No Relief for Small Banks in Regulators’ Third-Party Risk Management Guidance

Written by

Although the spring banking crisis loomed large at Bank Director’s Bank Audit & Risk Conference, panelists flagged another emerging area of focus for regulators: third-party risk management. 

On June 6, the Federal Deposit Insurance Corp., the Office of the Comptroller of the Currency and the Federal Reserve finalized their interagency third-party risk management guidance, which was first proposed in 2021. The recent publication outlines regulators’ expectations for how banks approach vendors and partnerships, especially with financial technology companies. On June 13, less than a week after its release, panelists at the Chicago event warned more than 200 bankers in attendance, many of whom represent community banks, that the wide-ranging guidance is broad and makes no exemption for bank asset size. The new document replaces and updates the guidance different federal regulators have issued over the years and creates one set of expectations.

“The environment is going to get tougher [for banks], but the biggest thing is stricter enforcement of existing regulation,” said Brandon Koeser, financial services senior analyst at RSM US. He listed “capital, liquidity, credit and partnerships” as the four areas of examiner focus. 

The 2023 guidance came out in response to banks’ increasing use of third parties for quicker and more efficient access to new technologies, human capital, products, services and markets, for example. But using third parties comes with risk.   

Regulators are concerned that using third parties can increase complexity, complicate oversight of bank activities, introduce new risks or increase existing risks in areas like operations, compliance and strategy. “This guidance they put out applies to all third-party relationships, regardless if they’re formal and under contract or if they’re informal relationships. It applies to your vendors, your consultants, your payment processing services partners and fintech partners,” said Erik Walsh, counsel at Arnold & Porter. He added that it makes no carve outs for asset size or complexity.

Walsh says that banks need to identify all their relationships and begin putting into place “properly tailored risk management” that covers the lifecycle of the relationship — from internal planning before searching for a partner to relationship termination. He warned that this can be a “long and complicated” process that raises questions for smaller banks, and that some in the audience could be wondering, “How am I supposed to comply with this guidance?”

Walsh added that the third-party guidance does not have the force of a regulation or a statute but added “no one should let their guard down” and that regulators are “setting supervisory expectations.” He told the audience that third-party relationship oversight and governance starts with the board creating a risk appetite that’s communicated to the management team. Directors also need to set expectations around risk assessments of third parties, including the rigor and methodology of the assessment.  

Even though there’s no safe harbor or carve out for small banks, Arnold & Porter Partner Robert Azarow pointed out that regulators recognize that community institutions face challenges and limitations as they manage these relationships. For instance, they may have a harder time conducting thorough due diligence or contractual negotiations with fintechs. The guidance adds that third parties “may not have a long operational history, may not allow on-site visits, or may not share (or be permitted to share) information,” which can complicate a bank’s due diligence or oversight. Still, Azarow said risk assessments and ratings can help banks understand the potential consequences that arise from these relationships, like a vendor not delivering the promised good or service or a data breach that impacts the organization.

Walsh added that the guidance, although new, has already received criticism from inside and out of the agencies. “[W]hile detailed, I understand that this third–party risk management guidance nonetheless remains principles-based and risk-based. … That said, given the importance of the issue and the length of the guidance, I would support developing a separate resource guide for community banks as soon as practicable,” said Jonathan McKernan, an FDIC director, in a statement.

Federal Reserve Governor Michelle Bowman dissented, in part because of what she sees as gaps in the guidance that will lead to implementation challenges at banks.

“My expectation is that community banks will find the new guidance challenging to implement,” she said in her June 6 dissent. “In fact, our own Federal Reserve regional bank supervisors have indicated that we should provide additional resources for community banks upon implementation to provide appropriate expectations and ensure that small banks understand and can effectively use the guidance to inform their third-party risk management processes.”

Cryptocurrency: The Risk Banks Already Have

Written by

The cryptocurrency market continues to evolve: New companies launching coins, wallets, exchanges and applications seemingly emerge every day, and crypto founders were named to Time Magazine’s Most Influential List.

The total market capitalization of cryptocurrency eclipsed $2 trillion on April 5, 2021, and sat at $2.44 trillion as of Sept. 15, 2021. El Salvador became the first country in the world to make Bitcoin legal tender, with President Nayib Bukele saying, “Bitcoin would be an effective way to transfer the billions of dollars in remittances that Salvadorans living outside the country send back to their homeland each year.”

More importantly, financial regulators have taken notice. Make no mistake, regulation oversight is coming. Kenneth Blanco, director of the Financial Crimes Enforcement Network, said, “Banks must be thinking about their crypto exposure. If banks are not thinking about these issues, it will be apparent when examiners visit. In January, the Office of the Comptroller of the Currency published a letter clarifying the authority to participate in independent node verification networks (INVN) and use stablecoins to conduct payment activities and other permitted banking activities for national banks and federal savings associations, along with the instructions that in participating in this capacity, “a bank must comply with applicable law and safe, sound, and fair banking practices.”

