“The Biggest Threat to the Deposit Insurance Fund I’ve Ever Seen”


rates-6-28-19.pngA little-known rule called the national rate cap is putting community banks in a bind.

The cap tries to set a high-water mark for rates by calculating a weekly average of advertised interest rates for specific deposit products at branches, plus 75 basis points. This wasn’t a problem when interest rates were dropping or staying steady, but the higher rate environment has now inadvertently handicapped community banks as they compete for deposits.

Bankers say the rate cap, calculated and enforced by the Federal Deposit Insurance Corp., is unrealistically low compared to corresponding market rates. The difference could also make some banks appear riskier if examiners bring up deposit rates in exams.

Peoples Bank in Magnolia, Arkansas, uses wholesale funding to make loans for its low- to middle-income customers who lack deposits, says CEO Mary Fowler. The bank, which is well capitalized and has $200 million in assets, offers attractive rates to bring in and retain many of those funds.

The only problem? More than 90 percent of certificates of deposit (CDs) at Peoples Bank pay a rate that is higher than the rate cap.

“I call [these] traditional deposits, because they’re core as long as you’re paying the best rate in town. But we have to pay market rates for it,” she says.

Other banks are in a similar position, as higher rates have caused the national rate cap to lag the yield on Treasury securities of similar durations. This puts bankers like Fowler in a tough spot. They need to offer rates above the cap to attract or maintain deposits, but doing so invites skepticism from regulators. The FDIC declined to comment.

“Why would a customer get a CD from me when I can only hypothetically pay the national rate cap?” says Joseph Kiley III, president and CEO of Renton, Washington-based First Financial Northwest, a well-capitalized bank with $1.3 billion in assets. He points out that, at times, Treasuries paid more than 100 basis points above the rate cap.

National Rate Cap.png

Bankers say the cap also creates tension with examiners, who see it as a proxy for “potentially volatile” deposits. That’s because the rule, which should only apply to a small subset of thinly capitalized institutions, has become standard across the industry.

Examiners ask executives at healthy banks what they would do with these higher-rate deposits if the bank lost capital and was forced to abide by the cap, says John Popeo, a principal at the consultancy Gallatin Group. Popeo is a former FDIC regulator who helped resolve failed banks after the financial crisis, and represents institutions across the country that are well capitalized and do not have any immediate regulatory issues.

He says examiners are not threatening a regulatory downgrade but want to see how the bank would fund itself in the event it is no longer well capitalized. For some banks, the answer isn’t pretty.

The cap could lead to systemic problems if too many banks dip below well-capitalized levels during an economic downturn, as the FDIC prohibits less-than-well-capitalized banks from offering rates above the cap.

“When they pull your funding, you’re done,” Kiley says. “[Your bank is] just going to bleed to death.”

The FDIC has begun the process of changing the rate cap calculation, but Fowler worries that an economic downturn that threatens bank capital levels could come faster than regulators’ correction. She has been in banking for decades and says the rate cap is “the biggest threat to the deposit insurance fund I’ve ever seen.”

Executives from Peoples Bank wrote five comment letters on the request for proposal. Fowler points out that the FDIC calculated the cap using only Treasury yields prior to 2009, at which point it changed its approach.

In calculating the rate cap now, the FDIC uses an average of prevailing deposit rates at bank branches, but excludes credit unions, negotiated rates and special offers from the calculation. Using branches means that big banks are overrepresented, and online banks paying market-leading rates are underrepresented. Fowler says the FDIC should change this. She thinks it should compare the current approach to the old Treasury approach, and select the rate that’s higher.

Kiley questions whether a rate cap is an antiquated notion but hopes any change will account for how customers interact with banks and rate-shop in the digital age. If the rate cap continues to exist, he would prefer that the FDIC use wholesale funding rates from institutions like the Federal Home Loan Bank.

“We are living in a world where we pretend folks walk into branches and say ‘Hi’ to the teller … and wave to their money in the vault,” he says. “Everyone banks like they buy from Amazon.com. I don’t think there should be a rate cap.”

Weighing the Value of a Bank Holding Company


governance-6-24-19.pngIn May, Northeast Bank became the fourth banking organization in two years to eliminate its holding company. Northeast joins Zions Bancorporation, N.A., BancorpSouth Bank and Bank OZK in forgoing their holding companies.

All of the restructurings were motivated in part by improved efficiencies that eliminated redundant corporate infrastructure and activities. The moves also removed a second level of supervision by the Federal Reserve Board. Bank specific reasons may also drive the decision to eliminate a holding company.

Zions successfully petitioned to be de-designated as a systemically important financial institution in connection with its holding company elimination. In its announcement, Northeast replaced commitments it made to the Fed with policies and procedures relating to its capital levels and loan composition that should allow for more loan growth in the long run.

Banks are weighing the role their holding companies play in daily operations. Some maintain the structure in order to engage in activities that are not permissible at the bank level. Others may not have considered the issue. Now may be a good time to ask: Is the holding company worth it?

Defined Corporate Governance
Holding companies are typically organized as business corporations under state corporate law, which often provides more clarity than banking law for matters such as indemnification, anti-takeover protections and shareholder rights.

Transaction Flexibility
Holding companies provide flexibility in structuring strategic transactions because they can operate acquired banks as separate subsidiaries. This setup might be desirable for potential partners because it keeps the target’s legal and corporate identity, board and management structure. But even without a holding company, banks can still preserve the identity of a strategic partner by operating it as a division of the surviving bank.

