Current Compliance Priorities in Bank Regulatory Exams

Updated examination practices, published guidance and public statements from federal banking agencies can provide insights for banks into where regulators are likely to focus their efforts in coming months. Of particular focus are safety and soundness concerns and consumer protection compliance priorities.

Safety and Soundness Concerns
Although they are familiar topics to most bank leaders, several safety and soundness matters merit particular attention.

  • Bank Secrecy Act/anti-money laundering (BSA/AML) laws. After the Federal Financial Institutions Examination Council updated its BSA/AML examination manual in 2021, recent subsequent enforcement actions issued by regulators clearly indicate that BSA/AML compliance remains a high supervisory priority. Banks should expect continued pressure to modernize their compliance programs to counteract increasingly sophisticated financial crime and money laundering schemes.
  • In November 2021, banking agencies issued new rules requiring prompt reporting of cyberattacks; compliance was required by May 2022. Regulators also continue to press for multifactor authentication for online account access, increased vigilance against ransomware payments and greater attention to risk management in cloud environments.
  • Third-party risk management. The industry recently completed its first cycle of exams after regulators issued new interagency guidance last fall on how banks should conduct due diligence for fintech relationships. This remains a high supervisory priority, given the widespread use of fintechs as technology providers. Final interagency guidance on third-party risk, expected before the end of 2022, likely will ramp up regulatory activities in this area even further.
  • Commercial real estate loan concentrations. In summer 2022, the Federal Deposit Insurance Corp. observed in its “Supervisory Insights” that CRE asset quality remains high, but it cautioned that shifts in demand and the end of pandemic-related assistance could affect the segment’s performance. Executives should anticipate a continued focus on CRE concentrations in coming exams.

In addition to those perennial concerns, several other current priorities are attracting regulatory scrutiny.

  • Crypto and digital assets. The Federal Reserve, the Office of the Comptroller of the Currency, and the FDIC have each issued requirements that banks notify their primary regulator prior to engaging in any crypto and digital asset-related activities. The agencies have also indicated they plan to issue further coordinated guidance on the rapidly emerging crypto and digital asset sector.
  • Climate-related risk. After the Financial Stability Oversight Council identified climate change as an emerging threat to financial stability in October 2021, banking agencies began developing climate-related risk management standards. The OCC and FDIC have issued draft principles for public comment that would initially apply to banks over $100 billion in assets. All agencies have indicated climate financial risk will remain a supervisory priority.
  • Merger review. In response to congressional pressure and a July 2021 presidential executive order, banking agencies are expected to begin reviewing the regulatory framework governing bank mergers soon.

Consumer Protection Compliance Priorities
Banks can expect the Consumer Financial Protection Bureau (CFPB) to sharpen its focus in several high-profile consumer protection areas.

  • Fair lending and unfair, deceptive, or abusive acts and practices (UDAAP). In March 2022, the CFPB updated its UDAAP exam manual and announced supervisory changes that focus on banks’ decision-making in advertising, pricing, and other activities. Expect further scrutiny — and possible complications if fintech partners resist sharing information that might reveal proprietary underwriting and pricing models.
  • Overdraft fees. Recent public statements suggest the CFPB is intensifying its scrutiny of overdraft and other fees, with an eye toward evaluating whether they might be unlawful. Banks should be prepared for additional CFPB statements, initiatives and monitoring in this area.
  • Community Reinvestment Act (CRA) reform. In May 2022, the Fed, FDIC, and OCC announced a proposed update of CRA regulations, with the goal of expanding access to banking services in underserved communities while updating the 1970s-era rules to reflect today’s mobile and online banking models. For its part, the CFPB has proposed new Section 1071 data collection rules for lenders, with the intention of tracking and improving small businesses’ access to credit.
  • Regulation E issues. A recurring issue in recent examinations involves noncompliance with notification and provisional credit requirements when customers dispute credit or debit card transactions. The Electronic Fund Transfer Act and Regulation E rules are detailed and explicit, so banks would be wise to review their disputed transaction practices carefully to avoid inadvertently falling short.

As regulator priorities continue to evolve, boards and executive teams should monitor developments closely in order to stay informed and respond effectively as new issues arise.

Growth Milestone Comes With Crucial FDICIA Requirements

Mergers or strong internal growth can quickly send a small financial institution’s assets soaring past the $1 billion mark. But that milestone comes with additional requirements from the Federal Deposit Insurance Corp. that, if not tackled early, can become arduous and time-consuming.

When a bank reaches that benchmark, as measured at the start of its fiscal year, the FDIC requires an annual report that must include:

  • Audited comparative annual financial statements.
  • The independent public accountant’s report on the audited financial statements.
  • A management report that contains:
    • A statement of certain management responsibilities.
    • An assessment of the institution’s compliance with laws pertaining to insider loans and dividend restrictions during the year.
    • An assessment on the effectiveness of the institution’s internal control structure over financial reporting, as of the end of the fiscal year.
    • The independent public accountant’s attestation report concerning the effectiveness of the institution’s internal control structure over financial reporting.

Management Assessment of Internal Controls
Complying with Internal Controls over Financial Reporting (ICFR) requirements can be exhaustive, but a few early steps can help:

  • Identify key business processes around financial reporting/systems in scope.
  • Conduct business process walk-throughs of the key business processes.
  • For each in-scope business process/system, identify related IT general control (ITGC) elements.
  • Create a risk control matrix (RCM) with the key controls and identity gaps in controls.

