The Merger Compliance Issue You May Not Have Considered

2022 will clearly be a challenging year for bank mergers, with the marketing and communication tools requiring extra attention and effort.

Government agencies continue to review bank mergers more closely; one area impacted by the growing oversight climate is the marketing and communication banks use to announce mergers and welcome newly acquired account holders. These tools are the first items and messages that account holders and staff encounter, but are far too often, they are the last thing bankers review in the process of completing a merger.

When we discuss merger communication planning and execution with our clients, both pre- and post-purchase, we spend the most time talking about the following three issues:

1. Getting solid, manageable, actionable data from the acquired institution
We find that many financial institutions that are acquired have been anticipating such a transaction for a number of years. As such, core systems and files may not be completely up to date; investments in technology upgrades and certain housekeeping details may have been deferred or even scrapped.

On the top of that list is the master  customer information file, or MCIF, or scrubbing the core database for customer contact details and transaction history. The prime culprit is e-Statements; their popularity has reduced the number of mailed physical statements, which generate a change of address notification if they’re returned. Fortunately, there are a number of tools and strategies available to fix this problem. We also encourage our clients to explore this during the pre-purchase phases, in case updating the data requires a costly solution that needs to be negotiated into the final deal. We believe regulators may want to know that customers have received these disclosures — having the right address is a big part of that.

2. Weaving customer advocacy into welcome materials
The new compliance culture is driving more concise and clear messaging for the account holder; the primary contact points coming through online or web communications, along with printed welcome material that goes out with the disclosures. This does not mean “dumb down” your messaging; it is our opinion that this includes presenting the account holder with impact points and advocacy in the clearest possible terms. This is a direct response to the new wave of consumer awareness and advocacy that we see in other parts of banking, like mortgage.

Specifically, in the welcome materials, there is a balance between brand and awareness messaging and instructions for the new account holder. Banks must adjust this combination to create an even mix of both. When in doubt, perfect the message towards the account holder. We advise our clients to consider including strong presentations concerning:

  • What is changing and when.
  • Different methods for getting questions answered or product help.
  • Clear explanations of the features and benefits offered to the account holder.
  • Introduction to new services like digital banking.

Serial acquirers should pay close attention to this; they can fall into the trap of dusting off the material from the last merger, making a few adjustments and moving along. It is our observation that material that may have been delivered more than six months ago may not meet current regulatory oversight needs. (Check out our article in the first quarter 2022 issue of Bank Director magazine for more on this important issue.)

3. Personalization
We struggle to understand why financial institutions send out large — more than 30 pages, in addition to the disclosures — welcome information kits. It is not only much more expensive than necessary and environmentally unfriendly — it makes it harder for the consumer to find the information that applies to them.

There are two parts to this. First, print-on-demand materials means creating welcome kits can be as economical as static materials in all but the smallest mergers. Second, this setting allows you to target the right message to the right household or business. This allows the acquirer to get solid data, complete account mapping and tackle the most challenging task: programming the algorithms to make sure the right material gets to the right household or business.

Using Modern Compliance to Serve Niche Audiences

Financial institutions are increasingly looking beyond their zip code to target niche populations who are demanding better financial services. These forward-thinking institutions recognize the importance of providing the right products and tools to meet the needs of underrepresented and underbanked segments.

By definition, niche banking is intended to serve a unique population of individuals brought together by a commonality that extends beyond location. A big opportunity exists for these banks to create new relationships, resulting in higher returns on investment and increased customer loyalty. But some worry that target marketing and segmentation could bring about new regulatory headaches and increase compliance burdens overall.

“The traditional community bank mindset is to think about the opportunity within a defined geography,” explains Nymbus CEO Jeffery Kendall. “However, the definition of what makes a community has evolved from a geographic term to an identity or affinity to a common cause, brand or goal.”

Distinguishing the defining commonality and building a unique banking experience requires a bank to have in-depth knowledge of the end user, including hobbies, habits, likes, dislikes and a true understanding of what makes them who they are.