Additional Governance Requirements
A holding company’s status as a separate legal entity subjects it to additional corporate governance and recordkeeping requirements. A holding company must hold separate board of directors and committee meetings with separate minutes, enter into expense-sharing and tax-sharing agreements with its bank subsidiary and observe other corporate formalities to maintain separate corporate identities. In addition, the relationship between the holding company and its subsidiary bank is subject to Section 23A and Section 23B of the Federal Reserve Act, an additional regulatory compliance burden.

Additional Regulatory Oversight
Holding companies are also subject to the Fed’s supervision, examination and reporting requirements, which carry additional compliance costs and consume significant management attention. The Fed also expects bank holding companies to serve as a source of financial strength to their subsidiary banks, an expectation that was formalized in the Dodd-Frank Act.

Diminished Capital Advantages
Historically, holding companies could issue Tier 1 capital instruments that were not feasible or permissible for their bank subsidiaries, such as trust preferred securities and cumulative perpetual preferred stock. They also enjoyed additional flexibility to redeem capital, an advantage that has largely been eliminated by the Basel III rulemaking and Fed supervisory requirements. A holding company with existing grandfathered trust preferred securities or with registered DRIPs may find them useful capital management tools. Holding companies with less than $3 billion in consolidated assets that qualify under the Small Bank Holding Company and Savings and Loan Holding Company Policy Statement are not subject to the Fed’s risk-based capital rules. These companies are permitted to have higher levels of debt than other holding companies and banks.

Broader Activities, Investments
Bank holding companies, especially those that elect to be financial holding companies, can engage in non-banking activities and activities that are financial in nature through non-bank subsidiaries that are bank affiliates. In some cases, these activities may not be bank permissible, such as insurance underwriting and merchant banking. The Fed also has authority to approve additional activities that are financial in nature or incidental or complementary to a financial activity on a case-by-case basis.

Bank holding companies can also make passive, non-controlling minority investments that do not exceed 5 percent of any class of voting securities in any company, regardless of that company’s activities. By comparison, banks are limited to making investments in companies that are engaged solely in bank-permissible activities or must rely on authorities such as community development or public welfare authority to make investments. Banks may also have limited leeway authority to invest in specific securities or types of securities designated under the applicable state banking law or by the applicable state banking regulator.

Banks that are not interested in activities or investment opportunities available to holding companies may be less concerned about eliminating the structure. But an organization that engages in activities at the holding company level that are not permissible for banks or that desires to maintain its grandfathered rights as a unitary savings and loan holding company may not wish to eliminate its holding company.

Operating without a holding company would result in more streamlined regulatory oversight, corporate governance and recordkeeping processes. But a holding company provides the flexibility to engage in activities, to make investments and to create structures that a bank may not. Bank boards should weigh these costs and benefits carefully against their strategic and capital management plans.

A Former Regulator Shares His Advice for Boards


regulator-6-13-19.pngDeveloping a positive relationship with regulators is important for any bank. How can banks foster this?

There’s no one better to answer this question than a former regulator.

Charles Yi served as general counsel of the Federal Deposit Insurance Corp. from 2015 to 2019, where he focused on policy initiatives and legislation, as well as the implementation of related rulemaking. He also served on the FDIC’s fintech steering committee.

In this interview, Yi talks about today’s deregulatory environment and shares his advice for banks looking to improve this critical relationship. He also explains the importance of a strong compliance culture and what boards should know about key technology-related risks.

Yi, now a partner at the law firm Arnold & Porter, in Washington, D.C., spoke to these issues at Bank Director’s Bank Audit & Risk Committees Conference. You can access event materials here.

BD: You worked at the FDIC during a time of significant change, given a new administration and the passage of regulatory relief for the industry. In your view, what do bank boards need to know about the changes underway in today’s regulatory environment?
CY: While it is true that we are in a deregulatory environment in the short term, bank boards should focus on prudent risk management, and safe and sound banking practices for the long term. Good fundamentals are good fundamentals, whether the environment is deregulatory or otherwise.

BD: What hasn’t changed?
CY: What has not changed is the cyclical nature of both the economy and the regulatory environment. Just as housing prices will not always go up, [a] deregulatory environment will not last forever.

BD: From your perspective, what issues are top of mind for bank examiners today?
CY: It seems likely that we are at, or near, the peak of the current economic cycle. The banking industry as a whole has been setting new records recently in terms of profitability, as reported by the FDIC in its quarterly banking profiles. If I [were] a bank examiner, I would be thinking through and examining for how the next phase of the economic cycle would impact a bank’s operations going forward.

BD: Do you have any advice for boards that seek to improve their bank’s relationship with their examiners?
CY: [The] same thing I would say to an examiner, which is to put yourself in the shoes of the other person. Try to understand that person’s incentives, pressures—both internal and external—and objectives. Always be cordial, and keep discussions civil, even if there is disagreement.

BD: What are some of the biggest mistakes you see banks make when it comes to their relationship with their examiner?
CY: Even if there is disagreement with an examiner, it should never become personal. The examiner is simply there to do a job, which is to review a bank’s policies and practices with the goal of promoting safety and soundness as well as consumer protection. If you disagree with an examiner, simply make your case in a cordial manner, and document the disagreement if it cannot be resolved.

