The Perfect Complement: Community Banks and Alternative Lenders


lenders-2-8-17.pngArmed with cost and process efficiency, greater transparency, and innovative underwriting processes, alternative lenders are determined to take the lending space by storm. Alternative small business lenders only originated $5 billion and had a 4.3 percent share of the small business lending market in the U.S. in 2015. By 2020, the market share of alternative lenders in small business lending in the U.S. is expected to reach 20.7 percent, according to Business Insider Intelligence, a research arm of the business publication.

Being able to understand customer-associated risk by relying on alternative data and sophisticated algorithms allowed alternative lenders to expand the borders of eligibility, whether for private clients or small businesses. In fact, a Federal Reserve survey of banks in 2015 suggests that online lenders approved a little over 70 percent of loan applications they received from small-business borrowers—the second-highest rate after small banks, which approved 76 percent, and much higher than the 58 percent approved by big banks.

Coming so close in approval rates to banks and having lent billions employing a different, more efficient business model inevitably created an interest from banks. Some of the largest institutions have been taking advantage of the online lenders’ technology, but community and regional banks are still in the early stages of exploring partnership opportunities. While concerns over those types of partnerships are understandable, there are also important positive implications, which we will explore further.

Cost-Efficient Capital Distribution Channel
Online marketplaces represent an additional, cost-efficient channel for capital distribution, expanding the potential customer base. An opportunity to grow loan portfolios with minimal overhead and without the need for adoption or development of resource-consuming technology, led to a partnership between Lending Club and BancAlliance, a nationwide network of about 200 community banks. The partnership allowed banks to have a chance at purchasing the loans originated by Lending Club, and, in case those loans did not meet the requirements, they were offered to a larger pool of investors. Banks also have an opportunity to finance loans from a wider Lending Club portfolio.

Examples of partnerships also include Prosper and the Western Independent Bankers. These partnerships give more banks an opportunity to offer credit to their customers, and more consumers access to affordable loans.

Portfolio Diversification and Customer Base Expansion
Alternatives lenders can offer an easy application process, a quick decision and rapid availability of funds due to an alternative approach to the underwriting process. Use of alternative data to assess creditworthiness is an inclusive approach to loan distribution. In 2015, in the U.S., there were 26 million credit invisible consumers. Moreover, the Consumer Financial Protection Bureau suggests that 8 percent of the adult population has credit records that you can’t score using a widely-used credit scoring model. Those records are almost evenly split between the 9.9 million that have an insufficient credit history and the 9.6 million that lack a recent credit history.

Paul Christensen, a clinical professor of finance at Northwestern University’s Kellogg School of Management, believes there are positive implications for companies leveraging alternative data to make a credit decision.

“For companies, alternative credit rating is about reducing transaction costs. It’s about figuring out how to make profitable loans that are also affordable for most people—not just business owners,” he said in a September 2015 article.

For community banks, as regulated institutions, partnerships with alternative lenders that extend credit to parts of the population perceived as not creditworthy is an opportunity to reach new consumer segments and contribute to inclusive growth and resilience of disadvantaged households.

Customer Loyalty
Two Federal Reserve researchers noted in a 2015 paper that community banks can increase customer loyalty by referring customers to alternative lenders when banks cannot offer a product that meets the customer’s needs. “By providing customers with viable alternatives? it is more likely that these customers will maintain deposit and other banking relationships with the bank and return to the bank for future lending needs,” the researchers emphasized.

Access to Knowledge, Expertise and Technology
While the extent of integration may vary, one of the most important elements of partnerships that carry long-term organizational and industry benefits is mutual access to knowledge, expertise and technology. The combination of banks’ and alternative lenders’ different business models with an understanding of mutual strengths allows the whole industry to transform and provide the most efficient, consumer-facing model.

The Banking Themes of 2017: What to Expect


bank-trends-2-3-17.pngAfter the anemic economic growth and overregulation of the past decade, what banking themes can we expect in 2017 amid current market optimism?

Rates
For an immediate impact, Trump and the Republican Congress need to lower the corporate tax rate first. Other policy agendas will have long-term effects. The true unemployment rate is over 10 percent, not 4.6 percent, when factoring in a normal labor participation rate, which is currently close to a 40-year low. Almost all employment growth from 2005 to 2015 is part-time, temporary or contract work. The economy is still not well, yet inflation continues to build, for example, with rising healthcare costs, government services and education costs. Most assets are overpriced with artificially low rates contributing to a torrid stock market and average price/earnings ratios at a 20-year high. This should keep rate hikes to 1 or 2 percentage points versus the 3 or 4 percentage points most are predicting. Rate hikes will create a nominal positive effect on net interest margin for banks of 5 to 10 basis points.

