What Skills and Expertise Will Banks Need in the Next Five Years?

As new regulations and slim profit margins challenge the banking industry, the skills and backgrounds of the employees who work in banking must change as well. Bank Director asked legal experts to address the question of how the talent needs of the industry will shift in the next five years.

How will the banking industry’s personnel needs—including executives within the C-suite—change over the next five years?

Stanford_Cliff.pngWhile banks will continue to rely on service providers for efficiencies, expect a premium to be placed on those middle managers who can negotiate and manage third-party relationships. Encouraged by the regulators, banks have become increasingly attuned to the risk management burdens of outsourcing, particularly with regard to consumer-facing services and information technology. In the bank C-suite, expect to see continued strong demand for those with risk management, compliance, technology, information security and credit risk backgrounds.

—Cliff Stanford, counsel, Alston & Bird LLP

fisher_keith.pngIn recent years, we have already seen the need for dedicated Bank Secrecy Act/Anti-Money Laundering compliance officers and Community Reinvestment Act officers. In the information technology area, there will be a need for a chief information officer and possibly a separate chief information security officer. Both the C-Suite and the boardroom will also have a need for individuals with extensive, detailed regulatory and compliance experience to assist with policymaking and strategic planning, especially to keep the compliance burden cost effective.

—Keith Fisher, Ballard Spahr LLP

Sharara_Norma.pngMore bank consolidation is expected in the next five years, so executives in the C-suite need to be prepared to be leaders of change. Along with the board, they need to create and implement a vision that reflects the bank’s brand and corporate culture. Recently, some banks have created a position of chief culture officer that reports directly to the CEO. That position involves much more than simply training the new people on how your systems work. Rather, the focus is on moving the bank forward as one family with one voice and one mission, and overcoming the natural tendency for an “us versus them” culture that often follows an acquisition.  

—Norma Sharara, Luse Gorman Pomerenk & Schick, P.C.

Lamson_Don.pngThe risk management expertise needed by a bank is increasingly dictated by regulatory standards. In addition, regulatory reform and legislative developments will continue to be important on both sides of the Atlantic. Thus, it will be important for banks to maintain personnel, including C-suite personnel, who can maintain relationships with regulators and other relevant policymakers, and effectively communicate with the public about the positive role of banks in the economy. Implementation of new rules and enforcement actions will continue, and therefore compliance and legal staff will continue to play key roles as new policies and systems are designed and banks respond to regulatory inquiries.

—Don Lamson, Shearman & Sterling LLP

Peter-Weinstock.jpgRisk management and technology will continue to require executive oversight. Institutions that do not have C-level talent addressing such areas will be expected to add them as they grow. The bigger question is what level of committee and task force infrastructure will be needed to respond to the increasingly interdisciplinary nature of banking? We are getting to the point that bankers are unable to schedule time with customers among the jumble of committee and task force meetings. Unfortunately, I do not see a quick change to such meeting proliferation.

—Peter Weinstock, Hunton & Williams LLP

Cyber Attacks: The Three Most Important Steps a Board Can Take

Bank Director asked legal experts to address a question that is top-of-mind in bank boardrooms lately: cyber security. What really is the role of the board in overseeing this potential threat? Big banks are getting hit with denial-of-service attacks that are taking down their web sites for hours. Even smaller banks are getting reports of constant attempts to hijack their online security. It seems time to address that question. 

What are the three most important steps that banks should take to protect themselves from cyber attacks?

Podvin_John.pngFirst, the board of directors must be well informed as to the risks of cyber attacks, the mitigating steps taken by the bank to address the risks, and very importantly, the results of any testing performed on the controls that the bank deployed. Second, the board must make sure that qualified management is in place with the appropriate level of competence, staffing and resources to address the ever-evolving risks of cyber attacks. Finally, the board should study all the enterprise’s insurance policies to make sure that there is in place insurance coverage and/or riders to protect the enterprise (this includes the holding company and all affiliates and subsidiaries) if it becomes the victim of a cyber attack.

—John Podvin, Haynes Boone LLP

Lamson_Don.pngIn December 2012, the Office of the Comptroller of the Currency issued an alert about the recent cyber attacks. The OCC’s alert said that banks need to have a “heightened sense of awareness” about cyber attacks and take actions that include: Ensuring sufficient staffing for the duration of an attack; ensuring that the response effectively involves appropriate personnel across multiple lines of business and external partners; and, conducting due diligence on service providers to ensure that these providers have taken steps to identify and mitigate risks from attacks. The OCC also emphasized that banks should consider the recent attacks as a part of their ongoing risk management program, and should be prepared to provide timely and accurate communication to their customers. The OCC expects banks that are victims of attacks to report the information to law enforcement authorities, to notify their supervisory office, and file suspicious activity reports if appropriate.

