CRA Modernization Goes Back to the Drawing Board

Bankers value certainty and consistency when it comes to regulation, but the Community Reinvestment Act currently offers neither.

In May 2020, the Office of the Comptroller of the Currency issued a controversial revision of the decades-old law. The rewrite stirred up a hornet’s nest of controversy not just because of the changes themselves — some of which were long overdue and well received — but because the agency acted on its own after it was unable to reach an agreement with the Federal Reserve and the Federal Deposit Insurance Corp. The OCC’s decision was also significant because national banks account for approximately 70% of all CRA activity, according to the agency.

“I think not having all the regulators on the same page creates a lot of confusion in the industry,” says Michael Marshall, director of regulatory and legal affairs at the Independent Community Bankers of America.

The CRA, which was enacted in 1977 and applies to all federally insured banks and thrifts, was intended to require financial institutions to help meet the credit needs of the communities where they also raised their deposits. However, under the banking industry’s trifurcated federal regulatory system, compliance is monitored by three different agencies – the OCC for national banks, the Fed for state-chartered banks that are members of the Federal Reserve System, and the FDIC for state-chartered, nonmember banks.

Normally, the feds want one rule that applies to all banks regardless of their regulator. The FDIC initially joined the OCC in the CRA overhaul, but FDIC Chair Jelena McWilliams announced in May 2020 that the agency was not ready to finalize the revisions, intimating that she felt banks were too busy dealing with the impact of the pandemic on their borrowers to implement the new rule. The Fed, for its part, had already bowed out of a joint rulemaking process over a disagreement with the approach taken by the other two agencies. In September 2020, the Fed announced its own Advance Notice of Proposed Rulemaking (ANPR) to modernize the CRA and invited public comment on how to accomplish that.

The OCC’s decision to go it alone means there are now two CRA laws in effect — the agency’s revision rule for banks with a national charter and the previous rule for everyone else. Unfortunately, the confusion surrounding the CRA doesn’t end there.

The OCC’s revision was promulgated under former Comptroller of the Currency Joseph Otting, who was appointed by former President Donald Trump. Otting unexpectedly resigned as comptroller shortly after the agency’s CRA rule changes went into effect in May of last year, even though he was only halfway through his five-year term. The agency is now being run by Acting Comptroller Michael Hsu, a former Fed official who was appointed by the Biden Administration.

In July, the OCC announced that it would rescind the CRA revision developed under Otting — even though some parts of the new framework are already in effect, and national banks had already begun to comply with them. In the OCC’s announcement, Hsu said the “disproportionate impacts of the pandemic on low and moderate income communities,” along with comments that had already been provided to the Federal Reserve under its ANPR process and the OCC’s own experience implementing the 2020 revision, convinced him of the need to start over.

While the OCC deserves credit for taking action to modernize the CRA through adoption of the 2020 rule, upon review I believe it was a false start,” Hsu said in a statement. “This is why we will propose rescinding it and facilitating an orderly transition to a new rule.” Hsu also indicated the OCC would work closely with the Fed and FDIC in a joint rulemaking process, which would in effect piggyback off the Fed’s separate rulemaking process that began last September.

One of the biggest complaints about the CRA is that it was written in an era when deposit-gathering activities were almost exclusively branch-based. The industry’s digital transformation in recent years enables institutions — including large banks with national or multi-regional footprints as well as newer, digital-only banks — to raise deposits from anywhere in the country.

“When we thought of banks [in 1977], we thought of big buildings and pillars,” says John Geiringer, a partner and the regulatory section leader in the financial institutions group at Barack Ferrazzano Kirschbaum & Nagelberg. “Now, between our phones and smart watches, each of us is effectively a walking bank branch.”

Geiringer says the regulators are well aware that digital transformation puts traditional, branch-based banks at a disadvantage when it comes to CRA compliance. “I think there is the recognition in the regulatory community that to the extent that fintechs are encroaching upon the business of banking, they should be held to comparable standards,” he says. “There should be one level playing field.”

There was also a degree of ambiguity in the original law about what kinds of activities qualified for CRA consideration, and there could be variations between different examiners and agencies. One welcomed aspect of the OCC’s revised rule is a non-exhaustive, illustrative list of example activities that would qualify for credit. “Before, you had to call somebody,” says Geiringer, who referred to this as “the secret law of CRA.” With its revision, the OCC under Otting tried to provide more clarity around the issue of qualifying activities.

The OCC rule also imposed new data collection requirements that the ICBA’s Marshall says are of concern to smaller banks. But overall, the OCC’s CRA rewrite seemed to be an honest attempt to modernize a law that badly needed it.

So, what happens now?

I think the interagency process is going to continue moving forward, but in a slightly different direction in light of the fact that we now have the Biden Administration in power,” Geiringer says. “We have seen issuances from both the Biden Administration and others calling for more of an inclination toward the unbanked and the underbanked, and similarly … low- and moderate-income areas.”

