FDIC Staffing Shortages Could Impact Banks

Written by

The Federal Deposit Insurance Corp. is facing a wave of retirements that could impact banks or complicate the agency’s ability to manage future crises, according to a recent report from its auditor.

The FDIC’s Office of the Inspector General flagged the agency’s changing workforce among several issues in its February 2023 report looking at top management and performance challenges the agency faces. More than 21% of the FDIC’s workforce was eligible for retirement in 2022, which is higher than the average eligibility rate of 15% at other government agencies. Within five years, the retirement eligibility rate at the agency will increase to 38%, according to the inspector general’s report.

“Without strategic workforce planning, retirements and resignations could result in the FDIC experiencing mission-critical skills and leadership gaps,” wrote the OIG.

Of course, being eligible for retirement doesn’t mean an employee will retire. Still, it’s an area of strategic concern for the agency. Retirement eligibility was higher among senior FDIC leaders and subject matter experts; within subject matter experts, 31% of employees with advanced IT expertise and 21% for employees with intermediate IT expertise were eligible to retire in 2022. This potential exodus of specialized knowledge “escalates at a time when cyber threats at banks and their [third-party service providers] are increasing,” the OIG wrote.

“Forfeiture of institutional knowledge is always a risk, and it’s especially a risk in a place like [the FDIC] because there are niche focus areas,” says John Popeo, a partner at The Gallatin Group and former FDIC legal division employee who was involved in 40 bank failures during the 2007-09 financial crisis. An exodus or retirement wave could create a knowledge gap among remaining agency staff, but Popeo thinks any dearth in knowledge would be temporary.

The FDIC’s workforce tends to grow and shrink throughout economic cycles, says William Isaac, who was chairman of the FDIC from 1981 to 1985 and is the current chairman of the Secura/Isaac Group. There were more than 12,000 banks when Isaac became chair; the FDIC would go on to close more than 1,300 institutions of financial institutions between 1980 and 1994 as part of the savings and loan crisis. The FDIC went on a hiring binge to deal with the increased resolution activity, Isaac says, expanding from about 3,000 when he joined in 1978 to a peak of 21,000 under his tenure. 

In addition to the wave of the retirements, the FDIC is also facing a question of who will replace them. The OIG also flagged in the report a potentially alarming trend that could have implications down the road: resignations among examiners-in-training. The four-year program that trains the next generation of examiners has seen “a substantial number” of resignations, above pre-pandemic levels. This brain drain could have a number of consequences for the agency: “Examiners play key roles in assessing the safety and soundness of banks, and it is costly for the FDIC to hire and train replacement examiners,” the report read. The FDIC invests about $400,000 to train each examiner. The OIG has previously identified a lack of clear goals to manage and track employee retention and made three recommendations to the agency; one recommendation remains unimplemented. 

Having too fewer examiners across too many banks can quickly create safety and soundness concerns. A 2020 paper from researchers at the Federal Reserve Board studied what happened when the ninth district of the Federal Home Loan Bank lost all but two field agents in the early 1980s who became responsible for oversight of almost 500 savings and loan institutions. The researchers found that it took the FHLB at least two years to build back up its supervision expertise, and that unsupervised S&Ls increased their risk-taking behaviors compared to institutions that received regular exams. Supervision gaps during this time led to about 24 additional failures, which cost the insurance fund about $5.4 billion — over $10 billion in 2018 dollars.

Inexperienced examiners may also provide less effective oversight and may need to work alongside regulators with more tenure. The U.S. Department of the Treasury’s OIG flagged examiner inexperience in a 2018 material loss review concerning the 2017 failure of Chicago-based Washington Federal Bank for Savings. The bank was closed after the OCC was informed of, and subsequently confirmed, pervasive fraudulent activity. The OIG found supervision weaknesses in the OCC’s examination teams, including relying on inexperienced examiners and those in training to conduct exams on an institution that was deemed to be low risk.

Of course, the FDIC isn’t alone in its workforce management challenges, and it’s by no means an emergent issue. And in this regard, the FDIC shares a problem with banks, which also struggle to attract and retain talent. 

Seventy-eight percent of respondents to Bank Director’s 2022 Compensation Survey said it was harder in 2021 to attract and/or retain talent than in previous years. About three quarters of bankers and directors said they couldn’t find a sufficient number of qualified candidates, 68% cited rising wages in their markets and 43% were feeling the pressure from rising pay for key positions. 

Todd Phillips, principal at Phillips Policy Consulting and former senior attorney at the FDIC, points out that federal law requires that all banks be examined on-site every 18 months. “If there aren’t enough examiners because they have retired, the government has a difficult time meeting that requirement [and] … it’s going to be a whole lot more stressful on the bankers themselves,” he says. “As older hands retire, you’re going to have newer, less experienced examiners coming in, and they may be a lot slower.”

Isaac believes technology will be part of how the agency fulfills its safety and soundness oversight mandate, especially if workforce challenges persist. 

“I’m a firm believer that we cannot have a modern economy without a properly supervised and regulated banking system,” he says. “There’s going to have to be an examination force that’s highly effective, coupled with modern technology, to stay on top of banks. [They’ll] figure out how to do that — I don’t have any doubt of that.”

Don’t Rely on Inertia to Manage Deposit Pricing

Written by

After a year of steadily increasing interest rates, bankers may be feeling hopeful that the Federal Open Market Committee will soon slow its pace so deposit pricing can get under control.

But even if the Fed’s rate-setting body eases up on raising the federal funds rate, it’s unlikely that will immediately translate into lower deposit costs, simply because liabilities and assets will reprice at different times and frequencies.