—Don Lamson, Shearman & Sterling LLP

Turnage_Bobby.pngBanks should review current systems, physical facilities and processes for vulnerabilities, and adjust as needed. Some important changes might not be that difficult to implement. Consider hiring an outside specialist for this—someone who knows the latest threats and methods. Review the security practices of your vendors, and review vendor contracts to ensure appropriate representations and warranties (and indemnification) around security. Invest in regular training for employees, including what to look for and what to avoid. The bad guys are constantly changing their methods, and regular training helps address new threats and also keeps security top-of-mind. Bonus Answer: Maintain a top-down emphasis on security. Emphasis must come from the C-suite and not just from the technology department.

—Bobby Turnage, Venable LLP

Maese_Vivian.pngThe biggest threat to banks today is still the insider threat. Banks should be thoroughly checking the backgrounds of their employees before they are employed.  Banks should continue to supervise and be alert to activities once employed. In parts of the world where background checking is not possible, banks should conduct extensive validation using personal local sources and social media sources. Access to systems should be carefully protected, taking into account the sensitivity of the systems and access should be provided only on a “need to know basis.” Data silos need to be broken down. Systems were originally designed to solve particular problems. Criminals have figured out that these silos prevent organizations from seeing the true picture of fraudulent activity. Big data tools are available in the market that can help organizations thwart potential problems without the massive data warehousing effort that was required just a few years ago.

—Vivian Maese, Dechert LLP

Mushahwar_Amy.pngEarlier this year, the Australian Department of Defense, Intelligence and Security released a statement that 85 percent of targeted cyber intrusions that it responds to as an agency could be prevented if companies did the following: 1. Application whitelisting (or preapproving of mobile and traditional applications used by employees). 2. Operating system and application patching (ensuring that the software in use by your organization has the latest security fixes). 3. Administrative password management (minimizing the number of users in the organization with administrative privileges). However, in cyber security, we can’t simply note the technical fixes required. We also ask organizations to become security-aware and foster a meaningful cross-expertise dialogue between business units, legal, IT and security. The technical fixes will only get organizations so far and do not fully protect against social engineering, rogue employees, or customer/employee phishing. At Ballard Spahr LLP, we created a helpful checklist for organizations to improve the cyber security dialogue within their organizations. An effective cyber security program and dialogue will not protect against all cyber theft, but it will help put your organization in a better position to detect, respond and control costs once events occur.

—Amy S. Mushahwar, Ballard Spahr LLP

Credit, Compliance or Operations: What is the Biggest Risk?

Historically, credit has often been the number one risk banks faced. But with an increasing amount of regulation and new technology opening up the gateway of attacks on bank infrastructure, other sorts of risks are gaining increasing attention these days. In advance of Bank Director’s seventh annual Bank Audit Committee Conference in Chicago June 6 through June 7, we asked speakers to describe the risk concerns of their clients. We asked:

“What risks do you see financial institutions most concerned about: Operational, regulatory or credit?”

rob_fleetwood.jpgOperational and regulatory risks are more inter-related than ever before. Banks still seem extremely mindful of credit risk, but management teams have “gotten used to” those risks, and have been living with the new reality for many years. Now we are seeing a lot of activity relating to regulatory changes and how those changes affect operations. Over the next few years, it will be critical for management teams to stay on top of the regulatory changes and make sure that they are comfortable that their entity’s operations are able to respond to the ongoing regulatory changes. This includes conducting a thorough internal review of internal and external compliance function to ensure that it is appropriately staffed and receiving adequate guidance.

— Rob Fleetwood, partner, Barack Ferrazzano Kirschbaum & Nagelberg LLP

Fitzgerald_Doug.pngOperational. Since the vast majority of bank management today has operated in the gradually declining interest rate environment since the early 1980s, operating their institutions in a future that virtually guarantees rising interest rates presents a new challenge. Managing earnings without exposing their banks to the same interest rate risk pressures that nearly destroyed the thrift industry in the decade of the 80s will require dedication to sound asset-liability management processes.

— Doug Fitzgerald, partner, Wipfli LLP

Hovde_Steve.pngCredit Risk. The credit crisis magnified credit risks distinguishing good lenders from poor ones, and banks that survived strengthened internal controls to avoid a repeat scenario. While many banks have cleaned up their loan portfolios, credit risks will remain at the forefront of bankers’ minds across the country for many years to come.

