Community Banks Released From ADA Liability


community-bank-12-29-17.pngMany community banks received threatening letters from the advocacy group Access Now alleging that the banks’ websites violated the Americans with Disabilities Act (ADA) for the visually impaired in provision of electronic information technology, including the banks’ websites, online banking, mobile banking and apps, ATM services, and telephone banking (known collectively as electronic banking services). These letters started arriving at banks in late 2016 and generally offered to resolve alleged claims by working with Access Now’s attorneys—Pittsburgh, Pennsylvania-based Carlson Lynch Sweet Kipela and New York-based KamberLaw LLC—to bring the banks’ websites into compliance with the ADA. The banks that chose not to work with Access Now were threatened with potential lawsuits.

On November 20, 2017, the Independent Community Bankers of America (ICBA) announced it had reached an agreement with Access Now to stop the mass distribution of letters to community banks threatening to bring actions against these banks for alleged violations of ADA. The industry trade group reached a mutually agreeable settlement with Access Now, in which the ICBA will adopt and distribute to its current members a restatement of voluntary access principles that are acceptable to Access Now, as a reaffirmation of the banking industry’s ongoing commitment to encourage accessibility for visually impaired persons. Access Now will release ICBA member banks and all U.S. banks with less than $50 billion in assets from all claims related to the provision of electronic banking services and the ADA.

It is unclear if the release requires all ICBA banks and non-member banks with assets of less than $50 billion to adopt the Access Now principles. In addition, it is unclear if adopting and following the Access Now principles by community banks will protect them from threatened litigation by organizations similar to Access Now. However, it is advisable to adopt and follow the principles for protection against claims.

The principles adopted by the ICBA are as follows:

  1. Ensure accessibility. The ICBA will encourage its members to make reasonable efforts to ensure that digital platforms and services are accessible to visually impaired and low vision customers, as well as potential customers and companions to such customers or potential customers.
  2. Train bank employees. The ICBA will encourage its members to conduct periodic training for bank employees responsible for electronic banking service accessibility to promote greater accessibility.
  3. Develop electronic banking service accessibility guidelines. The ICBA will encourage its members to develop electronic banking service accessibility guidelines that are designed to promote increased independent use of the member’s electronic banking services by customers and potential customers with disabilities, as well as their companions. The details of the accessibility policies adopted, if any, will be at the sole discretion of each member bank.
  4. Implement the principles within the next three years. In the event that formal guidelines are not issued by the U.S. Department of Justice in 2018, the ICBA encourages its members to implement its principles on or before December 31, 2020.
  5. Incorporate access information into existing customer service. The ICBA encourages its members to publicly post notification and contact information in connection with their provision of electronic banking services for customers and potential customers who claim to encounter access barriers. Members are encouraged to respond to inquiries or complaints related to any alleged access barriers in a reasonably prompt manner.
  6. Communicate with third-party vendors. The ICBA encourages its members to utilize their existing vendor management due diligence process and communicate to the vendor that consumer-facing digital content provided by that vendor should conform to the ICBA’s principles.

While the DOJ has not adopted a website accessibility standard, one acceptable set of voluntary principles for accessibility is the World Wide Web Consortium’s Version 2.0 of its Web Accessibility Guidelines. Nothing within the ICBA’s principles intends to suggest that members should adopt an accessibility standard greater than that which may ultimately be adopted by the DOJ, or that equal access may not lawfully be provided in an alternative fashion. All community banks should endeavor to adhere to the principles set out above and watch for the release of website accessibility standards by the Justice Department.

Could Your Insurance Cover the Latest Disability Claims?


insurance-12-26-16.pngAlthough Americans with Disabilities Act (ADA) claims have been in existence for several years, I have seen a dramatic increase in the frequency of demand letters against community and regional banks during the past couple of weeks. The typical demand letter states that the bank’s website is out of compliance with the ADA, as the site does not provide equal accessibility for visually impaired individuals who attempt to access the website. Often the letter will cite the Web Accessibility Initiative of the World Wide Web Consortium, referencing how many of the web pages fail to meet the Web Content Accessibility Guidelines.