Niche concepts are designed to fill a gap. Some examples of niche concepts geared toward specific communities or market segments include:

  • Banking services for immigrant employees and international students who may lack a Social Security number.
  • Banking services geared toward new couples managing their funds together for the first time, like Hitched.
  • Payment and money-management services for long-haul truck drivers or gig economy workers, like Gig Money or Convoy.
  • Banking platforms that provide capital, access and resources to Black-owned businesses.

Targeting prospective niche communities in the digital age is an increasingly complex and risk-driven proposition — not just as a result of financial advertising regulations but also because of new ad requirements from Facebook parent Meta Platforms and Alphabet’s Google. Niche offerings pose a unique opportunity for banks to serve individuals and businesses based on what matters most to them, rather than solely based on where they live. This could impact a bank’s compliance with the Community Reinvestment Act and Home Mortgage Disclosure Acts. The lack of geography challenges compliance teams to ensure that marketing and services catering to specific concepts or customers do not inadvertently fall afoul of CRA, HMDA or other unfair, deceptive or abusive acts or practices.

Niche banking enables financial institutions to innovate beyond the boundaries of traditional banking with minimal risk. Banks can unlock new revenue streams and obtain new growth by acquiring new customers segments and providing the right services at the right time. When developing or evaluating a niche banking concept, compliance officers should consider:

  • Performing a product and services risk assessment to understand how the niche banking concept deviates from existing banking operations.
  • Identifying process, procedure or system enhancements that can be implemented to mitigate any additional compliance risk incurred by offering new solutions to customers.
  • Presenting its overarching risk analysis to cross-functional leads within the organization to obtain alignment and a path forward.

Now is the time for financial institutions to start asking “Did I serve my consumers?” and stop asking, “Did I break any rules?” When I led a risk and compliance team for a small financial institution, these were questions we asked ourselves every day. I now challenge financial institutions to reassess their current models and have open conversations with regulators and compliance leaders about meeting in the middle when it comes to niche banking. With the appropriate safeguards, banks can capitalize on the opportunity to deliver innovative, stable and affordable financial services.

Transforming, Optimizing Bank Finance Functions


Banks can optimize their finance functions to go beyond compliance and drive performance and results. Creating a layer of functionality on top of the general ledger allows executives to apply behavior and risk data with an eye toward improving profitability and forecasting without replacing their core. Will Newcomer, vice president of business development and strategy at Wolters Kluwer, and Bill Collette, managing director of financial services solutions at Wolters Kluwer, share what kind of applications and analytics executives could use to drive measurement, accuracy and accountability. Topics include:

  • Trends in Transformation
  • Uses of Finance Analytics
  • Best Practices for Transformation

Banks can improve measurement, accuracy and accountability by leveraging their existing core and finance functions.

Creating a Comprehensive ESG Approach, From Compliance to Competitiveness

Not only are investors increasingly incorporating environmental, social and governance, or ESG, factors in decisions about how to allocate their capital, but customers, employees and other stakeholders are also placing greater emphasis on ESG matters.

ESG will also continue to be a focus for regulators, with a particular emphasis on climate-related risks. It has rapidly evolved from a compliance matter to a strategic and competitive consideration; boards of directors and management teams should respond with both short-term action and preparation for the longer term. We review key developments and offer six steps that boards and management can take now to position a bank for the current ESG environment.

SEC’s Approach to Climate Change
The Securities and Exchange Commission has made considerations relating to ESG topics a top priority going forward, especially with respect to climate change-related issues. Chair Gary Gensler has charged SEC staff with developing a rule proposal on mandatory climate risk disclosure by the end of this year. Based on Gensler’s statements, the rulemaking is likely to be distinct from approaches developed by private framework providers and may not necessarily be tailored according to company size, maturity or other similar metrics.

Gensler has emphasized the importance of climate change disclosures generating “consistent and comparable” and “decision-useful” information. These disclosures may be contained in Form 10-K; given the tight timeframes associated with preparation of Form 10-K filings, this approach may require certain registrants to adjust their data collection and verification practices.