Gary Gensler, the U.S. Securities and Exchange Commission chairman, is intimately knowledgeable of cryptocurrency, having taught a course called Blockchain and Money at the Massachusetts Institute of Technology. Sen. Elizabeth Warren (D-Mass.) has pressed Treasury Secretary Janet Yellen to use her position as the chair of the Financial Stability Oversight Council to “ensure the safety and stability of consumers and our financial system.”

A number of large, leading banks are evolving their crypto programs, testing their crypto infrastructure and readying their organizations for participation in the crypto marketplace, whether as a custodian, exchange, coin issuer, broker, payment processor or participant. Other banks are in the queue to be fast followers and/or limited participants. They want to see how the market develops and how regulators react to the initial wave of participation. Yet, other institutions look at cryptocurrency participation as either a long-term initiative, or an activity that does not fit their risk profile.

The fact of the matter is, likely every bank has exposure to cryptocurrency in some capacity. Approximately 13% of Americans bought or traded cryptocurrency in the past 12 months, and approximately 46 million Americans (17% of the adult population) own at least a share of Bitcoin. That means that about one in eight Americans actively participates in the crypto marketplace. Unless your bank has less than eight customers, the law of averages dictates that your institution has exposure and one or more of your customers has sent or received money to or from entities within the cryptocurrency marketplace.

The good news is there are tools to help banks identify current exposure, track payments and facilitate compliance monitoring and reporting needs. As with any tool, the effectiveness of those tools comes down to features and performance. Some tools use name matching to identify that participation. However, the ownership structure of many of these emerging companies use innocuous-sounding corporate holding company names for payment processing to their crypto companies, which can make these tools less effective — complicating the current struggle of evaluating false positives by name checking alone. There are also tools and services which can do advanced due diligence on virtual asset service providers and help identify crypto money service businesses and previously unidentified crypto payments. Once an institution can assess current state exposure, it can develop an action plan.

Acknowledging that willingly or otherwise, most financial institutions have been brought into the crypto ecosystem and should be developing a plan of action now. The first step is to identify and assess an institution’s current state of exposure to cryptocurrency. Next, it should develop a strategy defining the institution’s planned participation in this space. Key considerations include: how transactions outside the organization’s risk tolerance will be handled and how the governance, risk and compliance (GRC) programs of the organization need to be updated to reflect the current and future state of doing business.

As the crypto ecosystem and regulations continue to evolve, savvy institutions will ensure they understand their current exposure in the market and work toward a target future-state GRC program that addresses the risks to which the organization is exposed.

5 Reasons to Shift the Appraisal Process to an AMC Model

Written by

Record mortgage activity in 2020 has inspired many lenders that have traditionally managed their appraisal processes to look at working with an appraisal management company, or AMC.

Working with an AMC allows lenders to focus on their core competencies, which is essential in this demanding environment. While some are shifting entirely to an AMC model, others are considering a hybrid approach that utilizes their original panel but leverages the innovative technology of an AMC. Lenders can benefit from working with an AMC in the following areas:

1. National AMCs dedicate significant resources towards risk management and regulatory compliance
Keeping up with evolving statutes, regulations and industry standards requires an extraordinary level of diligence and investment from institutions. For example, lenders with in-house panels must be able to demonstrate to regulators that the individuals managing their panel are isolated from the sales, operations and production functions of their businesses so there can be no question as to their impartiality. Lenders that use an AMC are relieved of this burden, because AMC appraisers are independent of the lending organization.

High-quality AMCs constantly invest in risk and compliance measures, including developing and implementing technology, systems and protocols to address a whole host of compliance needs. The best AMCs are poised to respond quickly to regulatory changes and incorporate new lender-driven requirements, policies and procedures.

2. AMCs reduce administrative oversight responsibilities
Partnering with an AMC relieves lenders of the responsibilities and overhead related to maintaining and managing an appraiser panel, such as screening, selecting and boarding new appraisers; auditing for certifications, licenses and insurance; and scoring appraisers to ensure  the most qualified appraiser is assigned to each order.

In addition to screening, onboarding and ongoing ranking, the best AMCs will require errors and omissions insurance. They also require or supply state and federal background checks for every appraiser. Premier AMCs go even further and invest in sophisticated score-carding across multiple disciplines to ensure that a highly qualified appraiser with the requisite skills and experience is selected for each appraisal.

3. Lenders benefit from the AMC’s technology and infrastructure
The best AMCs tend to be on the leading edge of technology. They make ongoing, sizable investments into developing and implementing technology, streamlining their own processes and providing a better experience for clients. AMCs with a national presence work closely with their lender base, which helps them anticipate and quickly react to emerging challenges.