To assess internal controls and procedures for financial reporting, start with control criteria as a baseline. The Committee of Sponsoring Organizations (COSO) of the Treadway Commission provides criteria with a fairly broad outline of internal control components that banks should evaluate at the entity level and activity or process level.

Implementation Phases, Schedule and Events
A FDICIA implementation approach generally includes a four-phase program designed with the understanding that a bank’s external auditors will be required to attest to and report on management’s internal control assessment.

Phase One: Business Risk Assessment and COSO Evaluation
Perform a high-level business risk assessment COSO evaluation of the bank. This evaluation is a top-down approach that allows the bank to effectively identify and address the five major components of COSO. This review includes describing policies and procedures in place, as well as identifying areas of weakness and actions needed to ensure that the bank’s policies and procedures are operating with effective controls.

Phase One action steps are:

  • Educate senior management and audit committee/board of directors on reporting requirements.
  • Establish a task force internally, evaluate resources and communicate.
  • Identify and delegate action steps, including timeline.
  • Identify criteria to be used (COSO).
  • Determine which processes and controls are significant.
  • Determine which locations or business units should be included.
  • Coordinate with external auditor when applicable.
  • Consider adoption of a technology tool to provide data collection, analysis and graphical reporting.

Phase Two: Documenting the Bank’s Control Environment
Once management approves the COSO evaluation and has identified the high-risk business lines and support functions of the bank, it should document the internal control environment and perform a detailed process review of high-risk areas. The primary goals of this phase are intended to identify and document which controls are significant, evaluate their design effectiveness and determine what enhancements, if any, they must make.

Phase Three: Testing and Reporting of the Control Environment
The bank’s internal auditor validates the key internal controls by performing an assessment of the operating effectiveness to determine if they are functioning as designed, intended and expected.  The internal auditor should help management determine which control deficiencies, if any, constitute a significant deficiency or material control weakness. Management and the internal auditor should consult with the external auditor to determine if they have performed any of the tests and if their testing can be leveraged for FDICIA reporting purposes.

Phase Four: Ongoing Monitoring
A primary component of an effective system of internal control is an ongoing monitoring process. The ongoing evaluation process of the system of internal controls will occasionally require modification as the business adjusts. Certain systems may require control enhancements to respond to new products or emerging risks. In other areas, the evaluation may point out redundant controls or other procedures that are no longer necessary. It’s useful to discuss the evaluation process and ongoing monitoring when making such improvement determinations.

Overdraft Fees Are Getting a Much-Needed Overhaul

Overdraft fees have been a significant source of noninterest income for the banking industry since they were first introduced in the 1990s. But these “deterrent” fees are on the chopping block at major financial institutions across the country, putting pressure on smaller banks to follow suit. 

Overdraft and non-sufficient funds (NSF) fees brought in an estimated $11 billion in revenue in 2021, according to the Financial Health Network, significantly down from $15.5 billion in fee revenue in 2019. As the industry responds to ongoing regulatory pressure on top of increased competition from neobanks and disruptive fintechs, that downward trend is expected to continue. 

For larger banks, those with more than $10 billion in assets, overdraft fee income has trended downward since 2015. Christopher Marinac, director of research at Janney Montgomery Scott, reported on this back in December 2021 after noting overdraft fees had declined for 23 quarters and expects this trend to continue into 2022. Despite the decline, regulators continue to focus on them, citing their role in the growth of wealth inequality. 

“[R]egulators have clearly sent a signal that they want those fees to either go away or be less emphasized,” Marinac says. “Like a lot of things in the regulatory world, this has been an area of focus and banks are going to find a way to make money elsewhere.”

For an industry that has evolved so rapidly over the last 10 years, overdraft fees represent a legacy banking service that has not adapted to today’s digital banking customer or the realistic cost to service this feature, says Darryl Knopp, senior director of portfolio marketing at the credit rating agency FICO. Knopp believes that an activities-based cost analysis would show just how mispriced these services actually are. It’s one reason why neobanks such as Chime have attracted customers boasting of lower fees. If banks were to think about overdrafts as access to short-term credit, that would change the pricing conversation to one of risk management. 

“Banks are way more efficient than they were 30 years ago, and they need to understand what the actual costs of these services are,’’ Knopp says. “The pricing has not changed since I got into banking, and that’s why [banks] are getting lapped by the fintechs.” 

Overdrafts aren’t going to disappear overnight, but some banks are getting ahead of the trend and taking action. Bank of America Corp., Wells Fargo & Co., and JPMorgan Chase & Co., which together brought in an estimated $2.8 billion in overdraft and NSF fee revenue in the first three quarters of 2021, recently announced reduced fees and implemented new grace periods, according to the Consumer Financial Protection Bureau. Capital One Financial Corp. announced the elimination of both overdraft and NSF fees back in December and Citigroup’s Citibank recently announced plans to eliminate overdraft fees, returned item fees, and overdraft protection fees. 

In April, $4.2 billion First Internet Bancorp of Fishers, Indiana, announced the removal of overdraft fees on personal and small business deposit accounts, but it continues to charge NSF fees when applicable. Nicole Lorch, president and chief operating officer at First Internet Bank, talked to Bank Director’s Vice President of Research Emily McCormick about the decision to make this change. She says overdrafts were not a key source of income for the bank and the executives wanted to emphasize their customer-centric approach to service. First Internet Bank’s internal data also found that overdraft fees tended toward accidental oversight by the customers, whereas NSF fees were more often the result of egregious behavior. 