Possible Insurance Response
Based on the allegations, the first places we would look for insurance coverage would be the cyber liability policy, as this is based on the bank’s website, or the employment practices liability insurance (EPLI) policy. And those are exactly the two coverages where we are seeing possible solutions, but that will be contingent on the insurance carrier’s approach and the language that may have been negotiated.

With regards to cyber liability, most policies will only be triggered after a breach of network security and/or the loss or theft of non-tangible property, specifically, personally identifiable information. In the case of these ADA infractions, neither of these triggers have been met. Additionally, many cyber policies will include a specific discrimination exclusion. With that said, several carriers have cyber policies with no such exclusion and have a very inclusive or broad language within the definition of Wrongful Electronic Banking Act or even the basic Cyber Liability Insuring Agreement.

With regards to the possibility of coverage within the EPLI placement, we compare this scenario with a similar scenario where a claimant demands that a handicapped ramp be built at a branch location. Both reference violations of ADA claiming an individual with a disability cannot access the bank’s services. Just as is the case in the building of the ramp scenario, there are several language obstacles that need to be overcome in the consideration of coverage:

  1. The definition of claim defines when claim coverage can begin. Your definition of claim should include non-monetary damages, just as it does for monetary damages. This will allow for coverage to be considered even if all that is requested is to fix the website.
  2. The bank should possess third-party discrimination coverage, which means that the bank is protected if a third-party, not an employee of the bank, is the claimant. Note that several versions of the third-party EPLI coverage extensions include only harassment exposures. Since these allegations relate to the scenario where a third party to the bank is alleging discrimination, it is critical that this extension includes discrimination as well as harassment.

One last comment relating to the possibility of claims coverage is that most insurance policies include some form of the following in the definition of loss:

… Loss shall not include costs to comply with any non-monetary or injunctive relief…

This means that while there could be coverage for defense costs and legal fees associated with defending the bank, as well as any actual financial settlement amounts, there will most likely not be any coverage for actually fixing the web site. Just as there was not insurance available to build the accessible ramp, fixing the web site would be a cost of doing business and typically is not insurable.

Steps You Can Take
If your institution wants to be proactive, the Department of Justice offers resources advising local governments on making web sites accessible. We also recommend the input of counsel prior to responding to any demand letters. Lastly, when considering if or how to respond to such a letter, I would like to reinforce an American Bankers Association report on the matter: “…unlike many other compliance obligations, there is much to be gained from making the world more accessible to the disabled. Not only is it the right thing to do, it is also potentially good for business as it expands the market for bank products and services to the broadest range of customers.”

Disability Claims Against Bank Websites: Is Your Bank Prepared?


disability-12-19-16.pngMany will recall painful lessons learned in the wake of the 1990 passage of the Americans with Disabilities Act (ADA) as numerous claims arose alleging that bank ATMs were not accessible to the disabled. Banks were required to retrofit facilities and equipment to meet the standards adopted in 1991 by the U.S. Department of Justice requiring ATMs to be accessible. Again in 2010, the Justice Department supplemented the general accessibility rules with standards setting out extensive technical specifications for ATMs, including speech output, privacy and Braille instructions, leading to another round of claims, lawsuits and retrofits of equipment.

Today, a new target for ADA claims has surfaced: online and mobile banking. Claims brought under Title III of the ADA are growing in number, targeting financial institutions for failing to make their websites and mobile applications accessible to individuals with disabilities.

Title III of the ADA covers public accommodations and commercial facilities and provides, in pertinent part: “[n]o individual shall be discriminated against on the basis of a disability in the full and equal enjoyment of the goods, services, facilities, privileges, advantages, or accommodations of any place of public accommodation by any person who owns, leases (or leases to), or operates a place of public accommodation.” Banks fall squarely within the category of “service establishments” that qualify as public accommodations. Thus, Title III’s accommodation requirements apply to at least the physical location of a bank.

At issue in the recent influx of claims is the extent to which a bank’s website must accommodate disabled patrons. Federal courts are split on whether websites for private businesses actually constitute a public accommodation under the ADA. Federal courts generally have taken one of three approaches regarding the applicability of ADA accessibility requirements to websites: the internet is not a place of public accommodation; the internet is a place of public accommodation; or the internet is a place of public accommodation to the extent a website serves as a gateway to the full and equal enjoyment of goods and services offered in a business’s physical locations.