A permanent comptroller, once one has been installed at the OCC, could pursue a progressive agenda that goes beyond just modernization. Another scenario that could potential impact any CRA reform initiative is the fate of Fed Chair Jerome Powell, whose term ends in February 2022. Powell is a middle-of-the-road Republican who might be expected to have a moderating influence on CRA reform. Should Powell be replaced by a Democrat who leans more to the left on economic policy matters, that could steer CRA reform in a more progressive direction.

Equally unclear is how long a joint rulemaking process — if indeed the three federal agencies commit to that — will take. A unified revision probably won’t be issued until 2022 at the earliest. In the meantime, the industry is left with no clear sense of what that new rule might look like.

Why Regulation Should be Part of Cryptocurrencies’ Future

Despite a recent embrace by the capital markets and financial corporations, digital assets and cryptocurrencies are still not at the point of widespread, global adoption. To get there, lawmakers and financial agencies should implement rules and regulations to protect consumers and enable the space to develop further as an alternative financial system.

The evolution of digital assets like cryptocurrencies has a phenomenal potential to change the financial industry. However, it also creates challenges. Digital assets are decentralized and do not rely on either governmental authorities or financial institutions to create, transmit or determine the value of a cryptocurrency. Supply is determined by a computer code; prices can be extremely volatile. Over the past decade we have witnessed digital asset exchanges being closed down due to fraud, failure or security breaches.

Within the United States, there is no uniformity in the regulatory framework with respect to how businesses that deal in digital assets should conduct themselves. New York is one of the few states that has a functional regulatory regime through the New York State Department of Financial Services. Meeting compliance in New York has become a badge of legitimacy. However, there are also a significant number of companies that have chosen not to operate in New York due to these regulations. On the other hand, Wyoming has adopted a lighter regulatory framework and is widely considered the most crypto-friendly jurisdiction in the United States.

Congressional Developments
In April, the U.S. House of Representatives passed “The Eliminate Barriers to Innovation Act,” a bill that directs the Commodity Futures Trading Commission and the U.S. Securities and Exchange Commission to establish a digital asset working group and open new regulatory frameworks for both digital assets and cryptocurrencies.

The bipartisan bill would initiate the commission of a specialized working group that would evaluate regulation of digital assets in the U.S. The joint working group would include the SEC and CFTC, in collaboration with financial technology firms, financial firms, academic institutions, small and medium businesses that leverage financial technology and investor protection groups, as well as business or non-profit entities that are working to support historically underserved businesses. The working group would draft recommendations to improve the current regulatory landscape in the U.S., which will then be extended internationally where possible. The working group will be given a year to evaluate and provide technical documentation on how these recommendations should be implemented through compliance frameworks.

Regulation Ensures Market Stability
While some people believe that cryptocurrencies should operate completely independently from any form of regulation, publicly accountable businesses are vigorously regulated in order to protect consumers and economic stability. Independent audits are similarly required to protect the interests of all stakeholders, ensure that the applicable laws and regulations are adhered to and that the financial statements are free from material misstatement, as well as fraud (to a certain extent).

Regulators around the world regularly warn crypto asset investors to be extremely cautious and vigilant, partially due to a lack of regulation, which creates an opportunity for fraudsters to prey on uninformed investors. Fraud and error can usually be mitigated by prevention, detection, and recourse. Introducing regulations to govern the cryptocurrency industry will mean preventative measures are in place to ensure fraud doesn’t occur and that there is appropriate legal recourse for victims. There is also a significant role for auditors in detecting possible instances of fraud or error, as well as assisting with the recourse process.

Digital Asset Outlook
Mazars will be keeping a close watch on the progress of the innovation bill. We believe positive regulatory changes are ahead. Gary Gensler, the recently confirmed head of the SEC, has a keen knowledge of, and appreciation for, the applicability of digital assets in the global financial services ecosystem. Gensler is the former head of the CFTC, as well as a professor at the MIT Sloan School of Management where he researched and taught blockchain technology, digital currencies and financial technology.

In a recent interview with CNBC, Chair Gensler said there needed to be authority for a regulator to oversee the crypto exchanges, similar to the equity and futures markets. He said many crypto coins were trading like assets and should fall under the purview of the SEC.

We welcome this level of engagement and improved regulation, which will be good for the industry, investors, consumers and society at large. Without regulation, cryptocurrencies are unlikely to become a standard part of investment portfolios due to the current high level of risk.

The information provided here is for general guidance only, and does not constitute the provision of legal advice, tax advice, accounting services, investment advice or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal or other competent advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation.

Navigating Four Common Post-Signing Requests for Additional Information

Consolidation in the banking industry is heating up. Regulatory compliance costs, declining economies of scale, tiny net interest margins, shareholder liquidity demands, concerns about possible changes in tax laws and succession planning continue driving acquisitions for strategic growth.