“In the case of overdrafts,” says Lorch, “it felt like consumers could get themselves into the situation unintentionally, and we are not in this work to create hurdles for our customers.”

For banks that are grappling with the increased pressure to tackle this issue, there are other ways to get creative with overdraft and NSF fees. Last year, PNC Financial Services Group introduced its new “Low Cash Mode” offering, which comes with the Spend account inside of PNC’s Virtual Wallet. Low Cash Mode alerts customers to a low balance in their account. It gives customers the flexibility to choose which debits get processed, and provides a grace period of 24 hours or more to address an overdraft before charging a fee.

Banks that want to keep pace with the industry and are willing to take a proactive approach need to find ways to offer more personalized solutions. 

“The problem is not the overdraft fee,” says Ron Shevlin, chief research officer at Cornerstone Advisors. “It’s a liquidity management problem and it’s bigger than just overdrawing one’s account. Banks should see this as an opportunity to help customers with their specific liquidity management needs.” 

He says it’s time for the industry to move away from viewing overdrafts as a product and start thinking of it as a solutions-based service that can be personalized to a customer’s unique needs.

  • Bank Director Vice President of Research Emily McCormick contributed to this report.

Regulators Focus on Sales Practices: Responding to Heightened Scrutiny


Regulators-2-13-17.pngFederal and state regulatory enforcement actions and unprecedented fines for alleged fraud—fraud that apparently originated with sales incentive compensation plans—have left bank executive management teams and boards wondering if the same thing could be happening at their institutions. These concerns are shared by banking regulators, as evidenced by the flurry of activity, including testimonies, speeches and information requests, in the fourth quarter of 2016.

Given the huge media attention to one bank’s alleged misdeeds, bank executive management teams and boards are wondering if the same thing could be happening at their institutions.

Excessive risk-taking, without proper risk management and controls, often has been cited as one of the root causes of the recession that begin in late 2007. Progress certainly has been made since the financial crisis, particularly in fostering a healthy compliance culture, committing to effective risk management and governance, and improving how customers are treated. However, the issues associated with sales and incentive plans have thrust these concerns back into the open to be scrutinized by the public, policymakers, law enforcement and regulatory agencies.

The 2010 Guidance on Sound Incentive Compensation Policies
In June 2010, the Office of the Comptroller of the Currency (OCC), the Federal Reserve, the Federal Deposit Insurance Corporation (FDIC), and the Office of Thrift Supervision published their final Guidance on Sound Incentive Compensation Policies in the Federal Register. The guidance applies to all banking organizations supervised by the OCC, the FDIC and the Federal Reserve, regardless of the size of banking organization.

The guidance is based upon three key principles about incentive compensation arrangements, namely that they should:

  1. Provide employees with incentives that appropriately balance risk and financial results in a manner that does not encourage employees to expose their organizations to imprudent risks.
  2. Be compatible with effective controls and risk management.
  3. Be supported by strong corporate governance, including active and effective oversight by the banking organization’s board of directors.

The guidance, as well as other similarly focused rulemaking activities, clearly indicates that incentive-based compensation arrangements now are under the microscope. Every bank should review its incentive-based compensation arrangements to make sure they are in compliance with the applicable regulations.

What’s My Exposure?
Bank executives and directors who are trying to determine their entity’s exposure related to sales incentive programs need their bank to undergo a risk assessment focused on common activities that are aligned to their bank’s sales incentive practices. If the assessment reveals problems with improper behavior, the bank then must determine its level of exposure.

A comprehensive approach to assessing exposure should encompass the following high-level areas and analyze associated data at a level sufficient to identify whether improper behaviors are occurring:

  • Review accounts, products and services offered to consumers or small businesses through all channels (including branches, phone, internet and private banking).
  • Analyze incentive program payments by product or service provided.
  • Consider noncash incentive programs.
  • Ensure reports are issued by internal audit, front-line self-assessments or an external party that cover sales practices or account opening or closing procedures.
  • Establish policies, procedures and reports of concerns with sales practices or account opening or closing procedures resulting from employee terminations or exit interviews, whistleblower or ethics hotlines or consumer complaints.
  • Develop training program materials for employees who sell products and services.
  • Institute policies, procedures and detection controls specific to account opening and closing metrics.

It is important that assessment and data analysis activities include third-party risk management programs to identify and effectively manage risks related to third parties that are involved in opening and maintaining customer accounts.

In addition, banks should consider performing culture assessments to determine if there are conflicting elements or subcultures that are misaligned. Many banks change their cultures by sequentially aligning strategies, structures, processes, rewards and people practices.

Actionable Information
With assessment information in hand, executives and boards are better able to make informed decisions and take appropriate actions necessary to help protect the bank and its customers. Depending on the assessment results, the bank then might need to take the following steps to mitigate the risk:

  • Further investigate the areas for which the exposure assessment identifies improper behavior or potential fraud.
  • Test the design and operating effectiveness of existing controls to prevent and detect account origination, servicing and termination fraud as well as unfair, deceptive, or abusive acts and practices (UDAAP) within the sales process.
  • Develop and implement new controls within the sales, account origination, servicing and termination processes.
  • Review incentive compensation plans and their governance processes.
  • If necessary, reshape overall compensation plans to eliminate incentives that could lead to a higher likelihood of fraud and undue risk-taking.
  • Design and implement systems or functions to identify, measure, monitor and control risk-taking and standards of behavior.