When clients across the country share their insights into what they want and what their customers expect from a technology perspective, AMCs can identify trends that might take an individual lender a little longer to recognize, and help them keep their technology ahead of market- and quality-specific challenges.

For example, lenders can benefit from working with an AMC that offers real-time, digital scheduling. This technology provides consumers, loan officers and real estate agents with increased convenience and transparency. It improves lenders’ processes by eliminating phone tag and scheduling delays. Instead, the user can select an appointment date and time and receive instant confirmation. This adds to the lender’s credibility as a partner focused on customer satisfaction.

Now more than ever, banks are tasked with ensuring data security – not only their own, but that of their third-party suppliers. The top AMCs constantly invest in best-in-class security infrastructures and prioritize data security through advanced controls and regular audits of their facilities, systems, communications, and internet protocols.

4. AMCs help lenders scale
Many lenders needed to quickly recruit appraisers this year, as refinance volume spiked to a 17-year high. AMCs were able to accommodate these volume fluctuations because they had deep appraiser panels in place with nationwide coverage.

Because AMCs manage volume from lenders around the industry, they build scalability into their capabilities. In addition, this deeper pool of talent offers a wider range of knowledge such as specific property types and value ranges.

5. AMCs offer options
While some lenders may opt to shift fully to an AMC model, others elect a hybrid approach. This might take the form of adopting the AMC’s technology but not its panel management, allowing an AMC to manage a bank’s existing panel as an independent entity, or leveraging an AMC when handing off volume outside of the geographic footprint or area of expertise.

When a lender has a trusted panel they want to keep but not manage, it can allow the AMC to manage those appraisers in their system. The lender benefits from the AMC’s technology, experience and appraiser oversight, score-carding and recruitment capabilities, while eliminating their operational and fixed-personnel costs. The financial and operational benefits of this type of model can be exceptional.

To learn more about ServiceLink, visit svclnk.com.

*ServiceLink Valuation Solutions, LLC, (“ServiceLink”) is a registered Appraisal Management Company (“AMC”) in all states with AMC licensing requirements. ServiceLink’s AMC license numbers in states that require disclosure on these instructions are: NV # AMC.0000118, VT # 077.0067954-MAIN, WI #2-900.

A Bank Board’s Role During a Pandemic

Written by

Don’t just sit there — do  something!

This is probably the normal emotional reaction of many bank directors as the COVID-19 pandemic consumes large chunks of the U.S. economy, possibly putting their institutions at risk if the crisis leads to a deep and enduring recession.

The role of the board, even in a crisis of this magnitude, is still to provide oversight rather than manage. The board’s role doesn’t change during a crisis, but certainly the governance process must become more focused and strategic, the pace of deliberations must quicken and communication becomes even more important.

Bank boards are ultimately responsible for the safety and soundness of their institutions. While senior management devotes their full attention to running the bank during a time of unprecedented economic turmoil, the board should be looking ahead to anticipate what might come next.

“I think the challenge for [directors] is to gauge the creeping impact on their bank over the next few months,” says James McAlpin, who heads up the banking practice at Bryan Cave Leighton Paisner in Atlanta. “The board’s role is oversight … but I believe that in certain times — and I think this is one of them — the oversight role takes on a heightened importance and the board needs to focus on it even more.”

Many economists expect the U.S. economy to tip into a recession, so every board needs to be looking at the key indicia of the health of their bank in relation to its loan portfolio. “I’ve spoken to a few CEOs and board members over the past couple of weeks where there are active conversations going on about benchmarks over the next few months,” says McAlpin. “‘If by, say, the end of April, certain events have occurred or certain challenges have emerged, this is what we’ll do.’ In other words, there’s pre-planning along the lines of, ‘If things worsen, what should be our response be?’”

This is not the first banking crisis that David Porteous, the lead director at Huntington Bancshares, a $109 billion regional bank in Columbus, Ohio, has lived through. Porteous served on the Huntington board during the previous banking crisis, recruiting a new executive management team and writing off hundreds of millions of dollars in bad loans. That experience was instructive for what the bank faces now.

Porteous says one of the board’s first steps during the current crisis should be to take an inventory of the available “assets” among its own members. Are there directors whose professional or business experience could be helpful to the board and management team as they work through the crisis together?

Communication is also crucial during a crisis. Porteous says that boards should be communicating more frequently and on a regular schedule so directors and senior executives can organize their own work flow efficiently. Given the social distancing restrictions that are in effect throughout most of the country, these meetings will have to occur over the phone or video conferencing.

“You may have meetings normally on a quarterly or monthly basis, but that simply is not enough,” Porteous says. “You need to have meetings in between those. What we have found at Huntington that served us very well in 2008 and 2009 and is serving us well now, we have set a time — the same day of the week, the same time of the day, every other week — where there’s a board call. So board members can begin to build their plans around that call.”

