How Government Disruption Impacts Fintech Innovation


fintech-innovation.png

It is a given that markets are constantly being disrupted by innovation. I would argue that the financial services marketplace is also being disrupted by legislation and regulation. Let’s face it, the payments sector is hot right now. Issues that were once solely the province of industry publications are now widely covered by mainstream media. This fact is not lost on the legislative and regulatory community.

Last year we saw the creation of the Congressional Payments Technology Caucus, a bipartisan group of lawmakers designed to keep the U.S. Congress informed of the rapid changes in the financial services industry. Over the last year, the caucus has held briefings on issues ranging from EMV Migration to mobile payments. This year, the House Financial Services Committee and Senate Banking Committee have held numerous hearings on payments-related matters as well.

One of the more contentious topics addressed is Operation Chokepoint, a controversial campaign spearheaded by the Department of Justice in conjunction with several federal consumer protection and banking regulatory agencies (including the Federal Trade Commission and the Federal Deposit Insurance Corp.) to hold acquirer financial institutions and their payment processor partners responsible for allegedly illegal acts committed by merchants and other third-party payees.

This perhaps well intentioned program has moved beyond illegal acts to targeting legal activities that are perceived by some prosecutors and regulators as undesirable, which in turn has led to the denial of banking services to businesses that operate lawfully. Legislative attempts to rein in this initiative, led by Rep. Blaine Luetkemeyer, R-MO, have passed the House but face a future that is likely dependent on the outcome of the November elections.

Given this election season and the relatively limited number of working days remaining on the congressional calendar, it is unlikely that any significant financial services or fintech legislation will pass this year. Still, there is considerable opportunity for additional market disruption by federal regulators, particularly the Consumer Federal Protection Bureau (CFPB).

Those involved in the prepaid space await the CFPB’s long delayed final rule on prepaid products that have the potential to adversely impact long established business models-thereby driving some companies out of business.

Despite its popularity and the fact that consumers must opt-in to the program, overdraft services are viewed with skepticism, if not antipathy by the CFPB. The CFPB’s goal is to issue proposed rules on this in the near future. These rules have the potential to drive up cost and reduce access to consumers who have found these services to be beneficial.

Unlike other federal agencies, the CFPB will not be affected by the November elections. Created as part of the Dodd-Frank Act, the bureau was structured as an independent entity funded by the Federal Reserve, which insulates it from the effects of a change in the administration. The term of its current director, Richard Cordray, does not expire until 2018. And though this is currently being challenged in court, the director can only be fired for cause or malfeasance.

It is difficult if not impossible for legislation or regulation to keep up with technology advances and the dramatic changes they are creating in the payments marketplace. Such efforts should be flexible enough to accommodate these changes and not create their own disruption.

How Mobile’s Popularity is Disrupting the Regulators


mobile-regulators.png

The world is going mobile and dragging banking along with it kicking and screaming. I am something of an anachronism as I still go into the branch once in a while and still worry about using my phone to deposit a check. My adult children, on the other hand, use their phone for everything, including all of their banking. They bounce from store to store paying for everything from Starbucks to bar tabs using their phones without a second thought. Banks that want to capture and hold their business will have to be very good at mobile banking and mobile payments.

One of the biggest hurdles bankers face is that as unprepared as they were, the regulators were equally unprepared and are now playing catch up with regards to mobile payments. The regulatory picture today is fairly muddled with a mishmash of state and federal agencies offering guidance and opinions to mobile payment providers and consumers. There are gaps in the current laws where no regulations apply to parts of the process—and other situations where two or more rules apply to the same part of the process. As mobile banking and payments continue to grow, the regulators will be looking to create a more coherent regulatory structure and coordinate their inter-agency efforts to protect consumers at every stage of the process.

At a forum held by the Office of the Comptroller of the Currency in late June, Jo Ann Barefoot, a senior fellow at Harvard University, outlined the current regulatory situation. She told the packed room at the meeting that “Agencies are going to have to develop ways to work together, to be faster, to be flexible, to be collaborative with the industry. The disruption of the financial industry is going to disrupt the regulators, too. This is the most pervasively regulated industry to face tech-driven disruption. The regulators are going to be forced to change because of it.”