The Justice Department, which also enforces the ADA, has not yet issued regulations, accessibility requirements or guidance relating to whether and how commercial websites are to comply with Title III. Originally, the Department planned to issue regulations implementing Title III in the spring of 2016; however, it changed course in late 2015, announcing that the regulations would not be finalized until 2018 at the earliest, stating that it wanted to concentrate first on similar regulations for government entities and federal contractors covered by Title II.

In the meantime, the Justice Department has taken the position, at least as far as state and local governments are concerned, that Title II obligates those entities to make their websites accessible to consumers with disabilities. The Justice Department is on record asserting that “[t]he internet plays a critical role in the daily personal, professional, civic, and business life of Americans. The ADA’s expansive nondiscrimination mandate reaches goods and services provided by public accommodations and public entities using internet websites.”

As to private business, the Justice Department has entered into several consent orders under Title III in which the businesses have agreed to bring their websites and mobile applications into compliance with the Web Content Accessibility Guidelines 2.0 AA, published by the Web Accessibility Initiative of the World Wide Web Consortium.

With alleged violations of ADA Title III finding their way into claims, lawsuits and Justice Department actions, it is important for board members to be alert to emerging website and mobile application accessibility issues, to be prepared to assess their institution’s exposure and to make sure their institutions address any unmet requirements. With a new administration arriving in Washington D.C., it is important to monitor its perspective on this topic. Expert consultants and legal counsel can provide valuable guidance in structuring the assessment process as well as any needed remediation. The process should include a review of the institution’s web and mobile platforms, a review of the institution’s technical capabilities, as well as applicable vendor agreements to ensure that gaps are addressed so that the bank meets ADA requirements.

A New Delaware M&A Case Is a Warning to Investment Bankers: Take Care That You Don’t Mislead the Board


investment-bankers-12-21-15.pngMerger and acquisition activity appears to be accelerating among community banks large and small. Despite the nearly ubiquitous shareholder lawsuit that follows a merger announcement from a publicly traded target company, the corporate law relating to the obligations of a board of directors in a merger transaction is well developed and favorable. There is a high bar for board culpability in an M&A transaction, and an even higher bar for board liability. However, recent Delaware court cases have highlighted potential liability for investment bankers that is not shared by directors. This is quite an alarming development, which is of obvious concern to investment bankers, but also should impact boards of directors as they consider deals.

Under Delaware law, which is followed by most states, the primary obligations of the board in a merger transaction relate to good faith, a component of the duty of loyalty, and making an informed decision, duty of care. Fortunately, most companies have a charter provision eliminating director personal liability for monetary damages for breaches of the duty of care, which is not allowed for breaches of the duty of loyalty. And, according to the Delaware Supreme Court in the Lyondell case, director personal liability for “bad faith” requires a knowing violation of fiduciary duties. For example, in a sale transaction, shareholders aren’t supposed to act on a goal other than maximizing value, or in a non-sale merger, act for reasons unrelated to the best interests of the stockholders generally.

Another important hallmark of Delaware M&A case law is the extreme reluctance of judges to enjoin a stockholder vote on a merger transaction when there is no competing offer. And once a transaction closes, and the challenged target company directors were independent and disinterested, and did not act with the intent to violate their duties, judges typically dismiss the lawsuits against directors.

However, in a recent case, which involved the sale of a company called Rural/Metro Corporation, the Delaware Supreme Court ruled that third parties, such as investment bankers, can be liable for damages if their actions caused a board to breach its duty of care, even if directors are not liable for the breach. Moreover, simple negligence by the board, rather than gross negligence, can serve as the basis for third party liability.

In Rural/Metro, the investment bankers were found to have had numerous conflicts of interest, most of which were not discussed with the board. They sought to participate in the buyer’s financing of the acquisition and they sought to leverage their involvement with the seller, Rural/Metro, to obtain a financing role in another merger transaction. They were also found to have manipulated the fairness analysis to serve their conflicted interest in having a particular party win the bid for Rural/Metro. The court held the behavior of the investment bankers caused the board to be uninformed as to the value of the company and caused misleading disclosure. They were held liable to stockholders for $76 million in damages.