Unlike many industries, where the signing and closing of an acquisition agreement may be nearly simultaneous, the execution of a definitive acquisition agreement in the bank space is really just the beginning of the acquisition process. Once the definitive agreement is executed, the parties begin compiling the information necessary to complete the regulatory applications that must be submitted to the appropriate state and federal bank regulatory agencies. Upon receipt and a quick review of a filed application, the agencies send an acknowledgement letter and likely a request for additional information. The comprehensive review begins under the relevant statutory factors and criteria found in the Bank Merger Act, Bank Holding Company Act or other relevant statutes or regulations. Formal review generally takes 30 to 60 days after an application is “complete.”

The process specifically considers, among other things: (1) competitive factors; (2) the financial and managerial resources and future prospects of the company or companies and the banks concerned; (3) the supervisory records of the financial institutions involved; (4) the convenience and needs of the communities to be served and the banks’ Community Reinvestment Act (CRA) records; (5) the effectiveness of the banks in combating money laundering activities; and (6) the extent to which a proposal would result in greater or more concentrated risks to the stability of the United States banking or financial system.

During this process, the applicant and regulator will exchange questions, answers, and clarifications back and forth in order to satisfy the applicable statutory factors or decision criteria towards final approval of the transaction. Each of the requests for additional information and clarifications are focused on making sure that the application record is complete. Just because information or documents are shared during the course of the supervisory process does not mean that the same information or documents will not be requested during the application process. The discussions and review of materials during the supervisory process is separate from the “application record,” so it helps bank management teams to be prepared to reproduce information already shared with the supervisory teams. A best practice for banks is to document what happens during the supervisory process so they have it handy in case something specific is re-requested as part of an application.

Recently, we consistently received a number of requests for additional information that include questions not otherwise included in the standard application forms. Below, we review four of the more common requests.

1. Impact of the Covid-19 Pandemic. Regulators are requesting additional information focused on the impact of the coronavirus pandemic. Both state and federal regulators are requesting a statement on the impact of the Covid-19 pandemic that discusses the impact on capital, asset quality, earnings, liquidity and the local economy. State and federal agencies are including a request to discuss trends in delinquency loan modifications and problem loans when reviewing the impact on asset quality, and an estimate for the volume of temporary surge deposits when reviewing the impact on liquidity.

2. Additional, Specific Financial Information. Beyond the traditional pro forma balance sheets and income statements that banks are accustomed to providing as part of the application process, we are receiving rather extensive requests for additional financial information and clarifications. Two specific requests are particular noteworthy. First, a request for financial information around potential stress scenarios, which we are receiving for acquirors and transactions of all sizes.

Second, and almost as a bolt-on to the stress scenario discussion, are the requests related to capital planning. These questions focus on the acquiror’s plan where financial targets are not met or the need to raise capital arises due to a stressed environment. While not actually asking for a capital plan, the agencies have not been disappointed to receive one in response to this line of inquiry.

3. List of Shareholders. Regardless of whether the banks indicate potential changes in the ownership structure of an acquiror or whether the consideration is entirely cash from the acquiror, agencies (most commonly the Federal Reserve), are requesting a pro forma shareholder listing for the acquiror. Specifically, this shareholder listing should break out those shareholders acting in concert that will own, control, or hold with power to vote 5% or more of an acquiring BHC. Consider this an opportunity for both the acquiror and the Federal Reserve to make sure control filings related to the acquiror are up to date.

4. Integration. Finally, requests for additional information from acquirors have consistently included a request for a discussion on integration of the target, beyond the traditional due diligence line of inquiry included in the application form. The questions focus on how the acquiror will effectively oversee the integration of the target, given the increase in assets size. Acquirors are expected to include a discussion of plan’s to bolster key risk management functions, internal controls, and policies and procedures. Again, we are receiving this request regardless of the size of the acquiror, target or transaction, even in cases where the target is less than 10% of the size of the acquiror.

These are four of the more common requests for additional information that we have encountered as deal activity heats up. As consolidation advances and more banks file applications, staff at the state and federal agencies may take longer to review and respond to applications matters. We see these common requests above as an opportunity to provide more material in the initial phase of the application process, in order to shorten the review timeframe and back and forth as much as possible. In any event, acquirors should be prepared to respond to these requests as part of navigating the regulatory process post-signing.

ESG Principles at Work in Diversifying Governance

Before environmental, social, and governance (ESG) matters became commercially and culturally significant, the lack of diversity and inclusion within governance structures was noted by stakeholders but not scrutinized.

The shifting tides now means that organizations lacking diversity in their corporate leadership could be potentially subjected to shareholder lawsuits, increased regulation and directives by state laws, investment bank requirements, and potential industry edicts.

Board and management diversity is undoubtedly a high-priority issue in the banking and financial services sectors. Numerous reports establish minority groups have historically been denied access to capital, which is mirrored by the lack of minority representation on the boards of financial institutions.