In a white paper released at the forum, “Supporting Responsible Innovation in the Federal Banking System: An OCC Perspective,” the OCC noted that “Supervision of the financial services industry involves regulatory authorities at the state, federal, and international levels. Exchanging ideas and discussing innovation with other regulators are important to promote a common understanding and consistent application of laws, regulations, and guidance. Such collaborative supervision can support responsible innovation in the financial services industry.”

While the OCC has noted the massive potential benefits that mobile payments and other fintech innovations can offer to consumers, particularly those who were unbanked prior to the widespread development of mobile banking and payment programs, Comptroller Thomas Curry has cautioned against what he called “unnecessary risk for dubious benefit,” and called for responsible innovation that does not increase risks for customers or the banking system itself. Mobile payments programs that target the unbanked are particularly ripe for abuse and unnecessary risk.

The Consumer Financial Protection Bureau is also heavily involved in overseeing and regulating the mobile payments industry. The bureau noted that 87 to 90 percent of the adult population in the United States has a mobile phone and approximately 62 to 64 percent of consumers own smartphones. In 2014, 52 percent of consumers with a mobile phone used it to conduct banking or payment services. The number of users is continuing to grow at a rapid rate and the CFPB is concerned about the security of user data as well as the growing potential for discrimination and fraud.

CFPB Director Richard Cordray addressed these concerns recently when announcing fines and regulatory action against mobile payment provider Dwolla. “Consumers entrust digital payment companies with significant amounts of sensitive personal information,” Cordray said. “With data breaches becoming commonplace and more consumers using these online payment systems, the risk to consumers is growing. It is crucial that companies put systems in place to protect this information and accurately inform consumers about their data security practices.”

The regulators, like the banks themselves, are latecomers to the mobile payments game. I fully expect them to catch up very quickly. The biggest challenge is going to be coordinating the various agencies that oversee elements of the regulatory process, and it looks as though the OCC is auditioning for that role following the June forum on mobile payments. Cyber security systems to keep customers data and personal information safe and secure is going to be a major focus of the regulatory process in the early stages of the coordinated regulatory efforts.

I also expect the CFPB to focus heavily on those mobile payment providers that were formerly unbanked. These tend to be lower income, less financially aware consumers that are more susceptible to fraud and abuse than those already in the banking system, and the bureau will aggressively monitor the marketing and sales practices of mobile payment providers marketing to these individuals.

The regulatory agencies are starting to catch up with the new world of banking and the mobile payment process will be more tightly controlled going forward.

What Does the $10 Billion Asset Barrier Mean For Banks?


ThePurposefulBanker.jpgCrossing the $10 billion asset threshold has a big impact on a growing bank, due to enhanced regulations mandated by the Dodd-Frank Act. In March, Bank Director President & CEO Al Dominick sat down with Dallas Wells of PrecisionLender for “The Purposeful Banker” podcast, to explain the implications of crossing the $10 billion mark, and what banks should do to prepare for it.

  • Implications of Being a $10 Billion Asset Bank
  • M&A and Scale
  • Infrastructure and Talent
  • Technology

Transcript excerpt:

Dallas Wells: Welcome to another episode of “The Purposeful Banker,” a podcast brought to you by PrecisionLender, where we discuss the big topics on the minds of today’s best bankers. I’m Dallas Wells, and thank you for joining us.

Today, we’re talking about the $10 billion asset threshold and why it has become so critically important for banks. To help us with this conversation, I’m joined by one of the industry’s foremost experts on bank strategy, Al Dominick. Al is the president and CEO at Bank Director and has lots of commentary out there about how banks are handling this exact issue. Al, welcome and thank you so much for taking the time to do this.

Al Dominick: Yeah, my pleasure. Great to be a part of this.

Dallas Wells: Al, for anyone who might not be familiar, tell us a little bit about yourself and what you all do at Bank Director…

For a complete transcript of this “The Purposeful Banker” podcast, please view here.