The Delaware Supreme Court stated that a board needs to be active and reasonably informed in its oversight of a sale process and must identify and respond to actual or potential conflicts of interest as to its advisers. Importantly, the Delaware Supreme Court rejected the lower court’s characterization of the role and obligations of an investment banker as a quasi fiduciary “gate keeper,” and stated that the obligations of an investment banker are primarily contractual in nature. It further held that liability of an investment banker will not be based on its failure to take steps to prevent a director breach but on its intentional actions causing a breach.

The case is a warning for both boards and investment bankers: Take care when there is a conflict of interest. Investment bankers should avoid conflicts where possible, disclose all conflicts to the board and the board and the investment bankers need to work diligently to address conflicts adequately. In order to do their job well, board members must make sure their advisors are telling them what they need to know.

Stop Before Signing a 10-Year Core IT Contract


3-27-15-Paladin.pngHow can any of us bet on the function and value of technology 10 years from now? You cannot. However, vendors are doing a great job of convincing banks they need a 10-year technology contract.

Nobody except perhaps for the U.S. government should accept fixed IT cost structures and terms for 10 years. It is my opinion that proposing an eight, nine or 10-year contract is one of the biggest crimes committed upon bankers in recent years by core IT vendors. Frankly, they should be ashamed of tricking bankers into believing there is any strategic value in such an offering. How many banks offer a 10-year, fixed-rate commercial line of credit or a 10-year CD with guaranteed interest rate increases of 3 percent to 5 percent annually?

Bankers are doing their best to run their institutions, manage compliance issues, fight off margin compression and try to make a buck. I understand that some may think that a 10-year contract will lock their core IT vendor in to incredibly low pricing and favorable terms. A 10-year contract puts a check in the vendor management box and lowers bankers’ distractions, permitting focus on what bankers know best…banking. If you really knew what a 10-year deal actually does to a bank, you’d realize that you just locked yourself into a bad deal.

An eight, nine or 10-year core IT contract guarantees the vendor that no-matter-what, you are going to pay premiums for a long time, even if the cost of the technology delivery drops to near zero. The institution may grow, contract or change its mission, but the fees are going to continue growing annually as consumer price index increases chip away at your efficiency ratio.

Bankers are at a terrible disadvantage and must typically wait five to seven years to restructure these contracts. Once you complete the wait, you find very little switching leverage since a true oligopoly exists. Eighty-five percent of the market is controlled by three companies, Fiserv, FIS, and Jack Henry & Associates. Vendors know that only 4 percent of banks change vendors annually.

Your World Under a 10-Year Agreement
Pretend you want to switch vendors because your provider is no longer providing quality service or was hacked by the North Koreans. Nope. You’re stuck. Maybe your bank wishes to upgrade and buy a world-class Internet banking system because the version offered by your core is no good? You’re stuck until your grand-children graduate high school in 2025.

Search the fine print in your agreement for the exclusivity clause preventing a switch of any ancillary service to a competitive offering. Consider complaining to the vendor about the service level agreement (SLA). Sure, they’ll buy you lunch, but the complaints fall on deaf ears. Their nods of empty concern are backed by the fact you’re going nowhere for at least seven more years!

Imagine you happen to meet a colleague at a bank show and he tells you his bank is paying the same vendor 40 percent less for the same services? That’s nice but you’ll have to wait to get anything changed until the next two presidential elections. Decide to sell the bank? Get your shareholders ready to choke on millions in termination fees.

High Fives at the Water Cooler
I’m cynical about finding any value in a 10-year contract, because there isn’t any, unless of course you’re the vendor. In my opinion, the absolute longest term should be seven years, and even then, there better be a lot of language that begins protecting your backside in years five, six and seven. The sales guy that brings in the 10-year whale is immediately promoted to the corner office and is enshrined into the president’s club for the remainder of his career. Water cooler high-fives abound at any core IT provider that gets a bank or credit union to sign onto an eight, nine or 10-year deal. If you sign a 10-year deal and can’t find your sales rep, that’s because phones don’t work on cruise ships.

Trust your vendor, but ensure that you are getting fair market pricing and making the right decisions about business language and terms. Going into these multi-million dollar negotiations alone is like playing poker in the World Poker Tour when you only play Texas Hold’em once every five years.