What to Know About the New Fintech Charter


fintech-12-13-16.pngDon’t expect an onslaught of fintech companies rushing to become banks. The recent announcement that the Office of the Comptroller of the Currency would begin accepting applications for special purpose national bank charters from fintech companies was met with gloom from some in the banking industry, and optimistic rejoicing from others.

For now, the impact on banking and innovation seems unclear, but the hurdles to obtaining a national banking charter will be significant, and include compliance with many of the same regulations that apply to other national banks, possibly dissuading many startup fintech companies from even wanting one. On the other hand, larger or more established players may find it worth the added regulatory costs to boost their marketing and attractiveness to investors, says Cliff Stanford, an attorney at Alston & Bird. Plus, fintech firms can avoid the mélange of state-by-state banking rules and regulations by opting for a national banking charter instead. So don’t be surprised if a Wal-Mart, Apple or Google decides to get a banking license, along with some other, less well known names. The online marketplace lender OnDeck has already said it was open to the possibility of a national bank charter.

The OCC is offering fintech companies the same charter many credit card companies and trust companies have. Basically, the institution has to become a member of the Federal Reserve, and is regulated as a national bank with the same capital standards and liquidity requirements as others. The company has to provide a detailed plan of what products and services it intends to offer, a potential hurdle for a nimble start-up culture more accustomed to experimentation than regulation. “They will have a high bar to meet and they might not be able to meet those requirements,” Stanford says.

However, if the special purpose bank doesn’t accept deposits, it won’t need to comply with the same regulations as banks insured by the Federal Deposit Insurance Corp., which means it is exempt from the Community Reinvestment Act (CRA). Although nondepository institutions would not have to comply with the CRA, the OCC described requirements to make sure the fintech companies follow a plan of inclusion, basically making sure they don’t discriminate, and promote their products to the underserved or small businesses. This has caused some consternation among community banks.

“Why should a tiny bank have to comply with CRA and a big national bank across America does not have to comply?’’ says C.R. “Rusty” Cloutier, the CEO of MidSouth Bancorp, a $1.9 billion asset bank holding company in Lafayette, Louisiana. “If they want a bank charter, that’s fine. Let’s just make sure they play by the same rules.”

The Independent Community Bankers of America, a trade group, put out a press release saying it had “grave” concerns about what it called a “limited” bank charter. “We don’t want a charter that disadvantages one set of financial institutions,’’ says Paul Merski, an executive vice president at the ICBA. “We aren’t against innovation. But we want to make sure some institutions aren’t put at a disadvantage.”

Richard Fischer, an attorney in Washington, D.C., who represents banks, says he doesn’t think a fintech charter is a threat to banks. The Wal-Marts and Apples of the world will do what they want to do, whether or not they have a bank charter. Wal-Mart, which abandoned attempts to get a special purpose banking charter in 2007, already has a sizeable set of financial services, although it partners with banks that do have a charter, such as Green Dot Corp. in Pasadena, California.

Could a new fintech charter lead to fewer bank partnerships with fintech companies, as the fintech companies can cut out the need for a bank? Possibly. But it could also lead to more bank partnerships, as some banks, especially small or midsized banks, become more comfortable with the risk involved in doing business with a fintech company that has a national banking charter.

Jimmy Lenz, the director of technology risk at Wells Fargo Wealth and Investment Management, a division of Wells Fargo & Co., says he’s optimistic that a charter could create more products and services.

“I don’t see this cutting the pie into smaller slices,’’ he says. “I think they will be cutting a bigger pie. I don’t see the banks coming out on the short end of this.” Others said that the competition to banks coming from fintech companies already exists, and won’t go away if you don’t offer a federal charter for fintech companies. “The competition is already there,’’ Stanford says.

Should You Do Business With Marketplace Lenders?


Lenders-12-9-16.pngThe shift away from the traditional banking model—largely due to technological advances and the growing disaggregation of certain bank services—has contributed to the rise of the marketplace lending (MPL) industry. The MPL industry, in particular, offers consumers and small businesses the means by which to gain greater access to credit in a faster way. MPL, despite its increasing growth, has managed to stay under the radar from regulatory oversight until recently. However, in a short span of time, federal and state regulators—the Department of the Treasury, Office of the Comptroller of the Currency (OCC), Consumer Financial Protection Bureau (CFPB), the Federal Deposit Insurance Corporation (FDIC) and California Department of Business Oversight, for example—have begun to weigh the benefits and risks of MPL, with the OCC, for example, going so far as to announce its intention to grant special purpose national bank charters to fintech companies.

Given the evolving nature of the industry and its regulation, in this article, we discuss three key issues for MPL participants to consider. First, we discuss the regulatory focus on the third-party lending model. Second, we consider the potential fair lending risks. Third, we focus on considerations related to state usury requirements. We conclude with a few thoughts on what to expect in this changing landscape.