BD: In your presentation at the Bank Audit & Risk Committees Conference, you talked about the importance of projecting a culture of compliance. How should boards ensure their bank is building this type of culture?
CY: Culture of compliance must be a focus of the board and the management, and that focus has to be communicated to the employees throughout the organization. The incentive structure also has to be aligned with this type of culture.

Strong compliance culture starts at the top. The board has to set the tone for the management, and the management has to be the example for all employees to follow. Everyone in the organization has to understand and buy into the principle that we do not sacrifice long-term fundamentals for short-term gain—which in some cases could end up being [a] long-term loss.

(Editor’s note: You can learn more about building a strong culture through Bank Director’s Online Training Series, Unit 16: Building a Strong Compliance Culture.)

BD: You served on the FDIC’s fintech steering committee, which—in a broad sense—examined technology trends and risks, and evaluated the potential impact to the banking system. Banks are working more frequently with technology partners to enhance their products, services and capabilities. What’s important for boards to know about the opportunities and risks here?
CY: Fintech is the next frontier for banking, and banks are rightly focused on incorporating technology into their mix of products and services. One thing to keep in mind as banks increasingly partner with technology service providers is that the regulators will hold the bank responsible for what the technology service provider does or fails to do with regard to banking functions that have been outsourced.

BD: On a final note: In your view, what are the top risks facing the industry today?
CY: I mentioned already the risks facing the industry as we contemplate the downhill side of the current economic cycle. One other issue that I know the regulators are and have been spending quite a lot of time thinking about is cybersecurity. What is often said is that a cyber event is not a question of if, but when. We can devote volumes of literature [to] talking about this issue, but suffice for now to say that it is and will continue to be a focus of the regulators.

Arnold & Porter was a sponsor of Bank Director’s Bank Audit & Risk Committees Conference.

Addressing the Top Three Risk Trends for Banks in 2019



As banks continue to become more reliant on technology, the risks and concerns around cybersecurity and compliance continue to grow. Bank Director’s 2019 Risk Survey, sponsored by Moss Adams LLP, compiled the views of 180 bank leaders, representing banks ranging from $250 million to $50 billion in assets, about the current risk landscape. Respondents identified cybersecurity as the greatest concern, continuing the trend from the previous five versions of this report and indicating an industry-wide struggle to fully manage this risk.

Other top trends included the use of technology to enhance compliance and the potential effect of rising interest rates. Here’s what banks need to know as they assess the risks they’ll face in the coming year.

Cybersecurity
Regulatory oversight and scrutiny around cybersecurity for banks seems to be increasing. Agencies including the Securities and Exchange Commission are focused on the cybersecurity reporting practices of publicly traded institutions, as well as their ability to detect intruders. The Colorado legislature recently passed a law requiring credit unions to report data breaches within 30 days. It’s no surprise that 83 percent of respondents said their concerns about cybersecurity had increased over the past year.

Most of the cybersecurity risk for banks comes from application security. The more banks rely on technology, the greater the chance they face of a security breach. Adding to this, hackers continue to refine their techniques and skills, so banks need to continually update and improve their cybersecurity skills. This expectation falls to the bank board, but the way boards oversee cybersecurity continues to vary: Twenty-seven percent opt for a risk committee; 25 percent, a technology committee and 19 percent, the audit committee. Only 8 percent of respondents reported their board has a board-level cybersecurity committee; 20 percent address cybersecurity as a full board rather than delegating it to a committee.

Compliance & Regtech
Utilizing technological tools to meet compliance standards—known as regtech—was another prevalent theme in this year’s survey. This is a big stress area for banks due to continually changing requirements. The previous report indicated that survey respondents saw increased expenses around regtech. This year, when asked which barriers they encountered around regtech, 47 percent responded they were unable to identify the right solutions for their organizations. Executives looking to decrease costs may want to consider whether deploying technology could allow for fewer personnel. When this technology is properly used, manual work decreases through increased automation.

Other compliance concerns for this year’s report included rules around the Bank Secrecy Act and anti-money laundering. Seventy-one percent of respondents indicated they implemented or plan to implement more innovative technology in 2019 to better comply with BSA/AML rules.

Compliance with the current expected credit loss standard was another area of concern. Forty-two percent of respondents indicated their bank was prepared to comply with the CECL standard, and 56 percent replied they would be prepared when the standard took place for their bank.

Interest Rate & Credit Risk
The potential for additional interest rate increases made this a new key issue for the 2019 report. When asked how an interest rate increase of more than 100 basis points, or 1 percent, would affect their banks’ ability to attract and retain deposits, 47 percent of respondents indicated they would lose some deposits, but their bank wouldn’t be significantly affected. Thirty percent indicated an increase would have no impact on their ability to compete for deposits.

However, 55 percent believed a severe economic downturn would have a moderate impact on their banks’ capital. In the event of such a downturn, deposits and lending would slow, and banks could incur more charge-offs, which would impact capital. This fluctuation can be easy to dismiss, but careful planning may help reduce this risk.

Assurance, tax, and consulting offered through Moss Adams LLP. Investment advisory services offered through Moss Adams Wealth Advisors LLC. Investment banking offered through Moss Adams Capital LLC.

How Innovative Banks Keep Up With Compliance Changes


compliance-6-5-19.pngBankers and directors are increasingly worried about compliance risk.

More than half of executives and directors at banks with more than $10 billion in assets said their concerns about compliance risk increased in 2018, according to Bank Director’s 2019 Risk Survey. At banks of all sizes, 39 percent of respondents expressed increasing concern about their ability to comply with changing regulations.