Keeping Your Head Above Water: Four Tips for Managing Flood Insurance Law Changes


1-19-15-Dinsmore.pngAmong the various areas of regulatory compliance, one area—compliance with flood insurance regulations—seems to cause an out-sized level of anxiety, and for good reason. Over the past several years, field examiners have been diligent in identifying and citing violations of the flood regulations, and many of these violations have resulted in imposition of civil money penalties (CMPs) against the violating banks. During 2013 and 2014, nearly 100 flood-related CMPs were imposed on banks, ranging in amount from $1,000 to well over $100,000. Paying penalties is never enjoyable, but is even less so in this era of tight margins and strained profitability.

Last year, President Obama signed into law the Homeowner Flood Insurance Affordability Act (HFIAA) as a way to dial back some of the increased costs associated with 2012 Flood Insurance Reform Act. The HFIAA will bring about a number of new and modified obligations on banks, which will become effective at various times during 2015 and 2016. Changes are coming in the areas of forced placement of insurance, acceptance of private flood insurance, escrowing of premiums, and exemptions to the mandatory purchase of flood insurance.

The ultimate responsibility for ensuring compliance with consumer protection laws and regulations, including flood insurance laws and regulations, rests with the board and senior management. How do you keep your head above the changing waters?

  1. Policies and Procedures. Any change in law or regulation in a compliance area should trigger a review of the bank’s existing policies and procedures in the affected areas. The review should be done with an eye toward necessary or appropriate changes to the policies and procedures. Management also should use this review process to determine to whom the revised policies and procedures need to be communicated to ensure an effective flood insurance compliance program. Certain of the changes may affect personnel outside of the lending and compliance functions at the bank. Once identified, all appropriate personnel should be trained on the new policies and procedures.
  2. Education. The compliance officer’s and real estate loan origination staff’s knowledge and understanding of the changes in the law/regulations are critical to ensuring compliance. The board and senior management have to be willing to expend the necessary resources to educate these folks who are on the front lines of the flood insurance process. Additionally, directors and senior managers also should receive training on the basics of flood insurance regulations so that they can appropriately oversee the compliance function and manage the attendant risk. The regulatory agencies, industry trade associations, and FEMA (Federal Emergency Management Agency) are good sources of training materials.
  3. Customer Communication. Your bank already may be receiving inquiries from customers regarding the impending changes to the flood insurance rules. If not, expect that you will. The changes relating to escrowing premiums, exemptions from mandatory coverage, and private flood insurance are fertile ground for customer questions. Now is the time to review your existing customer communication procedures to be sure that appropriate personnel and/or departments are tasked with handling inquiries, and that all personnel, especially customer-facing personnel, know to whom they should direct customer inquiries regarding flood insurance.
  4. Monitoring and Audit. As previously mentioned, the board and management have ultimate responsibility for ensuring compliance with flood insurance regulations. An effective compliance monitoring/audit function is paramount in carrying out this responsibility. The coming changes in the regulations will require management and the board to revisit certain aspects, if not all, of the flood insurance compliance program. Despite your training and planning efforts to implement perfectly the changes to your flood insurance processes and procedures, mistakes will be made. The wise bank will test the new processes early and frequently to head off any systemic issues. Better you find any problems and fix them, than to have them discovered by the examiners at your next compliance exam.

Changes are coming, and it is safe to say these will not be the last. Getting out ahead of the changes and planning for them is the key to successfully navigating the changing flood waters.

Shareholder Lawsuits in a Sale: Are They Legit or is it a “Stick-Up” Business?


12-8-14-Hovde.jpgA troubling litigation trend in recent years has been the surge in lawsuits related to mergers and acquisitions. My first introduction to this phenomenon came in 2011 while representing a publicly traded bank in the Southeast that sold to a larger, stronger in-state buyer. Within an hour of announcing the deal, multiple class action lawsuits were filed in a variety of different states. Proponents of these suits contended that the sale process was flawed and that directors breached their fiduciary duties by not maximizing shareholder value. They cited the existence of restrictive deal protections that discouraged additional bids and conflicts of interest, such as change-of-control payments as well as insufficient disclosure in the proxy statement. The suit in 2011 was eventually settled with the selling shareholders receiving “beefed-up” disclosure with no increase in consideration. Plaintiffs’ lawyers, however, were awarded significant fees. These suits have become a given in virtually all transactions involving public sellers, including very small transactions. While essentially none of these lawsuits seem to have any true merit, they must be dealt with and settled in order to avoid costly and protracted litigation, including the risk of injunction that could block a deal.

