Regulators Should Force Fintechs to Protect Consumers

fintech-3-16-16.pngWhen looking at the new competition arising from fintech companies, many bankers understandably feel that they are at an unfair disadvantage. Banks must deal with a constricting regulatory environment, but regulators don’t always apply the same standards to fintech companies. So bankers have lobbied regulators to take a more aggressive stance towards their new competitors.  [Editor’s note: The Consumer Financial Protection Bureau recently fined payment startup Dwolla $100,000 for “deceiving” customers about its security practices.]

Bankers are right to push regulators on this issue. Regulators must take a closer look at the growing fintech sector, create new standards and coordinate their efforts across multiple enforcement agencies.

The purpose of these oversight efforts should not be leveling the playing field between banks and new entrants. Instead, the purpose should be protecting customer data and keeping customers informed about how their information is used. Regulation that properly incentivizes innovation and benefits consumers needs to focus on security, privacy and transparency.

The Clearing House, which processes payments for banks, correctly pointed this out last year in a white paper that detailed some of the security lapses by alternative payments providers. For example, reports surfaced last spring that Venmo allows changes to important account information without notifying the user. This is a basic security blunder, and banks can be left on the hook for fraudulent transactions when new providers make such mistakes.

Setting Standards Based on Size, Access to Customer Information
To help fix this situation, regulators need to implement security standards for fintech companies based on their size and the type of customer information they touch. That means some fintech companies should be held to the same standards as banks—particularly those that offer account products—but others should not, depending on the sensitivity of the customer data they handle.

It also means that early stage startups shouldn’t be held to the same standards as larger, more mature fintech companies. An early stage startup with a minimum staff is not likely to have a security professional or the funds to hire one. So holding small startups to the same security standards as a large mobile wallet provider that processes billions of transactions per year will only strangle innovation.

Banks can play a key part in helping these early stage startups while also improving their own offerings. Many of these startups hope to partner with or be acquired by banks. As millennials grow up, those banks will increasingly compete with their peers based on their digital offerings. The ability to effectively partner with small, agile startups while ensuring security and compliance will be a competitive advantage for these institutions.

A bank that wants to partner with a promising startup can share some of its knowledge, staff and resources in security and compliance with the startup. Banks are usually cautious in launching new products in conjunction with startups anyway, typically starting with a small trial with a limited number of users before a full launch. That approach helps banks ensure security and compliance with the product and partner before a full launch with customers.

Effective Security Standards
While giving early-stage startups leeway on security makes sense, fintech companies with a threshold of customers using their products should face appropriate scrutiny and regular security audits because of their increased value and attack surface for hackers.

That means regulators will need to be more specific about their security guidance than they’ve been in the past. Regulators often shy away from mandating specific security measures, instead favoring general guidelines and benchmarking against industry peers. As the cyber threat grows bigger, regulators will need to require measures like tokenization and encryption for fintech companies handling sensitive customer information. Those fintech companies that offer account products or a direct connection to users’ existing bank accounts should be required to monitor and analyze user activity to prevent unauthorized logins and transactions.

These measures are likely to become industry standards in time anyway, but regulators shouldn’t hesitate to take a hand in speeding up that process. Regulators might prefer to wait and let the fintech market determine industry standards. Security is already a competitive advantage for fintech companies. Apple set the bar when it introduced Apple Pay and emphasized the security built into it. The fintech companies that don’t meet industry expectations for security won’t succeed in the long run. But regulators shouldn’t wait for fintech winners and losers to shake out to take action that could help protect customers’ information now.

It’s Time to Add Legal Analysis to the Due Diligence Process

due-diligence-2-22-16.pngFinancial institution regulators have increased their scrutiny of bank compliance systems and controls following the financial crisis. The number and severity of enforcement actions has accordingly increased. At the same time, the pace of community bank M&A has also increased, leaving bank directors and investors with an essential dilemma: How much is a bank worth as compliance costs continue to rise in the post-financial crisis world? This article adds clarity to that question by exploring the relationship between regulatory risks and firm value. A well designed legal due diligence process can uncover regulatory issues that can, when analyzed through a valuation-oriented lens, assist management and financial professionals in adjusting a firm’s value, up or down, as appropriate.

Due diligence consists of evaluating both business and legal work streams, with the former tending to focus on business risks and valuation and the later tending to focus on legal risks and deal structure. While legal due diligence might occasionally inform firm valuation, such as purchase price adjustments due to litigation or insurance claims, it does not generally, by design, prioritize valuation.

Take, for instance, the following example of a hypothetical medium-sized bank with $15 billion in assets that offers a variety of traditional banking products, including consumer financial products. Given its size and product offerings, this mid-sized bank is subject to regulation by the Consumer Financial Protection Bureau (CFPB) in addition to its prudential banking regulators.

In our hypothetical example, legal due diligence uncovers that the mid-sized bank previously marketed and sold a debt protection credit card product for several years through an aggressive telemarketing campaign. The product was advertised as permitting customers the ability to cancel credit card payments in the event of certain hardships such as job loss, disability and hospitalization. Consumers who enrolled in the product were charged a fee. Legal due diligence finds that the telemarketers did not disclose the product fee and that promotional materials contained material inaccuracies concerning the product’s scope of coverage and exclusions. Legal due diligence further reveals that the CFPB is pursuing an ongoing campaign of enforcement actions against banks that sold similar products.