Porteous says the purpose of these calls is for select members of the management team to provide the board with updates on important developments, and the calls should be “very concise, very succinct” and take “an hour or less.”

Porteous also suggests that either the board’s executive committee or a special committee of the board should be prepared to convene on short notice, either virtually or over the phone, if a quick decision is required on an important matter.

C. Dallas Kayser, the non-executive chairman at City Holding Co., a $5 billion regional bank headquartered in Charleston, West Virginia, says that when the pandemic began to manifest itself in force, the board requested reports from all major divisions within the bank. “The focus was to have everybody drill down and tell us exactly how they’re responding to customers and employees,” he says. Like Porteous at Huntington, Kayser has asked the board’s executive committee to be available to meet on short notice. The full board, which normally meets once a month, is also preparing to meet telephonically more often.

As board chair, Kayser says he feels a special responsibility to support the bank’s chief executive officer, Charles “Skip” Hageboeck. “I’ve been in constant conversations with Skip,” he says. “I know that he’s stressed. Everyone is, in this situation.” Being a CEO during a crisis can be a lonely experience.  “I recognize that, and I’ve made myself available for discussions with Skip 24/7, whenever he needs to bounce anything off of me,” Kayser says.

One of the things that every board will learn during a crisis is the strength of its culture. “The challenges that we all face in the banking industry are unprecedented, and it really becomes critical now for all directors, as well as the senior leadership of the organizations that they oversee, to work together,” says Porteous. One sign of a healthy board culture is transparency, where neither side holds back information from the other. “You should have that all the time, but it’s even more critical during a crisis. Management and the board have got to have a completely open and transparent relationship.”

3 Ways a Democratic Presidency Could Impact Executive Compensation

Written by

Sen. Elizabeth Warren, D-Mass., recently wrote, “Almost ten years ago, Congress directed federal regulators to impose new rules to address the flawed executive compensation incentives at big financial firms. But regulators still haven’t finalized (let alone implemented) a number of those key rules, including one that would claw back bonuses from bankers if their bets went bad in the long run. As President, I will appoint regulators who will actually do their job and finish these rules.”

Warren is referring to the Dodd-Frank Wall Street Reform and Consumer Protection Act, which was introduced in 2010 as a response to the 2008 financial crisis. The act contained over 2,300 pages of provisions, including a number that impact executive compensation, to be implemented over several years. A few provisions — like management say-on-pay, say-on-golden-parachutes, CEO pay ratio — have been implemented, while others like incentive-based compensation arrangements (§ 956), clawbacks (§ 954) and pay-versus-performance (§ 953(a)) remain in limbo.

In any Democratic presidency, incentive-based compensation (§ 956) may be the easiest provision to finalize. The 2016 proposal creates a general restriction for banks with more than $1 billion in assets on incentive compensation arrangements that encourage inappropriate risks caused by a covered person receiving excessive compensation that could lead to a material financial loss. As proposed, it is very prescriptive for banks with assets of $50 billion or more, requiring mandatory deferrals, a minimum clawback periods, ability for downward adjustments and forfeiture.

The final rules for § 956 were re-proposed in 2016, but regulators’ interest in the topic has been muted during President Donald Trump’s administration. There are other ways that executive compensation programs could be impacted by a Democratic president, of which Warren is one contender for the nomination. While not exhaustive, we see three potential changes — beyond § 956 — that could impact  executive compensation programs.

1. Increased Regulatory Oversight
In almost all scenarios, a Democratic presidency will be accompanied by an increase in regulation. The 2016 sales practices scandal at Wells Fargo & Co. brought incentives into the spotlight. The Federal Reserve Board has stressed the importance of firms having appropriate governance of incentive plan design and administration, and have audited the process and structure in place at banks. One key thing that firms can and should be doing, even if the party in power does not change, is implement a documented and thorough incentive compensation risk review process as part of a robust internal control structure. Having a process in place will be key in the event of regulatory scrutiny of your compensation programs.

2. Mandatory Deferrals
Warren re-introduced and expanded the concept of mandatory deferrals through her Accountable Capitalism Act of 2018. This proposed legislation restricts the sales of company shares by the directors and officers of U.S. corporations within five years of receiving them or within three years of a company stock buyback. Deferred compensation gives the bank the ability to adjust or eliminate compensation over time in the event of material financial restatements or fraudulent activity, and is sure to be a topic that will come up with a Democratic presidency.

While the concept is different from deferred compensation, many firms have introduced holding periods in their long-term incentive programs for executives. This strengthens the retentive qualities of the executive incentive program and provides some accounting benefits for the organization, making it something to consider adding to stock-based incentive plans.