Some progress has been made. For example, for the first time in its 107-year history, white men held fewer than half of the board seats at the Federal Reserve’s 12 regional outposts. This was part of an intentional effort, as Fed leaders believe a more representative body of leaders will better understand economic conditions and make better policy decisions. However, further analysis reflects such diversity predominantly among the two-thirds of directors who are not bankers, while the experienced banking directors are mainly white males.

Board Diversity Lawsuits
The current pending shareholder suits have been primarily filed by the same group of firms and targeted many companies listed by a recent Newsweek article as not having a Black director. None of these suits involve financial institutions, but it is not hard to foresee such cases coming in the future. The lawsuits generally assert that the defendants breached their fiduciary duties and made false or misleading public statements regarding a company’s commitment to diversity. The Courts have summarily dismissed at least two suits, but a legal victory may not even be the goal in some cases.

Recently, Google’s parent settled its #MeToo derivative litigation and agreed to create a $310 million diversity, equity, and inclusion fund to support global diversity and inclusion initiatives within Google over the next ten years. The fund will also support various ESG programs outside Google focused on the digital and technology industries.

Regulatory, Industry, and Shareholder Efforts
Federal and state regulatory efforts preceded these recent lawsuits. The U.S. Securities and Exchange Commission has issued compliance interpretations advising companies on the disclosure of diversity characteristics upon which they rely when nominating board members and is expected to push more disclosure in the future. Additionally, the U.S. House of Representatives considered a bill in November 2019 requiring issuers of securities to disclose the racial, ethnic, and gender composition of their boards of directors and executive officers and any plans to promote such diversity.

These efforts will likely filter into boardrooms and may spur additional board regulation at the state level. In 2019, California became the first state to require headquartered public companies to have a minimum number of female directors or face sanctions, increasing 2021. In June 2020, New York began requiring companies to report how many of their directors are women. As other states follow California’s lead regarding board composition, we can expect more claims to be filed across the country.

At the industry level, the Nasdaq stock exchange filed a proposal with the SEC to adopt regulations that would require most listed companies to elect at least one woman director and one director from an underrepresented minority or who identify as LGBTQ+. If adopted, the tiered requirements would force non-compliant companies to disclose such failures in the company’s annual meeting proxy statement or on its website.

In the private sector, institutional investors, such as BlackRock and Vanguard Group, have encouraged companies to pursue ESG goals and disclose their boards’ racial diversity, using proxy votes to advance such efforts. Separately, Institutional Shareholder Services and some non-profit organizations have either encouraged companies to disclose their diversity efforts or signed challenges and pledges to increase the diversity on their boards. Goldman Sachs Group has made clear it will only assist companies to go public if they have at least one diverse board member.

Concrete Plans Can Decrease Director Risk
Successful institutions know their diversity commitment cannot be rhetorical and is measured by the number of their diverse board and management leaders. As pending lawsuits and legislation leverage diversity statements to form the basis of liability or regulatory culpability, financial institutions should ensure that their actions fully support their diversity proclamations. Among other things, boards should:

  • Take the lead from public and private efforts and review and, if necessary, reform board composition to open or create seats for diverse directors.
  • When recruiting new board members, identify and prioritize salient diversity characteristics; if necessary, utilize a diversity-focused search consultant to ensure a diverse pool of candidates.
  • Develop a quantifiable plan for diversity issues by reviewing and augmenting governance guidelines, board committee efforts, and executive compensation criteria.
  • Create and promote diversity and inclusion goals and incorporate training at the board and management levels.
  • Require quarterly board reporting on diversity and inclusion programs to reveal trends and progress towards stated goals.

As companies express their commitment to the board and C-level diversity and other ESG efforts, they should create and follow concrete plans with defined goals and meticulously measure their progress.

Why a Solid Risk Management Framework Helps Manage Change

Who owns risk management at your bank?

If your bank limits that function to the teams that report to the chief risk officer, it’s fumbling on two fronts: It’s failing to drive accountability across every corner of the enterprise, and it’s conceding its edge in a marketplace that’s never been more competitive.

Recognizing that every employee owns a piece of this responsibility make risk management an equal offensive and defensive pose for your organization. This empowers your employees to move nimbly, strategically and decisively when the bank encounters change, whether it’s an external regulatory pressure or an internal opportunity to launch a new product or service. In either case, your team navigates through change by building on best operational practices, which, in the end, work to your advantage.

Getting the bank into that position doesn’t happen overnight; the vision starts with the actions of your senior leaders. They set the tone and establish expectations, but everyone plays a hands-on role. When management prioritizes an environment where people can work collaboratively and have transparency into related roles, they foster consistency across your change management process that minimizes risk.