They’re right to be worried. In 2018, U.S. banks saw the largest amount of rule changes since 2012, according to Pamela Perdue, chief regulatory officer for Continuity. This may have surprised bankers who assumed that deregulation would translate to less work.

“The reality is that that is not the case,” she says. “[I]t takes just as much operational effort to unwind a regulatory implementation as it does to ramp it up in the first place.”

Many banks still rely on compliance officers manually monitoring websites and using Google alerts to stay abreast of law and policy changes. That “hunt-and-peck” approach to compliance may not be sufficiently broad enough; Perdue said bankers risk missing or misinterpreting regulatory updates.

This potential liability could also mean missed opportunities for new business as rules change. To handle these challenges, some banks use regulatory change management (RCM) technology to aggregate law and policy changes and stay ahead of the curve.

RCM technology offerings are evolving. Current offerings are often included in broader governance risk and compliance solutions, though these tools often use the same manual methods for collecting and processing content that banks use.

Some versions of RCM technology link into data feeds from regulatory bodies and use scripts to crawl the web to capture information. This is less likely to miss a change but creates a mountain of alerts for a bank to sort through. Some providers pair this offering with expert analysis, and make recommendations for whether and how banks should respond.

But some of the most innovative banks are leveraging artificial intelligence (AI) to manage regulatory change. Bank Director’s 2019 Risk Survey revealed that 29 percent of bank respondents are exploring AI, and another 8 percent are already using it to enhance the compliance function. Companies like San Francisco-based Compliance.ai use AI to extract regulatory changes, classify them and summarize their key holdings in minutes.

While AI works exponentially faster than human compliance officers, there are concerns about its accuracy and reliability.

“I think organizations need to be pragmatic about this,” says Compliance.ai chief executive officer and co-founder Kayvan Alikhani. “[T]here has to exist a healthy level of skepticism about solutions that use artificial intelligence and machine learning to replace what a $700 to $800 an hour lawyer was doing before this solution was used.”

Compliance.ai uses an “Expert in The Loop” system to verify that the classifications and summaries the AI produced are accurate. This nuanced version of supervised learning helps train the model, which only confirms a finding if it has higher than 95 percent confidence in the decision.

Bankers may find it challenging to test their regulatory technology systems for accuracy and validity, according to Jo Ann Barefoot, chief executive officer of Washington-based Barefoot Innovation Group and Hummingbird Regtech.

“A lot of a lot of banks are running simultaneously on the new software and the old process, and trying to see whether they get the same results or even better results with the new technology,” she says.

Alikhani encourages banks to do proofs of concept and test new solutions alongside their current methodologies, comparing the results over time.

Trust and reliability don’t seem to be key factors in bankers’ pursuit of AI-based compliance technology. In Bank Director’s 2019 Risk Survey, only 11 percent of banks said their bank leadership teams’ hesitation was a barrier to adoption. Instead, 47 percent cited the inability to identify the right solution and 37 percent cited a lack of viable solutions in the marketplace as the biggest deterrents.

Bankers who are adopting RCM are motivated by expense savings, creating a more robust compliance program and even finding a competitive edge, according to Barefoot.

“If your competitors are using these kinds of tools and you’re not that’s going to hurt you,” she says.

Potential Technology Partners

Continuity

Combines regulatory data feeds with consultative advice about how to implement changes.

Compliance.ai

Pairs an “Expert in the Loop” system to verify the accuracy of AI summaries and categorization

OneSumX Regulatory Change Management from Wolters Kluwer

Includes workflows and tasks that help banks manage the implementation of new rules and changes

BWise

Provides impact ratings that show which parts of the bank will be impacted by a rule and the degree of impact

Predict360 from 360factors

Governance risk and compliance solution that provides banks with access to the Code of Federal Regulations and administrative codes for each state

Learn more about each of the technology providers in this piece by accessing their profiles in Bank Director’s FinXTech Connect platform.

The Latest Look at the “New CFPB”


CFPB-5-28-19.pngOn April 17, Consumer Financial Protection Bureau Director Kathleen Kraninger delivered her first policy speech at the Bipartisan Policy Center. She touched rule promulgation, supervision and enforcement, previewing of the tone and direction of the CFPB under her leadership.

Rule Pomulgation
One important concern for banks will be rule promulgation at the agency, or how the bureau proposes, enacts and enforces regulations. In the speech, Kraninger said that the bureau will release proposed rules to implement the Fair Debt Collection Practices Act in the coming weeks.

The promulgation of these rules has been in the CFPB’s pipeline since the Dodd-Frank Act transferred rulemaking authority related to the state exemptions under the Fair Debt Collection Practices Act to the bureau. We saw proposed rulemaking in 2013, followed by various pushes under the tenure of former Director Richard Cordray. Through these pushes in between 2011 and 2017, we learned that the CFPB’s efforts in the Fair Debt Collection Practices Act space were broad and, the industry argued, unduly burdensome on creditors. These efforts included rules to address litigation disclosures, information integrity and associated liability, time-barred debt and, possibly, first-party collector liability.

In contrast, Kraninger focused on how the new rules will provide clear, bright-line limits on the number of calls consumers may receive and how to communicate using newer technology such as email or text messages—issues the industry has sought guidance on. It will be interesting to contrast the proposed actions outlined under Cordray’s tenure to the rules issued under Kraninger.