Credit
Corporate debt ratios are higher, particularly those with high yield. Most banks have thankfully chased high grade customers and credit since the crash. However, many are at or over the 300 percent real estate or 100 percent construction and development loan thresholds. Expect a real estate pullback. If the stock market retreats 5 to 10 percent, a mild recession may result. We are due for a credit correction over the next 6 to 18 months. It will hurt non-bank lenders more than banks. Loan growth should remain steady and provisions need to increase.

Capital
If bank stock prices can stay above 16 times earnings, expect more initial public offerings (IPOs) due to pent-up demand from 2016. Many banks are trading at 20 times price to earnings or more, and banks are in favor with investors. Bank stocks have been a greed and fear trade since 2008 with a near 100 percent correlation. Consumer and investor confidence is running high presently. Optimism abounds about interest rates, the economy, tax cuts and deregulation. While it all seems to be priced into bank stocks right now, investing in government optimism versus company fundamentals feels a bit awkward at best. Expect a pullback, but for the sector to remain strong with good, core earnings growth of 15 percent or more and with more IPOs in quarters two through four. There has been an increasing interest from yield-starved investors in bank stock loans, subordinated debt and preferred stock. Expect that to continue.

M&A
The volatility in the markets in 2016 were driven by China, energy, and Brexit, so renewed confidence could be a good thing for M&A. Do prospective sellers, frustrated with lackluster returns and burdensome regulations, have newfound optimism and upward price exit expectations? Perhaps, but there is room to run here. Volume was down 10 percent in 2016 with 242 deals. But there was an increase in exits or restructuring, as private equity investments matured and investor activists pressured banks to sell. Confidence and high buyer currency should lead to increased volume in 2017, especially given the seller expectations being average to below average, while buyer currencies are at 20-year highs. But if volatility and fear get too high, then M&A will slow.

Deposits
One or two rate hikes shouldn’t be an issue as bankers will wait to raise rates on deposits. At some point, depositors will gain confidence in the market and push for higher returns. This will be interesting as many bankers think they have core deposits, even though they don’t, and will realize they have a liquidity problem when the deposits run.

Regulatory
Complaints about the Dodd Frank Act are still rampant industry wide, but bankers will be found thinking, “Hey, I’ve spent the money and adjusted. I need certainty, not uncertainty.” While there are still parts of Dodd-Frank that haven’t been implemented, deregulation could be the developing theme. Also, what happens to the Consumer Financial Protection Bureau? This is an entity which basically usurped power from the other regulatory agencies, and plenty of senators and representatives would like to curtail its power.

Customers
Lastly, banks will have to work on improving customers’ experience. Take note of the retail industry. After a robust Christmas shopping season, Macy’s is closing 59 stores and Sears even more. If your product is clothing at a good price, then online retailers have stolen your product. Retail needs to provide an experience to differentiate. Some banks are already delivering a coffee shop or networking experience. Amid the fake news perpetuated online, and failed deliverables from Wall Street, the country is desperate for a trusted refuge and harbor of safety they can believe in. Perhaps, banks that deliver an experience anchored in a theme of trust will do well.

 

Does the Sharp Increase in Bank Stock Prices Create a Seller’s Dilemma?


stock-1-30-17.pngOh, what a difference a year can make. Or more to the point, what a difference just three months can make. At Bank Director’s Acquire or Be Acquired Conference last year, bank stocks were in the proverbial dumpster having been thoroughly trashed by declining oil prices, concerns about an economic slowdown in China and the slight chance that the slowly growing U.S. economy could be dragged into a recession in the second half of 2016.

Oil prices have since firmed up somewhat and the U.S. economy did not experience a downturn in the second half of the year, but all things considered, 2016 was a bumpy ride for bank stocks—until November 8, when Donald Trump’s surprise victory in the presidential election sent bank stock prices rocketing skyward. Valuations have been slowly recovering ever since the depths of the financial crisis in 2008, with some dips along the way. But since election day, stocks for banks above $250 million in assets have increased 21.2 percent to 24.8 percent, depending on their specific asset category, according to data provided by investment bank Keefe, Bruyette & Woods President and Chief Executive Officer Tom Michaud, who gave the lead presentation on the first day of the 2017 Acquire or Be Acquired Conference in Phoenix, Arizona.

What’s driving the surge in valuations is lots of promising talk about a possible cut in the corporate tax rate and various forms of deregulation, including the possible repeal of the Dodd-Frank Act and dismantling of the Consumer Financial Protection Bureau (CFPB). These tantalizing possibilities (at least from the perspective of many bankers), combined with the expectation that a series of interest rate increases by the Federal Reserve this year could ease the banking industry’s margin pressure and further boost profitability, has been like a liberal application of Miracle Grow to bank stock prices.