— Steve Hovde, president & chief executive officer, Hovde Financial Inc.

Blaha_Brian.pngRegulatory. A strong enterprise risk management program covering all aspects of the risk spectrum is essential to managing regulatory risk today. Risk must be managed from the top -down with all members of the board of directors and enior management agreeing on the risk appetite of the organization, what level of tolerance they are willing to accept and what metrics will be utilized to monitor the risks.

— Brian Blaha, partner, Wipfli LLP

Strecker_Raymond.pngWhether one looks at the lost or disrupted business caused by recent cyber-attacks, or the massive regulatory settlements in divers areas involving Libor rigging, AML (anti-money laundering) non-compliance, or failure to supervise third party vendors offering misleading credit products, it becomes clear that financial institutions need to take operational and regulatory risks at least as seriously as they take credit risk.

Risk and compliance managers need to be more creative about uncovering the next problem rather than just establishing controls to prevent the last problem from recurring.

— Ray Strecker, special advisor, Promontory Financial Group LLC

Decker_Kendra.pngI believe the biggest risk to financial institutions today is in the regulatory arena. It seems there is something new every day with which banks must comply. It can make your head spin! Having a solid regulatory monitoring function is critical to managing this risk.

— Kendra Decker, partner, National Professional Standards Group, Grant Thornton LLP

Percy_Mike.jpgRegulatory risks are the primary concern; however, it’s not unusual for there to be elements of operational risk and/or credit risk within the regulatory risk as well.

Risks continue to evolve and the regulatory environment is very dynamic. The program that effectively managed regulatory risk last year needs to continue to evolve to be effective going forward. Regulatory risk that is managed within business as usual processes is generally more effective than processes that are added simply to assist in complying with evolving regulatory requirements.

— Mike Percy, partner, Crowe Horwath LLP

Inserra_Sal.pngOperational. There are two fronts. Given margin compression, banks are looking at cost containment. This includes reviewing the process for efficiencies and re-evaluating their delivery network. We are seeing banks take a hard look at their branch network. The second item relates to technology—both from a standpoint of delivery and risk mitigation. If we really understood the regulatory burden in our future, then it would be worth the concern. At this point, it is too nebulous which makes it impossible to address.

— Sal Inserra, partner, Crowe Horwath LLP

Pressgrove_Becky.pngIn today’s banking environment, where these types of risks are so very interrelated, it seems more difficult than ever to untie operational, credit and regulatory risk from one another and identify one as being more critical than another. From an audit committee standpoint as it relates to BOLI (Bank-Owned Life Insurance), the justification for the asset purchase, the product structure and the ongoing review of the credit of various carriers creates regulatory and credit risk challenges. Add to that additional challenges from BASEL III and Dodd-Frank, along with a tepid economic recovery coming out of the great recession, and a complete, more thorough understanding of the BOLI asset will be critical in the future.

— Becky A. Pressgrove, senior vice president and chief operating officer, Equias Alliance LLC

You Just Got an Unsolicited Offer: Now What?

From Bank Director’s research and popular opinion at our most recent Acquire or Be Acquired conference in January in Scottsdale, Arizona, M&A activity is due to pick up in 2013, even if only slightly. Not every offer is a good offer, and not every bank wants to sell. So whether it’s pricing or timing, we want to know what is actually required from a board when an offer is made.

How should boards respond to unsolicited takeover offers from other banks if they’re not interested in being acquired?

Smith_Phillip.pngThe real question is not how should boards respond, but if they are legally required to respond. That depends on the nature of the proposed unsolicited offer. If it is a mere cocktail conversation or even a friendly overture during lunch, typically there is no duty to respond at all.

On the other hand, if a formal written offer is presented with actual proposed contractual terms, the board of the target organization, from a fiduciary duty standpoint, must respond even if they want to remain independent. The target board often must have a legitimate process that is followed with a financial analysis undertaken to determine if the offer is valid or not.

The decision of whether the organization can remain independent is based on whether the targeted organization can do better for its stockholders over the long-term compared to how the stockholders would fare in the deal. If the board has a legitimate basis to make that determination, then a simple “no thank you” is all that is needed.

— Philip Smith, Gerrish McCreary Smith PC

Schaefer_Kim.pngBoards must make an informed, good faith decision and can’t just ignore the offer. The record must reflect directors’ thoughtful consideration, including reviewing the bank’s strategic plan and value remaining as a standalone entity.

Assemble a team. Hire investment bankers to prepare financial analyses and market checks. Hire legal counsel to assist with proxy fights, public disclosures, securities laws and regulators since a takeover bid will require the bidder to seek regulatory approval. If the offer could become public, hire a media relations firm.