“The Fed may stop raising rates at some point, but the cost of deposits of banks most likely will keep going up, only because they’re catching up,” says Christopher Marinac, director of research at Janney Montgomery Scott. “Some of it is just timing: If you have [certificates of deposits], and they are renewing in the third and fourth quarter, those are generally going to be higher than they were a year ago.”

Deposit betas, or the portion of change in the fed funds rate that banks pass onto their customers, occupy a good deal of bankers’ attention right now. Higher deposit betas mean higher rates paid on deposit accounts, and lower deposit betas mean lower funding costs. Banks that want to improve their net interest margin generally want to know how to keep their deposit betas lower without sacrificing liquidity.

A recent analysis by S&P Global Market Intelligence showed that a sample of 20 banks with lower deposit betas in the fourth quarter of 2022 were generally more likely to let money walk out the door in search of higher rates. That in turn allowed those banks to expand their margins more substantially through the end of the year.

Broadly speaking, however, inertia has worked in a lot of banks’ favor when it comes to deposit pricing, Marinac says. Though some high net-worth or commercial customers with significant deposits are increasingly asking for higher rates, which is leading bankers to implement exception pricing, most deposit clients simply don’t bother.

But some banks already feel that exception pricing has become unsustainable, says Neil Stanley, founder and CEO of The CorePoint, a consulting firm focused on deposit pricing. Because exception pricing decisions are made on an ad hoc basis, it can be difficult for banks to anticipate scenarios and build forward guidance. Exception pricing can become a problem if those decisions are too frequent, and are seen as random and even discriminatory.

Stanley also points out that compared to past periods of Fed tightening, a much larger proportion of bank deposits are now noninterest bearing demand deposits, meaning that while they may cost the bank next to nothing, they can also walk out the door at any moment.

“How long will those deposits stay on your books at no interest? That is a huge question,” Stanley says. “Without a really good answer to that, we’re left in a very vulnerable spot.” The advent of open banking may change the game this time around. Open banking gives people more control over their finances, allowing them to leverage application programming interfaces to move funds. Google and social media also give customers an additional window into which banks offer better rates, adding a new layer of complexity. In response, Stanley generally advises that banks maintain a good mix of time deposits like CDs that have a bit more staying power compared to noninterest bearing checking accounts.

Bank boards play an important oversight role in asset/liability management at their financial institutions. Stanley recommends that directors ask management for a list of the bank’s largest deposit holders, and know who is in charge of tending to those relationships. Bankers should check in with those clients and make sure they aren’t feeling neglected, especially if they could pull their money at a moment’s notice. Directors might also consider establishing a chief deposit officer or otherwise centralizing some authority over the bank’s deposit gathering efforts, including exception pricing decisions. And bankers should have a clear line of communication to that person so they can quickly respond to requests for exception pricing.

Banks have grown accustomed to a low-rate environment with little competition for deposits. That’s changed. “When we had a surplus of deposits, it didn’t make any sense to put time and energy into it,” Stanley says. “Now, [banks] don’t want to be laissez-faire. They want to be intentional.”

Along those lines, bank leaders should evaluate their current suite of deposit products and services, and understand how those compare with nonbank competitors. And they can think about how to emphasize the value of keeping cash in accounts insured by the Federal Deposit Insurance Corp.

Finally, while it’s ostensibly on the other side of the balance sheet, bank leaders could consider the importance of commercial and industrial lending as part of their broader asset/liability management strategy. C&I loans reprice faster, which can prove beneficial in a rising rate environment. Those clients — many of them small businesses — can also become a source of stickier, lower cost deposits.

“C&I customers have deposits, and they tend to put deposits with banks,” Marinac says. “That’s kind of the secret sauce.” And financial institutions should view building core relationships as something that happens in good times and bad. “Some organizations are wired that way, so it’s not a problem,” he says. “Other organizations are not.”

Leveraging Technology for Growth

Written by

Technology is playing an increasingly central role in banks’ strategic plans. Now more than ever, banks rely on technology to deliver products and services, improve processes and the customer experience, acquire new customers and grow.

When it comes to new technology, banks essentially have four options: build it, license it, partner with a third party or buy it. Traditionally, only the largest banks had the resources and inclination to build technology in house; however, some smaller banks are now dedicating resources to developing technology themselves.

Much more commonly, banks obtain technology solutions from their core processors or other vendors. Over the last several years, there has been a proliferation of banks partnering with fintech companies to deploy their technology, or for banks to provide banking services to a customer-facing fintech company. As banks become more tech-centric, more are likely to explore acquiring fintech companies or fintech business lines. Each approach carries with it unique advantages, disadvantages, risks and legal and regulatory considerations.

The federal bank regulatory agencies have been especially active in recent years in the bank/fintech partnership space. In July 2021, the agencies published proposed updated interagency guidance on managing risks associated with third-party relationships, which includes guidance on relationships with fintech companies. Later in 2021, they released a guide intended to help community banks conduct appropriate due diligence and assess risks when considering relationships with fintech companies, and the Federal Reserve Board published a white paper on how community banks can access innovation by partnering with third-party fintech companies. Prior to that, the Federal Deposit Insurance Corp. published a guide intended for fintech companies interested in partnering with banks. These pronouncements indicate that while the agencies are generally supportive of banks innovating via fintech partnerships, their expectations for how banks conduct those relationships are increasing.

As technology and the business of banking become more intertwined, banks need to remain mindful not only of regulatory guidance on these partnerships specifically, but on the full spectrum of laws and regulations that are implicated — sometimes unintentionally — by these relationships. For example, partnership models that involve banks receiving deposits through a relationship with a fintech company could implicate the brokered deposit rules, which the FDIC updated in 2020 to account for how banks use technology to gather deposits.