3. Focus On More Than The Shareholder
The environmental, social and governance (ESG) framework has been a very hot topic in investment communities, with heavy-hitting institutional investors introducing policies relating to ESG topics. For example, BlackRock is removing companies generating more than 25% of revenues from thermal coal production from its discretionary active investment portfolios, and State Street Corp. announced that it will vote against board members for “consistently underperforming” in the firm’s ESG performance scoring system. Warren believes that companies should focus on “the long-term interests of all of their stakeholders — including workers — rather than on the short-term financial interests of Wall Street investors.” It remains to be seen exactly what future compensation plans for banking executives will look like, though the myopic focus on total shareholder return may become a thing of the past.

Many potential incentive compensation changes that are likely to occur under a Democratic presidency already exist in the marketplace, including holding periods for long-term incentive plans; incentive compensation risk review, including the internal control structure; mandatory deferrals and clawbacks; and aligning incentive plans with the long-term strategy of the organization. Directors should evaluate their bank’s current plans and processes and identify ways to tweak the programs to ensure their practices are sound, no matter who takes office in 2021.

Best Practices for Onboarding New Directors

Written by


governance-9-12-19.pngJoining a bank board can be a bewildering experience for some new directors. There’s a lot to learn, including new, confusing abbreviations and financial metrics specific to the banking industry. But with the right approach, bank boards and nominating/governance committees can make the experience easier.

Onboarding new directors and more quickly acclimating them to the world of depository institutions is essential to ensuring banks have a functioning board that is prepared to navigate an increasingly changing and complex environment. It can also reduce potential liability for the bank by ensuring its members are educated and knowledgeable, and that no one personality or viewpoint dominates the boardroom.

Banking differs from other industries because of its business model, funding base, regulatory oversights and jargon. Directors without existing knowledge of the industry may need one to two years before becoming fully contributing members who can understand the most important issues facing the bank, as well as the common parlance.

Proactive boards leverage the chairperson to create an onboarding process that is comprehensive without being overwhelming, and tailor it to suit their institution’s particular needs, as well as the skill sets of newly recruited board members. The chair can work with members of the nominating/governance committee and executives like the chief financial officer to create a specific onboarding program and identify what pertinent information will best serve their new colleague.

Bank Director has compiled the following checklist to help strengthen your bank’s onboarding program.

1. Help new directors understand their role on the board.
New directors often come in with a background in business or accounting, skills that are useful in a bank boardroom. But business success in one industry may not readily translate to banking, given the unique aspects of its business model, regulations and even vocabulary associated with financial institutions. New directors can access insights on “The Role of the Board” through Bank Director’s Online Training Series.

Banks are uniquely regulated and insured. Directors should be able to appreciate the role they serve in their oversight of the bank, as well as the role regulators have in keeping the bank safe and sound, and ensuring prudent access to credit.

2. Provide an overview of the banking industry.
Directors often aren’t bankers and will need to be acquainted with the business of banking broadly.

With this overview will come the distinctive terms and acronyms that a new director may hear tossed around a boardroom. Boards should either create or provide a glossary with definitions and acronyms of terms, including the principal regulators and common financial metrics.

Click HERE to access Bank Director’s Banking Terms Glossary.

3. Provide an overview of your bank’s business model and strategy.
Directors will need to understand the bank’s products, including how it funds itself, what sort of loans it makes and to whom, as well as other services the bank provides for a fee. They will also need to learn about the bank’s credit culture, capital regime and its approach to risk management, including loan loss reserving.

4. Create a reading list.
There are a number of internal and external resources that new board members can access as they become acclimated to the ins and outs of bank governance. Internally, they should have access to recent examination reports, call reports, and quarterly and annual filings, if they exist. They should also access external resources, like Bank Director’s Online Training Series, the Federal Reserve Bank of Kansas City’s 2016 publication, “Basics for Bank Directors,” and “The Director’s Book,” published by the Officer of the Comptroller of the Currency.

Additionally, they should keep up-to-date with the industry through bank-specific publications, such as Bank Director’s newsletter and magazine.

5. Schedule one-on-one meetings with the management team.
A new board member will need to understand who they are working with and the important roles those individuals play in running a successful bank. Their onboarding should include meetings with the management team, especially the CFO for a discussion about the financial metrics, risk measurement and health of the bank. It may also be prudent to schedule a meeting with other executives who oversee risk management at the bank.

6. Schedule one-on-one meetings with members of the board and key consultants.
New directors should sit down with the heads of board committees to understand the various oversight functions the board fulfills. The bank may also want to reach out to the firms it works with, including its accounting, law and consulting firms, to chat about their roles and relationship with the company.

7. Emphasize continuing education.
Boards should convey to new members that they expect continued education and growth in the role. One way to achieve this is through conference attendance, which can provide intensive and specialized education, as well as a community of directors from banks in other geographic areas that new members can learn from. Direct new board members to events hosted by your state banking association, if available, or sign them up for annual conferences like Bank Director’s Bank Board Training Forum.