Michaud made the intriguing observation that investor optimism over what might happen in 2017 and 2018—but hasn’t happened yet—accounts for much of the jump in valuations since the election. “In my opinion, a lot of the good news is already in the stocks even though a lot of it hasn’t happened yet,” Michaud said. In fact, virtually none of it has happened yet. Investors have already priced in much of the increase in valuations resulting from a tax cut, higher interest rates and deregulation as if they have already occurred, which makes me wonder what will happen to valuations if any of these things don’t come through. I assume that valuations would then decline, although no one knows for sure, least of all me. But it should be acknowledged that the attainment of some of the already-priced-in-benefits of a Trump presidency, such as getting rid of Dodd-Frank and the CFPB, would have to overcome fierce opposition from Congressional Democrats while others, such as the combination of a corporate tax cut and a massive infrastructure spending program (which Trump has also talked about) would have to get past fiscally conservative Congressional Republicans. You’re probably familiar with the old saying that investors buy on the rumor and sell on the news. This could end up as an example of investors buying on the promise and selling on the disappointment.

Here’s the dilemma I think this sharp increase in valuations poses in terms of selling your bank or raising capital. If you’re an optimist, you probably will wait for another year or two in hopes of getting an even higher price for your franchise or stock. And if you’re a pessimist who worries about the sustainability of this industry-wide rise in valuations and the possibility that most of the upside from Trump’s election has already been priced into your stock, I think you’ll probably take the money and run.

Bank Regulatory Update: Three Things to Think About for 2017


regulation-1-18-17.pngSignificant regulatory changes continued to affect the banking industry in 2016. The industry generally has moved beyond implementing the requirements of the Dodd-Frank and Wall Street Reform and Consumer Protection Act, but regulatory expectations continue to rise, with increased emphasis on each institution’s ability to respond to and withstand adverse economic conditions. Regulatory supervision, often through oversight from multiple agencies, is becoming more focused on supporting compliance efforts with strong corporate cultures within the institution. Managing regulatory compliance risk for a financial institution has never been more complex.

Looking forward to 2017, regulators are expected to continue to ramp up expectations in several areas. Industry stakeholders undoubtedly will be watching closely as the new administration takes control of the White House. However, regulators are expected to continue to increase their emphasis on three areas: cybersecurity risk, consumer compliance and third-party risk management.

1. Cybersecurity Risk
Cybersecurity is likely to remain a key supervisory focal point for regulators in 2017. Regulatory officials have stressed that cybersecurity vulnerabilities are not just a concern at larger financial institutions: small banks also are at risk. As such, financial institutions of all sizes need to improve their ability to more aptly identify, assess and mitigate risks in light of the increasing volume and sophistication of cyberthreats.

The Federal Financial Institutions Examination Council (FFIEC) agencies have established a comprehensive cybersecurity awareness website that serves as a central repository where financial services companies of all sizes can access valuable cybersecurity tools and resources. The website also houses an FFIEC cybersecurity self-assessment tool to help banks identify their risks and assess their cybersecurity preparedness. The voluntary assessment provides a repeatable and quantifiable process that measures a bank’s cybersecurity preparedness over time.

2. Consumer Compliance
The Consumer Financial Protection Bureau (CFPB)—now a more mature entity—is having a dramatic impact on the supervisory processes around consumer financial products. While the CFPB conducts on-site consumer exams for financial institutions with more than $10 billion in assets, it also has begun to work with regulators in consumer supervisory efforts in smaller banks. The CFPB also has issued a significant number of new and revised consumer regulations that apply to institutions of all sizes. Some of the more onerous requirements center on mortgage lending and truth-in-lending integrated disclosures (TRID).

The CFPB also continues to cast a wide net when it comes to gathering consumer complaints about financial products and services through its consumer complaint database. The latest snapshot shows the database contains information on more than one million complaints about mortgages, student loans, deposit accounts and services, other consumer loans, and credit cards.

CFPB examiners often use complaints received through the database as a channel for reviewing practices and identifying possible violations. This continued pressure has forced financial institutions to ensure their compliance management systems are supported by effective policies, procedures and governance. But keep in mind, it’s even more important now to adequately aggregate, analyze and report customer-level data, so your institution can identify and remediate problems before the regulators come after you, and so you don’t get accused of “abusive” practices under the Dodd-Frank Act.

3. Third-Party Risk Management
As a component of safety and soundness examinations, effective third-party risk management is regarded as an important indicator of a financial institution’s ability to manage its business. As a result, regulatory examinations consistently include an element of third-party risk management, and all of the federal bank regulators have issued some form of guidance related to third-party risk. The Federal Reserve’s (Fed’s) SR 13-19 applies to all financial services companies under Fed supervision. The Fed guidance focuses on outsourced activities that have a substantial impact on a bank’s financial condition or that are critical to ongoing operations for other reasons, such as sensitive customer information, new products or services, or activities that pose material compliance risk.

Guidance from the Office of the Comptroller of the Currency (OCC) on third-party risk (Bulletin 2013-29) generally is more comprehensive than the Fed guidance and requires rigorous oversight and management of third-party relationships that involve critical activities. The OCC bulletin specifically highlights third-party activities outside of traditional vendor relationships.