As another example, partnership models that involve a fintech company offering new lending products funded by the bank, or the bank lending outside of its traditional market area, can raise fair lending and Community Reinvestment Act considerations, and potentially expose the bank to a heightened risk of regulatory enforcement action. Banks must keep in mind that when offering a banking product through a fintech partnership, regulators view that product as a product of the bank, which the bank must offer and oversee in accordance with applicable law and bank regulatory guidance.

What’s Next
Although bank/fintech partnerships have been around for some time, the amount of recent regulatory activity in this area suggests the agencies believe that many more of these partnerships, involving many more banks, will develop.

As the partnership model matures, more banks may become interested in developing closer ties with their fintech partner, including by investing cash in their fintech partner. Banks may be motivated to explore an investment to make its relationship with a fintech partner stickier, allow the bank to financially share in the fintech partner’s growth or enhance the bank’s attractiveness as a prospective partner to other fintech companies.

Banks considering investing in a fintech company or a venture capital fintech fund must understand not only the regulatory expectations associated with fintech partnerships generally, but also the legal authority under which the bank or its holding company would make and hold the investment.

As some banks start to look and operate more like technology companies, more may explore acquisitions of entire fintech companies or fintech business lines or assets. In addition to the many business and legal issues associated with any M&A transaction, banks considering such an acquisition have to be especially focused on due diligence of the target fintech company, integration of the target into the bank’s regulatory environment and ensuring that the target’s activities are permissible for the bank to engage in following the transaction.

Banks need innovative technology to succeed in today’s fiercely competitive financial services marketplace. Some will build it themselves, others will hire technology vendors or partner with fintech companies to deploy it and some will obtain it through acquisition. As banking and fintech evolve together, banks must understand and pay careful attention to the advantages and disadvantages, and legal and regulatory aspects, of each of these approaches.

Are Regulatory Delays Overblown?

Written by

Nicolet Bankshares bought three banks during the last two years that doubled the size of the now $8.8 billion Green Bay, Wisconsin-based banking company. How hard was it to get regulatory approval? Well, if you ask CEO Mike Daniels, it was a breeze.

Despite all the talk of the tough regulatory environment for deal-making, not all banks experience problems, let alone delays. Nicolet’s latest acquisition, the purchase of $1.1 billion Charter Bankshares in Eau Claire, Wisconsin, took all of five months from announcement to conversion, including core conversion and changing branch signage.

“I hear deals are getting delayed, and you never know what the reason is,” says Daniels, who is speaking about mergers and acquisitions as part of a panel at Bank Director’s Acquire or Be Acquired conference in Phoenix this week. He attributes Nicolet’s ease of deal-making to lots of experience with conversions, good communications with its primary regulator, the Office of the Comptroller of the Currency, and an “outstanding” Community Reinvestment Act score. “We spend a lot of time with our primary regulator, the OCC, so they know what we’re thinking about,” he says. “We’re having those conversations before [deals] are announced.”

Are regulators taking longer to approve deals? “I’m in the mid-sized and smaller deal [market], and I’m not seeing that,” says Gary Bronstein, a partner in the law firm Kilpatrick Townsend in Washington, D.C. In fact, an S&P Global Market Intelligence analysis of all whole bank deals through August of 2022 found that the median time from announcement to close was 141 days from 2016 to 2019, ticking up to 145 days from 2020 through Aug. 22, 2022.

Attorneys say regulators are scrutinizing some bank M&A deals more than others, particularly for large banks. The median time to deal close for consolidating banks with less than $5 billion in combined assets was 136 days during the 2020-22 time period, compared to a median 168 days for consolidated banks with $10 billion to $100 billion in assets, according to S&P. Bronstein says in part, there’s pressure from Washington politicians to scrutinize such deals more carefully, including from U.S. Sen. Elizabeth Warren, D-Mass., who has tweeted that the growing size of the biggest banks is “putting our entire financial system at risk.” The biggest deals, exceeding $100 billion in assets, took 198 days to close in 2020-22.

President Joe Biden issued an executive order in June 2021 directing agencies to crack down on industry consolidation across the economy, including in banking, under the theory that consolidation and branch closures raise costs for consumers and small businesses, and harm access to credit.

Regulatory agencies haven’t proposed any specific rules yet, says Rob Azarow, a partner at the law firm Arnold & Porter, in part because Biden has been slow to nominate and then get Senate approval for permanent appointments to the heads of agencies.

Regulators scrutinize larger deals, especially deals creating institutions above $100 billion in assets, because of their heightened risk profiles. “It does take time to swallow those deals and to have regulators happy that you’ve done all the right things on integration and risk management,” Azarow says.

Smaller, plain vanilla transactions are less likely to draw as much scrutiny, says Abdul Mitha, a partner at the law firm Barack Ferrazzano Kirschbaum & Nagelberg in Chicago. Some issues will raise more concerns, however. Regulators are interested in the backgrounds of investor groups that want to buy banks, especially if they have a background in crypto or digital assets. Regulators are also looking for compliance weaknesses such as consumer complaints, fair lending problems or asset quality issues, so buyers will have to be thorough in their due diligence. “Regulators have asked for due diligence memos,” Mitha says. “They’re deep diving into due diligence more recently due to factors such as the economic environment.”

Bronstein concurs that regulators are asking more questions about fair lending in deals. The Consumer Financial Protection Bureau, which regulates banks above $10 billion in assets, is very much focused on consumer regulation and underserved communities, Bronstein says. So is the OCC and Federal Deposit Insurance Corp., which have traditionally focused on safety and soundness issues. They still do that as well, but fair lending has become a hot topic.

In the fall of 2022, the Fed signed off on a merger between two Texas banks, $6.7 billion Allegiance Bancshares and $4.3 billion CBTX, noting that the FDIC required the two institutions to come up with a plan to increase mortgage applications and lending to African American communities.