Bank Regulators’ Approach to Climate Change
Federal Reserve Chair Jerome Powell has indicated that he supports the Fed playing a role in educating the public about the risks of climate change to help inform elected officials’ policy decisions. The Fed established a Financial Stability Climate Committee to identify, assess and address climate-related risks to financial stability across the financial system, as well as the Supervision Climate Committee to help understand implications of climate change for financial institutions, infrastructure and markets.

The Office of the Comptroller of the Currency and Federal Deposit Insurance Corp. are also taking climate risk seriously. In July, the OCC joined the Network of Central Banks and Supervisors for Greening the Financial System and announced the appointment of Darrin Benhart as its first climate change risk officer. Most recently, Acting Comptroller of the Currency Michael Hsu said the OCC is working with interagency peers to develop effective climate risk management guidance. The FDIC expects financial institutions to consider and address climate risks in their operating environment.

ESG as Competitive Advantage
Many companies have begun integrating ESG considerations into their products and strategies. Some research has shown that ESG can drive consumer preferences, with certain consumer demographics using ESG factors to differentiate among products. Younger demographics, for example, are choosing banks according to ESG credentials. Moreover, ESG considerations are becoming increasingly important to certain employee bases.

ESG issues are also top-of-mind for many investors, driven by prominent institutional investors that are linking a company’s ESG profile with its long-term financial performance and other stakeholders who want to align investments with social values and goals.

Directors and management teams should engage in an honest self-assessment of their bank’s ESG status, including determining which ESG matters are most material to their business. They should establish processes for board-level ESG strategy and oversight, along with clear management authority and reporting lines. They should also strengthen controls around ESG quantitative reporting. Ultimately, management should now consider whether and how to begin integrating ESG into commercial activities and overall strategy. With that in mind, here are six steps that boards and management can take now:

  1. Conduct a self-assessment on ESG matters, including on materiality, performance and controls.
  2. Begin preparations for an imminent SEC rulemaking on mandatory climate change disclosure that could potentially apply to Form 10-Ks in time for the 2022 fiscal year.
  3. Strengthen ESG processes and controls, while allowing flexibility for frequent reevaluation.
  4. Understand the key players in the ESG space and their varied perspectives.
  5. Establish responsibility for maintenance of a core ESG knowledge base and awareness of key developments.
  6. Monitor ESG developments as part of operational and strategic planning.

How Embedded Compliance Plays the Game to Win, Not Break Even

Imagine a game where your team can’t score points and there’s no such thing as winning. All you can do is meticulously follow the rules; if you follow them well enough, then your team doesn’t lose. Most banks approach compliance with this survival mindset and it shows.

According to the Federal Reserve Bank of St. Louis, compliance expenses account for 7% of banks’ non-interest expenses. The majority of that spend is typically directed at headcount distributed across siloed operational functions — using equally siloed technology — to get the job done during the last leg of a transaction. The best that can be said for this approach is that it achieves baseline compliance. The worst? It prevents institutions from investing in transaction data management strategies that deliver compliance while simultaneously driving efficiencies and business growth that show up on the bottom line. This scenario becomes more untenable with each passing year: Increasing compliance complexity drives up costs, and that diversion of investment erodes a bank’s ability to compete.

Banks can choose to play the game differently, by viewing compliance as an integrated part of the data management process. Solutions that leverage application programming interfaces, or APIs, provide a mechanism for technology components to communicate with each other and exchange data payloads. Outside of this approach, transaction data resides in bifurcated systems and requires extra handling, either by software or human intervention, to complete a transaction and book the right data to the core. Having the same data in multiple systems and rekeying data dramatically increase an institution’s risk profile. Why make it harder to “not lose” the game when banks can leverage API-first solutions to ensure that data is only collected once and passes through to the touchpoints where it’s needed? The key to unlocking this efficiency is a compliance architecture that separates the tech stack from the compliance stack. Otherwise, banks are obliged to wait for code changes every time compliance updates are pushed.