The need for a risk-aware culture aligns precisely with the signals coming out of Washington, D.C., that the stakes are getting higher. The Consumer Financial Protection Bureau hinted early at increased regulatory scrutiny, advising that it would tighten the regulatory standards it had relaxed to allow banks to quickly respond to customers’ financial hardship in 2020.

In response to the competitive and regulatory environment, your bank’s risk management framework should incorporate four key elements:

  • Start with setting the ground rules for how the bank will govern its risk. Define its risk strategy, the role the board and management will play and the committees that compose that governance structure — and don’t forget to detail their decision-making authority, approval and escalation process across those bodies. This upfront work also should introduce robust systems for ongoing monitoring and risk reporting, establish standard parameters on how the bank identifies issues and create a basic roadmap to remediate issues when they come along.
  • Operating Model. Distinguish the roles and responsibilities for every associate, with a key focus on how they manage risk generated by the core activities in that business. By taking the time to ensure all individuals, in every line of defense, understand their expected contributions, your bank will be ahead of the game because your people can act quicker and efficiently when a change needs to happen.
  • Standard Framework, Definitions and Taxonomies. In basic terms, everyone across the enterprise needs to speak the same language and assign risk ratings the same way. Calibrating these elements at the onset builds confidence that your bank gives thoughtful attention to categorize risks into the right buckets. Standardization should include assessment scales and definitions of different risks and risk events, leading to easier risk aggregation and risk reporting that enables a holistic view of risk across the enterprise.
  • Risk Appetite. Nothing is more important than establishing how much risk your organization is willing to take on in its daily business. Missing the mark can impact your customers, bottom line and reputation. Optimally, bank leaders will reestablish this risk appetite annually, but black swan events such as the pandemic should prompt more timely reviews.

Too often, banks reinvent the wheel every time a change or demand comes along. As the industry eyes increasing regulatory pressure in the year ahead, driving and promoting a robust risk management culture is no longer a “nice to have” within your organization; it’s a “need to have.”

When you reset the role and ownership of risk management as a strategic pillar in your bank’s future growth and direction you minimize your bank’s risk and actually propel your company forward.

Banks looking to check out best practices and a strategic framework for creating their enterprise risk framework should check out my latest whitepaper, Turning a Solid Risk Framework Into a Competitive Advantage.

Deal Integration Can Transform Finance, Risk and Regulatory Reporting

A number of banks announced mergers and acquisitions in 2020, capitalizing on growth opportunities against a forbidding backdrop of chronically low interest rates and anemic economic growth during the Covid-19 pandemic.

The deals ranged from more moderately sized with a few headline-grabbing mega-mergers —a trend that expected to continue through 2021.

The appeal of M&A for regional and superregional institutions in the United States is that the right transaction could create big benefits from economies of scale, and enhance the proforma company’s ability to gain business. While the number of deals announced in this environment are modest, the stakes involved in contemplating and executing them certainly are not. Nor is the work that banks will face after a combination. Once the transaction has been completed, the hard work begins.

A Closer Look From Regulators
One potential outcome is added scrutiny from the authorities; a new merged entity, with more assets and a broader range of activities, could have more complex risk calculations and reporting obligations to deal with.

Overall, regulators have sharpened their focus on banks during and after the merger process by performing additional audits, more closely scrutinizing key figures and ensuring that the M&A plan is being adhered to. Even if there are no significant changes to a firm’s profile with regulators, or if any needed changes in risk and reporting obligations are manageable, the formidable task of combining the operations of two organizations remains. A single, seamless whole must be assembled from two sets of activities, two work forces with their own culture and two sets of technological assets.

Merging the Parts, Not Just the Wholes
None of these issues is distinct from the others. Consider the technology: The proforma company will have to contend with two data systems — at least. Each company’s data management architecture has staff that makes it run using its own modus operandi developed
over years.

And that is the best-case scenario. Joining so many moving parts is no small feat, but it provides no small opportunity. Deal integration forces the constituent institutions to reassess legacy systems; when handled correctly, it can assemble a comprehensive, fully integrated whole from existing and new tech to meet the combined entity’s compliance and commercial needs.

Creating the ideal unified finance, risk and reporting system starts with an honest evaluation of the multiple systems of the merging partners. Executives should take particular care to assess whether the equipment and processes of the merged entity are better than the acquirer’s, or have certain features that should be incorporated.

Management also should consider the possibility that both sets of legacy systems are not up to present or future challenges. It could be that the corporate combination provides an opportunity to start over, or nearly so, and build something more suitable from the ground up. Another factor they should consider is whether the asset size of the new unified business warrants an independent verification process to supplement the risk and regulatory reporting program.

Understanding What You Have and What You Need
To get the evaluation process under way for the operational merger, a bank should list and assess its critical systems — not just for their functionality, but with respect to licensing or other contractual obligations with suppliers to determine the costs of breaking agreements.