Third-Party Lending Model
The MPL model traditionally operates with three parties: the platform lender, the originating bank and investors purchasing the loans or securities. Based on the reliance on originating banks in the MPL structure, the FDIC, CFPB and others increasingly have considered the risks to banks from these third-party relationships. In particular, regulators appear to be concerned that banks may take on additional risk in these relationships, which are potentially similar to the lending model rejected by a U.S. District Court judge earlier this year when deciding CashCall was the real lender in dispute, not a tribal lender set up in South Dakota. Thus, the FDIC, for example, in its recent Guidance for Managing Third-Party Risk, asks institutions engaged in such third-party relationships to appropriately manage and oversee these third-party lenders before, during and after developing such a relationship. In addition, certain originating banks have also taken to retaining some of the credit risk to mitigate concerns that the MPL may be considered the true lender.

Fair Lending
Another potential area to consider relates to fair lending risks regarding extensions of credit in certain geographical areas, underwriting criteria and loan purchase standards. For example, the potential for fair lending risk may increase particularly with respect to the data collected on borrowers for underwriting purposes, for example, where the use of certain alternative criteria may inadvertently result in a disparate impact to protected classes. In addition, restrictions on lending areas or the types of loans sold to investors similarly could pose such issues.

State Usury Requirements
The recent Second Circuit decision in Madden v. Midland Funding LLC also highlights potential uncertainty regarding the MPL model. In Madden, the Second Circuit determined that a debt collection firm, which had purchased a plaintiff’s charged-off account from a national bank, was not entitled to the benefit of the state usury preemption provisions under the National Bank Act, despite originally being available to the originating national bank. Madden was appealed to the Supreme Court, which declined to hear the case. Thus, Madden has the potential to limit the ability for MPL firms to rely on their originating banks to avoid complying with state-by-state interest rate caps, as federal preemption would no longer apply to those loans later transferred to or acquired by such nonbank entities. Further, Madden increases the uncertainty regarding the originated loans that MPL firms may later sell to (or issue securities for) investors. While some lenders have chosen to carve out the Second Circuit (New York, Connecticut and Vermont) for lending and loan sale purposes, there is the continued risk that the decision may set a precedent in other circuits.

Conclusion
Even with the increasing scrutiny of the MPL industry, regulators appear to recognize the benefits of access to credit for borrowers. For example, the OCC, CFPB and the Treasury have indicated that any increase in regulation should be balanced with fostering innovation. This may be a potential signal on the part of regulators to adopt a framework by which financial innovation is incorporated into the traditional banking model. Thus, looking forward, we think the regulatory uncertainty in this space provides the opportunity for MPL participants to take a proactive approach in shaping regulatory policy for the industry.

Why Growth Matters for CRE Concentration Risk


Community banks are contending with the increasing risk profile of and regulatory scrutiny around commercial real estate (CRE) concentrations. Indeed, the regulatory community telegraphed in December 2015 their intentions of focusing bank examinations on concentration management, and since then, the FDIC has noted an increase in matters requiring board attention (MRBAs) associated with concentrated loan exposures. Additionally, the Office of the Comptroller of the Currency raised its regulatory stance on CRE lending from “monitoring status” to “an area of additional emphasis.” To explain their renewed attention, the regulators cited intense loan growth, sharp rent-rate and valuation increases, competitive pressures and an easing in underwriting standards eerily similar to the lead-up to the Great Recession—during which many community bank failures were driven by construction & development (C&D) and CRE concentrations.

While there is evidence that this renewed attention has shifted many banks’ CRE underwriting stance to a net tightening position, this has yet to have a material impact on C&D and CRE loan outstandings. A trend analysis across all commercial and savings banks shows intense increases in both C&D and non-C&D regulatory CRE.

Growth Rates By Type of Asset for All Commercial and Savings InstitutionsCRE-loans-small.png

Note the sharp difference between C&D (red) and non-C&D Regulatory CRE (orange): the Great Recession saw a precipitous drop in C&D balances, but multifamily and other property (i.e., non-owner-occupied CRE) increased in total outstandings during and after the Great Recession with growth since the recession of 142.5 percent and 49.3 percent respectively.

It is constructive to highlight that growth rates—while sometimes overlooked—are explicitly part of the 2006 CRE regulatory guidelines. Those guidelines stipulate that an institution is only in excess of the CRE guideline if CRE as a percent of capital is greater than or equal to 300 percent and the institution’s CRE portfolio has increased by 50 percent or more during the prior three years.

The regulators have repeatedly pointed out that—unlike many other regulatory prescriptions and proscriptions—the CRE guidelines are not limits. The FDIC has noted that because “community banks typically serve a relatively small market area and generally specialize in a limited number of loan types, concentration risks are a part of doing business” and the OCC specifically caveated that the “guidance does not establish specific limits on CRE lending; rather, it describes sound risk management practices that will enable institutions to pursue CRE lending in a safe and sound manner.”

In this context, growth may be the most important element of the CRE guidelines because it quantifies the potential that portfolio size may outstrip the risk management infrastructure (spanning credit, capital, strategic, compliance and operational components) to support that lending. In cases of aggressive growth (whether you are above or below the other regulatory CRE criteria), it is that much more important to establish proactive and robust credit risk monitoring and management.