Legal counsel conducts an analysis of prior enforcement cases, studying time frames between banks’ underlying offending activities and resultant enforcement actions; sizes and types of penalties in relation to the offending banks’ conduct; mitigating effects of remediation, self-reporting, and cooperation; and other pertinent factors. Legal counsel also reviews the underlying customer contracts, the dollar volume of fees collected by the mid-sized bank on the product, the number of customers who applied for coverage versus the number who successfully obtained debt protection, the volume of customer complaints received on the product, and the pattern of private class action suits based on similar underlying facts in other cases.

Based on this legal due diligence, mid-sized bank’s financial advisors determine that it is appropriate to adjust the financial forecast of the bank such that two years after an acquisition, forecasted pre-tax earnings are decreased by $15 million as a result of a possible CFPB-ordered restitution and civil money penalty payments, as well as related compliance, consulting, and legal fees. Year four pre-tax earnings are decreased by $10 million, as a result of an expected settlement of private class action litigation. These adjustments then flow through the valuation model. In assessing a potential acquisition of a mid-sized bank, a prospective buyer might now be able to better adjust the purchase price of mid-sized bank in a more disciplined and analytical fashion, and negotiate certain other purchase price adjustments based on these enforcement contingencies.

We are aware of at least one serial acquirer of smaller community banks that builds into its typical merger agreement a purchase price adjustment for declines in capital resulting from compliance deficiencies (among other specified items). Such provisions are rare in the bank M&A market as they are not attractive to a seller, unless the acquirer’s bid is clearly higher than the next closest in value. This further points to the importance of the due diligence process.

The example of the mid-sized bank presents a case in which valuation and deal structure can benefit from valuation-oriented legal due diligence. Buyers can avoid the risk of overpaying and sellers can avoid the risk of underselling a bank. Whether valuation is adjusted up or down in light of legal due diligence, in the post-financial crisis world, bank directors can add significant value to an M&A transaction through the addition of such a process.

What To Do To Prepare for a CFPB Examination

cfpb-12-28-15.pngThe Consumer Financial Protection Bureau’s exams are an open book text, but does your organization have the book? Obviously, there are subjective elements to every exam. But we do recommend doing your homework.

Read Up on What to Expect
The first document you need is entitled “Debt Collection Examination Procedures,” October 24, 2012, available on the CFPB website. There are a number of different ways to use the manual, but a critical task is to take each requirement in the manual and inventory all the ways your bank can answer: How can we prove that we are meeting this? What tangible evidence exists that we can put in front of an examiner?

The second document is the general CFPB Supervision and Examination Manual, from October 1, 2012. The full text is now over 900 pages long, so we recommend that banks start with the Risk Assessment Template. At a minimum, banks should consider two sections:

  • Risk Assessment Template: We recommend that companies use this as a means of seeing the organization as the CFPB will. Where are the risk areas for potential consumer harm and how are you mitigating those risks?
  • Part II.A. Compliance Management Systems (CMS): This covers the process used to identify regulatory changes, assess their impact on your organization, incorporate the changes into your regular processes and monitor compliance on an on-going basis.

Catch Up on Current Events
It can be challenging to stay abreast of CFPB developments: We recommend that those responsible for managing the examination read up on as much public information as possible about what the CFPB has been doing, including:

  • The CFPB website often has speeches and Congressional testimony from its leadership. This often is a good source of information on what the CFPB is emphasizing and their areas of focus.
  • The CFPB publishes a document two to three times per year entitled “Supervisory Highlights,” which summarizes issues they have seen and actions they have taken during their routine examinations. The actions summarized here and presented anonymously provide insight into common issues at regulated entities.
  • Websites from CFPB watchers: Several law firms maintain very good web sites that track and comment on CFPB related developments.

Get All Hands on Deck
Some organizations see regulatory exams as a legal matter, others as compliance. We recommend mustering all internal resources which can assist, regardless of their normal duties. In addition to legal and compliance, this could include internal audit and operations. It is important that the team that will participate in the examination is involved right from initial planning through final resolution. We have seen situations where upfront planning is handled by a single function, for example the legal department, and the actual examination is given to another department, say compliance. This can lead to a bad handoff, poor communication and other problems.

Clients sometime ask us who should be available to work with the examiners. You want your “go to” people available. This may skip official reporting lines—often times the nominal head of function may not be the most knowledgeable about daily processing or issue resolution. It is in all participants’ interest to efficiently clear any preliminary issues raised during the examination.

Heal Thyself
Do you have the kind of organization where people can raise their hand when they see a problem, or is it the kind where bad news is suppressed? One of the authors of this article worked at a bank where quality metrics where a very large component of operations management’s performance evaluation, so operations management fought every issue that the internal Quality Assurance and Quality Control functions raised. Subsequently, the high quality metrics were overstated and the bank was surprised at the number and severity of issues raised by their regulator. Don’t underestimate the power of an executive sitting down with personnel a few levels below him or her and asking, “What do you think could burn us with the examiners coming in?