Before information leaks to employees or the public, establish clear communication protocols. Identify specific people authorized to speak on the bank’s behalf and ensure all communications are pre-cleared by counsel.

— Kim Schaefer, Vorys, Sater, Seymour and Pease LLP

Williams_Marcus.pngFor public companies, the public announcement of an unsolicited acquisition proposal can place the target at a significant disadvantage. This is particularly true where the putative buyer announces the offer directly to stockholders, rather than first approaching the board in an attempt to reach a negotiated transaction. In these instances, boards are well-advised to adopt a stockholder rights plan in order to afford ample time to obtain adequate information and advice and, on that basis, to consider an appropriate response.

Ideally, a well-functioning board will have considered and structured such a plan in advance, maintaining it “on the shelf” and reviewing it periodically to assure that it can be adopted quickly should a surprise offer be announced.

Most states also have some combination of control share or business combination statutes that limit a hostile suitor’s ability to quickly acquire control of business corporations, whether public or private. These statutes are less common, however, for states that have separate statutes governing state-chartered stock banks, particularly where the state corporate law does not apply to stock banks.

— Marcus Williams, Davis Wright Tremaine LLP

Zaunbrecher_Susan.jpgA board must exercise its business judgment as that is defined under the law of its state of incorporation. For example, in Delaware, the Revlon doctrine may drive a board’s consideration. In essence, the board must exercise its fiduciary duties with the specific goal of maximizing shareholder value.

Assuming receipt of a bona fide offer, a board should work with its legal and/or financial experts to understand the Revlon doctrine and state law to determine the elements to consider and document the exercise of business judgment in rejecting an offer. Many states permit boards to consider constituencies other than the shareholders, including employees, vendors and the community, in the proper exercise of business judgment.

— Susan Zaunbrecher, Dinsmore & Shohl LLP

Mayer_Frank.pngAs a threshold matter a board needs to understand that it, as a body, must make decisions that enhance shareholder value. A board cannot shift its decision making responsibility to the shareholders. The board must consider through a financial analysis whether the unsolicited offer is one that could put the shareholders in a better position than holding the existing bank shares. If the board’s conclusion is that the offer is legitimate and could put the shareholders into a more favorable position than maintaining the status quo, then the board has decided to sell to some entity.

Most states through their version of the business judgment rule will protect the board’s decision and the courts tend to be reluctant to second guess the board’s decision-making as long as the board adheres to the bank’s established documented governance processes and recusal mechanisms that are consistent with peer institutions so that board member self-interest influences are eliminated, the board in good faith relied upon expert advice without a conflict of interest, and the minutes establish that the board conducted a thoughtful decision-making process. If the financial analysis is close enough that the board seeks to consider non-economic issues and the bank’s by-laws permit non-economic factors, it will be imperative to document the negotiations over non-economic concerns to mitigate litigation risk.

— Frank Mayer, Pepper Hamilton LLP

Being Public: Is It Worth It?

Six months after the JOBS (Jumpstart our Business Startups) Act went into effect, making it easier for banks to remain private, we asked lawyers their opinion on the advantages and downsides of public ownership. Although all raise good points, many believe the expense is just not worth it for that size bank. But if the bank is looking at acquisitions and access to capital that the public markets provide, public ownership is a good idea.

Does it make sense for banks with less than $500 million in assets to be public companies? 

Mark-Nuccio.jpgWith increasing needs for capital and a desire to grow, some smaller banks may want to become or remain public companies, in spite of the significant burdens imposed on smaller public company issuers. Access to the public markets and shareholder liquidity, in the right situation, are worth the price of admission. Without a growth agenda, however, small, publicly held banks would be well-advised to privatize.

—Mark Nuccio, Ropes & Gray LLP 

Peter-Weinstock.jpgIt is hard to see many benefits for companies with less than $500 million in total assets to have their shares registered with the Securities and Exchange Commission (SEC) under the Exchange Act.  The accounting costs associated with public company status continue to increase, as do legal and regulatory check-the-box exercises. Perhaps it is worthwhile for boards to consider the issue again at $1 billion in assets, which is when the requirements for Federal Deposit Insurance Corp. Improvement Act certifications and the Federal Reserve’s enterprise risk assessments kick in. It is clear how smaller, publicly traded banking organizations view this issue. After the JOBS Act, the pace of such companies going dark has resembled Pamplona’s Running of the Bulls.