As Kraninger made clear in her speech, “[b]ecause rules are general standards, they are not best articulated on a case-by-case basis through enforcement actions.” Rather, she said they should be developed through transparent rulemaking that allows stakeholders to submit comments and include “rigorous” economic and market analysis as well as judicial review.

Supervision
In her speech, Kraninger reiterated that “supervision is the heart of this agency–particularly demonstrated by the percentage of our personnel and resources dedicated to conducting exams.”

Though she shares this sentiment with Cordray, she pointed out that “the bureau is not the only government regulator supervising any given entity” and that it must “ensure that we do not impose unmanageable burdens while performing our duties.”

This may be the clearest demarcation between the two directors. Cordray’s leadership did not seem to consider the “burden” of supervision experienced by a supervised entity; that regime was solely focused on consumer protection.

While the industry has yet to see a substantial shift in the approach to supervision, Kraninger’s remarks hint that we will see some relief as the CFPB considers its approach to exams. The agency could make changes in the prioritization and frequency of exams, the size of the exam teams, the number days spent on-site, the supporting systems and job aids, the time it takes to complete an exam and deliver a report and how the bureau empowers examiners to provide input on the process.

Enforcement
Kraninger also stated that “enforcement is an essential tool Congress gave the bureau,” another echo to Cordray’s leadership. However, she diverged by adding that “purposeful enforcement is about utilizing robust resources most effectively to focus on the right cases to reinforce clear rules of the road.”

Kraninger’s use of the phrase “clear rules of the road” is interesting. Justice Brett Kavanaugh, then on the U.S. Court of Appeals for the District of Columbia Circuit, used similar imagery when he criticized the lack of due process in the CFPB’s “regulation through enforcement” approach with regards to their PHH enforcement action.

“Imagine that a police officer tells a pedestrian that the pedestrian can lawfully cross the street at a certain place. The pedestrian carefully and precisely follows the officer’s direction. After the pedestrian arrives at the other side of the street, however, the officer hands the pedestrian a $1,000 jaywalking ticket. No one would seriously contend that the officer had acted fairly or in a manner consistent with basic due process in that situation,” he wrote in the 2016 decision for PHH Corp. v. CFPB. “Yet that’s precisely this case.”

While only time can tell, it appears that the industry can expect clear guidance and that rules that redefine industry standards will proceed related enforcement efforts.

The more activity from the “New CFPB,” the more observers will be able to gauge how it interacts with institutions. The shift occurring under the agency’s new leadership will most likely impact those companies that push regulatory boundaries. We continue to see a deep review of institutions’ core compliance management systems and associated controls. If your bank is wading into an unsettled regulatory area, you would best served in documenting the decision-making process, including considerations of the existing regulatory framework.

An Easy Way to Learn More About Banking


governance-5-24-18.pngEvery year when Richard Davis was the chief executive officer of U.S. Bancorp, he would travel to see Warren Buffett in Omaha, Nebraska.

“The meetings were always on the same day and always lasted exactly an hour and 15 minutes,” Davis once told me. “That wasn’t the plan. It just happened that way.”

Even though the meetings went over an hour, however, there were never people in the waiting room annoyed that the conversation went long. The tranquility was refreshing to Davis, who was accustomed to days packed with back-to-back meetings.

Buffett guards his time. He spends 80 percent of his day reading and thinking, he has said.

A student at Columbia University once asked Buffett, the chairman and CEO of Berkshire Hathaway, how to become a great investor. “Read 500 pages like this every day,” Buffett said, holding up a stack of papers. “That’s how knowledge works. It builds up, like compound interest. All of you can do it, but I guarantee not many of you will do it.”

The same is true of banking, I believe.

But where should one start? What are the most important things to read if one wants to learn more about banking?

As someone who has been immersed in banking literature for nearly a decade, I recommend starting with the annual shareholder letters written by a trio of top-performing bankers.

The best known is Jamie Dimon’s annual letter written to the shareholders of JPMorgan Chase & Co.

“Jamie Dimon writes the best annual letter in corporate America,” Buffett said on CNBC in early 2012. “He thinks well. He writes extremely well. And he works a lot on the report—he’s told me that.”

In his letter this year, Dimon talks about JPMorgan’s banking philosophy. He talks about leadership. He talks about the things JPMorgan doesn’t worry about: “While we worry extensively about all of the risks we bear, we essentially do not worry about things like fluctuating markets and short-term economic reports. We simply manage through them.”

And Dimon comments extensively on an array of critical issues facing not just the banking industry, but the broader economy and society: “[I]t is clear that partisan politics is stopping collaborative policy from being implemented, particularly at the federal level. This is not some special economic malaise we are in. This is about our society. We are unwilling to compromise. We are unwilling or unable to create good policy based on deep analytics. And our government is unable to reorganize and keep pace in the new world.”

A second CEO who writes an especially insightful letter is William Demchak at Pittsburgh-based PNC Financial Services Group.

In his latest letter, Demchak delves into PNC’s retail growth strategy, outlining the bank’s expansion into new markets using a combination of physical locations, aggressive marketing and digital delivery channels.

Demchak also discusses the changes underway in banking: “It’s an amazing time in the industry—exciting, if you’ve been preparing for it, and probably terrifying if you haven’t. . . . [I]n some ways, it feels like we’re running through the woods with 5,400 other players and one big bear: retail customers and deposit consolidation. Some will be lost in the chaos; others will fall victim to bad decisions and the realization that they waited too long to start moving toward the future.”

