A Five-Pronged Approach to Dealing with the New Regulatory Landscape

bsns-maze.jpgWhen it comes to compliance, the first step in preparing for the year ahead is to look at the immediate past. Regulators now have higher expectations. There is very low tolerance, if any, for regulatory infractions. Banks face a high degree of pressure to keep residual risk in check while still conducting business profitably. There will likely be mistakes, but the mistakes must be kept to manageable ones that do not fundamentally affect consumer rights. Examinations are tougher. The supervisory focus is on fairness to consumers. Regulators scrutinize data for accuracy and meaning.

The consequences of noncompliance are severe.  In 2011 and 2012, we saw financial institutions reach settlements with the Consumer Financial Protection Bureau (CFPB), the Department of Justice, and the prudential bank regulators for violations of consumer protection and other laws in excess of $1 billion. Not only are the settlements larger than ever, but they include refunds to affected customers as well as penalties. Even more than in the past, the reputational damage from enforcement actions can take years to recover from.

The Year Ahead

The year 2013 will bring continued concern about the daunting challenges posed by regulatory change for U.S. financial institutions. Of the nearly 400 rules required by the Dodd-Frank Act, only about one-third have been finalized, and another third have yet to be proposed, according to Davis Polk & Wardell LLP.  The new requirements are likely to trickle out for years to come. They, along with the adjustments financial institutions must make to accommodate the newly-formed CFPB, will surely test the mettle of even the strongest companies and keep continued pressure on the bottom line. During the year ahead, this consumer-focused scrutiny will take the form of not only deeper and more probing examinations, but more expensive penalties for noncompliance. 

High Risk Areas with Increased Vulnerability

Indications are this trend of focusing on consumer risk will continue in 2013.  We will continue to see supervisory interest in a number of key areas, such as:

  • Fair and responsible products and services
  • Mortgage origination and servicing
  • Treatment of consumer complaints
  • Data integrity
  • Servicemembers Civil Relief Act issues
  • Lender compensation
  • Overdraft protection programs
  • Student lending
  • Reverse mortgage lending
  • Compliance management systems

Governance Guidance for 2013

Successfully navigating the consumer-focused scrutiny in 2013 will depend on whether your institution adopts an integrated, proactive approach to compliance risk management.  To get started, directors must set the tone. First, take responsibility and ownership of your bank’s risks. Know where your bank’s risks are. Understand what your data says about you—including consumer complaints. Wherever possible, control and prevent problems; be confident that you will know where the next problem will surface. And we can’t emphasize this point strongly enough: Manage risks on an integrated basis across the enterprise.

Five Prong Approach to Preparing for 2013

There are a number of actions institutions can take to prepare themselves for 2013 and the regulatory and supervisory deluge to come. We recommend a five-prong strategy for preparing your institution to successfully meet these challenges.

One: Compliance Culture.  Instill a culture that embraces a consumer-centric, principles-based regulatory model. 

Two: Compliance Management System.  Build an integrated system of compliance management with board oversight, a comprehensive program, complaint management, and compliance audit.  

Three: Risk Assessments. Assess risk to the institution as well as the impact of products and services on the consumer.

Four: Fair Lending Risk Assessments. Subject lending data to in-depth statistical analysis, and give products and practices intensified review.

Five: Enterprise Reporting.  Implement a system of compiling information across the risk spectrum on an integrated basis and reporting the right level of detail to the right audience.

Understanding risk is an essential component of any proactive program. When it comes to predicting what will happen in 2013, we can all reasonably expect today’s trends to continue into the foreseeable future. The best strategy is to proactively prepare.

Standard Chartered and Anti-Money Laundering: Trends to Watch

money-laundry.jpgStandard Chartered Bank, a part of United Kingdom-based Standard Chartered PLC, last summer quickly settled a complaint brought by the New York State Department of Financial Services (DFS) to the tune of $340 million over allegations that it had violated anti-money laundering laws. The bank still faces wide-ranging investigations from various state and federal regulators, pursuant to their respective anti-money laundering (AML) authority.

The Standard Chartered case is only the latest of several such regulatory matters demonstrating the aggressive enforcement environment imposed upon banks today by multiple regulators, often with very different agendas. The case also highlights the significant power and leverage held by U.S. regulators, and how difficult it can be to effectively challenge regulatory allegations of wrongdoing once those investigations gather momentum. 

The Standard Chartered enforcement case relates to the U.S. branch of the bank handling transactions for Iranian account holders and banks. Since the 1979 Iranian hostage crisis, the United States has imposed strict limitations on the manner in which financial institutions are allowed to transact business with Iran and its citizens. In recent years, the scope of the sanctions has increased, as have related enforcement matters.

The underlying conduct in the Standard Chartered case involved so-called “U-turn” transactions. Prior to November 2008, U.S. financial institutions were permitted to process certain transactions that, although conducted on behalf of Iranian account-holders, did not pass through Iranian banking institutions.  Federal regulations accordingly required that transactions involving Iranian entities were only permitted to pass through the U.S. financial system on their way from one non-U.S., non-Iranian financial institution to another. Such Iranian-related transactions were required to be reported to federal regulators, and transactions with some individuals and organs of the Iranian government were still prohibited. In 2008, U.S. regulators flatly prohibited any further U-turn transactions, after becoming suspicious that they were being used to finance Iran’s nuclear weapons program and support for terrorist organizations.  