Look for conferences that offer information calibrated to a director’s understanding, starting with basic or introductory instruction suited for new directors. The conferences should also facilitate discussion among directors, so that they can learn from each other. As a director grows in the role, the board can seek out more specialized training.

Successful onboarding should help new directors acclimate to the world of banking and become a productive member of the board. Boards should expect their directors to become comfortable enough that they go beyond thoughtful listening and ask intelligent questions that reinforce the bank’s strategy and its risk management.

Outsourcing the Service, Not the Oversight

Written by


oversight-7-2-19.pngEvery bank director has heard it: You can outsource a service, but you cannot outsource the responsibility.

That sounds clear enough, but how does a board know what its role should be when an opportunity to partner with a financial technology firm, or fintech, arises? The board’s role is oversight and guidance, not day-to-day management. But oversight is not passive. So what does board oversight look like in the evolving world of bank and fintech relationships?

Consider a bank that is reviewing a proposal from a fintech. Management believes that this is a great opportunity for the institution, and presents it to the board for approval. What is the board’s role here? The board’s involvement must be flexible enough that it can react to these situations, but it should also consider some essential inquiries, such as:

Does the proposal match up with the bank’s strategic plan? The board is responsible for the strategic direction of the bank. Directors should consider if the proposal is an appropriate project for the size, resources and initiatives of the bank. They must also think about whether the proposal aligns with the bank’s strategic plan. If the proposal does not match up with the strategic plan, they may also want to consider if it is material enough that the strategic plan should be amended.

What are the risks? The board is responsible for ensuring that an effective risk management program is in place at the bank, which includes the ability to fully assess risks and establish controls and oversight to mitigate those risks. It should assess the fintech proposal through its risk management process

Management should provide the board with a comprehensive risk assessment of the proposed relationship that thoroughly outlines how each identified risk will be mitigated. The board should look at that assessment critically. Was it prepared by competent and experienced personnel? Does it appear to be thorough? Does it focus on IT risks or other narrow issues, or take into account all of the compliance issues? Does it include state laws, which is especially important if the bank is state-chartered? How does the assessment address concerns about privacy and cybersecurity? What does it say about reputation risk?

Is there a negotiated contract that addresses all of the risks? The board is responsible for ensuring that all third-party relationships are documented in negotiated contracts that protect the interests of the bank. The board needs to ensure that appropriate legal counsel is engaged to negotiate the arrangement, depending on the riskiness of a proposed fintech relationship. Counsel should have a thorough understanding of the legal issues involved in the proposed program and the applicable regulatory guidelines for third-party contracts.

The actual contract negotiation should be done by management. However, the board could consider requiring a summary of the important contract provisions or a presentation by management or legal counsel about the terms, depending on the level of risk involved and materiality to the bank.

How will the board know if the program is performing? The board should receive ongoing reports relating to monitoring of the program and the fintech. These reports should be sufficient for the board to establish that the program is compliant with law, operates in accordance with the contract and meets the strategic objectives of the bank. If the program is not performing, the board should know whether appropriate action is underway to either facilitate performance or terminate the program.

A bank’s board cannot outsource its responsibility for outsourced services, even if a fintech partner seems to have a fantastic product. The board must ask enough questions to be certain that management has engaged in appropriate due diligence, identified the risks and determined how to mitigate those risks through the contract and oversight. The implementation of all of those steps is up to management. But one role in particular rests with the board: ensuring that the relationship with the fintech partner furthers the strategic goals of the bank.

Weighing the Value of a Bank Holding Company

Written by


governance-6-24-19.pngIn May, Northeast Bank became the fourth banking organization in two years to eliminate its holding company. Northeast joins Zions Bancorporation, N.A., BancorpSouth Bank and Bank OZK in forgoing their holding companies.

All of the restructurings were motivated in part by improved efficiencies that eliminated redundant corporate infrastructure and activities. The moves also removed a second level of supervision by the Federal Reserve Board. Bank specific reasons may also drive the decision to eliminate a holding company.

Zions successfully petitioned to be de-designated as a systemically important financial institution in connection with its holding company elimination. In its announcement, Northeast replaced commitments it made to the Fed with policies and procedures relating to its capital levels and loan composition that should allow for more loan growth in the long run.

Banks are weighing the role their holding companies play in daily operations. Some maintain the structure in order to engage in activities that are not permissible at the bank level. Others may not have considered the issue. Now may be a good time to ask: Is the holding company worth it?

Defined Corporate Governance
Holding companies are typically organized as business corporations under state corporate law, which often provides more clarity than banking law for matters such as indemnification, anti-takeover protections and shareholder rights.

Transaction Flexibility
Holding companies provide flexibility in structuring strategic transactions because they can operate acquired banks as separate subsidiaries. This setup might be desirable for potential partners because it keeps the target’s legal and corporate identity, board and management structure. But even without a holding company, banks can still preserve the identity of a strategic partner by operating it as a division of the surviving bank.