Last but not least is the letter written by Rene Jones at M&T Bank Corp, a regional lender with $120 billion in assets based in Buffalo, New York. Of all the annual messages written by bank CEOs this year, Jones’ does the most to advance the industry’s narrative.

It’s crafted around two arguments, the first of which concerns the growing share of retail deposits held by the nation’s biggest banks. This trend isn’t simply a function of scale and technology, Jones argues. It’s also driven by demographic patterns.

“Historically, deposit growth itself is highly correlated to increased employment, income and population,” Jones writes. “The banks with the most scale have benefited from their outsized presence in the largest U.S. markets, which unlike past recoveries, have experienced a disproportionate share of the nation’s economic growth.”

Jones’ second argument concerns the need to refine the existing regulatory framework: “Regulation, like monetary policy, is a tool whose purpose is simultaneously to promote the economy while protecting those who operate within it. It is a difficult balance—especially so after significant events such as the financial crisis. The practice of implementing and adjusting regulation is both necessary and healthy, because its impacts are felt by communities large and small.”

Jones’ message will resonate with bankers, as M&T has long been an unofficial spokesman for the industry on regulatory matters, giving voice to their frustration with the sharp swing in the regulatory pendulum over the past decade.

In short, all these letters are worth the modest amount of time they take to read. They are three of the leading voices in banking today. There’s a reason someone like Warren Buffett reads what they write.

Why Your Board’s Risk Committee Structure Matters


committee-4-18-19.pngCommunity bank boards have a lot of regulatory leeway when it comes how they oversee the critical risks facing their organizations, including cybersecurity. Because of this latitude, many boards are working to find the best way to properly address these risks, congruent with the size and complexity of their institution.

“We’re evolving, and I think banks our size are evolving, because we are in that grey area around formal risk management,” says Robert Bradley, the chief risk officer at $1.4 billion asset Bank of Tennessee, based in Kingsport, Tennessee. “There’s no one way to approach risk management and governance.”

As a result, some banks govern risk within a separate risk committee, while others opt for the audit committee or address their institution’s risks as a full board.

And governance of cybersecurity is even more unresolved. Most oversee cybersecurity within the risk committee (27 percent) or technology committee (25 percent), according to Bank Director’s 2019 Risk Survey. A few—just 8 percent—have established a board-level cybersecurity committee.

“Those that have formed a cyber committee, whether they’re small or big, I think it’s an indication of how significant they believe it is to the institution,” says Craig Sanders, a partner at survey sponsor Moss Adams.

Does a bank’s governance structure make a difference in how boards approach oversight? It might. Our analysis finds a correlation between committee structure and executive responsibilities, communications with key executives and board discussions on risk.

The majority of respondents say their bank employs a chief information security officer, though many say that executive also focuses on other areas of the bank. Whether a bank employs a dedicated CISO tends to be a function of the size and complexity of the bank’s cyber program, says Sanders.

Banks that govern cybersecurity within a risk committee or a cybersecurity committee are more likely to employ a CISO.

CISO.png

The reporting structure for the CISO varies, with a majority of CISOs reporting to the CEO (32 percent) and/or the chief risk officer (31 percent). However, the reporting structure differs by committee.

Banks with a cybersecurity committee seem to prefer that their CISO reports to the CEO (36 percent). However, 27 percent say the CISO reports to the CRO, and a combined 27 percent say the CISO reports to the chief information officer or chief technology officer. Similarly, if cybersecurity is overseen in the technology committee, the CISO often reports to the CEO (33 percent) and/or the CIO or CTO (a combined 29 percent).

However, the CISO is more likely to report to the CRO (49 percent) if cybersecurity is governed within the risk committee.

Interestingly, the audit committee is most likely to insert itself into the CISO’s reporting structure when it governs cybersecurity. Of these, 32 percent say the CISO reports to the audit committee, 37 percent to the CEO and 32 percent to the CRO.

Sanders believes more CISOs should report to the relevant committee or the full board. “I view that position almost like internal audit. They shouldn’t be reporting up through management,” he says.

Establishing a dedicated committee is a visible sign that a board is taking a matter seriously. Committees can also provide an opportunity for directors to focus and educate themselves on an issue. So, it’s perhaps no surprise that the few bank boards that have established cybersecurity committees are dedicating more board time to the subject, as evidenced in this chart.

cybersecurity.png

Risk and audit committees are tasked with a laundry list of issues facing their institutions. It’s hard to fit cybersecurity into the crowded agendas of these committees. However, it does make one question whether cybersecurity is addressed frequently enough by these boards.

Governance structure also seems to impact how frequently cybersecurity is discussed by the full board. With a cybersecurity committee, 46 percent say cybersecurity is part of the agenda at every board meeting, and 27 percent discuss the issue quarterly. Boards that address cybersecurity in the risk or audit committee are more likely to schedule a quarterly discussion as a board.

review.png

When boards take responsibility for cybersecurity at the board level—rather than assigning it to a committee—almost half say cybersecurity is on the agenda twice a year or annually. With this structure, 31 percent discuss it at every board meeting.

How frequently should boards be talking about cybersecurity?

“More is better, right?” says Sanders. “The requirement, from a regulatory standpoint, is that you only report to the board annually. So, anybody that’s doing it more than annually is exceeding the regulator’s expectation,” which is a good approach, he adds.