Luckily, as the CRE guidance is now quite mature, industry-wide best practices exist to aid in this exercise:

  1. Monitor the risk for all of your bank’s credit concentrations—not just CRE and C&D.
  2. Analyze and segment your entire portfolio by at least the “regulatory big three” of product, geography and industry. It is also constructive to slice-and-dice by vintage, underwriting bands, branch, etc.
  3. For each segment, calculate and monitor growth rates along with percent of risk-based capital and asset quality (and consider establishing management triggers and thresholds on these key risk indicators).
  4. Analyze your portfolio hierarchically so high-level trends are digestible for boards of directors while the detail can be drilled through so the results are tactically relevant to management and even individual loan officers. Banking is a relationship business, and risk analytics should lead to action that may start with a borrower conversation.
  5. Especially in the current relatively benign credit environment and in situations where loan growth may obfuscate asset quality deterioration, monitor leading indicators of risk like underwriting policy exceptions, loan review downgrades, covenant violations, valuation trends and average underwriting attributes.
  6. Perform portfolio and firm-wide loss stress testing to quantify the loss potential under hypothetical and severe conditions. Roll such stress test results through your balance sheet and income statement to assess the impact on earnings and capital adequacy.
  7. Where your portfolio analytics or portfolio-wide stress tests identify sensitive concentrations, perform loan-level stress testing.
  8. Incorporate credit concentration risk within your allowance for loan losses (ALLL)—remember that concentration risk is one of the nine subjective qualitative and environmental risk factors laid out by the 2006 Interagency Guidance on the ALLL and reaffirmed by FASB’s CECL standards update.

Online Lenders: Finding the Right Dance Partner


lenders-1.png

An increasing number of banks are conceding that innovations introduced by online lenders are here to stay, particularly the seamless, fully digital customer experience. Also, online upstarts have grown to understand that unseating the incumbents may well be heavy-going, not the least because of the difficulties of profitably acquiring borrowers. The result is that both sides have opened up to the potential for partnership, viewing one another’s competitive advantages as synergistically linked. We see five types of partnership emerging.

1) Buying loans originated on an alternative lender’s platform
In this option, alternative lenders securitize loans originated on their platform to free up capital to make more loans while removing risk from their balance sheets. Banks then purchase these securitized loans as a way to diversify investments. This type of partnership is among the most prolific in the online small business lending world, with banks such as JPMorgan Chase, Bank of America and SunTrust buying assets from leading online lenders. The benefits of this option include the ability to delineate the type of assets the bank wants to be exposed to, and potential for a new source of balance sheet growth. However, the downside include may include the difficulty of assessing risk, as alternative lenders are less likely to share details of proprietary underwriting technology. Moreover, the lack of historical data on alternative lenders’ performance means limited access to data on how these investments will fare in a downturn.

2) Routing declined loan applicants to an alternative lender or to an online credit marketplace
Banks decline the majority of customers who apply for a loan. This partnership option allows such banks to find a home for these loans by referring declined borrowers directly to an online lender or credit marketplace like Fundera, which may be more capable of approving the borrower in question. The advantages of this approach include the ability of the bank to provide their customers with access to a wider suite of products through a vetted solution, a reduced need to expand the bank’s credit box and increased revenue in the form of referral fees. Examples of this type of partnership are few and far between in the United States. Thus far, OnDeck has partnerships of this nature with BBVA and Opus Bank. In our view, a big reason why more banks haven’t followed suit is the loss of control over a borrower’s experience, since agreements typically require a full customer handoff to the alternative lender. In addition, regulators have become increasingly reticent to endorse such agreements, with guidance from the Office of the Comptroller of the Currency and Federal Deposit Insurance Corp. being particularly restrictive.

3) Making the bank’s small business product line available through an online marketplace
Marketplace players, like Fundera, aim to empower borrowers with the tools needed to shop and compare multiple credit products from a curated network of reputable bank and non-bank lenders. They can be natural partners for traditional banks, as they can be lender agnostic, offering banks an opportunity to compete head-to-head with online lenders to acquire customers. Banks can choose to make any and all of their small business product lines (e.g. term loans, SBA loans, lines of credit, credit cards) available. Examples of this include partnerships with Celtic Bank, LiveOak and Direct Capital (a division of CIT Bank) currently have with Fundera. This option allows a bank to explore digital distribution of products within their lending portfolio, as well as the opportunity to acquire a high-intent, fully packaged borrower that comes from outside the bank’s existing footprint. In addition, this option enables banks to offer products only to the customers which meet eligibility criteria set by the bank (e.g., industry, state, credit box). The downsides of this option can be the upfront investment in technology required by banks to integrate with a marketplace lender.

4) Utilizing an alternative lender’s technology to power an online application
In this option, the alternative lender or lending-as-a-service provider powers a digital application, collecting all the application information and documentation that a bank requires to underwrite a small business loan. Capital, however, is still deployed by the bank. Examples of this partnership type include the collaboration between lending solutions provider Fundation and Regions Bank. This improves the usability of a traditional lender’s products by giving business owners the flexibility to apply online. This partnership also provides access to technology that is difficult and costly for a bank to develop. It may also reduce dependency on paper documents while reducing time to complete a loan application. The downsides of this option are that it can require deployment of significant resources for compliance and due diligence.

5) Utilizing an alternative lender’s technology to power an online application, loan underwriting and servicing
In addition to powering a digital application, the alternative lender can provide access to its proprietary technology for pricing, underwriting and servicing. As with option four, however, capital is still deployed by the bank. The example that comes closest to this type of partnership is the partnership between OnDeck and JPMorgan Chase. This option gives a bank access to underwriting technology that may be costly for them to develop on its own. By leveraging this technology, the bank may also be able to address segments of the market that would have been deemed uncreditworthy by its existing, more conventional underwriting process. Banks should only move forward with this option if they trust an alternative lender’s underwriting criteria, and the bank believes that the alternative lender can meet their compliance requirements.