Managers at the combined entity should look for redundancies in the partners’ systems that can be eliminated. A single organization can have a complicated back-end systems architecture, with intricate workarounds and many manual processes. Bringing together multiple organizations of similar complexity can leave the combined entity with expensive and inflexible infrastructure. A subledger and controlling functions can simplify this for finance, risk and regulatory reporting functions. They can consolidate multiple charts of accounts and general ledgers, relieving pressure on the general ledgers. Organizations in some cases can choose to migrate general ledgers to a cloud environment while retaining detailed data in a fat subledger.

Whatever choices executives make, a finance, risk and reporting system should have the latest technology, preferably based in the cloud to ensure it will be adaptable, flexible and scalable. Systems integration is critical to creating a unified financial institution that operates with optimal productivity in its regulatory compliance, reporting efforts and general business.
Integrating systems helps to assure standardization of processes and the accuracy, consistency,
agility and overall ease of use that result from it.

Best Practices to Achieve True Financial Inclusivity

According to the Federal Reserve’s report on the economic well-being of U.S. households in 2019, 6% of American adults were “unbanked” and 16% of U.S. adults make up the “underbanked” segment.

Source: Federal Reserve

With evolving technological advancements and broader access to digital innovations, financial institutions are better equipped to close the gap on financial inclusivity and reach the underserved consumers. But to do so successfully, banks first need to address a few dimensions.

Information asymmetry
Lack of credit bureau information on the so-called “credit invisible” or “thin file” portions of unbanked/underbanked credit application has been a key challenge to accurately assessing credit risk. Banks can successfully address this information asymmetry with Fair Credit Reporting Act compliant augmented data sources, such as telecom, utility or alternative financing data. Moreover, leveraging the deposits and spend behavior can help institutions understand the needs of the underbanked and unbanked better.

Pairing augmented data with artificial intelligence and machine learning algorithms can further enhance a bank’s ability to identify low risk, underserved consumers. Algorithms powered by machine learning can identify non-linear patterns, otherwise invisible to decision makers, and enhance their ability to screen applications for creditworthiness. Banks could increase loan approvals easily by 15% to 40% without taking on more risk, enhancing lives and reinforcing their commitment towards the financial inclusion.

Financial Inclusion Scope and Regulation
Like the Community Reinvestment Act, acts of law encourage banks to “help meet the credit needs of the communities in which they operate, including low- and moderate-income (LMI) neighborhoods, consistent with safe and sound banking operations.” While legislations like the CRA provide adequate guidance and framework on providing access to credit to the underserved communities, there is still much to be covered in mandating practices around deposit products.

Banks themselves have a role to play in redefining and broadening the lens through which the customer relationship is viewed. A comprehensive approach to financial inclusion cannot rest alone on the credit or lending relationships. Banks must both assess the overall banking, checking and savings needs of the underbanked and unbanked and provide for simple products catering to those needs.

Simplified Products/Processes
“Keep it simple” has generally been a mantra for success in promoting financial inclusion. A simple checking or savings account with effective check cashing facilities and a clear overdraft fee structure would attract “unbanked” who may have avoided formal banking systems due to their complexities and product configurations. Similarly, customized lending solutions with simplified term/loan requirements for customers promotes the formal credit environment.

Technology advancements in processing speed and availability of digital platforms have paved the way for banks to offer these products at a cost structure and speed that benefits everybody.

The benefits of offering more financially inclusive products cannot be overstated. Surveys indicate that consumers who have banking accounts are more likely to save money and are more financially disciplined.

From a bank’s perspective, a commitment to supporting financial inclusivity supports the entire banking ecosystem. It supports future growth through account acquisition — both from the addition of new customers into the banking system and also among millennial and Gen Z consumers with a demonstrated preference for providers that share their commitment to social responsibility initiatives.

When it comes to successfully executing financial inclusion outreach, community banks are ideally positioned to meet the need — much more so than their larger competitors. While large institutions may take a broader strategy to address financial inclusion, community banks can personalize their offerings to be more relevant to underserved consumers within their own local markets.

The concept of financial inclusion has evolved in recent years. With the technological advancements in the use of alternative data and machine learning algorithms, banks are now positioned to market to and acquire new customers in a way that supports long-term profitability without adding undue risk.

Solve the Right Problem: The Path to Remediation Success

At some point, your bank will find an operation or process isn’t working or failing on intent. When that happens, don’t fall prey to the impulse to fix the wrong problem without looking below the surface for the root cause.

No matter the scenario, your best position is always to self-identify an issue and kick off remediation before a customer or regulator reports a problem. Once external forces step in, the stakes run even higher; you really can’t afford a misstep. Without question, the most common way that banks err is by starting on the wrong foot.

In my front-line experiences, I’ve seen financial institutions work ambitiously on remediating issues only to have regulators assign a failing grade. While no bank wants to be under a regulatory finding’s shadow, working smart and rejecting shortcuts is the only way to deliver the right solution and minimize future risk. With compliance costs expected to more than double and reach 10% of revenue spend by 2022, banks can’t afford to get it wrong.

