by partnering with, or in some cases acquiring, fintech lenders. According to a recent survey conducted by the law firm Manatt, Phelps & Phillips, 88 percent of those surveyed think that in a decade the banking world will be one where traditional banks are partnering with fintech companies in a mostly collaborative environment

Fintech lenders choosing to partner with banks will come under closer regulatory scrutiny as their lending practices will have to be in line with the regulations under which banks operate. Regulators have also expressed growing concern about data security, and that will be a large issue that both the banks and fintech companies will have to address.

Regulatory challenges are going to continue to increase for fintech lenders. For many of them, the most practical course of action will be to partner with community and regional banks. For that to happen, however, their strategies and operations will have to be modified so the marketing programs and loan approval algorithms have no hint of discriminatory or predatory lending practices.

Should You Do Business With Marketplace Lenders?


Lenders-12-9-16.pngThe shift away from the traditional banking model—largely due to technological advances and the growing disaggregation of certain bank services—has contributed to the rise of the marketplace lending (MPL) industry. The MPL industry, in particular, offers consumers and small businesses the means by which to gain greater access to credit in a faster way. MPL, despite its increasing growth, has managed to stay under the radar from regulatory oversight until recently. However, in a short span of time, federal and state regulators—the Department of the Treasury, Office of the Comptroller of the Currency (OCC), Consumer Financial Protection Bureau (CFPB), the Federal Deposit Insurance Corporation (FDIC) and California Department of Business Oversight, for example—have begun to weigh the benefits and risks of MPL, with the OCC, for example, going so far as to announce its intention to grant special purpose national bank charters to fintech companies.

Given the evolving nature of the industry and its regulation, in this article, we discuss three key issues for MPL participants to consider. First, we discuss the regulatory focus on the third-party lending model. Second, we consider the potential fair lending risks. Third, we focus on considerations related to state usury requirements. We conclude with a few thoughts on what to expect in this changing landscape.

Third-Party Lending Model
The MPL model traditionally operates with three parties: the platform lender, the originating bank and investors purchasing the loans or securities. Based on the reliance on originating banks in the MPL structure, the FDIC, CFPB and others increasingly have considered the risks to banks from these third-party relationships. In particular, regulators appear to be concerned that banks may take on additional risk in these relationships, which are potentially similar to the lending model rejected by a U.S. District Court judge earlier this year when deciding CashCall was the real lender in dispute, not a tribal lender set up in South Dakota. Thus, the FDIC, for example, in its recent Guidance for Managing Third-Party Risk, asks institutions engaged in such third-party relationships to appropriately manage and oversee these third-party lenders before, during and after developing such a relationship. In addition, certain originating banks have also taken to retaining some of the credit risk to mitigate concerns that the MPL may be considered the true lender.

Fair Lending
Another potential area to consider relates to fair lending risks regarding extensions of credit in certain geographical areas, underwriting criteria and loan purchase standards. For example, the potential for fair lending risk may increase particularly with respect to the data collected on borrowers for underwriting purposes, for example, where the use of certain alternative criteria may inadvertently result in a disparate impact to protected classes. In addition, restrictions on lending areas or the types of loans sold to investors similarly could pose such issues.

State Usury Requirements
The recent Second Circuit decision in Madden v. Midland Funding LLC also highlights potential uncertainty regarding the MPL model. In Madden, the Second Circuit determined that a debt collection firm, which had purchased a plaintiff’s charged-off account from a national bank, was not entitled to the benefit of the state usury preemption provisions under the National Bank Act, despite originally being available to the originating national bank. Madden was appealed to the Supreme Court, which declined to hear the case. Thus, Madden has the potential to limit the ability for MPL firms to rely on their originating banks to avoid complying with state-by-state interest rate caps, as federal preemption would no longer apply to those loans later transferred to or acquired by such nonbank entities. Further, Madden increases the uncertainty regarding the originated loans that MPL firms may later sell to (or issue securities for) investors. While some lenders have chosen to carve out the Second Circuit (New York, Connecticut and Vermont) for lending and loan sale purposes, there is the continued risk that the decision may set a precedent in other circuits.