Outlook
The critical areas discussed here are just a few for which banks need to expect more regulatory scrutiny in 2017. While there are early indicators that some elements of Dodd-Frank and other regulatory requirements could be pared back as the new administration takes control of the White House, the industry will need to closely monitor any changes and adjust compliance efforts accordingly.

Fintech Lenders Under Fair Lending Scrutiny


lending.png

One of the many concerns surrounding fintech lenders is that they are not as tightly regulated as traditional banks and are not bound as firmly by the provisions of the Fair Lending Act. The Federal Trade Commission has expressed concerns about many of the lending practices of fintech companies, saying in a recent statement that “the use of big data analytics to make predictions may exclude certain populations from the benefits society and markets have to offer.” Using big data to cherry pick loan candidates may be seen as discriminatory and could end up increasing regulatory scrutiny of fintech lenders as some see their underwriting practices as not being much different than redlining.

Gerron S. Levi, the director of policy and government affairs for the National Community Reinvestment Coalition, also expressed concerns about the practices of the fintech lenders in recent testimony before the House Subcommittee on Financial Institutions and Consumer Credit, telling legislators “We see echoes of the early days of the subprime mortgage boom, in which rapidly growing nonbank mortgage lenders innovated in the worst possible way by loosening credit standards, layering significant and multiple forms of risk, and causing financial harm to borrowers who could ill afford to repay the loans. If lightly regulated nonbank small business lenders, including fintech firms, are left unchecked, our fear is the impact may be the same: millions of small businesses stuck with exploding loans they can’t afford, and the American taxpayer left on the hook to clean up the mess.”

While the ability of fintech lenders to quickly process and fund loans may be seen as an improvement over the much slower process used by most banks, and is also seen by many as an opportunity to expand credit offerings to a wider percentage of the public, there are drawbacks. The algorithms that are used to find the very best borrowers would stand a good chance of being found to be discriminatory under the requirements of the Fair Lending Act. And some fintech lenders are targeting consumers with low or no FICO scores and charging extremely high-interest rates—which some regulators consider to be a form of predatory lending.

We already see the various regulatory agencies take a deeper look at the fintech lending industry. The Consumer Financial Protection Bureau in July entered into a consent order with Flourish, a fintech lender that the agency said had violated several regulations including the Consumer Financial Protection Act and the Fair Credit Reporting Act. The order required Flourish to deposit $1.93 million in an escrow account to repay customers, and the company was fined an additional $1.8 million.

The biggest problem facing fintech lenders is that most of them have not yet been all the way through a credit cycle, so we have no idea how they will react when an economic event causes liquidity to dry up. They do not have access to depository funding and rely on credit facilities, whole loan sales and securitizations to fund originations. These sources of financing have a tendency to evaporate when markets become volatile, and many fintech lenders could be forced to seek partnerships with other lenders or the banks themselves.

In many ways, that would be the perfect solution for this potential liquidity problem. Community and regional banks are very interested in adding new technology that will allow them to offer more online products and services as well as cut costs and speed up loan processing. Banks are actively looking to accomplish this by partnering with, or in some cases acquiring, fintech lenders. According to a recent survey conducted by the law firm Manatt, Phelps & Phillips, 88 percent of those surveyed think that in a decade the banking world will be one where traditional banks are partnering with fintech companies in a mostly collaborative environment

Fintech lenders choosing to partner with banks will come under closer regulatory scrutiny as their lending practices will have to be in line with the regulations under which banks operate. Regulators have also expressed growing concern about data security, and that will be a large issue that both the banks and fintech companies will have to address.

Regulatory challenges are going to continue to increase for fintech lenders. For many of them, the most practical course of action will be to partner with community and regional banks. For that to happen, however, their strategies and operations will have to be modified so the marketing programs and loan approval algorithms have no hint of discriminatory or predatory lending practices.

Should You Do Business With Marketplace Lenders?


Lenders-12-9-16.pngThe shift away from the traditional banking model—largely due to technological advances and the growing disaggregation of certain bank services—has contributed to the rise of the marketplace lending (MPL) industry. The MPL industry, in particular, offers consumers and small businesses the means by which to gain greater access to credit in a faster way. MPL, despite its increasing growth, has managed to stay under the radar from regulatory oversight until recently. However, in a short span of time, federal and state regulators—the Department of the Treasury, Office of the Comptroller of the Currency (OCC), Consumer Financial Protection Bureau (CFPB), the Federal Deposit Insurance Corporation (FDIC) and California Department of Business Oversight, for example—have begun to weigh the benefits and risks of MPL, with the OCC, for example, going so far as to announce its intention to grant special purpose national bank charters to fintech companies.