Regulators Should Force Fintechs to Protect Consumers


fintech-3-16-16.pngWhen looking at the new competition arising from fintech companies, many bankers understandably feel that they are at an unfair disadvantage. Banks must deal with a constricting regulatory environment, but regulators don’t always apply the same standards to fintech companies. So bankers have lobbied regulators to take a more aggressive stance towards their new competitors.  [Editor’s note: The Consumer Financial Protection Bureau recently fined payment startup Dwolla $100,000 for “deceiving” customers about its security practices.]

Bankers are right to push regulators on this issue. Regulators must take a closer look at the growing fintech sector, create new standards and coordinate their efforts across multiple enforcement agencies.

The purpose of these oversight efforts should not be leveling the playing field between banks and new entrants. Instead, the purpose should be protecting customer data and keeping customers informed about how their information is used. Regulation that properly incentivizes innovation and benefits consumers needs to focus on security, privacy and transparency.

The Clearing House, which processes payments for banks, correctly pointed this out last year in a white paper that detailed some of the security lapses by alternative payments providers. For example, reports surfaced last spring that Venmo allows changes to important account information without notifying the user. This is a basic security blunder, and banks can be left on the hook for fraudulent transactions when new providers make such mistakes.

Setting Standards Based on Size, Access to Customer Information
To help fix this situation, regulators need to implement security standards for fintech companies based on their size and the type of customer information they touch. That means some fintech companies should be held to the same standards as banks—particularly those that offer account products—but others should not, depending on the sensitivity of the customer data they handle.

It also means that early stage startups shouldn’t be held to the same standards as larger, more mature fintech companies. An early stage startup with a minimum staff is not likely to have a security professional or the funds to hire one. So holding small startups to the same security standards as a large mobile wallet provider that processes billions of transactions per year will only strangle innovation.

Banks can play a key part in helping these early stage startups while also improving their own offerings. Many of these startups hope to partner with or be acquired by banks. As millennials grow up, those banks will increasingly compete with their peers based on their digital offerings. The ability to effectively partner with small, agile startups while ensuring security and compliance will be a competitive advantage for these institutions.

A bank that wants to partner with a promising startup can share some of its knowledge, staff and resources in security and compliance with the startup. Banks are usually cautious in launching new products in conjunction with startups anyway, typically starting with a small trial with a limited number of users before a full launch. That approach helps banks ensure security and compliance with the product and partner before a full launch with customers.

Effective Security Standards
While giving early-stage startups leeway on security makes sense, fintech companies with a threshold of customers using their products should face appropriate scrutiny and regular security audits because of their increased value and attack surface for hackers.

That means regulators will need to be more specific about their security guidance than they’ve been in the past. Regulators often shy away from mandating specific security measures, instead favoring general guidelines and benchmarking against industry peers. As the cyber threat grows bigger, regulators will need to require measures like tokenization and encryption for fintech companies handling sensitive customer information. Those fintech companies that offer account products or a direct connection to users’ existing bank accounts should be required to monitor and analyze user activity to prevent unauthorized logins and transactions.

These measures are likely to become industry standards in time anyway, but regulators shouldn’t hesitate to take a hand in speeding up that process. Regulators might prefer to wait and let the fintech market determine industry standards. Security is already a competitive advantage for fintech companies. Apple set the bar when it introduced Apple Pay and emphasized the security built into it. The fintech companies that don’t meet industry expectations for security won’t succeed in the long run. But regulators shouldn’t wait for fintech winners and losers to shake out to take action that could help protect customers’ information now.

It’s Time to Add Legal Analysis to the Due Diligence Process


due-diligence-2-22-16.pngFinancial institution regulators have increased their scrutiny of bank compliance systems and controls following the financial crisis. The number and severity of enforcement actions has accordingly increased. At the same time, the pace of community bank M&A has also increased, leaving bank directors and investors with an essential dilemma: How much is a bank worth as compliance costs continue to rise in the post-financial crisis world? This article adds clarity to that question by exploring the relationship between regulatory risks and firm value. A well designed legal due diligence process can uncover regulatory issues that can, when analyzed through a valuation-oriented lens, assist management and financial professionals in adjusting a firm’s value, up or down, as appropriate.

Due diligence consists of evaluating both business and legal work streams, with the former tending to focus on business risks and valuation and the later tending to focus on legal risks and deal structure. While legal due diligence might occasionally inform firm valuation, such as purchase price adjustments due to litigation or insurance claims, it does not generally, by design, prioritize valuation.