Prepare Your People
Many of your organization’s resources participating in an examination are not individuals who routinely reach outside your organization. Few organizations would send a sales person out into the market to represent the company without preparation. However, we have observed an equivalent situation occur with unprepared resources have critical roles for examinations. Make sure that management prepares everyone who will participate.

While On Site
Anyone who has spent time as an auditor has experienced being put in dank, windowless basements. Have your organization treat the examiners like you would an important client that was coming in: have a welcome message in the lobby and have decent space for them. In short, they are human and like all humans are going to respond to any perceived disrespect.

A Look Ahead to 2020: How Bank Directors Can Guard Against Risk

risk-12-11-15.pngAs banks look to the year 2020, we’ve identified five key risks that need to be actively assessed and monitored as the industry changes and adapts to consumer demands and competition. When it comes to data security and technology, regulatory risk, finding qualified personnel, profitability, and bank survival, bank directors need to ask:

  • How do we as an organization identify these risks on an ongoing basis?
  • How do they affect our organization?
  • How can we work with management to manage future risks?

Here’s a snapshot of the risk areas, what’s anticipated as we look to the future, and steps you can take to stay competitive and mitigate risk.

Data Security & Technology
It’s important to keep up with your peers and provide services as your clients demand them. More sophisticated payment platforms that make it easier to access and transfer funds will continue to gain popularity, particularly mobile platforms.

Being competitive requires innovation, which means software, bank integration, and sophisticated marketing and delivery. Third-party service providers may be the answer to help cut expenses and improve competition, but they also present their own unique risks.

With innovation comes opportunity: attacks on data security will increase, making the safeguarding of data a high priority for banks. While technology is an important element to this issue, the primary cause of breaches is human error. To this end, it’s essential for management to set the example from the top while promoting security awareness and training.

Regulatory Risk
Expectations from the Consumer Financial Protection Bureau regarding consumer protection will intensify. Anticipate some added expenditure to hire and retain technical experts to manage these expectations. Regulations are on the way for small business and minority lending reporting, as well as the structure of overdraft protection and deposit product add-ons, among others. Directors and management need to evaluate:

  • Compliance management infrastructure
  • Staffing needs and costs
  • Impact of proposed regulatory change to the bottom line

Qualified Personnel
For instance, baby boomers are retiring at a rate faster than Generation X can replenish, making it more difficult and costly to attract and retain skilled people. Meanwhile, the shrinking availability of skilled labor in this country is costing organizations throughout the United States billions of dollars a year in lost productivity, increased training and longer integration times.

A bank’s succession plan for its people should:

  • Identify key roles and technical abilities in your organization
  • Assess projected employee tenure
  • Develop a comprehensive employee replacement strategy
  • Prioritize training and apprentice programs

The bottom line at traditional banks will continue to be stressed as momentum builds for institutions to reduce product and service-related fees. Overhead expenses also will continue to increase as banks boost spending for IT infrastructure to support demands by customers for mobile technology and technical innovation and finding and retaining qualified personnel to manage complex regulatory requirements. Responses to these trends are already underway. Some institutions are:

  • Divesting of consumer-related products laden with heavy regulatory requirements
  • Sharpening strategic focus on holistic customer relationships with professional and small business customers to increase relationship-driven revenue
  • Exploring new or more complex commercial lending products and partnerships designed to increase interest income to attract customers in new markets

Banks will need to closely monitor the impact of regulatory initiatives on future earnings from fees and alternative revenue sources.

Bank Survival
Here are some proactive steps to consider as your bank prepares for 2020:

  • Develop an ongoing strategy for mergers and acquisitions to expand capital
  • Consider charter conversions to lend flexibility in expanded product and service offerings or a change in regulatory expectations or intensity
  • Evaluate the impact of higher regulatory expectations

To help identify and manage risk, management should plan regular discussions in the form of annual strategic planning meetings, regular board meeting agendas, and targeted meetings for specific events. The focus should extend beyond known institutional risks, such as credit, interest rate and operational, but should also look at key strategic risks.

If your institution can innovate with the times to stay ahead of risk and competition with a systematic approach, then the path to 2020 will be less fraught with difficulties.

CFPB Takes Aim at Class Action Waivers in Arbitration

arbitration-11-30-15.pngOn October 7, 2015, the Consumer Financial Protection Bureau (CFPB) announced that it is considering proposing rules that would prohibit companies from including arbitration clauses in contracts with consumers. This would effectively open up the gates to more class action lawsuits in consumer financial products such as credit cards and checking accounts.

In March 2015, the CFPB released its Arbitration Study: Report to Congress 2015, which evaluated the impact of arbitration provisions on consumers. The CFPB conducted the study as mandated by the Dodd-Frank Wall Street Reform and Consumer Protection Act. Among other things, the study concluded that:

  • arbitration clauses “restrict consumers’ relief for disputes with financial service providers by allowing companies to block group lawsuits;”
  • most arbitration provisions include a prohibition against consumers bringing class actions;
  • very few consumers individually pursue relief against businesses through arbitration or federal courts; and
  • more than 75 percent of consumers in the credit card market did not know if they had agreed to arbitration in their credit card contracts.