Mobile enablement is now as critical for a bank’s success as any product it offers. The customers that banks are trying to reach have no practical limit to their financial services options and are increasingly comfortable with contact-free experiences. According to studies from J.D. Power & Associates released this year, 67% of U.S. bank retail customers have used their bank’s mobile app and 41% of bank customers are digital-only customers. Given historical trends, those numbers are expected to only increase.

Compliance represents an opportunity to remove friction from the mobile banking experience, whether offered through an app or a website. Traditional PDF documents are designed for in-branch delivery and are a clumsy fit for the mobile world. Responsive design applies to compliance content no less than it applies to mobile apps; content needs to adjust smoothly to fit the size of the viewing screen. The concept of “document package” is evolving to the point where a “compliance package” should be constructed on responsive design principles and require minimal user clicks to view and acknowledge the content.

An embedded compliance solution should treat optimized mobile channels as table stakes. To survive and thrive in this environment, institutions need to be where their customers are, when they are there. Traditional banker’s hours have officially gone the way of the dodo.

Embedded compliance can also enhance bank data security in the event of a breach. It is difficult to overstate the reputational damage that results from a data breach. Embedded compliance offers critical safeguards for sensitive customer information, bolstering an institution’s overall security profile. Legacy compliance or document-prep solutions often require duplicate data entry and expose customer personal identifiable information to the inherent data breach risks that come with multiple databases scattered across technology platforms. Look for solutions that do not store PII data, and instead offer bi-directional integrations with your platform.

Increasing demand for digital engagement provides banks with opportunities to rethink their technology stacks. Management should evaluate each component for its potential to address a myriad of business needs. Compliance solutions can sharpen or dull a bank’s competitive edge and should be considered part of a strategic plan to grow business. Who knows, maybe someday compliance will actually become “cool”? A dreamer can dream.

Eight Questions For Prospective Small Business Lending Partners

For many banks, the ability to offer small-business loans efficiently, quickly and compliantly has been more of an aspiration than a reality. The technical, financial and staffing obstacles involved in launching small business loan products have created daunting barriers to entry, while the need for small business credit persists in the post-pandemic economic recovery.

This creates a fertile breeding ground for new fintechs that claim they can streamline loan processing time, increase the profitability of even the smallest loans and improve the entire experience for banks and their customers.

But how can you distinguish between achievable goals and lip service? Bank executives need to ask the right questions to break through the noise and get real, honest answers. As a provider in the space, we spend countless hours researching the competition, talking with banks about their challenges and enhancing our small business lending platform. Here are the top eight questions to ask a prospective partner when considering a small business lending platform.

1. Is there a white-labeled borrower website option that can be branded with the bank’s colors, graphics and messaging?
It takes years to establish a well-known brand identity that your customers recognize and trust. It is crucial that any prospective loan origination platforms have the capability to incorporate bank branding, corporate color palette and distinct messaging to create a seamless experience for customers.

2. How much time does it take for business borrowers to complete and submit a full loan application?
Research shows that one of the top complaints of business borrowers is the amount of time it takes to complete an application. Any digital process will certainly be quicker than a manual method, but every step of the application process should be optimized for efficiency, resulting in a fully submitted loan application within 20 minutes or less.

3. Is the application process straightforward and intuitive for the borrower and back-office team?
We mentioned the importance of an efficient application, but efficiency can only be achieved if the application is clear, intuitive and guides users along the way. Ask potential vendors how applicants and the bank’s back office can track their progress through the application, and whether the system has measures in place to identify and alert the applicant to inaccurate or incomplete entries. It is also important that FAQs are prominently displayed, and that users have easy access to support.

4. Are there methods in place to ensure that borrowers are selecting the right loan product?
Your applicants don’t know your products as well as you do, so rather than asking them to select a loan product, a top-tier platform will incorporate an automated, intelligent “rules engine.” This type of technology gathers pertinent information throughout the application process and selects the most appropriate product(s) based on the applicant’s inputs. This streamlines the application for the borrower and saves your staff valuable time and resources.