Take, for instance, the following example of a hypothetical medium-sized bank with $15 billion in assets that offers a variety of traditional banking products, including consumer financial products. Given its size and product offerings, this mid-sized bank is subject to regulation by the Consumer Financial Protection Bureau (CFPB) in addition to its prudential banking regulators.

In our hypothetical example, legal due diligence uncovers that the mid-sized bank previously marketed and sold a debt protection credit card product for several years through an aggressive telemarketing campaign. The product was advertised as permitting customers the ability to cancel credit card payments in the event of certain hardships such as job loss, disability and hospitalization. Consumers who enrolled in the product were charged a fee. Legal due diligence finds that the telemarketers did not disclose the product fee and that promotional materials contained material inaccuracies concerning the product’s scope of coverage and exclusions. Legal due diligence further reveals that the CFPB is pursuing an ongoing campaign of enforcement actions against banks that sold similar products.

Legal counsel conducts an analysis of prior enforcement cases, studying time frames between banks’ underlying offending activities and resultant enforcement actions; sizes and types of penalties in relation to the offending banks’ conduct; mitigating effects of remediation, self-reporting, and cooperation; and other pertinent factors. Legal counsel also reviews the underlying customer contracts, the dollar volume of fees collected by the mid-sized bank on the product, the number of customers who applied for coverage versus the number who successfully obtained debt protection, the volume of customer complaints received on the product, and the pattern of private class action suits based on similar underlying facts in other cases.

Based on this legal due diligence, mid-sized bank’s financial advisors determine that it is appropriate to adjust the financial forecast of the bank such that two years after an acquisition, forecasted pre-tax earnings are decreased by $15 million as a result of a possible CFPB-ordered restitution and civil money penalty payments, as well as related compliance, consulting, and legal fees. Year four pre-tax earnings are decreased by $10 million, as a result of an expected settlement of private class action litigation. These adjustments then flow through the valuation model. In assessing a potential acquisition of a mid-sized bank, a prospective buyer might now be able to better adjust the purchase price of mid-sized bank in a more disciplined and analytical fashion, and negotiate certain other purchase price adjustments based on these enforcement contingencies.

We are aware of at least one serial acquirer of smaller community banks that builds into its typical merger agreement a purchase price adjustment for declines in capital resulting from compliance deficiencies (among other specified items). Such provisions are rare in the bank M&A market as they are not attractive to a seller, unless the acquirer’s bid is clearly higher than the next closest in value. This further points to the importance of the due diligence process.

The example of the mid-sized bank presents a case in which valuation and deal structure can benefit from valuation-oriented legal due diligence. Buyers can avoid the risk of overpaying and sellers can avoid the risk of underselling a bank. Whether valuation is adjusted up or down in light of legal due diligence, in the post-financial crisis world, bank directors can add significant value to an M&A transaction through the addition of such a process.

What To Do To Prepare for a CFPB Examination


cfpb-12-28-15.pngThe Consumer Financial Protection Bureau’s exams are an open book text, but does your organization have the book? Obviously, there are subjective elements to every exam. But we do recommend doing your homework.

Read Up on What to Expect
The first document you need is entitled “Debt Collection Examination Procedures,” October 24, 2012, available on the CFPB website. There are a number of different ways to use the manual, but a critical task is to take each requirement in the manual and inventory all the ways your bank can answer: How can we prove that we are meeting this? What tangible evidence exists that we can put in front of an examiner?

The second document is the general CFPB Supervision and Examination Manual, from October 1, 2012. The full text is now over 900 pages long, so we recommend that banks start with the Risk Assessment Template. At a minimum, banks should consider two sections:

  • Risk Assessment Template: We recommend that companies use this as a means of seeing the organization as the CFPB will. Where are the risk areas for potential consumer harm and how are you mitigating those risks?
  • Part II.A. Compliance Management Systems (CMS): This covers the process used to identify regulatory changes, assess their impact on your organization, incorporate the changes into your regular processes and monitor compliance on an on-going basis.