Still, the regulatory environment isn’t a major factor pulling down deal volume, the attorneys agreed. The economic environment, buyers’ worries about credit quality and low bank valuations have far greater impact. Buyers’ stock prices took a tumble in 2022, which makes it harder to come up with the currency to make a successful acquisition. Also, with bond prices falling, the FDIC reported that banks in aggregate took almost $690 billion in unrealized losses in their securities portfolio in the third quarter of 2022, which impacts tangible book values. Banks are wary of selling when they don’t think credit marks reflect the true value of their franchise, says Piper Sandler & Co.’s Mark Fitzgibbon, the head of financial institutions research.

An analysis by Piper Sandler & Co. shows deal volume dropped off a cliff in 2022, with 169 bank M&A transactions, compared to 205 the year before. But as a percentage of all banks, the drop looks less dramatic. The banks that sold or merged last year equated to 3.6% of total FDIC-insured institutions, close to the 15-year average of 3.4%.

“I would expect M&A activity to look more like 2022 in 2023, maybe a little lower if we were to go into a hard recession,” Fitzgibbon says. “You’d expect to see a lot of activity when we were coming out of that downturn.”

What Crypto’s Falling Dominoes Could Mean for Banks

Written by

On Nov. 11, the cryptocurrency exchange FTX declared bankruptcy. It’s a saga that’s played out through November, but here’s the bare bones of it: After a Nov. 2 CoinDesk article raised questions about FTX and a sister research firm, a rival exchange, Binance, announced on Nov. 6 its sale of $529 million of FTX’s cryptocurrency. In a panic, customers then sought to withdraw $6 billion and by Nov. 10, FTX CEO Sam Bankman-Fried was trying to raise $8 billion to keep the exchange alive.

This isn’t just a modern version of the old-fashioned bank run. FTX’s new CEO, John J. Ray III — who led the restructuring of Enron Corp. in 2001 — stated in a filing that he’s never seen such a “complete failure of corporate controls” in his 40 years of experience. “From compromised systems integrity and faulty regulatory oversight abroad, to the concentration of control in the hands of a very small group of inexperienced, unsophisticated and potentially compromised individuals, this situation is unprecedented,” he said.

The fallout promises serious ramifications for the digital assets space — and may impact some banks. BlockFi, another cryptocurrency exchange that was bailed out by FTX last summer, filed for bankruptcy protection on Nov. 28. Those two bankruptcies have impacted Memphis, Tennessee-based, $1.3 billion Evolve Bank & Trust, which operates a banking as a service platform for fintechs including FTX.

The bank stated its exposure to FTX was in deposit accounts for a limited number of FTX customers, whose funds would be released once Evolve gets approval from the bankruptcy court handling the FTX case. Evolve also issued credit cards for BlockFi customers through a relationship with Deserve; those accounts were suspended. “Evolve has no financial exposure to BlockFi or to the credit card program they marketed,’’ Evolve said in a statement Thursday.

“To be clear, Evolve did not lend to FTX or their affiliates; we do not have corporate or deposit accounts with FTX or their affiliates; we do not lend against crypto; we do not offer crypto custodial services; and, we do not trade crypto,” Evolve said in an earlier statement to customers. Evolve also said the bank has never invested or transacted in crypto.

A larger bank also appears to be impacted. La Jolla, California-based Silvergate Capital Corp., with $15.5 billion in assets, said in a statement that its FTX exposure was less than 10% of its $11.9 billion in digital assets deposits; it later said that BlockFi deposits comprised less than $20 million. However, funds from digital assets clients make up 86% of Silvergate’s deposit base, according to its most recent earnings presentation. The rest are brokered, explains Michael Perito, a managing director at Keefe, Bruyette & Woods. And now, he says, “their targeted core customer base is under a lot of stress.” As a result, Kroll Bond Ratings Agency placed Silvergate’s ratings on watch downgrade on Nov. 21.

“As the digital asset industry continues to transform, I want to reiterate that Silvergate’s platform was purpose-built to manage stress and volatility,” said Alan Lane, CEO of Silvergate, in a press release. The bank declined comment for this article.

FTX may be the worst but it’s not the only crypto-related incident this year; it’s not even the first bankruptcy. The volatility has resulted in what has been dubbed a crypto winter, marked by a steep decline in prices for digital assets. The price for bitcoin peaked on Nov. 8, 2021, at $67,567. As of Nov. 29, 2022, that value hovered just above $16,000, with a market cap of $316 billion.

Even if banks don’t hold cryptocurrency on their balance sheets, there are many ways that a chartered institution could be directly or indirectly connected. Erin Fonté, who co-chairs the financial institutions corporate and regulatory practice at Hunton Andrews Kurth, advises all banks to understand their potential exposure.

She also believes that crypto could be at an inflection point. “Some of the non-sexy elements of financial services are the ones that keep you safe and stable and able to operate,” says Fonté. “It’s the compliance function, it’s the legal function, it’s proper accounting and auditing, internal and external. It’s all those things that banks do day in and day out.”

That could result in more regulation around crypto, and more opportunities for banks. “A lot of people are getting hurt, and have gotten hurt this year,” says Lee Wetherington, senior director of corporate strategy at Jack Henry & Associates. “That gets legislative attention and that certainly gets regulatory attention.”

What Could Change
Legislation could target crypto exchanges directly, but legislators are also looking at the banking sector. In a Nov. 21 letter, the Senate Banking Committee urged bank regulators to continue monitoring banks engaged in digital assets. They specifically called out SoFi Technologies, which acquired a chartered bank in February 2022 and subsequently launched a no-fee cryptocurrency purchase option tied to direct deposits. “SoFi’s digital asset activities pose significant risks to both individual investors and safety and soundness,” wrote the legislators. “As we saw with the crypto meltdown this summer … contagion in the banking system was limited because of regulatory guardrails.”