5. Does the system help identify and filter out unqualified applications?
Once the borrower starts the application, the rules engine should activate, dynamically collecting data points to ensure that the application is meeting the bank’s specific product requirements. Further, it should also evaluate the data against the bank’s credit policy to verify the applicant meets the minimum acceptance criteria. The best loan platforms will identify such issues and prevent the applicant from progressing by redirecting them to a different page, product or contact method.

6. How does the system ensure compliance and security?
Ask a potential vendor whether their system supports all federal regulations that impact small businesses and lending practices, such as Know Your Customer/Know Your Business, anti-money laundering, Americans with Disabilities Act and web content accessibility guidelines , among others. The best systems will incorporate a bank’s credit and risk policy into the platform, so there is no impact to your bank’s risk profile with the regulators. Ask whether the system utilizes 24/7 monitoring to ensure the integrity and safety of bank data, whether they are SOC 2 compliant and whether they undergo regular third-party audits of their infrastructure and systems.

7. How does the system ensure quality control and prevent fraud?
Advanced loan technology should integrate into numerous background check sources and employ digital fraud detection using AI-powered captchas and two-factor authentication, among others. Specific criteria should immediately disqualify borrowers, such as zip-code, signing rights and industry type. The best systems will ensure that exceptions are identified and shown to the bank, so your staff doesn’t waste time trying to find them.

8. Does the platform provide automated document management?
Secure, efficient document management is one of the most critical functions of digital loan technology. Ensure that all documents are securely uploaded in transit and at rest. Here are just a few of the features an advanced platform should offer:

  • A centralized document library housing all documents.
  • The ability to collect any necessary form at the right time and have it electronically signed.
  • Functionality that allows the lender to easily approve, reject or request individual documents with explanatory notes for the borrower.
  • Protection of personal information by restricting the viewing of information to only the individual who owns it.

Getting Faster, Simpler, Cheaper and More Secure

In June 2020, Coastal Financial Corp. began onboarding financial technology clients to ramp up its banking as a service (BaaS) business.

The $1.8 billion community banking company in Everett, Washington, would lend its bank charter, compliance program and payment rails to nonbanks for a fee. Nine out of 10 of those clients are unregulated by any financial regulator; one out of 10 might be a regulated entity such as a broker-dealer. This arrangement means the bank must monitor its nonbank customers for compliance with anti-money laundering, foreign sanctions and Bank Secrecy Act (BSA) laws.

Andrew Stines, the chief risk officer of Coastal Financial, and his staff of BSA experts keep track of a fluctuating amount of flagged transactions per month, about 3,000 to 4,000, on everything from ACH and loan payments to debit and credit card transactions. It’s a lot. From the bank regulators’ point of view, “I’m the one who really owns that risk,” Stines says.

The company previously had manually pulled flagged transactions for further investigation  with Excel spreadsheets. But that didn’t work anymore, given the workload. So Coastal turned to Hummingbird, the winner of Bank Director’s 2021 Best of FinXTech Award for compliance & risk.

Hummingbird automatically pulls flagged transactions from the bank’s core, Neocova, and automates compliance reporting. It sends suspicious activity reports (SARs) to regulators after Coastal Financial conducts investigations. Hummingbird also creates an auditable trail of each case.

The bank is not alone in trying to ramp up its fraud and compliance monitoring and reporting using new software. Financial institutions are under increasing pressure to update their fraud technologies with machine learning, robotic process automation and other tools to combat increasingly sophisticated criminals and higher use of digital services, according to a February 2021 report from the research firm Celent.

Celent Head of Risk Neil Katkov projects that North American financial institutions — which are the greatest targets for global fraud — will spend $3.1 billion on fraud technology in 2021, or 16.1% more than the year before. Spending on fraud operations will amount to another $4.55 billion, he wrote.