—Peter Weinstock, Hunton & Williams LLP 

Gregory-Lyons.jpgFor many banks with less than $500 million of assets, the burdens of operating as a public company likely outweigh the benefits. The reporting obligations themselves are substantial. Moreover, particularly as many community banks continue to feel the burdens of the financial crisis, the need to satisfy the short-term view of many investors can impede the pursuit of the long-term objective for a return to health. And the public markets often place a discount on the stock price of banks this size, thereby limiting the upside potential of an offering. Despite having said that, if a bank of this size is in comparatively good health, there are many opportunities for acquisitions in the marketplace now.  For these banks, the publicly traded stock can still be a useful currency in a growth strategy.  

—Greg Lyons, Debevoise & Plimpton LLP 

Schaefer_Kim.pngAfter the JOBS Act increased thresholds for registration from 500 shareholders to 2,000 and deregistration from 300 shareholders to 1,200, many banks have been closely examining the practicality of being a public company, especially considering the tremendous expense and additional regulation. However, the sensibility of that decision truly rests in the bank’s strategic plans for its future. How does the bank want to position itself? If a bank wants to expand its market or services, or if it wants (or needs) to raise capital, its prospects for doing so are much brighter as a public company. Some banks also enjoy the prestige and attention that they receive as a public company. Being a public reporting company may add significant expense, but the visibility and flexibility for raising capital is certainly enhanced for a public company, which may turn those expenses into a valuable investment for future growth.

—Kim Schaefer, Vorys, Sater, Seymour and Pease LLP               

John-Gorman.jpgThere is no one-size-fits all response to this question.  For the institution that sees itself generating enough capital to pay dividends and sustain growth and does not see itself expanding its footprint, then it should seriously consider deregistering with the SEC.  There is a unique ability for a bank or bank holding company (and a savings bank and savings and loan holding company) to continue to trade on the bulletin board without having to be registered with the SEC. This is not available for non-financial institutions.

For many small-cap banks, bulletin board trading may provide as much liquidity as NASDAQ OMX, and provides insiders with an outlet for their shares, which is one of the major downsides of deregistering (i.e., it is difficult for insiders to sell their shares).  For an institution that sees itself accessing the public markets for additional capital or expanding through mergers and acquisitions, continuing with an SEC registration could prove critical, despite the costs and burdens. And as the market cap of a bank/holding company increases, the need to maintain a trading alternative is also important for shareholders. 

—John Gorman, Luse Gorman Pomerenk & Schick PC

Standard Chartered and Anti-Money Laundering: Trends to Watch

money-laundry.jpgStandard Chartered Bank, a part of United Kingdom-based Standard Chartered PLC, last summer quickly settled a complaint brought by the New York State Department of Financial Services (DFS) to the tune of $340 million over allegations that it had violated anti-money laundering laws. The bank still faces wide-ranging investigations from various state and federal regulators, pursuant to their respective anti-money laundering (AML) authority.

The Standard Chartered case is only the latest of several such regulatory matters demonstrating the aggressive enforcement environment imposed upon banks today by multiple regulators, often with very different agendas. The case also highlights the significant power and leverage held by U.S. regulators, and how difficult it can be to effectively challenge regulatory allegations of wrongdoing once those investigations gather momentum. 

The Standard Chartered enforcement case relates to the U.S. branch of the bank handling transactions for Iranian account holders and banks. Since the 1979 Iranian hostage crisis, the United States has imposed strict limitations on the manner in which financial institutions are allowed to transact business with Iran and its citizens. In recent years, the scope of the sanctions has increased, as have related enforcement matters.

The underlying conduct in the Standard Chartered case involved so-called “U-turn” transactions. Prior to November 2008, U.S. financial institutions were permitted to process certain transactions that, although conducted on behalf of Iranian account-holders, did not pass through Iranian banking institutions.  Federal regulations accordingly required that transactions involving Iranian entities were only permitted to pass through the U.S. financial system on their way from one non-U.S., non-Iranian financial institution to another. Such Iranian-related transactions were required to be reported to federal regulators, and transactions with some individuals and organs of the Iranian government were still prohibited. In 2008, U.S. regulators flatly prohibited any further U-turn transactions, after becoming suspicious that they were being used to finance Iran’s nuclear weapons program and support for terrorist organizations.  