Severance Pay May Be Forbidden, Court Rules


severance-pay-8-31-16.pngNo one wants to imagine bad times for the bank. But it makes sense to plan in advance, just in case. Your bank needs to motivate and keep the executive management team in place during difficult times, and one way to ensure this is to put in place a competitive compensation package when times are good.

A troubled bank can have significant restrictions imposed on its executive compensation programs. In particular, 12 C.F.R. Part 359 (Part 359) broadly prohibits the payment of, or entering into an agreement for the payment of, any golden parachute payment without prior regulatory approval. For an overview of Part 359, see our BankDirector.com article dated September 23, 2011.

A decision in July of 2016 from the U.S. Court of Appeals for the 8th Circuit once again confirms the view of the “impossibility” of severance pay under Part 359 and serves as a reminder that prior planning can help a bank to work within those rules.

Overview of Von Rohr
Jerry Von Rohr was a long-serving senior executive at Reliance Bank, serving lastly as chief executive officer before Reliance terminated his employment. At the time, the bank was subject to Part 359. Von Rohr claimed he was entitled to compensation for a year following the effective date of his termination. Because it was subject to Part 359, Reliance asked the Federal Deposit Insurance Corp. (FDIC) whether the claimed payment could be made to Von Rohr. The FDIC advised that the payment would be a “golden parachute payment” under Part 359, which Reliance could not make without prior FDIC approval. Reliance declined to make the requested payment. Von Rohr filed a lawsuit against Reliance and the FDIC. He alleged breach of contract and requested a declaration that federal law does not prohibit the payment. The trial court upheld the FDIC’s determination and granted summary judgment to Reliance on the breach of contract claim. The appeals court affirmed the trial court’s decision.

In granting summary judgment to Reliance, the court affirmed the trial court’s finding that the FDIC’s determination made Reliance’s performance under Von Rohr’s contract “impossible.”

In upholding the FDIC’s determination that any post-employment payment to Von Rohr under his employment agreement would be a golden parachute because it would be a payment “for services he did not render,” the appeals court made clear that whether or not something is called severance or a “golden parachute” is irrelevant to the analysis as to whether it is prohibited under Part 359. Von Rohr had argued that the payment he was due was simply his compensation for the remainder of the term of his contract, not a payment solely and specifically contemplating his termination. The court indicated that, if it accepted Von Rohr’s view, it would “create a giant loophole” in the prohibitions of Part 359. The intent of the regulatory scheme is to prevent troubled banks from draining their already low resources with payments to terminated executives who may have been responsible for the bank’s condition. It would not serve that intent to allow artful drafting to avoid it.

Von Rohr also claimed that the FDIC’s position is in conflict with its consistently held view that Part 359 does not preclude payment of damages for statutory claims (e.g., discrimination, whistleblower retaliation, etc.). The court dismissed this claim by acknowledging the FDIC’s view on statutory claims and noting that Von Rohr was raising a contractual claim, not a statutory claim.

Planning Opportunities
Significantly, exempt from the scope of the prohibition of Part 359 are payments under tax-qualified retirement plans, benefit plans, bona fide deferred compensation plans and nondiscriminatory severance plans, as well as those required by statute or payable following death or disability.

In particular, Part 359 exempts bona fide deferred compensations and nondiscriminatory severance plans only where such arrangements have been in place at least (and not modified to increase benefits within) one year prior to the troubled condition designation.

Between bona fide deferred compensation, nondiscriminatory severance and death or disability benefits, a bank should be able to build the basics of an attractive compensation package for a member of executive management. However, many banks put off current consideration of these types of arrangements for one reason or another. The Von Rohr case should serve as a reminder that Part 359 is inflexible. Therefore, banks should consider today whether to implement such arrangements.

Finally, should a bank find itself involved in litigation related to an executive’s termination, it should remember that Part 359 does not prohibit payment of damages for statutory claims.

A Second Life for an American Bank


bank-rebirth-8-18-16.pngThere were 437 bank failures in the United States between 2009 and 2012, according to the Federal Deposit Insurance Corp., most of them victims of the financial crisis and the sharpest economic downturn since the Great Depression. CalWest Bancorp was not one of them, despite experiencing some financial difficulties of its own during the crisis years, and today it faces a bright future with a successful recapitalization and reconstituted board.

As much as anything, the story of CalWest, a $136.6 million asset bank holding company based in Rancho Santa Margarita, California, is a strong vote of confidence for the potential of community banking. It is often said that small banks, especially those under $500 million and even $1 billion in assets, won’t be able to survive in a consolidating and increasingly competitive industry. The story of CalWest is about a group of professional investors who put $14 million into the bank and joined the board without compensation because they believe in the long-term future of their small community bank and are ready to roll up their sleeves and get to work.

Formed in 1999, CalWest has four branches in Southern California’s Orange County that uses three different names: South County Bank in Rancho Santa Margarita, where it has two branches, Surf City Bank in Huntington Beach and Inland Valley Bank in Redlands. President and Chief Executive Officer Glenn Gray says CalWest provides “white glove service” to a small and midsized businesses. “These are companies with probably $30 million or less in annual revenue, mostly family owned,” says Gray. “We focus on C&I lending, although we do commercial real estate [lending] as well.”