The marketplace for fraud and compliance software has become crowded, which benefits banks, says Kevin Tweddle, the senior executive vice president for community bank solutions at the Independent Community Bankers of America.

“People ask me what’s a fintech,” he says. “It makes [banking] faster, simpler, cheaper and more secure.” An especially active group right now are cybersecurity companies, all vying to monitor threats for financial institutions and to help with compliance and reporting requirements.

Finalists in the compliance and risk category for the Best of FinXTech Awards included IT compliance company Adlumin, which uses machine learning to detect threats, malfunctions and operations failures in real time, and the cybersecurity provider DefenseStorm, which is a cybersecurity compliance platform built for banks and credit unions. For more on how Bank Director chose winners, click here.

But Hummingbird was clearly a stand-out for Coastal Financial. The software program was cost competitive, although Stines declines to name the price. Using the software clearly pays for itself, he says. But he admits the company might not need Hummingbird if not for its BaaS business, which adds to the company’s reporting requirements. Stines estimates he’d have to hire four to five additional full-time employees without it.

The drawback is that Hummingbird’s software doesn’t include every tool the banking company needs. But there’s a roadmap to adding functionality, and Hummingbird sticks to its promised dates, Stines says. The real selling factor was the user interface and the fact that Hummingbird seems eager to make changes as needed, and understands Coastal Financial’s technology clients. “They are more forward-thinking and more in tune with digital and fintech services than traditional players in the space,” he says.

This may just be the beginning. For Tweddle, banks and credit unions are enjoying an early to middle development period for fintech. “There’s a lot more interesting things to come,” he says.

Solve the Right Problem: The Path to Remediation Success

At some point, your bank will find an operation or process isn’t working or failing on intent. When that happens, don’t fall prey to the impulse to fix the wrong problem without looking below the surface for the root cause.

No matter the scenario, your best position is always to self-identify an issue and kick off remediation before a customer or regulator reports a problem. Once external forces step in, the stakes run even higher; you really can’t afford a misstep. Without question, the most common way that banks err is by starting on the wrong foot.

In my front-line experiences, I’ve seen financial institutions work ambitiously on remediating issues only to have regulators assign a failing grade. While no bank wants to be under a regulatory finding’s shadow, working smart and rejecting shortcuts is the only way to deliver the right solution and minimize future risk. With compliance costs expected to more than double and reach 10% of revenue spend by 2022, banks can’t afford to get it wrong.

Here are the steps for an effective remediation:

1.Take a breath — then dive into the deep end
Too often, companies fix what they think is the problem, only to learn that they’ve missed the mark and broken other things along the way. Not understanding the crux of the issue wastes a bank’s time, energy and resources.

If you’re dealing with a regulatory finding, be sure to engage your legal and compliance teams to ensure you understand the issue and solve for exactly what’s at risk, especially for issues with broader scope and breadth. Those leading your remediation plan should dig deeper into root problems by asking “why?” up to five times, peeling off another layer each time as you strive toward the core issue. Apply those questions to your business problem until you’ve identified the precise thing that needs to be fixed.

2. Know how to get from Point A to Point Z
Develop a roadmap to move effectively and efficiently from understanding the issue and identifying root causes to implementing solutions. From aligning on stakeholder engagement to technology resources, no solution happens overnight. Some regulatory remediation activities can take 12 to 18 months to resolve.

3. Make sure everyone’s on the same journey
Nothing derails remediation more than missed consensus on its direction and end goal. Remain focused on actions to fix your root issue, ease regulator or auditor concerns  and reduce customer complaints. Engage the right people in the right roles. Involving too many people can water down intent, while involving too few means you might miss capturing relevant insights from key parts of your business.

4. Document your journey
A comprehensive action plan can take time to execute. During that time, people in key roles might leave and business processes, and objectives, technology or regulations could change. Thorough and complete documentation keeps a record of execution activities, action plan or intent changes, and provides evidence of key decisions.