Conclusion
Even with the increasing scrutiny of the MPL industry, regulators appear to recognize the benefits of access to credit for borrowers. For example, the OCC, CFPB and the Treasury have indicated that any increase in regulation should be balanced with fostering innovation. This may be a potential signal on the part of regulators to adopt a framework by which financial innovation is incorporated into the traditional banking model. Thus, looking forward, we think the regulatory uncertainty in this space provides the opportunity for MPL participants to take a proactive approach in shaping regulatory policy for the industry.

CFPB Assumes ’Catalyst’ Role in Fintech Innovation


catalyst-1.png

In 2012, the Consumer Financial Protection Bureau (CFPB) recognized that the industry we now call fintech was starting to accelerate the delivery of cutting edge technology products to the financial services marketplace. The CFPB was aware that many of these offerings would make banking faster and easier for consumers and might also allow banks to perform their operations far more efficiently. At first blush, that seems like a win-win situation for consumers and the industry alike. However, the bureau was also aware that rapid growth of the largely unregulated fintech sector created the potential for abuse and fraud. The result was Project Catalyst, a program in which the bureau works with fintech firms to encourage the development of new consumer-friendly products while making sure these companies color inside the regulatory lines.

The CFPB released it first look at the achievements of the program in October. In “Project Catalyst report: Promoting consumer-friendly innovation,”the bureau outlined it efforts to work with fintech companies to develop consumer-friendly programs while avoiding potential regulatory pitfalls. In his preamble to the report, Director Richard Cordray noted that “As these efforts reflect, the Bureau believes innovation has enormous potential to improve the financial lives of consumers. At the same time, however, the Bureau recognizes that innovation cannot skirt the need for sufficient oversight and consumer protection.” While the CFPB wants to encourage financial innovation, it has endeavored to do so in a manner that keeps consumers and their money safe. So far the bureau would seem to be succeeding.

The report also outlines areas where the bureau has high interest and concerns. For example, payday lending products has been a concern for the CFPB from day one. These high-cost, short-term loans exploit lower-income and underbanked consumers who have cash flow issues. To reduce the need for these products the bureau has been encouraging the development of alternatives that help consumers better manage their finances to avoid the cash crunch that creates the need for a payday loan in the first place.

Underbanked and “credit invisible” consumers are a particular concern of the bureau. These individuals tend to be less sophisticated and are often easy prey for less scrupulous fintech companies. While they may not have a bank account, they do have smartphones and are targeted for payday loans, car title loans and other high-cost consumer loan products. Project catalyst has been actively working with fintech companies to find ways to deliver reasonably priced loans to the underbanked market on terms that are also favorable for the lender.

Building savings is also a key focus for the bureau. Project Catalyst is interested in working with companies that develop products that encourage savings and make it easier for customers to get and keep money in a savings account. Building tools that help consumers understand and utilize the budgeting and savings process is a key goal of the project and has been since the beginning. One of Project Catalyst’s first collaborations was with the personal finance website Simple to develop a program that helped consumers understand their spending habits and patterns.

Project Catalyst also highlights the need for improvements in mortgage servicing platforms. The bureau notes that many banks have just loaded new mortgage servicing platforms on the back of their current legacy system and that is not the optimum solution. The report comments that “These workarounds can be costly and are sometimes plagued by programming errors, failures in system integration or instances of data corruption. These failures cause consumer harm and increase the risk of data inaccuracies during loan transfers.” The CFPB is working with fintech companies to build new, more efficient technology platforms that will make the process easier and more consumer friendly.

Credit reporting and clarity are also a focus of the CFPB. Many credit users have no idea what is on their credit report and any technology that makes it easier to check credit scores and profiles is of interest to the bureau. It is also working with companies to develop products that help understand what types of behavior might improve or worsen their score.

Project Catalyst is also looking to improve the peer-to-peer payments process. The bureau is working with fintech providers to help people send money overseas, pay their bills or make purchases on a cost effective basis. It has also met with firms that are working on providing easily accessed price comparisons when sending money overseas so that people can find the cheapest and most convenient way to transfer cash to relatives back home.