Given the evolving nature of the industry and its regulation, in this article, we discuss three key issues for MPL participants to consider. First, we discuss the regulatory focus on the third-party lending model. Second, we consider the potential fair lending risks. Third, we focus on considerations related to state usury requirements. We conclude with a few thoughts on what to expect in this changing landscape.

Third-Party Lending Model
The MPL model traditionally operates with three parties: the platform lender, the originating bank and investors purchasing the loans or securities. Based on the reliance on originating banks in the MPL structure, the FDIC, CFPB and others increasingly have considered the risks to banks from these third-party relationships. In particular, regulators appear to be concerned that banks may take on additional risk in these relationships, which are potentially similar to the lending model rejected by a U.S. District Court judge earlier this year when deciding CashCall was the real lender in dispute, not a tribal lender set up in South Dakota. Thus, the FDIC, for example, in its recent Guidance for Managing Third-Party Risk, asks institutions engaged in such third-party relationships to appropriately manage and oversee these third-party lenders before, during and after developing such a relationship. In addition, certain originating banks have also taken to retaining some of the credit risk to mitigate concerns that the MPL may be considered the true lender.

Fair Lending
Another potential area to consider relates to fair lending risks regarding extensions of credit in certain geographical areas, underwriting criteria and loan purchase standards. For example, the potential for fair lending risk may increase particularly with respect to the data collected on borrowers for underwriting purposes, for example, where the use of certain alternative criteria may inadvertently result in a disparate impact to protected classes. In addition, restrictions on lending areas or the types of loans sold to investors similarly could pose such issues.

State Usury Requirements
The recent Second Circuit decision in Madden v. Midland Funding LLC also highlights potential uncertainty regarding the MPL model. In Madden, the Second Circuit determined that a debt collection firm, which had purchased a plaintiff’s charged-off account from a national bank, was not entitled to the benefit of the state usury preemption provisions under the National Bank Act, despite originally being available to the originating national bank. Madden was appealed to the Supreme Court, which declined to hear the case. Thus, Madden has the potential to limit the ability for MPL firms to rely on their originating banks to avoid complying with state-by-state interest rate caps, as federal preemption would no longer apply to those loans later transferred to or acquired by such nonbank entities. Further, Madden increases the uncertainty regarding the originated loans that MPL firms may later sell to (or issue securities for) investors. While some lenders have chosen to carve out the Second Circuit (New York, Connecticut and Vermont) for lending and loan sale purposes, there is the continued risk that the decision may set a precedent in other circuits.

Conclusion
Even with the increasing scrutiny of the MPL industry, regulators appear to recognize the benefits of access to credit for borrowers. For example, the OCC, CFPB and the Treasury have indicated that any increase in regulation should be balanced with fostering innovation. This may be a potential signal on the part of regulators to adopt a framework by which financial innovation is incorporated into the traditional banking model. Thus, looking forward, we think the regulatory uncertainty in this space provides the opportunity for MPL participants to take a proactive approach in shaping regulatory policy for the industry.

CFPB Assumes ’Catalyst’ Role in Fintech Innovation


catalyst-1.png

In 2012, the Consumer Financial Protection Bureau (CFPB) recognized that the industry we now call fintech was starting to accelerate the delivery of cutting edge technology products to the financial services marketplace. The CFPB was aware that many of these offerings would make banking faster and easier for consumers and might also allow banks to perform their operations far more efficiently. At first blush, that seems like a win-win situation for consumers and the industry alike. However, the bureau was also aware that rapid growth of the largely unregulated fintech sector created the potential for abuse and fraud. The result was Project Catalyst, a program in which the bureau works with fintech firms to encourage the development of new consumer-friendly products while making sure these companies color inside the regulatory lines.

The CFPB released it first look at the achievements of the program in October. In “Project Catalyst report: Promoting consumer-friendly innovation,”the bureau outlined it efforts to work with fintech companies to develop consumer-friendly programs while avoiding potential regulatory pitfalls. In his preamble to the report, Director Richard Cordray noted that “As these efforts reflect, the Bureau believes innovation has enormous potential to improve the financial lives of consumers. At the same time, however, the Bureau recognizes that innovation cannot skirt the need for sufficient oversight and consumer protection.” While the CFPB wants to encourage financial innovation, it has endeavored to do so in a manner that keeps consumers and their money safe. So far the bureau would seem to be succeeding.

The report also outlines areas where the bureau has high interest and concerns. For example, payday lending products has been a concern for the CFPB from day one. These high-cost, short-term loans exploit lower-income and underbanked consumers who have cash flow issues. To reduce the need for these products the bureau has been encouraging the development of alternatives that help consumers better manage their finances to avoid the cash crunch that creates the need for a payday loan in the first place.