The advantages and disadvantages of pre-dispute arbitration provisions in connection with consumer financial products or services—whether to consumers or to companies—are fiercely contested. Consumer advocates generally see pre-dispute arbitration as unfairly restricting consumer rights and remedies. Industry representatives, by contrast, generally argue that pre-dispute arbitration represents a better, more cost-effective means of resolving disputes that serves consumers well. With limited exceptions, however, this debate has not been informed by empirical analysis. Much of the empirical work on arbitration that has been carried out has not had a consumer financial focus.

As a result of the study, which allegedly contains the first empirical data ever undertaken on the subject of arbitration clauses, the CFPB is currently considering rule proposals that would:

  • ban companies from including arbitration clauses that block class action lawsuits in their consumer contracts, unless and until the class certification is denied by the court or class claims are dismissed by the court;
  • require companies that use arbitration clauses for individual disputes to submit to the CFPB all arbitration claims and awards (which the CFPB may publish on its website for the public to view) so that the CFPB can ensure that the process is fair to consumers and determine whether further restrictions on arbitrations should be undertaken; and
  • apply to nearly all consumer financial products and services that the CFPB regulates, including credit cards, checking and deposit accounts, prepaid cards, money transfer services, certain auto loans, auto title loans, small dollar or payday loans, private student loans, and installment loans.

Critics have found the CFPB’s data and conclusions leave something to be desired. An abstract of a report authored by researchers at the University of Virginia School of Law and Mercatus Center at George Mason University finds that the CFPB report “contains no data on the typical arbitration outcome—a settlement—and it is these arbitral settlements, and not arbitral awards, that should be compared to class action settlements. It does not address the public policy question of whether, by resolving disputes more accurately on the merits, arbitration may prevent class action settlements induced solely by defendants’ incentive to avoid massive discovery costs. It shows that in arbitration, consumers often get settlements or awards, are typically represented by counsel, and achieve good results even when they are unrepresented. In class action settlements, CFPB reports surprisingly high payout rates to class members and low attorneys’ fees relative to total class payout. These aggregated average numbers reflect the results in a very small number of massive class action settlements. Many class action settlements have much lower payout rates and higher attorneys’ fees.”

Needless to say, businesses with arbitration clauses prohibiting class actions wait anxiously for CFPB’s final rules on this subject matter. Is there any doubt what the final rules will contain? We think there will be restrictions on the use of arbitration clauses that prevent consumers from initiating class action lawsuits in contracts for consumer financial products or services.

The Audit Committee: Help Them Help You

audit-committee-11-19-15.pngAn effective audit committee is a critical component of a financial institution’s corporate governance, but such a committee is not the result of an accident. It is formed through a deliberate process that includes appointing qualified individuals, providing adequate resources and offering other appropriate support.

The Right People
Every effective team begins with an effective leader to serve as chairperson. To fill that role for the audit committee, the board must select an independent director who, at a minimum, possesses an understanding of U.S. generally accepted accounting principles and the importance of internal controls. The audit chairperson should have a sense of the pressure points where the institution might be particularly vulnerable to fraud. Often, board members are business owners, managers in other organizations, or educators and will need help to acquire the requisite skill sets to lead or participate on the audit committee.

The Right Resources
With accounting standards, regulatory compliance requirements and risk factors continuing to change at a rapid pace, boards need to commit time and money to keep the chairperson and the audit committee up to speed. New accounting rules revisit some long-standing techniques in order to establish a more transparent level of reporting. Also, the introduction of the Consumer Financial Protection Bureau (CFPB) added complexity to regulatory compliance, and a bank that runs afoul of the new rules could suffer substantial harm to its reputation. In addition, technology and customer demands for access to services through nontraditional channels add risks never contemplated 10 years ago.

To help the audit committee stay current, the board should provide it access to outside training on these and other relevant areas. Boards also can obtain valuable guidance by monitoring the activities at other banks. Their publicized experiences (for example, in alerts from the Office of the Comptroller of the Currency) can serve as a road map of areas that require regular attention from the audit committee. Audit committee members must be intimately familiar not just with their own bank—but also with the banking industry as a whole.

The Right Support
Although it is management’s responsibility to establish processes and controls to manage risk, it is the audit committee’s responsibility to confirm that such processes and controls are established and monitored. The internal audit group, already charged with risk assessment and monitoring, can play an important role in satisfying this responsibility.

As with the audit committee, the success of internal audit hinges on the training and experience of the team members and on the provision of necessary resources. The importance of these elements increases significantly when the bank’s management is responsible for reporting on the design and effectiveness of the internal controls over financial reporting, as is required of publicly traded companies, because management must attest that controls are well-designed and operating effectively and is held responsible if its attestation proves false.

Bear in mind that a bank’s growth often is not mirrored in changes in internal audit. As a result, issues can go unidentified. Even if new issues are appropriately identified, the review cycles will be prolonged if internal audit has insufficient personnel. When the board looks strategically at the organization, it must align the expansion of the business with the risk mitigation process—including internal audit resources. Even the most capable audit committee will prove ineffective without a well-armed internal audit team.