While the CFPB’s mission is to help and protect all consumers, it is evident from the report that the bureau is very sensitive to the needs of the underbanked and less affluent consumers. This segment of the market has always been the target of fraud and predatory practices, and the introduction of mobile technology has made them more so than ever before. Fintech companies that develop programs to serve and protect this market will find the CFPB more than willing to help get their products to market.

The New FFIEC Information Security Examination Procedures: What Boards Should Be Doing Now


FFIEC-9-14--16.pngHow effective is your bank’s approach to information security, including cybersecurity? On September 9, the Federal Financial Institutions Examination Council (FFIEC) published new information security examination procedures. It is critical that boards and management teams quickly get up to speed on the new exam procedures so there are no surprises in the bank’s next exam that adversely impact earnings, capital or value creation.

The new exam procedures focus on assessing the quality and effectiveness of the bank’s information security program, including its culture, governance, security operations, with emphasis on cybersecurity, and assurance processes, such as self-assessments, penetration tests, vulnerability assessments and independent audits. The procedures contain eleven objectives for the examiners to attain.

The objective relating to security operations and cybersecurity is especially noteworthy, as it contains enhanced expectations. Both in the preamble and in the specific exam procedures, there is recognition that it is not a question of if, but when an attacker will break into the network, so banks need to enhance threat identification, monitoring, detection and response. Examiners will evaluate whether the bank has monitoring in place to identify malicious activity, a process to identify possible compromises in the bank’s systems, and whether it uses tools that reveal and trace an attacker’s actions, such as attack or event trees, to size up exposures and respond effectively.

While speaking on cybersecurity on the main stage at Bank Director’s 2016 Bank Audit and Risk Committees Conference in June, I electronically polled the bank directors and senior executives in attendance. The results from the 206 respondents indicate a need for banks to beef up cybersecurity to meet these enhanced regulatory expectations. While cybersecurity is a top concern for bank boards, seventy-seven percent indicated that they do not review cybersecurity at every board meeting. Fifty-nine percent of attendees said that detecting anomalous activity or threats from malicious insiders are the cybersecurity risks for which their bank is least prepared.

FFIEC.PNG
Source: 206 respondents, Bank Director Audit and Risk Committees Conference June 2016

When I asked how many had implemented ongoing reviews of the network visibility map for risk oversight, only 31 percent had done so. This map visually shows all assets inside the network and helps identify threats. Without this visual map, the bank will be managing its cyber risks in the blind.

What the Board Should Do
Here are five steps that boards should take to remain proactive regarding information security.

  1. Review cybersecurity at every board meeting. Cybersecurity must be handled as a strategic boardroom issue, not as a back-office IT issue.
  2. Use the new information security exam procedures to perform a self-assessment. Identify and eliminate any deficiencies well in advance of the next exam.
  3. Review the network visibility map at every board meeting to visually identify all assets and the risk mitigation in place to protect them.
  4. Task a “hunt” team to identify anomalies within the bank’s network, as described in the new exam procedures. On average, attackers roam inside the network undetected for more than 200 days. Eliminate the exposure using advanced analytics that can mine through millions of records and reveal the attacker and the entire exposure. Response must be prompt.
  5. Conduct ongoing but randomly scheduled social engineering and phishing simulation training to keep employee awareness heightened. Education can prevent employees from falling victim to real attacks and becoming the weakest link in the chain.

In March, the Consumer Financial Protection Bureau fined an online payment processor for engaging in unfair, deceptive or abusive acts and practices (UDAAP), due to its failure to implement an adequate information security program and protect consumer data. Other regulators have taken notice, and will not hesitate to assess enforcement actions for information or cybersecurity deficiencies using UDAAP or other enforcement tools available against banks and its technology providers. Information or cybersecurity lapses can cause irreparable harm to the bank, and tarnish its reputation instantly. The stakes are very high. Banks must stay one step ahead.

Compliance Costs: How Does Your Bank Compare?


compliance-9-8-16.pngBanks across the country are complaining about the costs of compliance, especially community banks, which have fewer resources.

Now, the Federal Reserve has done a detailed analysis of what those costs actually are. Taking a look at responses from more than 400 financial institutions surveyed in 2015 by the Conference of State Bank Supervisors, researchers Drew Dahl, Andrew Meyer and Michelle Clark Neely at the Federal Reserve Bank of St. Louis recently published findings that banks with less than $100 million in assets are spending roughly three times more relative to their expenses than banks from $1 billion to $10 billion in assets.