Catch Up on Current Events
It can be challenging to stay abreast of CFPB developments: We recommend that those responsible for managing the examination read up on as much public information as possible about what the CFPB has been doing, including:

  • The CFPB website often has speeches and Congressional testimony from its leadership. This often is a good source of information on what the CFPB is emphasizing and their areas of focus.
  • The CFPB publishes a document two to three times per year entitled “Supervisory Highlights,” which summarizes issues they have seen and actions they have taken during their routine examinations. The actions summarized here and presented anonymously provide insight into common issues at regulated entities.
  • Websites from CFPB watchers: Several law firms maintain very good web sites that track and comment on CFPB related developments.

Get All Hands on Deck
Some organizations see regulatory exams as a legal matter, others as compliance. We recommend mustering all internal resources which can assist, regardless of their normal duties. In addition to legal and compliance, this could include internal audit and operations. It is important that the team that will participate in the examination is involved right from initial planning through final resolution. We have seen situations where upfront planning is handled by a single function, for example the legal department, and the actual examination is given to another department, say compliance. This can lead to a bad handoff, poor communication and other problems.

Clients sometime ask us who should be available to work with the examiners. You want your “go to” people available. This may skip official reporting lines—often times the nominal head of function may not be the most knowledgeable about daily processing or issue resolution. It is in all participants’ interest to efficiently clear any preliminary issues raised during the examination.

Heal Thyself
Do you have the kind of organization where people can raise their hand when they see a problem, or is it the kind where bad news is suppressed? One of the authors of this article worked at a bank where quality metrics where a very large component of operations management’s performance evaluation, so operations management fought every issue that the internal Quality Assurance and Quality Control functions raised. Subsequently, the high quality metrics were overstated and the bank was surprised at the number and severity of issues raised by their regulator. Don’t underestimate the power of an executive sitting down with personnel a few levels below him or her and asking, “What do you think could burn us with the examiners coming in?

Prepare Your People
Many of your organization’s resources participating in an examination are not individuals who routinely reach outside your organization. Few organizations would send a sales person out into the market to represent the company without preparation. However, we have observed an equivalent situation occur with unprepared resources have critical roles for examinations. Make sure that management prepares everyone who will participate.

While On Site
Anyone who has spent time as an auditor has experienced being put in dank, windowless basements. Have your organization treat the examiners like you would an important client that was coming in: have a welcome message in the lobby and have decent space for them. In short, they are human and like all humans are going to respond to any perceived disrespect.

A Look Ahead to 2020: How Bank Directors Can Guard Against Risk


risk-12-11-15.pngAs banks look to the year 2020, we’ve identified five key risks that need to be actively assessed and monitored as the industry changes and adapts to consumer demands and competition. When it comes to data security and technology, regulatory risk, finding qualified personnel, profitability, and bank survival, bank directors need to ask:

  • How do we as an organization identify these risks on an ongoing basis?
  • How do they affect our organization?
  • How can we work with management to manage future risks?

Here’s a snapshot of the risk areas, what’s anticipated as we look to the future, and steps you can take to stay competitive and mitigate risk.

Data Security & Technology
It’s important to keep up with your peers and provide services as your clients demand them. More sophisticated payment platforms that make it easier to access and transfer funds will continue to gain popularity, particularly mobile platforms.

Being competitive requires innovation, which means software, bank integration, and sophisticated marketing and delivery. Third-party service providers may be the answer to help cut expenses and improve competition, but they also present their own unique risks.

With innovation comes opportunity: attacks on data security will increase, making the safeguarding of data a high priority for banks. While technology is an important element to this issue, the primary cause of breaches is human error. To this end, it’s essential for management to set the example from the top while promoting security awareness and training.

Regulatory Risk
Expectations from the Consumer Financial Protection Bureau regarding consumer protection will intensify. Anticipate some added expenditure to hire and retain technical experts to manage these expectations. Regulations are on the way for small business and minority lending reporting, as well as the structure of overdraft protection and deposit product add-ons, among others. Directors and management need to evaluate:

  • Compliance management infrastructure
  • Staffing needs and costs
  • Impact of proposed regulatory change to the bottom line

Qualified Personnel
For instance, baby boomers are retiring at a rate faster than Generation X can replenish, making it more difficult and costly to attract and retain skilled people. Meanwhile, the shrinking availability of skilled labor in this country is costing organizations throughout the United States billions of dollars a year in lost productivity, increased training and longer integration times.