The board also should recognize that its attitude and that of management toward internal audit frequently contributes to its success (or lack thereof). Leadership should address findings on a timely basis, and the board and audit committee should monitor the responsiveness of corrective action, especially for those issues flagged as higher risk. If management is dismissive of findings, and the audit committee or board is disinterested in follow-up, the value of the internal audit role will erode quickly.

The Right Approach
Board members are elected to oversee the activities of their bank, and the audit committee is an integral part of that oversight. It is in the board’s—and the bank’s—best interest to provide both the audit committee and internal audit with the training and resources necessary to execute their responsibilities.

Where the CFPB’s Faster Payment Vision Falls Short

NACHA-8-24-15.pngOn July 9, 2015, the Consumer Financial Protection Bureau released its “vision” for faster payment systems, consisting of nine “consumer protection principles.”  The principles build on concerns about payment systems raised by CFPB Director Richard Cordray in a speech last year. These well intentioned principles pose a number of practical problems and ignore the inherent interdependence of consumer and commercial benefits as payment systems evolve.

The CFPB’s nine principles stake out a bold policy stance aimed at ensuring that faster payment systems primarily benefit consumers. The principles are:

  • Consumer control over payments;
  • Data and privacy;
  • Fraud and error resolution protections;
  • Transparency;
  • Cost;
  • Access;
  • Funds availability;
  • Security and payment credential value; and
  • Strong accountability mechanisms that effectively curtail system misuse.

Release of these principles follows initiatives by the Federal Reserve System, The Clearing House, and most recently NACHA, through its same-day ACH rule approved in May, to promote the development of faster payment systems.

Practical Concerns with the CFPB’s Faster Payment Systems Principles
The CFPB’s principles undoubtedly deserve consideration, and few industry participants would disagree with them at a high level. Though reasonable in theory, certain goals articulated by the CFPB may prove impractical, counterproductive, or unduly optimistic in practice. Here are four examples:

Data and Privacy
The CFPB generally wants consumers to be “informed of how their data are being transferred through any new payment system, including what data are being transferred, who has access to them, how that data can be used, and potential risks[,]” and wants systems to “allow consumers to specify what data can be transferred and whether third parties can access that data.”

This amount of disclosure and degree of consumer control is unrealistic for routine payment transactions, unnecessary in light of current and evolving security measures and fraud and error resolution protections, and likely to thwart the goal of faster payment processing.

Transparency and Funds Availability
The CFPB expects faster payments systems to provide “real-time access to information about the status of transactions, including confirmations of payment and receipt of funds” and to give consumers “faster guaranteed access to funds” to decrease the risk of overdrafts and non-sufficient funds (NSF) transactions.

Here and throughout its principles, the CFPB expresses its desire for faster payment systems to benefit consumers immediately. Implicit in this goal is a rejection of staged implementation of consumer protections, as in NACHA’s same-day ACH rule where same-day funds availability for consumers follows same-day settlement of debit and credit transactions. Additionally, real-time access to information about transaction status seems costly and unhelpful until consumers can act upon such information in real time.

The CFPB envisions affordable payment systems with fees disclosed to allow consumers to compare costs of different payment options.

The CFPB’s vision of comparative cost disclosures across the ecosystem of available payment options is unrealistic given the existence of competing independent payment systems, multiple payment channels and devices, and varying degrees of intermediation. The total cost to consumers of using different payment systems depends upon many unpredictable variables, making comparative cost disclosures little more than rough, imprecise estimates.

The CFPB expects faster payment systems to be “broadly accessible to consumers,” including “through qualified intermediaries and other non-depositories.”

This principle focuses on unbanked and underbanked consumers. Although broad accessibility should be encouraged, it is difficult to imagine a safe and widely accepted payment system evolving in which banks would not be heavily involved in the origination and receipt of transactions. Indeed, payment systems that have evolved independent of banks—such as virtual currencies—pose substantial consumer protection concerns.

Implications of the CFPB’s Principles
CFPB Director Cordray emphasized that “the primary beneficiaries” of faster payment systems should be consumers and the CFPB’s principles reflect this view. Creating faster payment systems is an enormously complicated industry-driven undertaking, the cost of which is borne by industry participants. As such, faster payment systems must offer tangible benefits to industry participants, not just to consumers, if they are to succeed. The CFPB’s principles would be more effective if they expressly recognized the need to balance consumer and commercial benefits.

Further, the CFPB may intend to use its principles as a chokepoint for policing consumer protection features in evolving payment systems. We hope the CFPB’s adherence to these principles does not become rigid and overzealous or threaten to derail useful payment system improvements before they get off the ground.

In Plain Sight: The Extraordinary Potential of Big Data

big-data-7-30-15.pngThe era of big data has arrived, and few industries are better positioned to benefit from it than banking and financial services.

Thanks to the proliferation of smartphones and the growing use of online social networks, IBM estimates that we create 2.5 quintillion bytes of data every day. In an average minute, Yelp users post 26,380 reviews, Twitter users send 277,000 tweets, Facebook users share 2.5 million pieces of content and Google receives over four million search queries.