The New York DFS filed its complaint against Standard Chartered on August 6, 2012, with a substantial amount of publicity.  The New York regulator alleged that in addition to completing U-turn transactions, some of which may have been permissible, Standard Chartered systematically stripped or masked information about the Iranian account holders from its transaction documents, making it impossible for the bank’s U.S. branch to evaluate the legitimacy of approximately 60,000 transactions over several years.  Through citation to numerous inflammatory emails and interview snippets, the regulator’s complaint depicted an organization that engaged in conscious activities to hide wrongful transactions from U.S. and state regulators. The complaint claims that the violations were all the more troubling because the bank was under a formal supervisory action from 2004 to 2007 by state and federal regulators related to money laundering compliance failures. Although the bank’s senior management denied any wrongdoing, a notion that U.K. regulators affirmatively supported, the New York regulator threatened to revoke the firm’s state banking license.  Facing a sanction that would have closed its New York operations, Standard Chartered had little option but to settle. 

As it turns out, however, settling with New York over the Iranian allegations will likely be just the first step in a regulatory settlement process for the bank.  The U.S. Department of Justice, the Treasury Department’s Office of Foreign Assets Control and various U.K. regulators are also investigating money laundering violations at the bank.  Additionally, the New York DFS complaint makes clear that the state regulator is still investigating similar issues involving Libya, Myanmar and Sudan. 

The Standard Chartered case is the just the most recent of many AML enforcement matters that multiple regulators in the United States have been pursuing, with several expected to be announced in the near future. 

In June of this year, ING Bank paid the largest money laundering settlement on record, $619 million, to address claims by the U.S. Department of Justice and the Manhattan District Attorney’s office that it hid billions of dollars in transactions in its U.S. branches involving Cuban and Iranian account holders. 

In August 2010, Barclays paid $298 million to the U.S. Department of Justice and Manhattan prosecutors associated with account transactions for individuals from Cuba, Sudan and other countries subject to U.S. sanctions.

In December 2009, ABN AMRO settled money laundering claims with the U.S. Department of Justice and Manhattan prosecutors, paying $500 million to address allegedly improper transactions with Iran and Sudan, having paid $80 million to settle similar allegations in 2005. 

In 2009, Lloyds TSP Group PLC paid a combined $567 million in two settlements, one with the Department of Justice and Manhattan prosecutors and the second with the U.S. Treasury because of alleged prohibited transactions with Iran and Sudan. 

In 2009, Credit Suisse Group paid the U.S. Department of Justice and Manhattan prosecutors $536 million related to transactions with clients in Libya, Sudan, Myanmar and Cuba. 

Finally, HSBC has announced a $700 million reserve to deal with expected fines and penalties arising out of its own money laundering allegations by U.S. and U.K. regulators.

The common theme that emerges from all of these cases is that regulators are aggressively pursuing AML cases against banks—and demanding large settlements—with increased frequency. Regulators that in the past may have worked on a more cooperative basis with banks are increasingly referring matters to criminal authorities, and new regulators are seeking to establish their relevance with brash actions. The aggressive pursuit of these cases and the multiple regulators involved at both the state and federal level will make it that much more difficult for companies to navigate regulatory processes once investigations begin. Additionally, as shown by the Standard Chartered case, U.S. regulators have substantial powers to shut down an organization’s operations and are often willing to use this authority without regard to the broader harm.

Facing such sanctions, it is often impossible for a legitimate bank to force a regulator to actually prove its case at trial. As frustrating as it may be, often the most practical approach to an AML investigation is to make your case in a forceful manner during negotiations, but to then find the path to an acceptable settlement. Such an approach often starts well before negotiations begin by establishing credibility with regulators throughout the investigation process by taking their concerns seriously, responding quickly and candidly to requests for information, and acknowledging any compliance issues where appropriate, but remaining firm on key points of contention.

Will the New Rules on Compensation Risk Really Help?

Following up on Bank Director’s Bank Executive & Board Compensation conference last week, we asked attorneys for their opinions on the latest rules on compensation risk and whether they really found them necessary or helpful. In a word? No. Although the exact impact remains to be seen, many feel that these new rules will actually hurt more than they help. 

Will the new federal rules on compensation risk make the banking industry safer? 

Doug-Faucette.jpgIn the context of banks that are too big to fail and too big to govern, the rules will have only a marginal impact. Clearly Jamie Dimon was as surprised as anyone when the London whale caused the bank a multibillion dollar portfolio trading loss, but to say that compensation rules lead to reckless speculation is to miss the point. The losses suffered by J.P. Morgan Chase & Co. were not a result of misplaced compensation incentives, but a lack of sufficient controls over activities which are culturally risk intensive. It is doubtful that the London whale would have avoided speculative trades if his contract penalized his poor performance or risk taking. Performance-based compensation trends and regulatory restrictions on incentive based compensation are in conflict. It is ironic that during a time when incentive-based compensation is on the rise, and scrutiny over peer comparisons and total shareholder returns is increasing, regulators would blame compensation arrangements as a cause of the crisis.