In a statement on SoFi’s Twitter account, the company maintained that it has been “fully compliant” with banking laws. “Cryptocurrency remains a non-material component of our business,” SoFi continued. “We have no direct exposure to FTX, FTT token, Alameda Research, or [the digital asset brokerage] Genesis.”

Currently, the Federal Reserve and Federal Deposit Insurance Corp. require notification from banks engaged in crypto-related activities; the Office of the Comptroller of the Currency takes that a step further, requiring banks to receive a notice of non-objection from the agency. More regulation is likely, says Fonté, and could include investor and consumer protections along with clarity from the Securities and Exchange Commission and Commodity Futures Trading Commission. “There’s a lot that’s going to come out there that is going to reshape the market in general, and that may further define or even open up additional avenues for banks to be involved if they want to be,” she adds.

Opportunities in crypto and a related technology called blockchain could include retail investment products, international payments capabilities or trade settlement, or payments solutions for corporate clients that leverage blockchain technology — such as those offered by Signature Bank, Customers Bancorp and Silvergate.

The risks — and opportunities — will vary by use case. “We’re being presented with entirely new risks that haven’t existed in the past,” says John Epperson, a principal at Crowe LLP.

Banks could be seen as a source of safety and trust for investors who remain interested in cryptocurrency. Larry Pruss, managing director of digital assets advisory services at Strategic Resource Management, believes banks could win back business from the crypto exchanges. “You don’t have to compete on functionality. You don’t have to compete on bells and whistles. [You] can compete on trust.”

James Wester, director, cryptocurrency at Javelin Strategy & Research, believes that with the right technology partners, banks can approach cryptocurrency from a position of strength. “We understand this stuff better,” he explains. “We understand how to present a financial product to our consumers in a safer, better, more transparent way.”

Wetherington recommends that banks consider cryptocurrency as part of a broader wealth offering. He’s visited bank boardrooms that have looked at how PayPal Holdings and other payments providers offer users a way to buy, sell or hold digital assets, and whether they should mimic that. And they’ve ultimately chosen not to mirror these services due to the reputational risk. “You can’t offer buy, hold and sell of a single asset class that is materially riskier than any number of more traditional asset classes,” he says. “If you’re going to offer the ability to buy, hold and sell a cryptographic monetary asset, you should also be making available the opportunity to buy, hold and sell any other type of asset.”

But all banks could consider how to educate their customers, many of whom are likely trading cryptocurrencies even if it’s not happening in the bank. “Help those customers with things like tax implications … or understanding how crypto may or may not fit into things that their retail customers are interested in. That’s one of the things that financial institutions could do right now that would be good for their customers,” says Wester. “There’s a real need for education on the part of consumers about [this] financial services product.”

Current Compliance Priorities in Bank Regulatory Exams

Written by

Updated examination practices, published guidance and public statements from federal banking agencies can provide insights for banks into where regulators are likely to focus their efforts in coming months. Of particular focus are safety and soundness concerns and consumer protection compliance priorities.

Safety and Soundness Concerns
Although they are familiar topics to most bank leaders, several safety and soundness matters merit particular attention.

  • Bank Secrecy Act/anti-money laundering (BSA/AML) laws. After the Federal Financial Institutions Examination Council updated its BSA/AML examination manual in 2021, recent subsequent enforcement actions issued by regulators clearly indicate that BSA/AML compliance remains a high supervisory priority. Banks should expect continued pressure to modernize their compliance programs to counteract increasingly sophisticated financial crime and money laundering schemes.
  • In November 2021, banking agencies issued new rules requiring prompt reporting of cyberattacks; compliance was required by May 2022. Regulators also continue to press for multifactor authentication for online account access, increased vigilance against ransomware payments and greater attention to risk management in cloud environments.
  • Third-party risk management. The industry recently completed its first cycle of exams after regulators issued new interagency guidance last fall on how banks should conduct due diligence for fintech relationships. This remains a high supervisory priority, given the widespread use of fintechs as technology providers. Final interagency guidance on third-party risk, expected before the end of 2022, likely will ramp up regulatory activities in this area even further.
  • Commercial real estate loan concentrations. In summer 2022, the Federal Deposit Insurance Corp. observed in its “Supervisory Insights” that CRE asset quality remains high, but it cautioned that shifts in demand and the end of pandemic-related assistance could affect the segment’s performance. Executives should anticipate a continued focus on CRE concentrations in coming exams.

In addition to those perennial concerns, several other current priorities are attracting regulatory scrutiny.

  • Crypto and digital assets. The Federal Reserve, the Office of the Comptroller of the Currency, and the FDIC have each issued requirements that banks notify their primary regulator prior to engaging in any crypto and digital asset-related activities. The agencies have also indicated they plan to issue further coordinated guidance on the rapidly emerging crypto and digital asset sector.
  • Climate-related risk. After the Financial Stability Oversight Council identified climate change as an emerging threat to financial stability in October 2021, banking agencies began developing climate-related risk management standards. The OCC and FDIC have issued draft principles for public comment that would initially apply to banks over $100 billion in assets. All agencies have indicated climate financial risk will remain a supervisory priority.
  • Merger review. In response to congressional pressure and a July 2021 presidential executive order, banking agencies are expected to begin reviewing the regulatory framework governing bank mergers soon.

Consumer Protection Compliance Priorities
Banks can expect the Consumer Financial Protection Bureau (CFPB) to sharpen its focus in several high-profile consumer protection areas.