Just as importantly, data centers have slashed the cost of storing information, computers have become more powerful than ever and recently developed statistical models now allow decision makers to simultaneously analyze hundreds of variables as opposed to dozens.

But while fintech upstarts like Simple, Square and Betterment are at the forefront of harnessing data to tailor the customer experience in their respective niches, no companies know their customers better than traditional financial service providers. The latter know where their customers shop, when they have babies and their favorite places to go on vacation, to mention only a few of the insights that can be gleaned from proprietary transactional data.

When it comes to big data, in turn, banks have a potent competitive advantage given their ability to couple vast internal data repositories with external information from social networks, Internet usage and the geolocation of smartphone users. In the opinion of Simon Yoo, the founder and managing partner of Green Visor Capital, a venture capital firm focused on the fintech industry, the first company to successfully merge the two could realize “billions of dollars in untapped revenue.”

Few financial companies have been as proactive as U.S. Bancorp at embracing this opportunity. Using Adobe Systems Inc.’s cloud computing services, the nation’s fifth-largest commercial bank “integrates data from offline as well as online channels, resulting in a truly global understanding of its customers and how they interact with the bank at multiple touch points,” says an Adobe case study.

By feeding cross-channel data into its customer relationship management platform, U.S. Bancorp is able to supply its call centers with more targeted leads than ever before. The net result, according to Adobe, is that the Minneapolis-based regional lender has doubled the conversion rate from its inbound and outbound call centers thanks to more personalized, targeted experiences compared to traditional lead management programs.

Along similar lines, a leading European bank studied by Capgemini Consulting employed an analogous strategy to increase its conversion rates by “as much as seven times.” It did so by shifting from a lead generation model that relied solely on internal customer data, to one that merged internal and external data and then applied advanced analytics techniques, notes Capgemini’s report “Big Data Alchemy: How Can Big Banks Maximize the Value of Their Customer Data?”

Another European bank discussed in the report generated even more impressive results with a statistical model that gauges whether specific customers will invest in savings products. The pilot branches where the model was tested saw a tenfold increase in sales and a 200 percent boost to their conversion rate relative to a control group. It’s this type of progress that led Zhiwei Jiang, Global Head of Insights and Data at Capgemini, to predict that a “killer app” will emerge within the next 18 months that will change the game for cross-selling financial products.

The promise of big data resides not just in the ability of financial companies to sell additional products, but also in the ability to encourage customers to use existing products and services more. This is particularly true in the context of credit cards.

“In a mature market, such as the U.S., Europe or Canada, where credit is a mature industry, it is naïve for a bank to believe that the way it is going to grow revenue is simply by issuing more credit cards,” notes a 2014 white paper by NGDATA, a self-described big data analytics firm. “The issue for a bank is not to increase the amount of credit cards, but to ask: How do we get the user to use our card?”

The answer to this question is card-linked marketing, an emerging genre of data analytics that empowers banks to provide personalized offers, savings and coupons based on cardholders’ current locations and transactional histories.

The venture capital-backed startup edo Interactive does so by partnering with banks and retailers to provide card users with weekly deals and incentives informed by past spending patterns. Its technology “uses geographical data to identify offers and deals from nearby merchants that become active as soon as the customer swipes their debit or credit card at said merchant,” explains software firm SAP’s head of banking, Falk Rieker.

Founded in 2007, edo has already enrolled over 200 banks in its network, including three of the nation’s top six financial institutions, and boasts a total reach of 200 million cards.

Poland’s mBank offers a similar service through its mDeals mobile app, which couples the main functions of its online banking platform with the company’s rewards program. “What makes this program so innovative is its ability to present customers with only the most relevant offers based on their location and then to automatically redeem discounts at the time of payment,” notes Piercarlo Gera, the global managing director of banking strategy at Accenture.

A third, though still unproven, opportunity that big data seems to offer involves the use of alternative data sources to assess credit risk.

The Consumer Financial Protection Bureau estimates that as many as 45 million Americans, or roughly 20 percent of the country’s adult population, don’t have a credit score and thereby can’t access mainstream sources of credit. The theory, in turn, is that the use of additional data sources could expand the accessibility of reasonably priced credit to a broader population.

One answer is so-called mainstream alternative data, such as utility payments and monthly rent. This is the approach taken by the VantageScore, which purports to combine “better-performing analytics with more granular data from the three national credit reporting companies to generate more predictive and consistent credit scores for more people than ever.”

Another is to incorporate so-called fringe alternative data derived from people’s shopping habits, social media activity and government records, among other things. Multiple fintech companies including ZestFinance, LendUp and Lenddo already apply variations of this approach. ZestFinance Vice President for Communications and Public Affairs Jenny Galitz McTighe says the company has found a close correlation between default rates and the amount of time prospective borrowers spend on a lender’s website prior to and during the loan application process.

“By using hundreds of data points, our approach to underwriting expands the availability of credit to people who otherwise wouldn’t be able to borrow because they don’t have credit histories,” says McTighe, pointing specifically to millennials and recent immigrants to the United States.

While this remains a speculative application of external data by, in certain cases, inexperienced and overconfident risk managers, there is still a growing chorus of support that such uses, once refined, could someday make their way into the traditional underwriting process.