Here are the steps for an effective remediation:

1.Take a breath — then dive into the deep end
Too often, companies fix what they think is the problem, only to learn that they’ve missed the mark and broken other things along the way. Not understanding the crux of the issue wastes a bank’s time, energy and resources.

If you’re dealing with a regulatory finding, be sure to engage your legal and compliance teams to ensure you understand the issue and solve for exactly what’s at risk, especially for issues with broader scope and breadth. Those leading your remediation plan should dig deeper into root problems by asking “why?” up to five times, peeling off another layer each time as you strive toward the core issue. Apply those questions to your business problem until you’ve identified the precise thing that needs to be fixed.

2. Know how to get from Point A to Point Z
Develop a roadmap to move effectively and efficiently from understanding the issue and identifying root causes to implementing solutions. From aligning on stakeholder engagement to technology resources, no solution happens overnight. Some regulatory remediation activities can take 12 to 18 months to resolve.

3. Make sure everyone’s on the same journey
Nothing derails remediation more than missed consensus on its direction and end goal. Remain focused on actions to fix your root issue, ease regulator or auditor concerns  and reduce customer complaints. Engage the right people in the right roles. Involving too many people can water down intent, while involving too few means you might miss capturing relevant insights from key parts of your business.

4. Document your journey
A comprehensive action plan can take time to execute. During that time, people in key roles might leave and business processes, and objectives, technology or regulations could change. Thorough and complete documentation keeps a record of execution activities, action plan or intent changes, and provides evidence of key decisions.

5. You’re not finished until you get an official pat on the back
Did your action plan include time to validate your work? Whether you have a third-line audit, loan review finding or a regulatory ruling, the issuer will return to confirm you solved the right problem completely. Build in solid testing to validate your solution fulfills on its intent, with no side effects that disrupt other processes. Also, if possible, check in with third-line partners regularly or when hitting major milestones to prevent surprises.

Remediation success comes with both the assessor’s endorsement, as well as sustained results from your action plan as evidenced by reporting and monitoring put into place. More importantly, don’t overlook this moment to repurpose your team’s learnings and experiences as the foundation for a repeatable remediation framework. When the next issue arises — and it will — your bank will already have a strategy and blueprint for smart action with minimal risk.

How the Edges of Financial Technology Could Change Regulation

Financial regulation in the United States follows a longstanding pattern: The presidential administration changes, the other political party takes power and the financial regulation pendulum swings. Those working in compliance inevitably need to recalibrate.

President Joe Biden’s messaging so far has aimed to minimize polarization. This bodes well for moving beyond the typical “financial deregulation” versus “more regulation” dynamic. It gives the industry an opportunity to turn our attention towards pulling the overall framework out of an old, slow, manual and paper-based reality. What the U.S. financial regulatory framework really needs are large, fundamental overhauls and modernizations that will support a healthy, ever-changing financial services marketplace — not just through the next presidential administration, but further beyond, through the next several decades.

The incoming leadership could make regulation smarter and more effective with reforms that:

  • Measure success by outcomes and evidence, as opposed to procedural adherence.
  • Leverage technology to streamline compliance for agencies as well as providers.
  • Catch up and keep up with the ongoing advancements in financial technology.

The time for these sorts of changes just so happens to be ripe.

Digital or cryptocurrencies and charters for financial technologies have an awkward fit within the existing regulatory framework. Cannabis, another fringe area of finance, poses extra layers of legal and regulatory challenge, but its status could change on a dime if the new administration resolves the state and federal disconnect. All three of these peripheral business opportunities have gained significant momentum recently and may force regulators to adapt. To support these new use cases, which would otherwise break existing bank infrastructure, technology providers would have to modernize in ways that would benefit financial service compliance across the board.

As the emerging regulatory lineup takes shape from the legacies of the outgoing agency heads, the swing from the past administration to the present may not be all that dramatic. There are strange bedfellows in fintech. In the last six months of Donald Trump’s administration, there was already a balance between Acting Comptroller of the Currency Brian Brooks and U.S. Treasury Secretary Steven Mnuchin.

Brooks was indeed very active in his short tenure. Under him, the Office of the Comptroller of the Currency issued full-service national bank charters for fintech companies, published interpretive letters supporting digital currencies and published a working paper from its chief economist, Chartering the FinTech Future,” that lent support to the use of stablecoins.

In contrast, Mnuchin spent his last month in office encouraging  Financial Crimes Enforcement Network, or FinCEN, to issue a controversial proposed rulemaking that would affect crypto wallets and transactions. Critics argue this would make compliance impossible for decentralized technologies.

The Biden administration may have a similar dynamic between these two regulatory roles, albeit less dramatic. The confirmation of Treasury Secretary Janet Yellen, with her experience and moderate stance, conveys a great deal of stability. Still, she may not champion stablecoins, given her public statements on cryptocurrency.