In a paper originally published in January 2012 and subsequently published in January 2013 entitled “A Great Game: The Dynamics of State Competition and Litigation,” Matthew Cain, a Notre Dame business professor, and Ohio State University Associate Professor of Law Steven Davidoff reviewed all merger transactions since 2005 with over $100 million in deal value that involved publicly traded targets. They found a disturbing trend. According to the research, approximately 40 percent of deals in 2005 attracted litigation, whereas 97.5 percent (78 out of 80) of deals in 2013 resulted in a shareholder lawsuit. As the authors observe, “in plain English, if a target announces a takeover, it should assume that it and its directors will be sued.” The primary driver of this increased litigation, of course, is the money to be made in the settlement process. While fees paid to plaintiffs’ attorneys have been coming down over the years, the median fee paid in 2013 was still a hefty $485,000. The court system does seem to be coming around to the dubious nature of these suits with judges knocking down attorney’s fees, especially on disclosure-only settlements which made up nearly 85 percent of settlements in 2013. With these types of lawsuits following even the smallest bank transactions, there is increasing hope that reduced fees will discourage the practice.

Although there appears to be very little benefit to selling shareholders in these lawsuits, they are likely here to stay since large fees can sometimes be extracted in the process. It’s important for a board to understand this reality and be prepared for it. While these suits rarely derail a well-constructed M&A transaction, settling and paying this “merger tax” often makes the most sense to ensure a smooth close. Buyers should factor in this added cost to their purchase price and deal with the lawsuits accordingly. Until legal fees in unmeritorious lawsuits are knocked down in a way that discourages their filing, they will remain an unfortunate reality in M&A.

Negotiate the Best Directors & Officers Liability Contract for Your Board


11-26-14-AHT.jpgThe bank’s directors & officers (D&O) policy is there to protect the personal assets of the individual directors and officers. In dire cases, it very well could be the last line of defense to ensure that individuals do not have to pay out of pocket after a lawsuit or regulatory fine. With that context, having an organized renewal process can ensure the best results. Here is our recommended step-by-step timeline to ensure the most comprehensive placement.

90 – 120 Days in Advance of the D&O Renewal: Renewal Strategy
Typically, the chief financial officer or in-house attorney would be responsible for the renewal discussions. The renewal strategy discussion with a broker could:

  • Review any recent successes or challenges at the bank that may have arisen since the last renewal and discuss what impact those may have on the renewal.
  • Analyze any recent claims and litigation trends that are impacting other bank boards as well as any changes in carrier appetite, any new carriers in the market, new language grants and pricing trends.
  • Update the limits benchmarking analysis and review the current limits sharing structure to ensure it is appropriate for a bank based on the asset size and risk analysis.
  • Determine a marketing strategy. Our advice is to market the D&O insurance at least every other renewal cycle and if you are on a three-year policy term, every cycle.

60 – 90 Days in Advance of the D&O Renewal: Insurance Application

  • If you are not sure of an answer to a specific question, it is always better to leave it blank rather than guess.
  • If a question can be answered by a document that is publicly available, simply answer, “see public filings.” This way, when you are completing the same renewal application the following year, that field can remain as is.
  • Likewise, if the answer to a question requires more than a handful of words, it is always OK to respond, “see attached.” This way, at the following renewal, all you need do is update the attachment.

45 – 60 Days in Advance of the D&O Renewal: D&O Underwriter Meeting
The next step is to give the underwriters an opportunity to learn more about the bank other than from the insurance applications and the public filings. This is accomplished via the D&O underwriter meeting/call. The call leader is usually the chief executive officer or chief financial officer, but could include counsel or the chairman of the board as well. The process for this meeting is to collect all of the underwriters (including the incumbent) into either one location or one call. Having the incumbents on the call with competitors will let the incumbents know they are going to have to sharpen their pencils to keep the business. There are other benefits as well:

  • You can allow underwriters to hear from the bank executive(s) directly, the best advocates of the bank.
  • The call gives executives the chance to answer verbally instead of in writing.
  • You can express the importance of everyone’s time on the call, so underwriters should get the message that they should speak now or forever hold their peace. We typically find that this really streamlines the process from call to quote to bind.