This list of big data’s potential to improve the customer experience and boost sales at financial service providers is by no means exhaustive. “It’s ultimately about demonstrating the art of the possible,” said Wells Fargo’s chief data officer, A. Charles Thomas, noting that big data could one day help the San Francisco-based bank reduce employee turnover, measure the effectiveness of internal working groups and identify more efficient uses of office space.

It’s for these reasons that big data seems here to stay. Whether it will usher in a change akin to the extinction of dinosaurs, as Green Visor’s Yoo suggests, remains to be seen. But even if it doesn’t, there is little doubt that the possibilities offered by the burgeoning field are vast.

Fair Lending Compliance Is Becoming More Complex and More Challenging

5-19-15-Crowe.pngCompliance with fair lending regulations has become dramatically more complex over the past several years. Although the underlying regulations have been in place for decades, monitoring by the Consumer Financial Protection Bureau’s (CFPB) Office of Fair Lending and Equal Opportunity, coupled with vigorous enforcement by the U.S. Department of Justice (DOJ), have increased lenders’ risk factors substantially.

Fair lending forbids discrimination based on “prohibited basis” factors: race, religion, ethnicity, national origin, gender, marital status, age, familial status, disability, receipt of income from public assistance sources, and the applicant’s exercise of rights under the Consumer Credit Protection Act. Problems can arise when lenders fail to monitor risk factors:

  • Underwriting. Lenders need to monitor and document any disparities in underwriting outcomes based on a prohibited basis as well as any inequitable application of exceptions to underwriting policies.
  • Pricing. Statistically significant differences in interest rates, fees, or other characteristics offered to applicants by prohibited basis create pricing risk.
  • Steering. It is illegal to steer members of a prohibited basis class to less favorable—often more costly—loan products. Offering similar if not identical products with different pricing through different business units can have the same effect as steering.
  • Servicing. Once all the loan documents have been signed and the customer is on board, posting of loan payments or waiving of late fees needs to be done equitably across a client base.
  • Redlining. Lenders need to be careful when analyzing where their customers live to avoid unintentionally redlining, which involves drawing red lines on a map around neighborhoods where lenders do not want to do business.

Enforcement Trends
In February 2010, the DOJ established the Fair Lending Unit to focus on potential abuses in the consumer lending sector. Since then, the DOJ has filed or resolved 36 lending matters under the Equal Credit Opportunity Act, the Fair Housing Act, and the Servicemembers Civil Relief Act. Settlements have provided more than $1.2 billion in relief for affected communities and individual borrowers.

Although much of this money came from settlements with major lenders, in 2013 the DOJ reached settlements with four community banks that each had less than $400 million in assets. Many of these settlements—large and small—involved pricing discrimination against minority borrowers.

Proposed HMDA Reporting Requirements
On July 24, 2014, the CFPB issued a proposed rule for the expansion of data that lenders need to report under the Home Mortgage Disclosure Act (HMDA). The CFPB wants to use HMDA data to increase awareness of the housing market and, more broadly, the availability of credit. The most significant changes to the HMDA would include:

  • Mandatory reporting of home equity lines of credit (HELOCs) and reverse mortgages
  • Quarterly reporting for large institutions
  • Changes to reporting thresholds—a 25-loan minimum for depository institutions
  • Inclusion of an additional 37 data fields, some of which involve qualitative factors, expanded borrower data, or items related to qualified-mortgage and ability-to-pay rules

Banks and their boards can begin to prepare for the changes by discussing the following questions:

  • How do we currently collect HMDA data?
  • Can our existing staff collect and record the required data values?
  • What steps are the developers of the mortgage application or underwriting system that we use taking to prepare for the changes?
  • Do individuals responsible for potentially newly covered areas such as HELOCs and reverse mortgages have sufficient experience with the HMDA?
  • Have we conducted data reviews to confirm accurate recording of HMDA data?
  • Are we prepared for the potential implications of the new data disclosures? Regulators, consumer rights organizations, advocacy groups, competitors, and others will be looking at HMDA data.

Raising the Ante on Compliance
Compliance with fair lending regulations requires a greater focus on data integrity and the ability to manage statistical models than in prior years. Lenders that have not yet made the investment in internal and external resources to handle the new, expanded and increasingly sophisticated tasks need to consider steps to remain competitive in a challenging marketplace.

The CFPB: How It Impacts Your Bank

1-16-15-Naomi.pngCreated by the Dodd-Frank Act in 2010, the Consumer Financial Protection Bureau (CFPB) represented a seismic shift in federal regulation of the financial sector, an entirely new federal agency created just to protect consumers dealing with financial products. Coming along in the wake of the financial crisis, the CFPB’s mission was to provide a level of protection for individuals in the marketplace that critics felt was missing. The primary banking regulators, sometimes known as prudential regulators, such as the Federal Deposit Insurance Corp. (FDIC), the Office of the Comptroller of the Currency (OCC) and the Federal Reserve, focus on the overall health of the banking industry and the safety and soundness of the financial institutions they regulate. The Dodd-Frank Act moved enforcement of several laws that dealt with consumer protection out of the hands of those agencies and into the hands of the CFPB. Those laws include the Truth in Lending Act, the Truth in Savings Act, the Real Estate Settlement Procedures Act, the Home Mortgage Disclosure Act, the Equal Credit Opportunity Act and the Electronic Fund Transfer Act, among others.