A bank’s succession plan for its people should:

  • Identify key roles and technical abilities in your organization
  • Assess projected employee tenure
  • Develop a comprehensive employee replacement strategy
  • Prioritize training and apprentice programs

Profitability
The bottom line at traditional banks will continue to be stressed as momentum builds for institutions to reduce product and service-related fees. Overhead expenses also will continue to increase as banks boost spending for IT infrastructure to support demands by customers for mobile technology and technical innovation and finding and retaining qualified personnel to manage complex regulatory requirements. Responses to these trends are already underway. Some institutions are:

  • Divesting of consumer-related products laden with heavy regulatory requirements
  • Sharpening strategic focus on holistic customer relationships with professional and small business customers to increase relationship-driven revenue
  • Exploring new or more complex commercial lending products and partnerships designed to increase interest income to attract customers in new markets

Banks will need to closely monitor the impact of regulatory initiatives on future earnings from fees and alternative revenue sources.

Bank Survival
Here are some proactive steps to consider as your bank prepares for 2020:

  • Develop an ongoing strategy for mergers and acquisitions to expand capital
  • Consider charter conversions to lend flexibility in expanded product and service offerings or a change in regulatory expectations or intensity
  • Evaluate the impact of higher regulatory expectations

To help identify and manage risk, management should plan regular discussions in the form of annual strategic planning meetings, regular board meeting agendas, and targeted meetings for specific events. The focus should extend beyond known institutional risks, such as credit, interest rate and operational, but should also look at key strategic risks.

If your institution can innovate with the times to stay ahead of risk and competition with a systematic approach, then the path to 2020 will be less fraught with difficulties.

CFPB Takes Aim at Class Action Waivers in Arbitration


arbitration-11-30-15.pngOn October 7, 2015, the Consumer Financial Protection Bureau (CFPB) announced that it is considering proposing rules that would prohibit companies from including arbitration clauses in contracts with consumers. This would effectively open up the gates to more class action lawsuits in consumer financial products such as credit cards and checking accounts.

In March 2015, the CFPB released its Arbitration Study: Report to Congress 2015, which evaluated the impact of arbitration provisions on consumers. The CFPB conducted the study as mandated by the Dodd-Frank Wall Street Reform and Consumer Protection Act. Among other things, the study concluded that:

  • arbitration clauses “restrict consumers’ relief for disputes with financial service providers by allowing companies to block group lawsuits;”
  • most arbitration provisions include a prohibition against consumers bringing class actions;
  • very few consumers individually pursue relief against businesses through arbitration or federal courts; and
  • more than 75 percent of consumers in the credit card market did not know if they had agreed to arbitration in their credit card contracts.

The advantages and disadvantages of pre-dispute arbitration provisions in connection with consumer financial products or services—whether to consumers or to companies—are fiercely contested. Consumer advocates generally see pre-dispute arbitration as unfairly restricting consumer rights and remedies. Industry representatives, by contrast, generally argue that pre-dispute arbitration represents a better, more cost-effective means of resolving disputes that serves consumers well. With limited exceptions, however, this debate has not been informed by empirical analysis. Much of the empirical work on arbitration that has been carried out has not had a consumer financial focus.

As a result of the study, which allegedly contains the first empirical data ever undertaken on the subject of arbitration clauses, the CFPB is currently considering rule proposals that would:

  • ban companies from including arbitration clauses that block class action lawsuits in their consumer contracts, unless and until the class certification is denied by the court or class claims are dismissed by the court;
  • require companies that use arbitration clauses for individual disputes to submit to the CFPB all arbitration claims and awards (which the CFPB may publish on its website for the public to view) so that the CFPB can ensure that the process is fair to consumers and determine whether further restrictions on arbitrations should be undertaken; and
  • apply to nearly all consumer financial products and services that the CFPB regulates, including credit cards, checking and deposit accounts, prepaid cards, money transfer services, certain auto loans, auto title loans, small dollar or payday loans, private student loans, and installment loans.