Note that the process includes collecting all underwriter questions in advance of the call and providing these to the executive team several days prior to the call, so they have an understanding of what types of questions may get asked.

20-30 Days Prior to Renewal: Taking Bids
After the meeting, all that is left is to do is collect, compare and summarize the different quotations. Note that most underwriters will typically not offer a quote more than a month in advance of the renewal, so expect 20-30 days prior to renewal to start hearing about the different coverage improvements and recommendations. Because of all of the ground work already done, this part is typically the easiest, as the whole process normally has come to a positive end. Of course, the audit committee, or in most cases, the full board will want to hear the recommendations and make a final decision.

Underwriters Focusing on Rising M&A Claims and BSA Enforcement


Serving on a bank board comes with a lot of liability. State courts have decided that even independent, part-time directors can be guilty of gross negligence when their banks fail, for example. Directors often get sued by shareholders following an acquisition. And regulatory authorities can levy their own fines against individuals who serve on bank boards for the bank’s violations of regulatory rules. Bank Director magazine talked to Dennis Gustafson of AHT Insurance about the trends of particular interest to the board, such as directors and officers (D&O) liability insurance and cyber policies.

What trends are you seeing in claims?
We are seeing a shift. Last year at this time, the number one D&O claim was from the Federal Deposit Insurance Corp. (FDIC) relating to failed banks. A lot of these banks failed three to six years ago, so we are starting to see a decrease in those claims and M&A claims are on the rise as M&A activity heats up and as attorneys find opportunities to sue. If you are a public company getting acquired and have a market cap of greater than $100 million, there is a 97 percent chance of a lawsuit. The allegations are you didn’t do enough due diligence, you didn’t get a high enough price or you didn’t notify [shareholders] in an appropriate manner. Typically, the only impact of the lawsuit is an updated proxy statement but $500,000 to $1 million could be spent, mostly on legal fees. For those banks with more than $1 billion in assets, if there is any likelihood of the bank being acquired, the underwriter may require a separate, and higher, deductible for M&A claims.

Another shift in claims trends is in the cyber liability arena. It used to be the most frequent cyber claim was for notification costs after a breach of cybersecurity, because state laws require you to notify your customers of a breach. However, since more states are allowing for e-mail notification, the notification costs are decreasing and as such, so is the claim severity related to those notifications. In lieu of notification costs, we are seeing more and more claims relating to forensics, where the bank has to investigate the breach, why it happened and how, and sometimes hiring consultants to do these investigations can get very expensive.

What coverages are afforded in a typical cyber insurance policy?
In addition to coverage for notification costs and forensics, the typical cyber liability policy reacts to a lawsuit or demand from a customer or group of customers arising from a breach in network security. From there, coverages can differ based on the policy form and options offered. Some additional extensions of coverage include:

  • when a hacker accesses your client information and requests a ‘consulting fee’ or they will release the information
  • loss of revenue stemming from a network breach
  • a breach of physical security (i.e. dumpster diving or a lost laptop)

What changes are you are seeing from underwriters?
In previous years, most underwriter questions related to asset or loan quality. Now, we are seeing more questions related to the Bank Secrecy Act, wire transfer policies, and anti-money laundering programs. Common questions include: For wire transfers, what policies are in place relating to call backs [to confirm the authenticity of the transfer]? What controls do you have in place to protect the bank against money laundering? Are there any new hires or new procedures relating to bank secrecy?

What question do you hear most from bank directors?
The question I get most is about the gap in coverage for civil money penalties. The civil money penalty is assessed by the FDIC against the bank or against individuals if the FDIC perceived that those individuals did not work in the best interest of the customer. The most common allegation is gross negligence and more often than not, it is related to a loan or to a bypass in procedures. The FDIC put out a letter last October explicitly clarifying that if bank directors or officers were assessed a civil money penalty, they cannot be covered by the bank’s insurance or be indemnified by the bank. With that said, it would not be out of compliance with the guidelines if the individual were to purchase a policy on his or her own dime just to cover civil money penalties. The average civil money penalty was $51,250 and the median was $25,000 since 2012. The FDIC assesses the vast majority of these penalties.