Additional Governance Requirements
A holding company’s status as a separate legal entity subjects it to additional corporate governance and recordkeeping requirements. A holding company must hold separate board of directors and committee meetings with separate minutes, enter into expense-sharing and tax-sharing agreements with its bank subsidiary and observe other corporate formalities to maintain separate corporate identities. In addition, the relationship between the holding company and its subsidiary bank is subject to Section 23A and Section 23B of the Federal Reserve Act, an additional regulatory compliance burden.

Additional Regulatory Oversight
Holding companies are also subject to the Fed’s supervision, examination and reporting requirements, which carry additional compliance costs and consume significant management attention. The Fed also expects bank holding companies to serve as a source of financial strength to their subsidiary banks, an expectation that was formalized in the Dodd-Frank Act.

Diminished Capital Advantages
Historically, holding companies could issue Tier 1 capital instruments that were not feasible or permissible for their bank subsidiaries, such as trust preferred securities and cumulative perpetual preferred stock. They also enjoyed additional flexibility to redeem capital, an advantage that has largely been eliminated by the Basel III rulemaking and Fed supervisory requirements. A holding company with existing grandfathered trust preferred securities or with registered DRIPs may find them useful capital management tools. Holding companies with less than $3 billion in consolidated assets that qualify under the Small Bank Holding Company and Savings and Loan Holding Company Policy Statement are not subject to the Fed’s risk-based capital rules. These companies are permitted to have higher levels of debt than other holding companies and banks.

Broader Activities, Investments
Bank holding companies, especially those that elect to be financial holding companies, can engage in non-banking activities and activities that are financial in nature through non-bank subsidiaries that are bank affiliates. In some cases, these activities may not be bank permissible, such as insurance underwriting and merchant banking. The Fed also has authority to approve additional activities that are financial in nature or incidental or complementary to a financial activity on a case-by-case basis.

Bank holding companies can also make passive, non-controlling minority investments that do not exceed 5 percent of any class of voting securities in any company, regardless of that company’s activities. By comparison, banks are limited to making investments in companies that are engaged solely in bank-permissible activities or must rely on authorities such as community development or public welfare authority to make investments. Banks may also have limited leeway authority to invest in specific securities or types of securities designated under the applicable state banking law or by the applicable state banking regulator.

Banks that are not interested in activities or investment opportunities available to holding companies may be less concerned about eliminating the structure. But an organization that engages in activities at the holding company level that are not permissible for banks or that desires to maintain its grandfathered rights as a unitary savings and loan holding company may not wish to eliminate its holding company.

Operating without a holding company would result in more streamlined regulatory oversight, corporate governance and recordkeeping processes. But a holding company provides the flexibility to engage in activities, to make investments and to create structures that a bank may not. Bank boards should weigh these costs and benefits carefully against their strategic and capital management plans.

The Most Effective Bank Directors Share These Two Qualities

Written by


director-6-14-19.pngBanks have a slim margin for error.

They typically borrow $10 for every $1 of equity, which can amplify any missteps or oversight. Robust oversight by a board of directors, and in particular the audit and risk committees, is key to the success of any institution.

“At the Federal Reserve Bank of Kansas City, we have consistently found a strong correlation between overall bank health and the level of director engagement,” wrote Kansas City Fed President Esther George in the agency’s governance manual, “Basics for Bank Directors.” “Generally, we have seen that the institutions that are well run and have fewer problems are under the oversight of an engaged and well-informed board of directors.”

This may sound trite, but the strongest bank boards embrace a collective sense of curiosity and cognitive diversity, according to executives and directors at Bank Director’s 2019 Bank Audit & Risk Committees Conference in Chicago.

Balancing revenue generation against risk management requires a bank’s audit and risk committees to invite skepticism, foster intelligent discussion and create a space for constructive disagreements. Institutions also need to remain abreast of emerging risks and changes that impact operations and strategy.

This is why curiosity, in particular, is so important.

“It’s critical for audit committee members to have curiosity and a critical mind,” says Sal Inserra, a partner at Crowe LLP. “You need to ask the tough questions. The worst thing is a silent audit committee meeting. It’s important to be inquisitive and have a sense of curiosity.”

Board members who are intellectually curious can provide credible challenges to management, agrees John Erickson, a director at Bank of Hawaii Corp.

Focusing on intellectual curiosity, as opposed to a set of concrete skills, can also broaden the pool of individuals that are qualified to sit on a bank’s audit and risk committees. These committees have traditionally been the domain of certified public accountants, but a significant portion of audit committee members in attendance at the conference were not CPAs.

Robert Glaser, the audit committee chair at Five Star Bank, sees that diversity of experience as an advantage for banks. He and several others say a diversity of experiences, or cognitive diversity, invites and cultivates diversity of thought. These members should be unafraid to bring their questions and perspectives to meetings.