Critics have found the CFPB’s data and conclusions leave something to be desired. An abstract of a report authored by researchers at the University of Virginia School of Law and Mercatus Center at George Mason University finds that the CFPB report “contains no data on the typical arbitration outcome—a settlement—and it is these arbitral settlements, and not arbitral awards, that should be compared to class action settlements. It does not address the public policy question of whether, by resolving disputes more accurately on the merits, arbitration may prevent class action settlements induced solely by defendants’ incentive to avoid massive discovery costs. It shows that in arbitration, consumers often get settlements or awards, are typically represented by counsel, and achieve good results even when they are unrepresented. In class action settlements, CFPB reports surprisingly high payout rates to class members and low attorneys’ fees relative to total class payout. These aggregated average numbers reflect the results in a very small number of massive class action settlements. Many class action settlements have much lower payout rates and higher attorneys’ fees.”

Needless to say, businesses with arbitration clauses prohibiting class actions wait anxiously for CFPB’s final rules on this subject matter. Is there any doubt what the final rules will contain? We think there will be restrictions on the use of arbitration clauses that prevent consumers from initiating class action lawsuits in contracts for consumer financial products or services.

The Audit Committee: Help Them Help You


audit-committee-11-19-15.pngAn effective audit committee is a critical component of a financial institution’s corporate governance, but such a committee is not the result of an accident. It is formed through a deliberate process that includes appointing qualified individuals, providing adequate resources and offering other appropriate support.

The Right People
Every effective team begins with an effective leader to serve as chairperson. To fill that role for the audit committee, the board must select an independent director who, at a minimum, possesses an understanding of U.S. generally accepted accounting principles and the importance of internal controls. The audit chairperson should have a sense of the pressure points where the institution might be particularly vulnerable to fraud. Often, board members are business owners, managers in other organizations, or educators and will need help to acquire the requisite skill sets to lead or participate on the audit committee.

The Right Resources
With accounting standards, regulatory compliance requirements and risk factors continuing to change at a rapid pace, boards need to commit time and money to keep the chairperson and the audit committee up to speed. New accounting rules revisit some long-standing techniques in order to establish a more transparent level of reporting. Also, the introduction of the Consumer Financial Protection Bureau (CFPB) added complexity to regulatory compliance, and a bank that runs afoul of the new rules could suffer substantial harm to its reputation. In addition, technology and customer demands for access to services through nontraditional channels add risks never contemplated 10 years ago.

To help the audit committee stay current, the board should provide it access to outside training on these and other relevant areas. Boards also can obtain valuable guidance by monitoring the activities at other banks. Their publicized experiences (for example, in alerts from the Office of the Comptroller of the Currency) can serve as a road map of areas that require regular attention from the audit committee. Audit committee members must be intimately familiar not just with their own bank—but also with the banking industry as a whole.

The Right Support
Although it is management’s responsibility to establish processes and controls to manage risk, it is the audit committee’s responsibility to confirm that such processes and controls are established and monitored. The internal audit group, already charged with risk assessment and monitoring, can play an important role in satisfying this responsibility.

As with the audit committee, the success of internal audit hinges on the training and experience of the team members and on the provision of necessary resources. The importance of these elements increases significantly when the bank’s management is responsible for reporting on the design and effectiveness of the internal controls over financial reporting, as is required of publicly traded companies, because management must attest that controls are well-designed and operating effectively and is held responsible if its attestation proves false.

Bear in mind that a bank’s growth often is not mirrored in changes in internal audit. As a result, issues can go unidentified. Even if new issues are appropriately identified, the review cycles will be prolonged if internal audit has insufficient personnel. When the board looks strategically at the organization, it must align the expansion of the business with the risk mitigation process—including internal audit resources. Even the most capable audit committee will prove ineffective without a well-armed internal audit team.

The board also should recognize that its attitude and that of management toward internal audit frequently contributes to its success (or lack thereof). Leadership should address findings on a timely basis, and the board and audit committee should monitor the responsiveness of corrective action, especially for those issues flagged as higher risk. If management is dismissive of findings, and the audit committee or board is disinterested in follow-up, the value of the internal audit role will erode quickly.