At writing, Michael Barr is the anticipated pick for comptroller. His extensive and diverse résumé shows a long history of supporting fintech. We anticipate that he would continue the momentum towards modernization that Brooks started.

Gary Gensler, the nominated chair of the Securities and Exchange Commission, has a great deal of expertise and enthusiasm for digital currencies. Since his tenure as chair of the Commodity Futures Trading Commission during Barack Obama’s administration, he has served on faculty at MIT Sloan School of Management, teaching courses on blockchain, digital currencies and other financial technologies. Chris Brummer, the Biden administration’s anticipated choice for the CFTC, currently serves as faculty director at Georgetown University’s Institute of International Economic Law, has written books on the regulation of financial technologies and founded D.C. Fintech Week to help promote discussion of fintech innovation among policymakers.

When we get to the outer edges of finance — to crypto, charters and cannabis — the divide between political camps starts to disappear. But there’s still quite a bit of rigidity in the traditional financial industry and regulatory framework. Combining the slate of steady, open-minded regulators with the building pressures of technology yields reasonable hope for regulatory overhauls that will pull compliance along into the future.

The High Cost of the Suspicious Activity Report

Bank boards know all too well about the reputational toll and hefty fines from lapses in regulatory compliance. But governance usually doesn’t tend to drill down into specific practice areas and their finer-grained costs.

An ounce of prevention, though less expensive than the proverbial cure, still runs pretty high in Bank Secrecy Act and anti-money laundering (BSA/AML) compliance programs. Directors might want to ask for a more-detailed picture from their bank’s AML team at the next board meeting. Not just to follow up on the damage-control response to the FinCEN Files media spectacle, but also in terms of profit and loss and team morale issues.

Suspicious activity reports (SARs) can get very expensive. We conservatively estimate that about $180 million in annual BSA/AML analyst salaries in the U.S. goes just to preparing the SAR form. But there’s also a huge opportunity to do better for society.

What are SARs? Some might say they are a headache-inducing form that demands a whole lot of painstaking and tedious detail, and then never quite fulfills its ultimate purpose of stopping criminals. Unfortunately, there’s a lot of truth to that description. What should — and could — SARs be?

  • An essential tool for fighting crime.
  • An effective communication channel for AML collaboration.
  • An invaluable resource for law enforcement to identify, track, and prosecute criminals.

At the risk of overstating the obvious, not every “suspicious” activity leads to criminal activity. Though banks do have the power to block the flow of funds, financial crime regulators (in the U.S., that’s the Financial Crimes Enforcement Network, or FinCEN) and jurisdictional law enforcement (such as district attorneys) hold the authority to go after the criminals. A bank’s primary responsibility in AML is to provide relevant information from the financial vantage point.

The level of detail can make all the difference in the usefulness of these reports. A complete and accurate SAR, filed with ample, highly relevant information, provides texture and nuance for regulators to make strong decisions about which cases deserve the attention of law enforcement. Prosecutors can then use information from SARs to build criminal cases. A future with somewhat fewer illicit arms sales or much less human trafficking could hinge on a few form fields.

The status quo for most bank AML compliance programs entails a substantial amount of manual inputs. Lacking automation, providing more high quality detail in SARs demands more time. U.S. financial institutions filed 2.3 million SARs in 2019. An AML analyst can command, on average, an annual salary of $75,000. These figures, plus some other industry-specific estimates and general human resources conventions, fed into my calculation above for the total annual SARs tab for U.S. financial institutions. And that $180 million figure doesn’t even account for the nine out of 10 investigations that don’t lead to a SAR filing — yet typically do result in more monitoring.

Manual processes, even with the best intentions of highly skilled AML teams, are inherently prone to human error. I also suspect these professionals would rather focus on the aspects of their work that demand the subtle discernment of human judgement. Some of the lowest-hanging fruit for using technology in AML investigations include automation that can:

  • Populate the SAR form with case information.
  • Organize case data from fragmented sources across the bank and vendors.
  • Visualize trends in the case to spot strange behaviors.
  • Quickly separate false positives from true positives.
  • Capture the insights of investigators as structured data, creating clean data that can be used for analytics and machine learning.
  • Validate and quickly transmit the SAR to expedite information flow.
  • Securely store the case information for future analytics and audits.
  • Keep casework across the team thorough and efficient.

Investigating and reporting suspicious financial activity is both an enormous expense for banks and a systemically important resource for protecting society. It’s worth investing in automation technology that will make a bank’s BSA/AML compliance program more efficient and effective.

How a specific bank might move forward in leveraging compliance automation technology will vary on a wide range of factors. Adopting this sort of technology isn’t an all-or-nothing proposition. A careful analysis of a bank’s AML practice area can identify minor changes that are likely to have an outsize impact in the fight against crime.