Having non-CPAs on the audit committee of Pacific Premier Bancorp has helped the firm manage the variety of risks it faces, says Derrick Hong, chief audit executive at Pacific Premier. The audit committee chair is a CPA, but the bank has found it “very helpful” to have non-CPAs on the committee as well, he says.

Audit and risk committee members with diverse experiences can also balance the traditional perspective of the CPA-types.

It’s important [for audit committee members] to have balance. Bean counters don’t know everything,” says Paul Ward, chief risk officer at Community Bank System, who self-identifies as a “bean counter.”

“Some of the best questions I’ve seen [from audit committee members] have come from non-CPAs,” Ward says.

However, banks interested in cultivating intellectual curiosity and cognitive diversity in their audit and risk committees still need to identify board members with an appreciation for financial statements, and the work that goes into crafting them. After all, the audit committee helps protect the financial integrity of a bank through internal controls and reporting, not just reviewing financial statements before they are released.

Executives and board chairs also say that audit and risk committee members need to be dynamic and focus on how changes inside and outside the bank can alter its risk profile. Intellectual curiosity can help banks remain focused on these changes and resist the urge to become complicit.

I’ll be the first to admit that qualities like curiosity and cognitive diversity sound cliché. But just because something sounds cliché, doesn’t mean it isn’t also true.

Two-Thirds of Bank Directors Are Worried About the Same Thing

Written by


risk-6-12-19.pngAt around a quarter to seven o’clock on the evening of Saturday, May 11, firefighters showed up at Enloe State Bank in Cooper, Texas, to find a stack of papers on fire on the conference room table.

“We believe it is suspicious,” said the sheriff, “but we don’t have any more information at this point.” Three weeks later, regulators seized the bank “due to insider abuse and fraud by former officers,” according to Texas Banking Commissioner Charles Cooper.

It’s fair to say that Enloe State Bank is an outlier. It was the first bank to fail in a year and a half, in fact. And one can’t help but wonder what would lead someone to set papers ablaze on a conference room table.

Yet, incidents like this are important for bank executives and directors to register, because they underscore the importance of proactive oversight by a bank’s board—especially the audit and risk committees.

“The essence of the audit committee’s responsibilities is protecting the bank,” said Derrick Hong, the chief audit executive at Pacific Premier Bank, at Bank Director’s 2019 Bank Audit & Risk Committees Conference taking place in Chicago this week. “There are so many pitfalls and risks that could potentially take down a bank, so focusing on those things is the key responsibility of the audit committee.”

Admittedly, it seems like an odd time to worry about risk.

Bank capital levels have never been stronger or of higher quality, noted Steven Hovde, chairman and CEO of Hovde Group. Net charge-offs are lower across the industry than they’ve been in decades. And tax reform has catalyzed profitability. Despite narrow lending margins and subpar efficiency, the banking industry is once again earning more than 1 percent on its assets, exceeding the benchmark threshold last year for the first time since the financial crisis.

But it’s in the good times like these that banking’s troubles are sowed.

“You have to be proactive rather than reactive,” said Mike Dempsey, senior manager at Dixon Hughes Goodman LLP. This approach stems from culture, said Dempsey’s co-presenter LeAnne Staalenburg, senior vice president in charge of corporate security and risk at Capital City Bank Group.

“Culture is key,” said Stallenburg. “Having that culture spread throughout the organization is critical to having a successful risk management program.”

To be clear, the biggest threat to banks currently isn’t bad loans. Credit policy isn’t something to ignore, of course, because loan losses will climb when the cycle takes a turn for the worse. But banks have plenty of capital to absorb those losses, and memories of the last crisis are still fresh in many risk managers’ minds.

The biggest threat isn’t related to funding, either. Even though bankers are concerned about large institutions taking deposit market share as interest rates climb, 74 percent of attendees at Bank Director’s Audit & Risk Committees Conference said their institutions either maintained their existing share or gained share as rates inched higher.

Instead, according to conference attendees, the biggest threat is related to technology. When asked which categories of risk they were most concerned about, 69 percent identified cybersecurity as the No. 1 threat.

Vendor relationships only aggravate this concern. As Staalenburg and Dempsey noted in response to an attendee’s question, vendors offer another way for malicious actors to infiltrate a bank.

Even though we are in a golden age of banking, Hovde emphasized, now is not the time for a bank’s board, and particularly its audit and risk committees, to be complacent.

“Generally, we have seen that the institutions that are well run and have fewer problems are under the oversight of an engaged and well-informed board of directors,” wrote Kansas City Federal Reserve President Esther George in the Fed’s governance manual, Basics for Bank Directors. “Conversely, in cases where banks have more severe problems and recurring issues, it is not uncommon to find a disengaged board that may be struggling to understand its role and fulfill its fiduciary responsibilities.”