Underbanked and “credit invisible” consumers are a particular concern of the bureau. These individuals tend to be less sophisticated and are often easy prey for less scrupulous fintech companies. While they may not have a bank account, they do have smartphones and are targeted for payday loans, car title loans and other high-cost consumer loan products. Project catalyst has been actively working with fintech companies to find ways to deliver reasonably priced loans to the underbanked market on terms that are also favorable for the lender.

Building savings is also a key focus for the bureau. Project Catalyst is interested in working with companies that develop products that encourage savings and make it easier for customers to get and keep money in a savings account. Building tools that help consumers understand and utilize the budgeting and savings process is a key goal of the project and has been since the beginning. One of Project Catalyst’s first collaborations was with the personal finance website Simple to develop a program that helped consumers understand their spending habits and patterns.

Project Catalyst also highlights the need for improvements in mortgage servicing platforms. The bureau notes that many banks have just loaded new mortgage servicing platforms on the back of their current legacy system and that is not the optimum solution. The report comments that “These workarounds can be costly and are sometimes plagued by programming errors, failures in system integration or instances of data corruption. These failures cause consumer harm and increase the risk of data inaccuracies during loan transfers.” The CFPB is working with fintech companies to build new, more efficient technology platforms that will make the process easier and more consumer friendly.

Credit reporting and clarity are also a focus of the CFPB. Many credit users have no idea what is on their credit report and any technology that makes it easier to check credit scores and profiles is of interest to the bureau. It is also working with companies to develop products that help understand what types of behavior might improve or worsen their score.

Project Catalyst is also looking to improve the peer-to-peer payments process. The bureau is working with fintech providers to help people send money overseas, pay their bills or make purchases on a cost effective basis. It has also met with firms that are working on providing easily accessed price comparisons when sending money overseas so that people can find the cheapest and most convenient way to transfer cash to relatives back home.

While the CFPB’s mission is to help and protect all consumers, it is evident from the report that the bureau is very sensitive to the needs of the underbanked and less affluent consumers. This segment of the market has always been the target of fraud and predatory practices, and the introduction of mobile technology has made them more so than ever before. Fintech companies that develop programs to serve and protect this market will find the CFPB more than willing to help get their products to market.

The New FFIEC Information Security Examination Procedures: What Boards Should Be Doing Now


FFIEC-9-14--16.pngHow effective is your bank’s approach to information security, including cybersecurity? On September 9, the Federal Financial Institutions Examination Council (FFIEC) published new information security examination procedures. It is critical that boards and management teams quickly get up to speed on the new exam procedures so there are no surprises in the bank’s next exam that adversely impact earnings, capital or value creation.

The new exam procedures focus on assessing the quality and effectiveness of the bank’s information security program, including its culture, governance, security operations, with emphasis on cybersecurity, and assurance processes, such as self-assessments, penetration tests, vulnerability assessments and independent audits. The procedures contain eleven objectives for the examiners to attain.

The objective relating to security operations and cybersecurity is especially noteworthy, as it contains enhanced expectations. Both in the preamble and in the specific exam procedures, there is recognition that it is not a question of if, but when an attacker will break into the network, so banks need to enhance threat identification, monitoring, detection and response. Examiners will evaluate whether the bank has monitoring in place to identify malicious activity, a process to identify possible compromises in the bank’s systems, and whether it uses tools that reveal and trace an attacker’s actions, such as attack or event trees, to size up exposures and respond effectively.

While speaking on cybersecurity on the main stage at Bank Director’s 2016 Bank Audit and Risk Committees Conference in June, I electronically polled the bank directors and senior executives in attendance. The results from the 206 respondents indicate a need for banks to beef up cybersecurity to meet these enhanced regulatory expectations. While cybersecurity is a top concern for bank boards, seventy-seven percent indicated that they do not review cybersecurity at every board meeting. Fifty-nine percent of attendees said that detecting anomalous activity or threats from malicious insiders are the cybersecurity risks for which their bank is least prepared.

FFIEC.PNG
Source: 206 respondents, Bank Director Audit and Risk Committees Conference June 2016

When I asked how many had implemented ongoing reviews of the network visibility map for risk oversight, only 31 percent had done so. This map visually shows all assets inside the network and helps identify threats. Without this visual map, the bank will be managing its cyber risks in the blind.

What the Board Should Do
Here are five steps that boards should take to remain proactive regarding information security.

  1. Review cybersecurity at every board meeting. Cybersecurity must be handled as a strategic boardroom issue, not as a back-office IT issue.
  2. Use the new information security exam procedures to perform a self-assessment. Identify and eliminate any deficiencies well in advance of the next exam.
  3. Review the network visibility map at every board meeting to visually identify all assets and the risk mitigation in place to protect them.
  4. Task a “hunt” team to identify anomalies within the bank’s network, as described in the new exam procedures. On average, attackers roam inside the network undetected for more than 200 days. Eliminate the exposure using advanced analytics that can mine through millions of records and reveal the attacker and the entire exposure. Response must be prompt.
  5. Conduct ongoing but randomly scheduled social engineering and phishing simulation training to keep employee awareness heightened. Education can prevent employees from falling victim to real attacks and becoming the weakest link in the chain.