  • Fair lending and unfair, deceptive, or abusive acts and practices (UDAAP). In March 2022, the CFPB updated its UDAAP exam manual and announced supervisory changes that focus on banks’ decision-making in advertising, pricing, and other activities. Expect further scrutiny — and possible complications if fintech partners resist sharing information that might reveal proprietary underwriting and pricing models.
  • Overdraft fees. Recent public statements suggest the CFPB is intensifying its scrutiny of overdraft and other fees, with an eye toward evaluating whether they might be unlawful. Banks should be prepared for additional CFPB statements, initiatives and monitoring in this area.
  • Community Reinvestment Act (CRA) reform. In May 2022, the Fed, FDIC, and OCC announced a proposed update of CRA regulations, with the goal of expanding access to banking services in underserved communities while updating the 1970s-era rules to reflect today’s mobile and online banking models. For its part, the CFPB has proposed new Section 1071 data collection rules for lenders, with the intention of tracking and improving small businesses’ access to credit.
  • Regulation E issues. A recurring issue in recent examinations involves noncompliance with notification and provisional credit requirements when customers dispute credit or debit card transactions. The Electronic Fund Transfer Act and Regulation E rules are detailed and explicit, so banks would be wise to review their disputed transaction practices carefully to avoid inadvertently falling short.

As regulator priorities continue to evolve, boards and executive teams should monitor developments closely in order to stay informed and respond effectively as new issues arise.

Growth Milestone Comes With Crucial FDICIA Requirements

Written by

Mergers or strong internal growth can quickly send a small financial institution’s assets soaring past the $1 billion mark. But that milestone comes with additional requirements from the Federal Deposit Insurance Corp. that, if not tackled early, can become arduous and time-consuming.

When a bank reaches that benchmark, as measured at the start of its fiscal year, the FDIC requires an annual report that must include:

  • Audited comparative annual financial statements.
  • The independent public accountant’s report on the audited financial statements.
  • A management report that contains:
    • A statement of certain management responsibilities.
    • An assessment of the institution’s compliance with laws pertaining to insider loans and dividend restrictions during the year.
    • An assessment on the effectiveness of the institution’s internal control structure over financial reporting, as of the end of the fiscal year.
    • The independent public accountant’s attestation report concerning the effectiveness of the institution’s internal control structure over financial reporting.

Management Assessment of Internal Controls
Complying with Internal Controls over Financial Reporting (ICFR) requirements can be exhaustive, but a few early steps can help:

  • Identify key business processes around financial reporting/systems in scope.
  • Conduct business process walk-throughs of the key business processes.
  • For each in-scope business process/system, identify related IT general control (ITGC) elements.
  • Create a risk control matrix (RCM) with the key controls and identity gaps in controls.

To assess internal controls and procedures for financial reporting, start with control criteria as a baseline. The Committee of Sponsoring Organizations (COSO) of the Treadway Commission provides criteria with a fairly broad outline of internal control components that banks should evaluate at the entity level and activity or process level.

Implementation Phases, Schedule and Events
A FDICIA implementation approach generally includes a four-phase program designed with the understanding that a bank’s external auditors will be required to attest to and report on management’s internal control assessment.

Phase One: Business Risk Assessment and COSO Evaluation
Perform a high-level business risk assessment COSO evaluation of the bank. This evaluation is a top-down approach that allows the bank to effectively identify and address the five major components of COSO. This review includes describing policies and procedures in place, as well as identifying areas of weakness and actions needed to ensure that the bank’s policies and procedures are operating with effective controls.

Phase One action steps are:

  • Educate senior management and audit committee/board of directors on reporting requirements.
  • Establish a task force internally, evaluate resources and communicate.
  • Identify and delegate action steps, including timeline.
  • Identify criteria to be used (COSO).
  • Determine which processes and controls are significant.
  • Determine which locations or business units should be included.
  • Coordinate with external auditor when applicable.
  • Consider adoption of a technology tool to provide data collection, analysis and graphical reporting.

Phase Two: Documenting the Bank’s Control Environment
Once management approves the COSO evaluation and has identified the high-risk business lines and support functions of the bank, it should document the internal control environment and perform a detailed process review of high-risk areas. The primary goals of this phase are intended to identify and document which controls are significant, evaluate their design effectiveness and determine what enhancements, if any, they must make.

Phase Three: Testing and Reporting of the Control Environment
The bank’s internal auditor validates the key internal controls by performing an assessment of the operating effectiveness to determine if they are functioning as designed, intended and expected.  The internal auditor should help management determine which control deficiencies, if any, constitute a significant deficiency or material control weakness. Management and the internal auditor should consult with the external auditor to determine if they have performed any of the tests and if their testing can be leveraged for FDICIA reporting purposes.

Phase Four: Ongoing Monitoring
A primary component of an effective system of internal control is an ongoing monitoring process. The ongoing evaluation process of the system of internal controls will occasionally require modification as the business adjusts. Certain systems may require control enhancements to respond to new products or emerging risks. In other areas, the evaluation may point out redundant controls or other procedures that are no longer necessary. It’s useful to discuss the evaluation process and ongoing monitoring when making such improvement determinations.

Overdraft Fees Are Getting a Much-Needed Overhaul

Written by

Overdraft fees have been a significant source of noninterest income for the banking industry since they were first introduced in the 1990s. But these “deterrent” fees are on the chopping block at major financial institutions across the country, putting pressure on smaller banks to follow suit. 

Overdraft and non-sufficient funds (NSF) fees brought in an estimated $11 billion in revenue in 2021, according to the Financial Health Network, significantly down from $15.5 billion in fee revenue in 2019. As the industry responds to ongoing regulatory pressure on top of increased competition from neobanks and disruptive fintechs, that downward trend is expected to continue. 