—Doug Faucette, Locke Lorde LLP 

John-Gorman.jpgNot really.  Changes in substance, if any, will occur on the outside edges, the extremes if you will, of prior bank compensation practices, which will impact very few community institutions. Compensation practices for community banks have never amounted to a threat to the industry or the insurance fund. For most institutions, there will be tweaks and changes that will occur to show responsiveness to the regulatory concerns, probably as much in the lower ranks (e.g., with respect to loan origination pay) as in the executive suite.  Every institution is required to conduct a risk assessment of their incentive compensation programs, and this should be documented at the board level.  We would recommend that every institution institute a clawback policy for executive compensation.  This is a good citizenship move, makes sense from all angles, and is easy to implement.  We also expect to see more incentive compensation paid in the form of restricted stock for public companies.

—John Gorman, Luse Gorman Pomerenk & Schick, PC  

Podvin_John.jpgThe interagency rules implementing Section 956 of Dodd-Frank limiting compensation in banks larger than $1 billion in assets are not finalized yet.  It remains to be seen whether these rules will change the product mix offered by banks going forward under the guise of restricting compensation.  It also remains to be seen whether there will be “trickle-down” of these rules to banks with assets of less than $1 billion.  Another unintended consequence might be if the rules restrict compensation to an extent that some of the best and brightest minds leave the banking industry for greener pastures. Does that actually make the banking industry safer? 

—John Podvin, Haynes and Boone, LLP  

Mark-Nuccio.jpgFundamentally, this is less about safety than it is a criticism of board level supervision of executive pay levels. At least, compensation consultants are happy. 

—Mark Nuccio, Ropes & Gray LLP 


Horn_Charles.jpgThe regulation of incentive-based compensation practices is a key aspect of the Dodd-Frank Act.  It is based on the view that executive and senior manager compensation practices at financial institutions during the years leading up to the financial crisis failed to properly align compensation with appropriate risk-taking, and may have led to practices and activities that were inconsistent with the long-term health of financial institutions. The financial regulatory agencies proposed incentive compensation standards and disclosure requirements 18 months ago, and these rules are expected to be adopted in final form in the relatively near term. To the extent that these rules encourage financial institutions’ directors and senior management to pay closer attention to the risk incentives created by compensation practices and activities, and take appropriate action to better reward behaviors that emphasize the longer-term health of a financial firm while discouraging activities that do not accomplish this objective, the new rules should assist in reducing inappropriate risk in financial firms.

—Charles Horn, Morrison Foerster LLP

The New Proposed Mortgage Regulations: One Size Fits All?

New rules coming out of Washington, D.C., will impact the mortgage market and banks big and small. Among them, the Consumer Financial Protection Bureau (CFPB) has proposed rules regarding mortgage disclosures. The agency says it is attempting to simplify and write plain English disclosures for consumers. Comments on the proposals are due Nov 6. In addition, the CFPB will require lenders to make sure a mortgage holder qualifies for a mortgage, or has the ability to repay the loan, creating what’s essentially a series of check boxes for lending departments, as well as restrictions on loan terms.

Because banks both large and small will be required to comply, Bank Director asked attorneys to weigh in on the CFPB’s proposed mortgage regulations.

Should community banks be exempted from the Consumer Financial Protection Bureau’s proposed rules on mortgage disclosure and qualifying mortgages?


Robert-Monroe.jpgYes.  Community banks need to be exempted from the Consumer Financial Protection Bureau’s proposed rules on mortgage disclosure and qualifying mortgages, as community banks have been and are subject to regulatory oversight on mortgage disclosures rules.  There is no need for the CFPB to be involved in the supervision of community banks.  Why do we need two regulators to oversee this issue and many other banking issues when federal bank regulators were adequately doing their jobs?  One major problem that lead to the current crisis revolved around unregulated mortgage originators, not disclosure rules.  Let bankers and their prudential regulators continue with regulatory oversight of mortgage disclosure rules and keep the CFPB out of community banks.

—Bob Monroe, Stinson Morrison Hecker

Peter-Weinstock.jpgFirst, the current proposed definitions of qualified mortgages and qualified residential mortgages will continue the current inequity in the mortgage market.  Essentially, people like me can refinance their mortgage to 3 percent with zero closing costs, while other people who desperately need to refinance cannot qualify.  Thus, there needs to be some overall sanity brought to mortgage regulation.  Beyond that, mortgage regulation needs to cover the entire food chain.  The CFPB can reduce the burden on smaller financial institutions regarding such matters as assessing a customer’s ability to repay a loan.  If the system of regulation mandates a cost structure that only large financial institutions can absorb, then the result will be the unintended (and the CFPB says undesirable) consequence of a market in which only the multi-trillion dollar institutions can participate.