In March, the Consumer Financial Protection Bureau fined an online payment processor for engaging in unfair, deceptive or abusive acts and practices (UDAAP), due to its failure to implement an adequate information security program and protect consumer data. Other regulators have taken notice, and will not hesitate to assess enforcement actions for information or cybersecurity deficiencies using UDAAP or other enforcement tools available against banks and its technology providers. Information or cybersecurity lapses can cause irreparable harm to the bank, and tarnish its reputation instantly. The stakes are very high. Banks must stay one step ahead.

Compliance Costs: How Does Your Bank Compare?


compliance-9-8-16.pngBanks across the country are complaining about the costs of compliance, especially community banks, which have fewer resources.

Now, the Federal Reserve has done a detailed analysis of what those costs actually are. Taking a look at responses from more than 400 financial institutions surveyed in 2015 by the Conference of State Bank Supervisors, researchers Drew Dahl, Andrew Meyer and Michelle Clark Neely at the Federal Reserve Bank of St. Louis recently published findings that banks with less than $100 million in assets are spending roughly three times more relative to their expenses than banks from $1 billion to $10 billion in assets.

Those super-small banks spend roughly 8.7 percent of their noninterest expenses on compliance; while banks from $1 billion to $10 billion in assets spend 2.9 percent on average, the study found.

2014 Mean Compliance Expenses

  Asset Size Categories
<$100M $100M to $250M $250M to $500M $500M to $1B $1B to $10B
Data Processing Expense $27.6
1.5%
$36.8
0.9%
$82.0
0.9%
$108.7
0.6%
$188.3
0.4%
Legal Expense $4.6
0.2%
$5.9
0.1%
$20.0
0.2%
$47.4
0.2%
$134.9
0.2%
Accounting Expense $19.9
1.1%
$31.6
0.7%
$45.6
0.5%
$57.7
0.3%
$188.2
0.3%
Consulting Expense $11.7
0.6%
$18.2
0.4%
$24.0
0.3%
$43.4
0.2%
$129.1
0.2%
Personnel Expense $100
5.3%
$176
3.9%
$312
3.4%
$507
2.8%
$1,203
1.8%
Total Expense $163.8
8.7%
$268.5
5.9%
$483.6
5.3%
$764.2
4.2%
$1,843.5
2.9%
Number of Banks 113 154 121 45 36

Source: Federal Reserve.
NOTES: The sample consists of 469 commercial banks with assets under $10 billion that responded to the Conference of State Bank Supervisors’ survey in 2015 on operations in 2014 and for which complete data are available. Dollar amounts, expressed in thousands, represent means for banks in varying categories. Percentages are means within a category of the ratios of dollar amounts to overall noninterest expenses.

Arthur Johnson, chairman of United Bank in Grand Rapids, Michigan, says the notion that regulations are scalable based on the size of the institution “just isn’t true.” His bank, which has $560 million in assets, is contending with new mortgage disclosures and regulations put forth by the Consumer Financial Protection Bureau as part of the Dodd-Frank Act. People getting a residential mortgage these days have to look at paperwork that’s a quarter of an inch thick. Mortgage is a big part of the bank’s business model, so giving up on it is not an option, he says. Households want a checking account and they want a residential mortgage. “If we can have those two relationships we can feel we will be the primary institution for that household,’’ he says.

For the most part, mortgage activity has not been curtailed. A recent GAO report found that while banks say new regulations coming out of the Dodd-Frank Act have negatively impacted their banks, and their ability to offer some products such as nonqualified mortgages, the level of mortgage lending is actually on the increase.

“The results of surveys we reviewed suggest that there have been moderate to minimal initial reductions in the availability of credit among those responding to the various surveys and regulatory data to date have not confirmed a negative impact on mortgage lending,” the report said.

Paul Schaus, president and CEO of CCG Catalyst, a consulting group, says banks tell him frequently that they are spending more money on compliance than years past. Ten years ago, a community bank might have one compliance officer and a $200,000 budget for compliance. Now, it has five to six employees and a $1 million budget, even though nothing else has changed about the bank.

Some of the biggest compliance headaches involve the Bank Secrecy Act, he says. Even though the law is the same as it has been for many years, enforcement has become tougher, he says. Banks are buying monitoring systems to track transactions, which when first installed, trigger an avalanche of activity that must be analyzed by employees.

He thinks the costs of compliance are among several issues leading to more consolidation among banks. A bank with $400 million in assets can merge with another bank and become one with $800 million in assets that combines its compliance functions.

Another solution short of merging is to narrow the bank’s focus and cut costs that way. A lot of small, community banks still are trying to be everything to everyone, and that’s not going to cut it, Schaus says. “You need to differentiate yourself,’’ he says.