“None of those [laws] are new,” says Jerry Blanchard, a bank attorney at Bryan Cave LLP in Atlanta. “Now, you have somebody applying them in a consistent fashion in banking.”

The CFPB also has the power to enact new regulations to ensure a more transparent and fair marketplace for consumers, and to ensure consumers have timely and understandable information to make responsible decisions about financial transactions. In short, the CFPB is now very much involved in regulating the world in which banks live.

It is also increasingly in the world in which nonbanks live. The CFPB began regulating a whole host of nonbanks that were thought to exist outside of a coherent regulatory system, including payday lenders, mortgage companies, consumer reporting agencies, student loan companies and debt collectors. This could be seen a positive development for banks and thrifts, which often had to compete against players that were not regulated in the same way banks were.

For fiscal year 2015, the CFPB has a budget of $583 million and 1,796 employees, paid for out of the revenues of the Federal Reserve System. The biggest line item both in terms of employees and dollars spent is supervision and enforcement of financial institutions. For banks above $10 billion in assets, that means regular visits and exams conducted by an agency solely focused on consumer protection, which is a new experience for them. For banks below $10 billion in assets, they are not getting examined by the CFPB except in rare circumstances—that responsibility falls to their prudential regulator—but they are impacted by the rules and regulations promulgated by the CFPB.

For instance, the agency finalized a new set of mortgage servicing rules that went into effect in January 2014 impacting any institution that services a mortgage. The CFPB is very focused on mortgage servicing. “It doesn’t matter what size of bank you are,’’ says Blanchard. “If you do a lot of mortgage servicing, you will be dealing with the CFPB.”

The agency implemented a new ability-to-repay mortgage rule and a qualified mortgage standard in January 2014 that some community banks said would negatively impact customers who don’t fit into the standard check-the-box underwriting model for a 15-year or 30-year mortgage. Banks can still offer mortgages outside of the qualified mortgage standard, but they have to keep those mortgages on their books. There also has been concern that offering mortgages outside of the qualified standard might expose the bank to more liability from lawsuits in the future. New rules have also impacted the way banks can pay bonuses to their loan officers. Violations of any of the rules promulgated by the CFPB can have dire consequences. Banks that already have been hit with fines in the millions of dollars or lawsuits include: U.S. Bank, Ally Bank, SunTrust Banks and American Express Centurion Bank.

One area where banks are finding themselves in the hot water in particular has to do with their use of outside vendors. “Banks are looking for more revenues,’’ Blanchard says. “The third party vendors show up saying, ‘We have ways to add a lot more money for you. We can sell these products for you.’” The CFPB, however, is holding banks responsible for the actions of their vendors, including the sale of credit card add-on products that consumers say they didn’t actually order. Some of those products might include identity theft protection or insurance. The bottom line for banks is they need to review and monitor vendors carefully to make sure they are complying with the bank’s and regulators’ expectations regarding consumers.

Some industry observers believe that the CFPB’s focus on consumers has impacted other banking regulators as well, making for tougher enforcement exams pertaining to consumer issues from the FDIC and the OCC. Prudential regulators such as the FDIC have been hitting banks with enforcement actions relating to consumer protection. One area to pay particular attention to in terms of consumer law is unfair or deceptive acts or practices (UDAP). The Federal Trade Commission previously enforced laws regarding UDAP, but Dodd-Frank gave enforcement authority to the CFPB in relation to financial institutions. The law has been expanded to include the term “abusive.” That sounds like a change for attorneys to argue about, but the significance for bank boards is that prudential regulators such as the FDIC are now hitting banks of all sizes with fines and enforcement actions regarding violations under this standard.

For banks that are not examined by the CFPB, the agency’s impact has hit them in a number of other ways. The agency houses a database of consumer complaints available online, so anyone can see, for example, how many complaints a particular bank received and for what general category of complaint, i.e. mortgages, debt collection, etc. The flow of consumer complaints to the agency has been increasing. During fiscal year 2014, it received 240,600 complaints. The agency lists each complaint once a company confirms a commercial relationship with that customer, and notes the company’s response and whether the consumer disputed that response. The CFPB itself can review those complaints and decide whether to investigate further and look for patterns for further investigations.

Attorneys have begun advising banks to keep a database of all complaints against the bank, including those delivered from customers directly to the bank. Banks should track complaints to their proper resolution, as well as look for patterns, to make sure the bank knows of any problems before the CFPB does. Each complaint needs to be taken seriously because you don’t know which one will get the attention of regulators, Blanchard says. Is a complaint alleging a violation of law or regulation? Or is it a matter that could be criminal? Some complaints could be very serious, and it’s important for the board to know the bank has a process in place to vet them and escalate them appropriately.

Understanding the CFPB and its impact on banking is important for any bank board these days. The CFPB has enhanced the level of scrutiny regarding treatment of consumers in the financial marketplace, and its actions and regulations are bound to impact your bank.