For larger banks, those with more than $10 billion in assets, overdraft fee income has trended downward since 2015. Christopher Marinac, director of research at Janney Montgomery Scott, reported on this back in December 2021 after noting overdraft fees had declined for 23 quarters and expects this trend to continue into 2022. Despite the decline, regulators continue to focus on them, citing their role in the growth of wealth inequality. 

“[R]egulators have clearly sent a signal that they want those fees to either go away or be less emphasized,” Marinac says. “Like a lot of things in the regulatory world, this has been an area of focus and banks are going to find a way to make money elsewhere.”

For an industry that has evolved so rapidly over the last 10 years, overdraft fees represent a legacy banking service that has not adapted to today’s digital banking customer or the realistic cost to service this feature, says Darryl Knopp, senior director of portfolio marketing at the credit rating agency FICO. Knopp believes that an activities-based cost analysis would show just how mispriced these services actually are. It’s one reason why neobanks such as Chime have attracted customers boasting of lower fees. If banks were to think about overdrafts as access to short-term credit, that would change the pricing conversation to one of risk management. 

“Banks are way more efficient than they were 30 years ago, and they need to understand what the actual costs of these services are,’’ Knopp says. “The pricing has not changed since I got into banking, and that’s why [banks] are getting lapped by the fintechs.” 

Overdrafts aren’t going to disappear overnight, but some banks are getting ahead of the trend and taking action. Bank of America Corp., Wells Fargo & Co., and JPMorgan Chase & Co., which together brought in an estimated $2.8 billion in overdraft and NSF fee revenue in the first three quarters of 2021, recently announced reduced fees and implemented new grace periods, according to the Consumer Financial Protection Bureau. Capital One Financial Corp. announced the elimination of both overdraft and NSF fees back in December and Citigroup’s Citibank recently announced plans to eliminate overdraft fees, returned item fees, and overdraft protection fees. 

In April, $4.2 billion First Internet Bancorp of Fishers, Indiana, announced the removal of overdraft fees on personal and small business deposit accounts, but it continues to charge NSF fees when applicable. Nicole Lorch, president and chief operating officer at First Internet Bank, talked to Bank Director’s Vice President of Research Emily McCormick about the decision to make this change. She says overdrafts were not a key source of income for the bank and the executives wanted to emphasize their customer-centric approach to service. First Internet Bank’s internal data also found that overdraft fees tended toward accidental oversight by the customers, whereas NSF fees were more often the result of egregious behavior. 

“In the case of overdrafts,” says Lorch, “it felt like consumers could get themselves into the situation unintentionally, and we are not in this work to create hurdles for our customers.”

For banks that are grappling with the increased pressure to tackle this issue, there are other ways to get creative with overdraft and NSF fees. Last year, PNC Financial Services Group introduced its new “Low Cash Mode” offering, which comes with the Spend account inside of PNC’s Virtual Wallet. Low Cash Mode alerts customers to a low balance in their account. It gives customers the flexibility to choose which debits get processed, and provides a grace period of 24 hours or more to address an overdraft before charging a fee.

Banks that want to keep pace with the industry and are willing to take a proactive approach need to find ways to offer more personalized solutions. 

“The problem is not the overdraft fee,” says Ron Shevlin, chief research officer at Cornerstone Advisors. “It’s a liquidity management problem and it’s bigger than just overdrawing one’s account. Banks should see this as an opportunity to help customers with their specific liquidity management needs.” 

He says it’s time for the industry to move away from viewing overdrafts as a product and start thinking of it as a solutions-based service that can be personalized to a customer’s unique needs.

  • Bank Director Vice President of Research Emily McCormick contributed to this report.

Regulators Focus on Sales Practices: Responding to Heightened Scrutiny

Written by


Regulators-2-13-17.pngFederal and state regulatory enforcement actions and unprecedented fines for alleged fraud—fraud that apparently originated with sales incentive compensation plans—have left bank executive management teams and boards wondering if the same thing could be happening at their institutions. These concerns are shared by banking regulators, as evidenced by the flurry of activity, including testimonies, speeches and information requests, in the fourth quarter of 2016.

Given the huge media attention to one bank’s alleged misdeeds, bank executive management teams and boards are wondering if the same thing could be happening at their institutions.

Excessive risk-taking, without proper risk management and controls, often has been cited as one of the root causes of the recession that begin in late 2007. Progress certainly has been made since the financial crisis, particularly in fostering a healthy compliance culture, committing to effective risk management and governance, and improving how customers are treated. However, the issues associated with sales and incentive plans have thrust these concerns back into the open to be scrutinized by the public, policymakers, law enforcement and regulatory agencies.

The 2010 Guidance on Sound Incentive Compensation Policies
In June 2010, the Office of the Comptroller of the Currency (OCC), the Federal Reserve, the Federal Deposit Insurance Corporation (FDIC), and the Office of Thrift Supervision published their final Guidance on Sound Incentive Compensation Policies in the Federal Register. The guidance applies to all banking organizations supervised by the OCC, the FDIC and the Federal Reserve, regardless of the size of banking organization.

The guidance is based upon three key principles about incentive compensation arrangements, namely that they should:

  1. Provide employees with incentives that appropriately balance risk and financial results in a manner that does not encourage employees to expose their organizations to imprudent risks.
  2. Be compatible with effective controls and risk management.
  3. Be supported by strong corporate governance, including active and effective oversight by the banking organization’s board of directors.

The guidance, as well as other similarly focused rulemaking activities, clearly indicates that incentive-based compensation arrangements now are under the microscope. Every bank should review its incentive-based compensation arrangements to make sure they are in compliance with the applicable regulations.

What’s My Exposure?
Bank executives and directors who are trying to determine their entity’s exposure related to sales incentive programs need their bank to undergo a risk assessment focused on common activities that are aligned to their bank’s sales incentive practices. If the assessment reveals problems with improper behavior, the bank then must determine its level of exposure.