Those super-small banks spend roughly 8.7 percent of their noninterest expenses on compliance; while banks from $1 billion to $10 billion in assets spend 2.9 percent on average, the study found.

2014 Mean Compliance Expenses

  Asset Size Categories
<$100M $100M to $250M $250M to $500M $500M to $1B $1B to $10B
Data Processing Expense $27.6
1.5%
$36.8
0.9%
$82.0
0.9%
$108.7
0.6%
$188.3
0.4%
Legal Expense $4.6
0.2%
$5.9
0.1%
$20.0
0.2%
$47.4
0.2%
$134.9
0.2%
Accounting Expense $19.9
1.1%
$31.6
0.7%
$45.6
0.5%
$57.7
0.3%
$188.2
0.3%
Consulting Expense $11.7
0.6%
$18.2
0.4%
$24.0
0.3%
$43.4
0.2%
$129.1
0.2%
Personnel Expense $100
5.3%
$176
3.9%
$312
3.4%
$507
2.8%
$1,203
1.8%
Total Expense $163.8
8.7%
$268.5
5.9%
$483.6
5.3%
$764.2
4.2%
$1,843.5
2.9%
Number of Banks 113 154 121 45 36

Source: Federal Reserve.
NOTES: The sample consists of 469 commercial banks with assets under $10 billion that responded to the Conference of State Bank Supervisors’ survey in 2015 on operations in 2014 and for which complete data are available. Dollar amounts, expressed in thousands, represent means for banks in varying categories. Percentages are means within a category of the ratios of dollar amounts to overall noninterest expenses.

Arthur Johnson, chairman of United Bank in Grand Rapids, Michigan, says the notion that regulations are scalable based on the size of the institution “just isn’t true.” His bank, which has $560 million in assets, is contending with new mortgage disclosures and regulations put forth by the Consumer Financial Protection Bureau as part of the Dodd-Frank Act. People getting a residential mortgage these days have to look at paperwork that’s a quarter of an inch thick. Mortgage is a big part of the bank’s business model, so giving up on it is not an option, he says. Households want a checking account and they want a residential mortgage. “If we can have those two relationships we can feel we will be the primary institution for that household,’’ he says.

For the most part, mortgage activity has not been curtailed. A recent GAO report found that while banks say new regulations coming out of the Dodd-Frank Act have negatively impacted their banks, and their ability to offer some products such as nonqualified mortgages, the level of mortgage lending is actually on the increase.

“The results of surveys we reviewed suggest that there have been moderate to minimal initial reductions in the availability of credit among those responding to the various surveys and regulatory data to date have not confirmed a negative impact on mortgage lending,” the report said.

Paul Schaus, president and CEO of CCG Catalyst, a consulting group, says banks tell him frequently that they are spending more money on compliance than years past. Ten years ago, a community bank might have one compliance officer and a $200,000 budget for compliance. Now, it has five to six employees and a $1 million budget, even though nothing else has changed about the bank.

Some of the biggest compliance headaches involve the Bank Secrecy Act, he says. Even though the law is the same as it has been for many years, enforcement has become tougher, he says. Banks are buying monitoring systems to track transactions, which when first installed, trigger an avalanche of activity that must be analyzed by employees.

He thinks the costs of compliance are among several issues leading to more consolidation among banks. A bank with $400 million in assets can merge with another bank and become one with $800 million in assets that combines its compliance functions.

Another solution short of merging is to narrow the bank’s focus and cut costs that way. A lot of small, community banks still are trying to be everything to everyone, and that’s not going to cut it, Schaus says. “You need to differentiate yourself,’’ he says.

Johnson says his bank is looking at its options to grow to become more efficient, which might mean buying another bank. With five full-time employees working on compliance, two of them lawyers, the cost of compliance has become quite high. “I’ve been here for 45 years and I never thought we’d be big enough to hire our own in-house lawyer,’’ he says.

Julie Stackhouse, the executive vice president for banking supervision at the St. Louis Fed, says she hears all the time that community banks are struggling under the weight of compliance, but they have other problems too, including low interest rates and slow growth in many of the small communities where they do business.