—Peter Weinstock, Hunton & Williams

Jonathan-Wegner.jpgSmall banks are struggling to keep up with the new rules, and already, we’ve seen some small institutions enter into what amounts to mortgage referral relationships with bigger banks that have enough horsepower in their compliance departments to keep up with all of the new rules.  The CFPB needs to implement reasonable accommodations for these smaller institutions.  Otherwise, they may very well regulate these banks out of a fundamental piece of their business.

—Jonathan Wegner, Baird Holm

oliver-ireland.pngRegulatory compliance costs have always fallen more heavily on community banks than on large banking companies because of the smaller volume of transaction over which community banks must distribute compliance costs.  These costs make it more difficult for community banks to compete with larger banks on the basis of price. These considerations argue in favor of exempting community banks from proposed rules on mortgage disclosure and qualifying mortgages. On the other hand, when dealing with consumer protection issues, consumer advocates may argue that it is unfair and confusing to consumers to exempt anyone from consumer protection requirements. Despite these arguments, the presence of unregulated providers in a market provides a point of reference and a practical check on the potential for regulatory requirements to lead to a diminution in, or even unavailability, of key services and should ultimately benefit consumers.

—Oliver Ireland, Morrison Foerster

Should Big Banks Be Broken Up?

Many blame the largest banks for our most recent banking crisis, which leads to the question. Should “too big to fail” become “too big to exist?”

While the top five banks have assets worth more than 50 percent of the nation’s gross domestic product, it is clear that the safety and soundness of these institutions is essential for a healthy economy. Several high-profile figures have suggested that the big banks should be dismantled to ensure the health of the U.S. economy, including Federal Deposit Insurance Corp. board member Thomas Hoenig and Citigroup’s former chairman Sandy Weill. So Bank Director decided to poll bank attorneys to find out what they think.

Do you think the five largest banks in the United States should be broken up to lessen their systemic risk to the economy?

Guynn_Randall.jpgI don’t think anyone has made a persuasive case that breaking up the banks will reduce systemic risk. Breaking them up could actually increase systemic risk. For example, take a bank with $1 trillion in assets. Suppose it were broken up into 10 banks of $100 billion each. If the 10 smaller banks continue to engage in the same activities—e.g., taking deposits and making loans—all 10 would be just as likely to fail simultaneously and cause just as much systemic risk. Moreover, if they are less efficient risk managers, they may be more likely to fail. We will also lose the benefits of having banks with balance sheets and global footprints that match those of their customers.

—Randall Guynn, Davis Polk

Robert-Monroe.jpgYes, unless the U.S. wants to move towards the European model of banking containing a very small number of banks.  We have seen in the current banking crisis the near economic collapse of our financial systems and our economy resulting from the near failure of two to three of our largest banks.  We need to spread the risk to our economy to a larger base of banks rather than fewer

—Bob Monroe, Stinson Morrison Hecker LLP

G-Rozansky.jpgEconomic crises (e.g., United States 2007-2009 and East Asia in the ‘90s) have generally originated from common exposures to risks (such as a fall in housing prices or a currency depreciation), rather than from the failure of a large bank bringing down others. Moreover, initiatives underway, including those to improve internal risk management processes and impose greater market discipline on large institutions, show promise as a means to reduce systemic risks. In light of the foregoing—and considering the unknown consequences of a forced break-up on the functioning of the financial system, the valuable services only being provided by the largest institutions, and the broad legal authority U.S. regulators already have to force a downsizing on a case-by-case basis—sound policy considerations underpin a more modest approach to “too big to fail.”

—Gregg Rozansky, Shearman & Sterling LLP

Horn_Charles.jpgNo.  Simply breaking up a bank based on size alone is a blunderbuss approach to systemic regulation, which may not achieve its intended results and may do unnecessary harm to the banks involved. Systemic regulation should be based on a reasoned analysis of actual systemic risk presented by individual financial institutions based on their individual structures, activities and risk profiles. Similarly, the decision to break up a large financial institution should be based only on the same type of analysis, and only if the financial institution poses a plain risk to the financial system, and there are not reasonable assurances that the institution can be adequately managed or regulated. Financial regulators, however, should have the authority to require risk-reduction downsizing or divestments of business lines and activities under appropriate circumstances, subject to clear standards and adequate due process protections.

—Charles Horn, Morrison Foerster