A comprehensive approach to assessing exposure should encompass the following high-level areas and analyze associated data at a level sufficient to identify whether improper behaviors are occurring:

  • Review accounts, products and services offered to consumers or small businesses through all channels (including branches, phone, internet and private banking).
  • Analyze incentive program payments by product or service provided.
  • Consider noncash incentive programs.
  • Ensure reports are issued by internal audit, front-line self-assessments or an external party that cover sales practices or account opening or closing procedures.
  • Establish policies, procedures and reports of concerns with sales practices or account opening or closing procedures resulting from employee terminations or exit interviews, whistleblower or ethics hotlines or consumer complaints.
  • Develop training program materials for employees who sell products and services.
  • Institute policies, procedures and detection controls specific to account opening and closing metrics.

It is important that assessment and data analysis activities include third-party risk management programs to identify and effectively manage risks related to third parties that are involved in opening and maintaining customer accounts.

In addition, banks should consider performing culture assessments to determine if there are conflicting elements or subcultures that are misaligned. Many banks change their cultures by sequentially aligning strategies, structures, processes, rewards and people practices.

Actionable Information
With assessment information in hand, executives and boards are better able to make informed decisions and take appropriate actions necessary to help protect the bank and its customers. Depending on the assessment results, the bank then might need to take the following steps to mitigate the risk:

  • Further investigate the areas for which the exposure assessment identifies improper behavior or potential fraud.
  • Test the design and operating effectiveness of existing controls to prevent and detect account origination, servicing and termination fraud as well as unfair, deceptive, or abusive acts and practices (UDAAP) within the sales process.
  • Develop and implement new controls within the sales, account origination, servicing and termination processes.
  • Review incentive compensation plans and their governance processes.
  • If necessary, reshape overall compensation plans to eliminate incentives that could lead to a higher likelihood of fraud and undue risk-taking.
  • Design and implement systems or functions to identify, measure, monitor and control risk-taking and standards of behavior.

What to Know About the New Fintech Charter

Written by


fintech-12-13-16.pngDon’t expect an onslaught of fintech companies rushing to become banks. The recent announcement that the Office of the Comptroller of the Currency would begin accepting applications for special purpose national bank charters from fintech companies was met with gloom from some in the banking industry, and optimistic rejoicing from others.

For now, the impact on banking and innovation seems unclear, but the hurdles to obtaining a national banking charter will be significant, and include compliance with many of the same regulations that apply to other national banks, possibly dissuading many startup fintech companies from even wanting one. On the other hand, larger or more established players may find it worth the added regulatory costs to boost their marketing and attractiveness to investors, says Cliff Stanford, an attorney at Alston & Bird. Plus, fintech firms can avoid the mélange of state-by-state banking rules and regulations by opting for a national banking charter instead. So don’t be surprised if a Wal-Mart, Apple or Google decides to get a banking license, along with some other, less well known names. The online marketplace lender OnDeck has already said it was open to the possibility of a national bank charter.

The OCC is offering fintech companies the same charter many credit card companies and trust companies have. Basically, the institution has to become a member of the Federal Reserve, and is regulated as a national bank with the same capital standards and liquidity requirements as others. The company has to provide a detailed plan of what products and services it intends to offer, a potential hurdle for a nimble start-up culture more accustomed to experimentation than regulation. “They will have a high bar to meet and they might not be able to meet those requirements,” Stanford says.

However, if the special purpose bank doesn’t accept deposits, it won’t need to comply with the same regulations as banks insured by the Federal Deposit Insurance Corp., which means it is exempt from the Community Reinvestment Act (CRA). Although nondepository institutions would not have to comply with the CRA, the OCC described requirements to make sure the fintech companies follow a plan of inclusion, basically making sure they don’t discriminate, and promote their products to the underserved or small businesses. This has caused some consternation among community banks.

“Why should a tiny bank have to comply with CRA and a big national bank across America does not have to comply?’’ says C.R. “Rusty” Cloutier, the CEO of MidSouth Bancorp, a $1.9 billion asset bank holding company in Lafayette, Louisiana. “If they want a bank charter, that’s fine. Let’s just make sure they play by the same rules.”

The Independent Community Bankers of America, a trade group, put out a press release saying it had “grave” concerns about what it called a “limited” bank charter. “We don’t want a charter that disadvantages one set of financial institutions,’’ says Paul Merski, an executive vice president at the ICBA. “We aren’t against innovation. But we want to make sure some institutions aren’t put at a disadvantage.”

Richard Fischer, an attorney in Washington, D.C., who represents banks, says he doesn’t think a fintech charter is a threat to banks. The Wal-Marts and Apples of the world will do what they want to do, whether or not they have a bank charter. Wal-Mart, which abandoned attempts to get a special purpose banking charter in 2007, already has a sizeable set of financial services, although it partners with banks that do have a charter, such as Green Dot Corp. in Pasadena, California.

Could a new fintech charter lead to fewer bank partnerships with fintech companies, as the fintech companies can cut out the need for a bank? Possibly. But it could also lead to more bank partnerships, as some banks, especially small or midsized banks, become more comfortable with the risk involved in doing business with a fintech company that has a national banking charter.

Jimmy Lenz, the director of technology risk at Wells Fargo Wealth and Investment Management, a division of Wells Fargo & Co., says he’s optimistic that a charter could create more products and services.

“I don’t see this cutting the pie into smaller slices,’’ he says. “I think they will be cutting a bigger pie. I don’t see the banks coming out on the short end of this.” Others said that the competition to banks coming from fintech companies already exists, and won’t go away if you don’t offer a federal charter for fintech companies. “The competition is already there,’’ Stanford says.