“The costs clearly are being attributed to consumer compliance laws and regulations, and there have been several new ones; and the ongoing costs of BSA and anti-money laundering legislation, which has been here for some time,” she says. She says banks are spending more on computer systems to help with compliance and BSA.

Highly Rated Banks Don’t Spend More
Further, researchers analyzed whether banks who spend more on compliance have better management ratings on regulatory exams than banks who spend less. Apparently, that wasn’t the case. Other factors, such as the ability of management, the audit committee and auditors to work together to properly focus oversight attention, may better determine management ratings than the sheer number of dollars you spend on compliance, the researchers found.

In fact, for very highly rated banks under $100 million in assets, which received a “1” rating on their management score, the spend was about 6.8 percent of noninterest expenses, compared to 9.1 percent on average for everybody else in their size category.

There are obviously problems comparing your banks with others in your asset class. Some banks may have relatively high expenses because they do business in expensive cities such as San Francisco, or because they have expensive but highly profitable business models, so it doesn’t always make sense to compare your bank with an average.

Overall, though, Stackhouse thinks the study will be very useful. “Having research that supports analysis of the issues is going to be very useful for us going forward,’’ she says.

Cutting Compliance Costs with Regtech


FXT-compliance.png

I was having a discussion about the future of banking with some fellow investors recently and one of my younger and more tech savvy associates opined that fintech companies would soon make traditional branch banking obsolete. It is a provocative idea but I am pretty sure he is wrong. Two decades from now it will still be fairly easy to find a bank branch a short drive away even if it is in a driverless car. Bankers will adapt and banking will become more mobile and more digital, but there will always be a place for banks and their branches in the economy.

Bankers are not sitting in their offices waiting to be replaced. They are finding ways to use new technology advancements to make their business faster, more efficient-and most importantly, less expensive. This is particularly true in one of the highest cost centers in the bank-regulatory compliance-where the automation of that detail intensive process is providing huge cost benefits. Compliance costs have been spiraling upward since the financial crisis led to an avalanche of new regulations, and technology might be the industry’s best hope of bringing those costs back down.

Bankers are starting to see the advantages of big data and analytics-based solutions when they are applied to the compliance challenge. “Although still in the early stages, banks are applying big data and advanced analytics across customer-facing channels, up and down the supply chain, and in risk and compliance functions,” said Bank of the West Chairman Michael Shepherd in a recent interview with the Reuters news service. For example, a growing number of banks are using new technology to automate the enormous data collection and management processes needed to file the proper compliance reports, particularly in areas like the Bank Secrecy Act. This new technology can help regional and community banks address data gathering and reporting challenges for regulatory compliance.

Smaller banks in particular are looking to partner with companies that can help build a data driven approach to compliance management. More than 80 percent of community banks have reported that compliance costs have risen by at least 5 percent as a result of the passage of the Dodd-Frank Act and the expense is causing many of the smallest institutions to seek merger partners. In fact, two of the biggest drivers of my investment process in the community bank stock sector is to identify banks where compliance costs are too high, and where there is a need to spend an enormous amount of money to bring their technology up to date. Odds are that those banks will be looking for a merger partner sooner rather than later.

While banks are looking to make the compliance process quicker, easier and cheaper, they also need to be aware that the regulators are developing a higher level of interest in the industry’s data collection and management systems as well. A recent report from consulting firm Deloitte noted that “[In] recent years regulatory reporting problems across the banking industry have more broadly called into question the credibility of data used for capital distributions and other key decisions. The [Federal Reserve Board] in particular is requesting specific details on the data quality controls and reconciliation processes that firms are using to determine the accuracy of their regulatory reports and capital plan submissions.”

The Consumer Financial Protection Bureau is also monitoring the compliance management process very closely. An assistant director there was quoted recently as saying that the bureau is increasingly focusing its supervisory work on the third-party compliance systems that both banks and nonbanks sometimes rely on. This is the behind-the-scenes technology that drives and supports the compliance process.