Johnson says his bank is looking at its options to grow to become more efficient, which might mean buying another bank. With five full-time employees working on compliance, two of them lawyers, the cost of compliance has become quite high. “I’ve been here for 45 years and I never thought we’d be big enough to hire our own in-house lawyer,’’ he says.

Julie Stackhouse, the executive vice president for banking supervision at the St. Louis Fed, says she hears all the time that community banks are struggling under the weight of compliance, but they have other problems too, including low interest rates and slow growth in many of the small communities where they do business.

“The costs clearly are being attributed to consumer compliance laws and regulations, and there have been several new ones; and the ongoing costs of BSA and anti-money laundering legislation, which has been here for some time,” she says. She says banks are spending more on computer systems to help with compliance and BSA.

Highly Rated Banks Don’t Spend More
Further, researchers analyzed whether banks who spend more on compliance have better management ratings on regulatory exams than banks who spend less. Apparently, that wasn’t the case. Other factors, such as the ability of management, the audit committee and auditors to work together to properly focus oversight attention, may better determine management ratings than the sheer number of dollars you spend on compliance, the researchers found.

In fact, for very highly rated banks under $100 million in assets, which received a “1” rating on their management score, the spend was about 6.8 percent of noninterest expenses, compared to 9.1 percent on average for everybody else in their size category.

There are obviously problems comparing your banks with others in your asset class. Some banks may have relatively high expenses because they do business in expensive cities such as San Francisco, or because they have expensive but highly profitable business models, so it doesn’t always make sense to compare your bank with an average.

Overall, though, Stackhouse thinks the study will be very useful. “Having research that supports analysis of the issues is going to be very useful for us going forward,’’ she says.

Cutting Compliance Costs with Regtech


FXT-compliance.png

I was having a discussion about the future of banking with some fellow investors recently and one of my younger and more tech savvy associates opined that fintech companies would soon make traditional branch banking obsolete. It is a provocative idea but I am pretty sure he is wrong. Two decades from now it will still be fairly easy to find a bank branch a short drive away even if it is in a driverless car. Bankers will adapt and banking will become more mobile and more digital, but there will always be a place for banks and their branches in the economy.

Bankers are not sitting in their offices waiting to be replaced. They are finding ways to use new technology advancements to make their business faster, more efficient-and most importantly, less expensive. This is particularly true in one of the highest cost centers in the bank-regulatory compliance-where the automation of that detail intensive process is providing huge cost benefits. Compliance costs have been spiraling upward since the financial crisis led to an avalanche of new regulations, and technology might be the industry’s best hope of bringing those costs back down.

Bankers are starting to see the advantages of big data and analytics-based solutions when they are applied to the compliance challenge. “Although still in the early stages, banks are applying big data and advanced analytics across customer-facing channels, up and down the supply chain, and in risk and compliance functions,” said Bank of the West Chairman Michael Shepherd in a recent interview with the Reuters news service. For example, a growing number of banks are using new technology to automate the enormous data collection and management processes needed to file the proper compliance reports, particularly in areas like the Bank Secrecy Act. This new technology can help regional and community banks address data gathering and reporting challenges for regulatory compliance.

Smaller banks in particular are looking to partner with companies that can help build a data driven approach to compliance management. More than 80 percent of community banks have reported that compliance costs have risen by at least 5 percent as a result of the passage of the Dodd-Frank Act and the expense is causing many of the smallest institutions to seek merger partners. In fact, two of the biggest drivers of my investment process in the community bank stock sector is to identify banks where compliance costs are too high, and where there is a need to spend an enormous amount of money to bring their technology up to date. Odds are that those banks will be looking for a merger partner sooner rather than later.

While banks are looking to make the compliance process quicker, easier and cheaper, they also need to be aware that the regulators are developing a higher level of interest in the industry’s data collection and management systems as well. A recent report from consulting firm Deloitte noted that “[In] recent years regulatory reporting problems across the banking industry have more broadly called into question the credibility of data used for capital distributions and other key decisions. The [Federal Reserve Board] in particular is requesting specific details on the data quality controls and reconciliation processes that firms are using to determine the accuracy of their regulatory reports and capital plan submissions.”

The Consumer Financial Protection Bureau is also monitoring the compliance management process very closely. An assistant director there was quoted recently as saying that the bureau is increasingly focusing its supervisory work on the third-party compliance systems that both banks and nonbanks sometimes rely on. This is the behind-the-scenes technology that drives and supports the compliance process.

There is a developing opportunity for fintech companies to focus their efforts on providing regtech solutions to regional and community banks. The cost of compliance is excessive for many of these institutions and, for some, place their very survival into question. Regtech firms that develop compliance systems that are faster, more efficient and can help cut compliance costs significantly in a manner acceptable to the regulatory agencies will find a large and fast growing market for their services.