5. You’re not finished until you get an official pat on the back
Did your action plan include time to validate your work? Whether you have a third-line audit, loan review finding or a regulatory ruling, the issuer will return to confirm you solved the right problem completely. Build in solid testing to validate your solution fulfills on its intent, with no side effects that disrupt other processes. Also, if possible, check in with third-line partners regularly or when hitting major milestones to prevent surprises.

Remediation success comes with both the assessor’s endorsement, as well as sustained results from your action plan as evidenced by reporting and monitoring put into place. More importantly, don’t overlook this moment to repurpose your team’s learnings and experiences as the foundation for a repeatable remediation framework. When the next issue arises — and it will — your bank will already have a strategy and blueprint for smart action with minimal risk.

How the Edges of Financial Technology Could Change Regulation

Financial regulation in the United States follows a longstanding pattern: The presidential administration changes, the other political party takes power and the financial regulation pendulum swings. Those working in compliance inevitably need to recalibrate.

President Joe Biden’s messaging so far has aimed to minimize polarization. This bodes well for moving beyond the typical “financial deregulation” versus “more regulation” dynamic. It gives the industry an opportunity to turn our attention towards pulling the overall framework out of an old, slow, manual and paper-based reality. What the U.S. financial regulatory framework really needs are large, fundamental overhauls and modernizations that will support a healthy, ever-changing financial services marketplace — not just through the next presidential administration, but further beyond, through the next several decades.

The incoming leadership could make regulation smarter and more effective with reforms that:

  • Measure success by outcomes and evidence, as opposed to procedural adherence.
  • Leverage technology to streamline compliance for agencies as well as providers.
  • Catch up and keep up with the ongoing advancements in financial technology.

The time for these sorts of changes just so happens to be ripe.

Digital or cryptocurrencies and charters for financial technologies have an awkward fit within the existing regulatory framework. Cannabis, another fringe area of finance, poses extra layers of legal and regulatory challenge, but its status could change on a dime if the new administration resolves the state and federal disconnect. All three of these peripheral business opportunities have gained significant momentum recently and may force regulators to adapt. To support these new use cases, which would otherwise break existing bank infrastructure, technology providers would have to modernize in ways that would benefit financial service compliance across the board.

As the emerging regulatory lineup takes shape from the legacies of the outgoing agency heads, the swing from the past administration to the present may not be all that dramatic. There are strange bedfellows in fintech. In the last six months of Donald Trump’s administration, there was already a balance between Acting Comptroller of the Currency Brian Brooks and U.S. Treasury Secretary Steven Mnuchin.

Brooks was indeed very active in his short tenure. Under him, the Office of the Comptroller of the Currency issued full-service national bank charters for fintech companies, published interpretive letters supporting digital currencies and published a working paper from its chief economist, Chartering the FinTech Future,” that lent support to the use of stablecoins.

In contrast, Mnuchin spent his last month in office encouraging  Financial Crimes Enforcement Network, or FinCEN, to issue a controversial proposed rulemaking that would affect crypto wallets and transactions. Critics argue this would make compliance impossible for decentralized technologies.

The Biden administration may have a similar dynamic between these two regulatory roles, albeit less dramatic. The confirmation of Treasury Secretary Janet Yellen, with her experience and moderate stance, conveys a great deal of stability. Still, she may not champion stablecoins, given her public statements on cryptocurrency.

At writing, Michael Barr is the anticipated pick for comptroller. His extensive and diverse résumé shows a long history of supporting fintech. We anticipate that he would continue the momentum towards modernization that Brooks started.

Gary Gensler, the nominated chair of the Securities and Exchange Commission, has a great deal of expertise and enthusiasm for digital currencies. Since his tenure as chair of the Commodity Futures Trading Commission during Barack Obama’s administration, he has served on faculty at MIT Sloan School of Management, teaching courses on blockchain, digital currencies and other financial technologies. Chris Brummer, the Biden administration’s anticipated choice for the CFTC, currently serves as faculty director at Georgetown University’s Institute of International Economic Law, has written books on the regulation of financial technologies and founded D.C. Fintech Week to help promote discussion of fintech innovation among policymakers.