There is a developing opportunity for fintech companies to focus their efforts on providing regtech solutions to regional and community banks. The cost of compliance is excessive for many of these institutions and, for some, place their very survival into question. Regtech firms that develop compliance systems that are faster, more efficient and can help cut compliance costs significantly in a manner acceptable to the regulatory agencies will find a large and fast growing market for their services.

How Government Disruption Impacts Fintech Innovation


fintech-innovation.png

It is a given that markets are constantly being disrupted by innovation. I would argue that the financial services marketplace is also being disrupted by legislation and regulation. Let’s face it, the payments sector is hot right now. Issues that were once solely the province of industry publications are now widely covered by mainstream media. This fact is not lost on the legislative and regulatory community.

Last year we saw the creation of the Congressional Payments Technology Caucus, a bipartisan group of lawmakers designed to keep the U.S. Congress informed of the rapid changes in the financial services industry. Over the last year, the caucus has held briefings on issues ranging from EMV Migration to mobile payments. This year, the House Financial Services Committee and Senate Banking Committee have held numerous hearings on payments-related matters as well.

One of the more contentious topics addressed is Operation Chokepoint, a controversial campaign spearheaded by the Department of Justice in conjunction with several federal consumer protection and banking regulatory agencies (including the Federal Trade Commission and the Federal Deposit Insurance Corp.) to hold acquirer financial institutions and their payment processor partners responsible for allegedly illegal acts committed by merchants and other third-party payees.

This perhaps well intentioned program has moved beyond illegal acts to targeting legal activities that are perceived by some prosecutors and regulators as undesirable, which in turn has led to the denial of banking services to businesses that operate lawfully. Legislative attempts to rein in this initiative, led by Rep. Blaine Luetkemeyer, R-MO, have passed the House but face a future that is likely dependent on the outcome of the November elections.

Given this election season and the relatively limited number of working days remaining on the congressional calendar, it is unlikely that any significant financial services or fintech legislation will pass this year. Still, there is considerable opportunity for additional market disruption by federal regulators, particularly the Consumer Federal Protection Bureau (CFPB).

Those involved in the prepaid space await the CFPB’s long delayed final rule on prepaid products that have the potential to adversely impact long established business models-thereby driving some companies out of business.

Despite its popularity and the fact that consumers must opt-in to the program, overdraft services are viewed with skepticism, if not antipathy by the CFPB. The CFPB’s goal is to issue proposed rules on this in the near future. These rules have the potential to drive up cost and reduce access to consumers who have found these services to be beneficial.

Unlike other federal agencies, the CFPB will not be affected by the November elections. Created as part of the Dodd-Frank Act, the bureau was structured as an independent entity funded by the Federal Reserve, which insulates it from the effects of a change in the administration. The term of its current director, Richard Cordray, does not expire until 2018. And though this is currently being challenged in court, the director can only be fired for cause or malfeasance.

It is difficult if not impossible for legislation or regulation to keep up with technology advances and the dramatic changes they are creating in the payments marketplace. Such efforts should be flexible enough to accommodate these changes and not create their own disruption.

How Mobile’s Popularity is Disrupting the Regulators


mobile-regulators.png

The world is going mobile and dragging banking along with it kicking and screaming. I am something of an anachronism as I still go into the branch once in a while and still worry about using my phone to deposit a check. My adult children, on the other hand, use their phone for everything, including all of their banking. They bounce from store to store paying for everything from Starbucks to bar tabs using their phones without a second thought. Banks that want to capture and hold their business will have to be very good at mobile banking and mobile payments.

One of the biggest hurdles bankers face is that as unprepared as they were, the regulators were equally unprepared and are now playing catch up with regards to mobile payments. The regulatory picture today is fairly muddled with a mishmash of state and federal agencies offering guidance and opinions to mobile payment providers and consumers. There are gaps in the current laws where no regulations apply to parts of the process—and other situations where two or more rules apply to the same part of the process. As mobile banking and payments continue to grow, the regulators will be looking to create a more coherent regulatory structure and coordinate their inter-agency efforts to protect consumers at every stage of the process.