Why should directors be worried about civil money penalties?
Most people do not join a board of a community or regional bank for the little or no compensation they may earn. The last thing they want is to have any of their decisions or activities possibly cost them out of pocket.

What You Don’t Know Can Hurt You: 10 Things to Watch When You’re on a Bank Board


8-8-14-alston-bird.pngThe legal and regulatory climate for a bank is changing on a weekly basis. At least in part due to this, the expectations and liability risk of a bank director are not the same as a year ago, let alone five years ago. To help address this, we crafted a list of some broad themes we believe bank directors should be particularly attuned to now.

Enterprise Risk Management
Risk management is a function, not a committee. Boards need to implement a process to ensure that risks are properly identified and addressed in such a way that the board can demonstrate a “credible challenge” to management. And, beyond creating an effective corporate clearing house for risk, boards need to ensure that the bank possesses a management team capable of carrying out this function.

Third Party Risk
Vendor management has become a hot-button for all banks, as formal and tacit guidance continues to emerge. In addition to performing and memorializing due diligence around vendor selection, banks need to be in a position to understand and properly supervise the work of any vendors. This means having a properly qualified and trained management team that addresses the operational, compliance and other risks potentially resulting from reliance on third parties.

Trust Preferred Securities (TRuPS)
Many banks were forced to defer payments on TRuPS in the aftermath of the 2008-2009 crisis period. With the five year TRUPS deferral period now coming to an end, many bank holding companies don’t possess the funds (and cannot compel a bank dividend) to bring the TRuPS current. Further, regulators have insisted that any proposed capital raise be sufficient not only to pay off the TRuPS, but also to result in a composite CAMELS 2 rating for the bank. Your board needs to understand the resulting threats and opportunities.

Deferred Tax Asset Preservation
Bank regulatory agencies have begun to take issue with rights plans that are designed to preserve deferred tax assets (DTAs), citing the safety and soundness concerns that such plans could present by complicating future capital raises. As regulatory guidance on this point appears imminent, your board needs to understand the implications for your bank and your competitors.

Director Liability
Boards should ensure that they have the benefit of up-to-date exculpation and indemnification provisions in the bank’s charter and bylaws, as well as a robust directors and officers (D&O) insurance policy that is not rendered useless by a host of exemptions. In addition, with so much of the recent banking litigation being focused on process, your board should reconsider and redefine the way that your bank makes, records and polices its deliberations and decisions.

Role of Directors in Lending Decisions
Clearly, directors should be involved in defining the scope of a bank’s lending activities, the delegation of lending authority, and the monitoring of credit concentrations and other risks. But should directors serve on loan committees, and make the actual lending decisions? It’s time to reassess this important issue. Directors making day-to-day lending decisions can blur the lines of proper governance and needlessly expose directors to additional liability risk.

Charter Conversions
Each of the banking agencies seems to be developing a different regulatory mood on key issues, such as business plans, consumer compliance and risk-based regulation. In this post-crisis environment, it is important that you consider whether your bank is appropriately chartered in light of its strategy. Put another way, the trends have changed, and you should consider how these changes affect your bank.

Growth Strategies in a Tough Lending Climate
With traditional loan growth being slow, banks continue to reach for less traditional loan products, such as asset-based lending, factoring, lease finance, reverse mortgages, premium finance, indirect auto lending, warehouse facilities, etc. As always, these products must be considered in light of concomitant compliance risks and capital requirements. Directors should ensure that management performs thorough risk assessments alongside their profit/loss projections.

The Effects of Basel III
Depending upon the size and makeup of your bank, the January 2015 Basel III changes will impact your bank’s regulatory capital position. At a minimum, directors need to understand from the bank’s CFO and auditors that there is a plan anticipating what the pro forma capital position is expected to be under Basel III.

Compliance Issues Can Sink a Strategy
Too many banks with solid strategies have seen their bank’s growth hindered by compliance failures. Bank Secrecy Act/anti-money laundering rules, consumer protection regulations, and poor oversight of third parties can result in enforcement actions and derail growth until the issues are remediated, which can take years. Boards must set a tone at the top with regard to the compliance culture of the bank.

The themes above are top of mind for us, but the environment remains dynamic. This list likely will look very different in another year.