CalWest’s biggest problems during the recession were primarily bad commercial real estate loans and loans guaranteed by the Small Business Administration. The bank tried “quite a few different attempts” to either recapitalize or sell itself without success, according to Gray, although it did take approximately $5 million in Troubled Asset Relief Program (TARP) funds from the federal government in 2009. Attracted by the challenge of reviving a flagging franchise, Gray signed on as CEO in 2012, leaving a different Orange County community bank where he had been the CEO for six years. “I made the move primarily because of the opportunity to come into something that clearly needed to be fixed,” he explains. “I had a pretty good idea that it could be fixed. I like doing turnaround situations.” Gray was also drawn in by the chance to invest personally in the bank’s recovery.

The bank had entered into a consent agreement with its primary regulator, the Office of the Comptroller of the Currency, in January 2011, that among other things required it to raise its regulatory capital ratios. Gray spent the next couple of years cleaning up the loan portfolio and shrinking the bank’s balance sheet to improve its capital ratios, but wasn’t ready to raise new capital until 2015 when it retained Atlanta-based FIG Partners to manage a recapitalization of the bank. The effort ended up raising $14 million in fresh capital in December of last year from a group of private investors, although it actually had commitments for $30 million, according to Gray. The funds will be used to strengthen the company’s regulatory capital ratios, support its growth plans and retire the TARP funding. The consent order with the OCC was terminated in May.

One of those investors is Ken Karmin, chairman and CEO of Ortho Mattress Inc., a bedding retailer located in La Marada, California, and a principal in High Street Holdings, a Los Angeles-based private equity firm. Karmin had first met Gray shortly after he took over at CalWest in 2012 and they talked about Gray’s plans for the bank. “It was just too early in the process for new capital to come in,” Karmin recalls. “He had work to do to get the bank in a position to be recapitalized. But I was impressed from the moment we met. I knew he was the real deal; a very capable CEO…in control of the situation and every facet from BSA [Bank Secrecy Act] to credit quality, the investment side, lending, the relationship with the regulators. It was an amazing opportunity for investors like me to put money behind someone like Glenn, who can really do it all.”

Karmin came in as a lead investor and today serves as CalWest’s board chair. (All but two members of the previous CalWest boardGray and Fadi Cheikha—voluntarily resigned when the decision was made to raise capital by bringing in new investors.) Other investors, who also received a board seat, were William Black, the managing partner at Consector Capital, a New York-based hedge fund; Jonathan Glaser, managing member at Los Angeles-based hedge fund JMG Capital Management; Clifford Lord, Jr., managing partner at PRG Investment and Management, a real estate investment company in Santa Monica, California; Richard Mandel, founder and president of Ramsfield Hospitality Finance, a New York-based hotel real estate investment firm; and Jeremy Zhu, a managing director at Wedbush Asset Management in Los Angeles.

Although Gray and Cheikha did stay on as directors, the current board is really a new animal. The rest, with the exception of Zhu, were people that Karmin already knew. The new CalWest board also has an awful lot of intellectual and experiential horsepower for a small community bank. “A board for a bank of this size, we have the luxury of intellectual talent basically at our finger tips,” says Karmin. The composite knowledge base of the CalWest board includes extensive experience in C&I lending, BSA, investing, commercial real estate and the capital markets. “We have the talent to make intelligent, thoughtful decisions and support management,” Karmin says.

When asked what kind of culture he would like to create on his board, Karmin mentioned a couple of things. First, he says the current directors are “willing to serve and do the work and the heavy lifting.” And from an investment perspective, they are taking the long view. Karmin says they will not receive any fees or compensation for their board service “until the bank is right where we want it, operating at the highest possible level.” Nor will the directors be taking personal loans from the bank. “If you want to borrow from our bank, this is the wrong board for you,” he says. “We’re not going to do any Reg O loans.”

More importantly, perhaps, Karmin wants a board that is very focused on performance. “We want a culture of first quintile performance,” he says. “That means that we expect our financial performance on the most important metrics to be in the first quintile of banks of our size in our geographic area.”

Given the strong private equity and investor background of all of the new directors, it’s logical to assume they will be looking for an exit strategy at some point. Karmin suggests that day, when it finally arrives, will be well off into the future. For one thing, Karmin and Gray are jazzed about the potential of the Southern California market. With about 9 percent of the country’s population, “We expect that it’s going to be one of the most important growth areas in the United States,” Gray says. “Whether the [national] economy grows 2 percent or 1 percent, it’s not going to matter to us. We’re going to be a first quintile performer under all those scenarios.”

“We have instructed Glenn to run the bank for the long haul,” Karmin says. “We were making this investment for a lot of different reasons, but that we expected to be investors and to be on the CalWest board for a long time. We have real plans to grow the bank in a controlled strategic fashion. [The directors want to] use our contacts to make new contacts, use our contacts to make new loans, use our contacts to gather new deposits. We are the kind of a board that can really help on all those metrics.”

Gray says this is the fourth bank board that he has participated on and the CalWest board is very different from all the others. “It’s a board that is very involved,” he says. “They ask good questions. They ask tough questions. If you wanted to be a CEO of a bank [that has] the old country club atmosphere, this would not be the place to be.”