At a forum held by the Office of the Comptroller of the Currency in late June, Jo Ann Barefoot, a senior fellow at Harvard University, outlined the current regulatory situation. She told the packed room at the meeting that “Agencies are going to have to develop ways to work together, to be faster, to be flexible, to be collaborative with the industry. The disruption of the financial industry is going to disrupt the regulators, too. This is the most pervasively regulated industry to face tech-driven disruption. The regulators are going to be forced to change because of it.”

In a white paper released at the forum, “Supporting Responsible Innovation in the Federal Banking System: An OCC Perspective,” the OCC noted that “Supervision of the financial services industry involves regulatory authorities at the state, federal, and international levels. Exchanging ideas and discussing innovation with other regulators are important to promote a common understanding and consistent application of laws, regulations, and guidance. Such collaborative supervision can support responsible innovation in the financial services industry.”

While the OCC has noted the massive potential benefits that mobile payments and other fintech innovations can offer to consumers, particularly those who were unbanked prior to the widespread development of mobile banking and payment programs, Comptroller Thomas Curry has cautioned against what he called “unnecessary risk for dubious benefit,” and called for responsible innovation that does not increase risks for customers or the banking system itself. Mobile payments programs that target the unbanked are particularly ripe for abuse and unnecessary risk.

The Consumer Financial Protection Bureau is also heavily involved in overseeing and regulating the mobile payments industry. The bureau noted that 87 to 90 percent of the adult population in the United States has a mobile phone and approximately 62 to 64 percent of consumers own smartphones. In 2014, 52 percent of consumers with a mobile phone used it to conduct banking or payment services. The number of users is continuing to grow at a rapid rate and the CFPB is concerned about the security of user data as well as the growing potential for discrimination and fraud.

CFPB Director Richard Cordray addressed these concerns recently when announcing fines and regulatory action against mobile payment provider Dwolla. “Consumers entrust digital payment companies with significant amounts of sensitive personal information,” Cordray said. “With data breaches becoming commonplace and more consumers using these online payment systems, the risk to consumers is growing. It is crucial that companies put systems in place to protect this information and accurately inform consumers about their data security practices.”

The regulators, like the banks themselves, are latecomers to the mobile payments game. I fully expect them to catch up very quickly. The biggest challenge is going to be coordinating the various agencies that oversee elements of the regulatory process, and it looks as though the OCC is auditioning for that role following the June forum on mobile payments. Cyber security systems to keep customers data and personal information safe and secure is going to be a major focus of the regulatory process in the early stages of the coordinated regulatory efforts.

I also expect the CFPB to focus heavily on those mobile payment providers that were formerly unbanked. These tend to be lower income, less financially aware consumers that are more susceptible to fraud and abuse than those already in the banking system, and the bureau will aggressively monitor the marketing and sales practices of mobile payment providers marketing to these individuals.

The regulatory agencies are starting to catch up with the new world of banking and the mobile payment process will be more tightly controlled going forward.

What Does the $10 Billion Asset Barrier Mean For Banks?


ThePurposefulBanker.jpgCrossing the $10 billion asset threshold has a big impact on a growing bank, due to enhanced regulations mandated by the Dodd-Frank Act. In March, Bank Director President & CEO Al Dominick sat down with Dallas Wells of PrecisionLender for “The Purposeful Banker” podcast, to explain the implications of crossing the $10 billion mark, and what banks should do to prepare for it.

  • Implications of Being a $10 Billion Asset Bank
  • M&A and Scale
  • Infrastructure and Talent
  • Technology

Transcript excerpt:

Dallas Wells: Welcome to another episode of “The Purposeful Banker,” a podcast brought to you by PrecisionLender, where we discuss the big topics on the minds of today’s best bankers. I’m Dallas Wells, and thank you for joining us.

Today, we’re talking about the $10 billion asset threshold and why it has become so critically important for banks. To help us with this conversation, I’m joined by one of the industry’s foremost experts on bank strategy, Al Dominick. Al is the president and CEO at Bank Director and has lots of commentary out there about how banks are handling this exact issue. Al, welcome and thank you so much for taking the time to do this.

Al Dominick: Yeah, my pleasure. Great to be a part of this.

Dallas Wells: Al, for anyone who might not be familiar, tell us a little bit about yourself and what you all do at Bank Director…

For a complete transcript of this “The Purposeful Banker” podcast, please view here.