Few banks have cybersecurity committees, and it’s worth noting that boards with a cybersecurity committee are more likely to have a cybersecurity expert as a member. That expertise likely makes them feel better equipped to establish a committee.

Community bank boards have long grappled with how to govern risk in general. For several years following the enactment of the Dodd-Frank Act in 2010, risk committees were only required at banks above $10 billion in assets. Now, following passage of the Economic Growth, Regulatory Relief and Consumer Protection Act in 2018, that threshold is even higher, at $50 billion in assets.

But if it ain’t broke, don’t fix it: The 2019 Risk Survey confirms that boards aren’t suddenly dissolving their risk committees. Forty-one percent of banks—primarily, but not exclusively, above $1 billion in assets—have a separate board-level risk committee.

The survey indicates there’s good reason for this.

Ninety-six percent of respondents whose bank governs risk within a board-level risk committee say the CRO or equivalent meets quarterly or more with the full board. Audit committees are almost on par, at 89 percent. But interestingly, that drops to 79 percent at banks who oversee risk as a full board.

Bank of Tennessee’s audit and risk committee meets quarterly, and Bradley says that getting a handle on the bank’s overall risk governance is a priority for 2019. That includes getting more comprehensive information to the board.

“The board has all the right governance and oversight committees for ALCO, for credit, for all of those kinds of things, but we haven’t had a one-stop-shop rollup for [the overall risk] position of the bank, and that’s one of the things I’m focused on for 2019,” Bradley says. “Going forward, what I would like to do is [meet] with the risk committee at least quarterly, and with the full board, probably twice a year.”

Bank Director’s 2019 Risk Survey, sponsored by Moss Adams, reveals the views of 180 bank leaders, representing banks ranging from $250 million to $50 billion in assets, about today’s risk landscape, including risk governance, the impact of regulatory relief on risk practices, the potential effect of rising interest rates and the use of technology to enhance compliance. The survey was conducted in January 2019.

For additional information on the responsibilities of a bank’s risk committee, please see Bank Director’s Board Structure Guideline titled “Risk Committee Structure.”

How A New Court Decision Could Change Bank M&A


merger-3-11-19.pngA recent decision by the Delaware Supreme Court relating to a merger between two pharmaceutical companies that was terminated before closing could have implications on bank mergers and acquisitions.

On Dec. 7, 2018, the Delaware Supreme Court affirmed the lower court’s ruling in Akorn v. Fresenius Kabi that a Material Adverse Effect (“MAE”) had occurred with respect to Akorn under the terms of its merger agreement with Fresenius.

The Supreme Court upheld the lower court’s determination that (1) Akorn had suffered an MAE under the terms of the agreement that excused Fresenius from its obligation to close the transaction, and (2) Fresenius properly terminated the merger agreement because of Akorn’s breach of its regulatory representations and warranties under the merger agreement, which gave rise to an MAE, and Fresenius had not materially breached the merger agreement (which would have prevented it from exercising its termination rights).

Why the Akorn Case Is Important

  • This is the first ruling in Delaware that an MAE had occurred in a merger transaction, allowing the buyer to walk away from a signed merger agreement.
  • The lower court’s opinion provides unprecedented guidance for future negotiation and litigation of MAE clauses.
  • The decision is applicable to all industries, including the banking industry, and makes it clear that, first, the heavy burden to establish an MAE with respect to the target remains with the buyer.

How The Case Impacts Bank M&A

  • Merger partners should carefully consider the categories of events or changes, as well as any specific events, that should be excluded from the MAE definition, ensuring that the definition accurately reflects the agreed upon allocation of risk between the parties.
  • Sellers should exclude industry-wide changes impacting the seller, while buyers should be mindful to provide that broad industry changes that disproportionately affect the seller are not carved out from the definition.
  • Typical carve-outs from the MAE definition in a bank merger agreement include: changes in laws and regulations affecting banks or thrift institutions, changes in GAAP, changes in the value of securities or loan portfolio or value of deposits or borrowings resulting from a change in interest rates, and changes relating to securities markets in general.
  • Buyers who are uncomfortable with the broad definition of an MAE, even following Akorn, and are significantly larger than the seller may wish to consider inclusion of a few specific financial closing conditions to supplement the broad MAE clause.
  • Buyers in the bank M&A context should in good faith continue the regulatory approval process even while contemplating terminating the deal over a possible MAE — having “clean hands” matters.

How the Court Found an MAE
Fresenius, a German pharmaceutical company, and a U.S. generic drug manufacturer, Akorn, formally agreed in April 2017 to merge.

Shortly after, Akorn’s financial performance “fell off a cliff;” its revenues declined the next four quarters by 29 percent, 29 percent, 34 percent and 27 percent, respectively. Its operating income plummeted 84 percent, 89 percent, 292 percent and 134 percent, respectively, during the same period.

Fresenius terminated the merger agreement in April 2018, asserting that Akorn had suffered a general MAE. Fresenius further asserted it had an explicit right to terminate the merger agreement because Akorn breached its regulatory compliance representations and warranties. Akorn’s lawsuit followed, seeking for the court to force Fresenius to close the transaction.

The Court of Chancery determined Akorn suffered a general MAE, which resulted from issues that disproportionately affected Akorn compared to similar companies in its industry. Focusing on the plain text of the merger agreement, the court determined that Akorn bore the general risk of the MAE and through several carve-outs to the provision, Fresenius bore the “systemic” risks related to Akorn’s industry. However, through specific exclusions from these carve-outs, the risk was shifted back to Akorn in the event that the risks disproportionately affected Akorn’s business as compared to other participants in its industry. In analyzing whether the effect was “material,” the court stated the effect should “substantially threaten the overall earnings potential of the target in a durationally-significant manner.”