The Right Approach
Board members are elected to oversee the activities of their bank, and the audit committee is an integral part of that oversight. It is in the board’s—and the bank’s—best interest to provide both the audit committee and internal audit with the training and resources necessary to execute their responsibilities.

Where the CFPB’s Faster Payment Vision Falls Short


NACHA-8-24-15.pngOn July 9, 2015, the Consumer Financial Protection Bureau released its “vision” for faster payment systems, consisting of nine “consumer protection principles.”  The principles build on concerns about payment systems raised by CFPB Director Richard Cordray in a speech last year. These well intentioned principles pose a number of practical problems and ignore the inherent interdependence of consumer and commercial benefits as payment systems evolve.

Background
The CFPB’s nine principles stake out a bold policy stance aimed at ensuring that faster payment systems primarily benefit consumers. The principles are:

  • Consumer control over payments;
  • Data and privacy;
  • Fraud and error resolution protections;
  • Transparency;
  • Cost;
  • Access;
  • Funds availability;
  • Security and payment credential value; and
  • Strong accountability mechanisms that effectively curtail system misuse.

Release of these principles follows initiatives by the Federal Reserve System, The Clearing House, and most recently NACHA, through its same-day ACH rule approved in May, to promote the development of faster payment systems.

Practical Concerns with the CFPB’s Faster Payment Systems Principles
The CFPB’s principles undoubtedly deserve consideration, and few industry participants would disagree with them at a high level. Though reasonable in theory, certain goals articulated by the CFPB may prove impractical, counterproductive, or unduly optimistic in practice. Here are four examples:

Data and Privacy
The CFPB generally wants consumers to be “informed of how their data are being transferred through any new payment system, including what data are being transferred, who has access to them, how that data can be used, and potential risks[,]” and wants systems to “allow consumers to specify what data can be transferred and whether third parties can access that data.”

This amount of disclosure and degree of consumer control is unrealistic for routine payment transactions, unnecessary in light of current and evolving security measures and fraud and error resolution protections, and likely to thwart the goal of faster payment processing.

Transparency and Funds Availability
The CFPB expects faster payments systems to provide “real-time access to information about the status of transactions, including confirmations of payment and receipt of funds” and to give consumers “faster guaranteed access to funds” to decrease the risk of overdrafts and non-sufficient funds (NSF) transactions.

Here and throughout its principles, the CFPB expresses its desire for faster payment systems to benefit consumers immediately. Implicit in this goal is a rejection of staged implementation of consumer protections, as in NACHA’s same-day ACH rule where same-day funds availability for consumers follows same-day settlement of debit and credit transactions. Additionally, real-time access to information about transaction status seems costly and unhelpful until consumers can act upon such information in real time.

Cost
The CFPB envisions affordable payment systems with fees disclosed to allow consumers to compare costs of different payment options.

The CFPB’s vision of comparative cost disclosures across the ecosystem of available payment options is unrealistic given the existence of competing independent payment systems, multiple payment channels and devices, and varying degrees of intermediation. The total cost to consumers of using different payment systems depends upon many unpredictable variables, making comparative cost disclosures little more than rough, imprecise estimates.

Access
The CFPB expects faster payment systems to be “broadly accessible to consumers,” including “through qualified intermediaries and other non-depositories.”

This principle focuses on unbanked and underbanked consumers. Although broad accessibility should be encouraged, it is difficult to imagine a safe and widely accepted payment system evolving in which banks would not be heavily involved in the origination and receipt of transactions. Indeed, payment systems that have evolved independent of banks—such as virtual currencies—pose substantial consumer protection concerns.

Implications of the CFPB’s Principles
CFPB Director Cordray emphasized that “the primary beneficiaries” of faster payment systems should be consumers and the CFPB’s principles reflect this view. Creating faster payment systems is an enormously complicated industry-driven undertaking, the cost of which is borne by industry participants. As such, faster payment systems must offer tangible benefits to industry participants, not just to consumers, if they are to succeed. The CFPB’s principles would be more effective if they expressly recognized the need to balance consumer and commercial benefits.

Further, the CFPB may intend to use its principles as a chokepoint for policing consumer protection features in evolving payment systems. We hope the CFPB’s adherence to these principles does not become rigid and overzealous or threaten to derail useful payment system improvements before they get off the ground.