When we get to the outer edges of finance — to crypto, charters and cannabis — the divide between political camps starts to disappear. But there’s still quite a bit of rigidity in the traditional financial industry and regulatory framework. Combining the slate of steady, open-minded regulators with the building pressures of technology yields reasonable hope for regulatory overhauls that will pull compliance along into the future.

Developing a Digital-First Approach to Risk Management

The world has leaned further and further into the digital realm, largely thanks to a younger, more tech-dependent generation.

The Covid-19 pandemic accelerated a years-long push toward online and mobile banking use. Does your institution have a true digital banking strategy to deliver simple and secure digital banking services to your customers? As the primary channel through which customers conduct nearly all their banking activities, digital is your bank now.

But as more consumers turn to digital channels, cybercriminals are following suit — as demonstrated by increasing incidents of fraud and unauthorized account access. To mitigate cybersecurity threats and protect your customers, your bank’s risk management strategy now requires a digital-first approach.

Risk Management in Digital Banking
Even though customers demand digital transformation, delivering frictionless experiences comes with certain inherent challenges and risks. Once you identify these hurdles, you can mitigate them so that your institution can move forward.

The most pressing digital banking risk management issues fall into two categories: overcoming organizational challenges and mitigating regulatory risks. Each of them has several considerations and variables your institution should consider.

Overcoming Organizational Challenges

Outdated corporate culture: Entrenched processes and perspectives can stall your digital transformation. Promoting a more forward-thinking culture must start at the top and flow down in order for the entire institution to embrace change. Confirm your bank’s risk management personnel are onboard, and involve them from the beginning to ensure a secure and safe transformation.

Refocusing of key positions: Some of your bank’s key positions may change in response to digital transformation. Digitization may shift the focus of some, but these positions are still critical to the institution’s success. For example, instead of manually performing tasks, employees working in an operations department may begin focusing on automating processes for the institution.

Resistance to change: Many institutions have executives that will champion progress, while others are resistant to the changes required to adopt a digital-first approach. Identify the champions at your institution and empower them to lead your digital transformation.

Lack of innovative thought leadership: It will take true out-of-the-box thinking to digitally compete with the big banks and emerging fintech companies. Encourage that kind of modern thinking within your institution.

Misguided beliefs: Quash any notions that a mobile banking app is the only component of a digital strategy, or that a digital-first approach means that personalization is no longer needed. Back-end operations and internal processes must fully support a digital environment that effectively identifies and fulfills individual customer needs based on their actions and behaviors — without adding friction to the customer experience.

Mitigating Regulatory Risks

Digital compliance and cybersecurity: Banks operating in a digital environment must still comply with all applicable laws and regulations. This includes paying attention to uniquely digital processes that are covered under specific rules, such as electronically signing documents per the E-Sign Act. To mitigate risk, institutions should invest in technology designed to ensure compliance and strengthen cybersecurity.

Third-party risk management: Many banks are outsourcing all or part of their digital strategy to fintechs and other third-party vendors out of necessity. But institutions are still ultimately responsible for all functions, whether they are performed internally or externally. A robust vendor management program is key to avoiding unqualified third-party providers. A provider must understand applicable regulatory requirements, be able to adhere to them and guarantee compliance.

Fraud and identity theft: The increase in banking without face-to-face interaction can increase the risk of synthetic identity fraud, traditional identity theft and account takeovers. Your bank should meet these challenges by reviewing and strengthening your Bank Secrecy Act/anti-money laundering (BSA/AML), know your customer (KYC), customer due diligence (CDD), cybersecurity and other relevant compliance programs. Digitizing internal processes will result in more available data as well as the ability to use AI to monitor customer behaviors and efficiently identify potential fraud.

While digitization can increase certain risks for banks that undertake such a transformation, enabling enhanced digital banking risk management to secure digital channels, mitigate risk and deliver a frictionless customer experience is worth the effort.