In other words, the court determined that Akorn’s dramatic downturn in performance was significant because it had persisted for a year and had no sign of abating, rejecting Akorn’s argument that any assessment of the decline in its value should be measured not against its performance as a standalone entity but against its value to Fresenius as a buyer.

Conclusion
This case is directly applicable to the banking industry. Many banks suffered dramatic declines in earnings during the financial crisis that would be considered durationally significant within the framework reinforced by Akorn. Causes included massive credit losses, drastic margin compression and the regulatory reaction to the crisis. Banks need to take into account their risk profile and that of their merger partner when negotiating the MAE definition and consider how it would work under a variety of adverse economic environments.

Three New Ways the FDIC Is Helping Community Banks


regulation-3-8-19.pngIf there’s one takeaway from the Federal Deposit Insurance Corp.’s latest annual report, it’s that there’s a new sheriff in town.

The sheriff, Jelena McWilliams, isn’t literally new, of course, given the FDIC’s new chairman was confirmed in May 2018. Yet, it wasn’t until last month that her imprint on the FDIC became clear, with the release of the agency’s annual report.

In last year’s report, former Chairman Martin Gruenberg spent the first half of his Message from the Chairman—the FDIC’s equivalent to an annual shareholder letter—reviewing the risks facing the banking industry and emphasizing the need for banks and regulatory agencies to stay vigilant despite the strength of the ongoing economic expansion.

“History shows that surprising and adverse developments in financial markets occur with some frequency,” wrote Gruenberg. “History also shows that the seeds of banking crises are sown by the decisions banks and bank policymakers make when they have maximum confidence that the horizon is clear.”

The net result, wrote Gruenberg, is that, “[w]hile the banking system is much stronger now than it was entering the crisis, continued vigilance is warranted.”

Gruenberg’s tone was that of a parent, not a partner.

This paternalistic tone is one reason that bankers have grown so frustrated with regulators. Sure, regulators have a job to do, but to imply that bankers are ignorant of the economic cycle belies the fact that most bankers have more experience in the industry than regulators.

This is why McWilliams’ message will come as a relief to the industry.

It’s not that she disagrees with Gruenberg on the need to maintain vigilance, because there’s no reason to think she does. But the tone of her message implies that she views the FDIC as more of a partner to the banking industry than a parent.

This is reflected in her list of priorities. These include encouraging more de novo formations, reducing the regulatory burden on community banks, increasing transparency of the agency’s performance and establishing an office of innovation to help banks understand how technology is changing the industry.

To be clear, it’s not that Gruenberg didn’t promote de novo formations, because he did. It was under his tenure that the FDIC conducted outreach meetings around the country aimed at educating prospective bank organizers about the application process.

But while Gruenberg’s conversation about de novo banks was buried deep in his message, it was front and center in McWilliams’ message, appearing in the fourth paragraph.

“One of my top priorities as FDIC Chairman is to encourage more de novo formation, and we are hard at work to make this a reality,” wrote McWilliams. “De novo banks are a key source of new capital, talent, ideas, and ways to serve customers, and the FDIC will do its part to support this segment of the industry.” Twitter_Logo_Blue.png

To this end, the FDIC has requested public comment on streamlining and identifying potential improvements in the deposit insurance application process. Coincidence or not, the number of approved de novo applications increased last year to 17—the most since the financial crisis.

The progress on McWilliams’ second priority, chipping away at the regulatory burden on community banks, is more quantifiably apparent.

The FDIC eliminated over 400 out of a total of 800 pieces of outstanding supervisory guidance and, in her first month as chairman, launched a pilot program that allows examiners to review digitally scanned loan files offsite, reducing the length of onsite exams.

Relatedly, the number of enforcement actions initiated by the FDIC continued to decline last year. In 2016, the FDIC initiated 259 risk and consumer enforcement actions. That fell to 231 the following year. And in 2018, it was down to 177.

“We will continue [in 2019] to focus on reducing unnecessary regulatory burdens for community banks without sacrificing consumer protections or prudential requirements,” McWilliams wrote. “When we make these adjustments, we allow banks to focus on the business of banking, not on the unraveling of red tape.”

Another of McWilliams’ priorities is promoting transparency at the agency. This was the theme of her first public initiative announced as chairman, titled “Trust through Transparency.”

The substance of the initiative is to publish a list of the FDIC’s performance metrics online, including call center response rates and turnaround times for examinations and applications. In the first two months the webpage was live, it received more than 34,000 page views.

Finally, reflecting a central challenge faced by banks today, the FDIC is in the process of establishing an Office of Innovation that, according to McWilliams, “will partner with banks and nonbanks to understand how technology is changing the business of banking.”

The office is tasked with addressing a number of specific questions, including how the FDIC can provide a safe regulatory environment that promotes continuous innovation. It’s ultimate objective, though, is in line with McWilliams’ other priorities.

“Through increased collaboration with FDIC-regulated institutions, consumers, and financial services innovators, we will help increase the velocity of innovation in our business,” wrote McWilliams.

In short, while the industry has known since the middle of last year that a new sheriff is in town at the FDIC, the agency’s 2018 annual report lays out more clearly how she intends to govern.