The New York DFS filed its complaint against Standard Chartered on August 6, 2012, with a substantial amount of publicity.  The New York regulator alleged that in addition to completing U-turn transactions, some of which may have been permissible, Standard Chartered systematically stripped or masked information about the Iranian account holders from its transaction documents, making it impossible for the bank’s U.S. branch to evaluate the legitimacy of approximately 60,000 transactions over several years.  Through citation to numerous inflammatory emails and interview snippets, the regulator’s complaint depicted an organization that engaged in conscious activities to hide wrongful transactions from U.S. and state regulators. The complaint claims that the violations were all the more troubling because the bank was under a formal supervisory action from 2004 to 2007 by state and federal regulators related to money laundering compliance failures. Although the bank’s senior management denied any wrongdoing, a notion that U.K. regulators affirmatively supported, the New York regulator threatened to revoke the firm’s state banking license.  Facing a sanction that would have closed its New York operations, Standard Chartered had little option but to settle. 

As it turns out, however, settling with New York over the Iranian allegations will likely be just the first step in a regulatory settlement process for the bank.  The U.S. Department of Justice, the Treasury Department’s Office of Foreign Assets Control and various U.K. regulators are also investigating money laundering violations at the bank.  Additionally, the New York DFS complaint makes clear that the state regulator is still investigating similar issues involving Libya, Myanmar and Sudan. 

The Standard Chartered case is the just the most recent of many AML enforcement matters that multiple regulators in the United States have been pursuing, with several expected to be announced in the near future. 

In June of this year, ING Bank paid the largest money laundering settlement on record, $619 million, to address claims by the U.S. Department of Justice and the Manhattan District Attorney’s office that it hid billions of dollars in transactions in its U.S. branches involving Cuban and Iranian account holders. 

In August 2010, Barclays paid $298 million to the U.S. Department of Justice and Manhattan prosecutors associated with account transactions for individuals from Cuba, Sudan and other countries subject to U.S. sanctions.

In December 2009, ABN AMRO settled money laundering claims with the U.S. Department of Justice and Manhattan prosecutors, paying $500 million to address allegedly improper transactions with Iran and Sudan, having paid $80 million to settle similar allegations in 2005. 

In 2009, Lloyds TSP Group PLC paid a combined $567 million in two settlements, one with the Department of Justice and Manhattan prosecutors and the second with the U.S. Treasury because of alleged prohibited transactions with Iran and Sudan. 

In 2009, Credit Suisse Group paid the U.S. Department of Justice and Manhattan prosecutors $536 million related to transactions with clients in Libya, Sudan, Myanmar and Cuba. 

Finally, HSBC has announced a $700 million reserve to deal with expected fines and penalties arising out of its own money laundering allegations by U.S. and U.K. regulators.

The common theme that emerges from all of these cases is that regulators are aggressively pursuing AML cases against banks—and demanding large settlements—with increased frequency. Regulators that in the past may have worked on a more cooperative basis with banks are increasingly referring matters to criminal authorities, and new regulators are seeking to establish their relevance with brash actions. The aggressive pursuit of these cases and the multiple regulators involved at both the state and federal level will make it that much more difficult for companies to navigate regulatory processes once investigations begin. Additionally, as shown by the Standard Chartered case, U.S. regulators have substantial powers to shut down an organization’s operations and are often willing to use this authority without regard to the broader harm.

Facing such sanctions, it is often impossible for a legitimate bank to force a regulator to actually prove its case at trial. As frustrating as it may be, often the most practical approach to an AML investigation is to make your case in a forceful manner during negotiations, but to then find the path to an acceptable settlement. Such an approach often starts well before negotiations begin by establishing credibility with regulators throughout the investigation process by taking their concerns seriously, responding quickly and candidly to requests for information, and acknowledging any compliance issues where appropriate, but remaining firm on key points of contention.

Will the New Rules on Compensation Risk Really Help?

Following up on Bank Director’s Bank Executive & Board Compensation conference last week, we asked attorneys for their opinions on the latest rules on compensation risk and whether they really found them necessary or helpful. In a word? No. Although the exact impact remains to be seen, many feel that these new rules will actually hurt more than they help. 

Will the new federal rules on compensation risk make the banking industry safer? 

Doug-Faucette.jpgIn the context of banks that are too big to fail and too big to govern, the rules will have only a marginal impact. Clearly Jamie Dimon was as surprised as anyone when the London whale caused the bank a multibillion dollar portfolio trading loss, but to say that compensation rules lead to reckless speculation is to miss the point. The losses suffered by J.P. Morgan Chase & Co. were not a result of misplaced compensation incentives, but a lack of sufficient controls over activities which are culturally risk intensive. It is doubtful that the London whale would have avoided speculative trades if his contract penalized his poor performance or risk taking. Performance-based compensation trends and regulatory restrictions on incentive based compensation are in conflict. It is ironic that during a time when incentive-based compensation is on the rise, and scrutiny over peer comparisons and total shareholder returns is increasing, regulators would blame compensation arrangements as a cause of the crisis.

—Doug Faucette, Locke Lorde LLP 

John-Gorman.jpgNot really.  Changes in substance, if any, will occur on the outside edges, the extremes if you will, of prior bank compensation practices, which will impact very few community institutions. Compensation practices for community banks have never amounted to a threat to the industry or the insurance fund. For most institutions, there will be tweaks and changes that will occur to show responsiveness to the regulatory concerns, probably as much in the lower ranks (e.g., with respect to loan origination pay) as in the executive suite.  Every institution is required to conduct a risk assessment of their incentive compensation programs, and this should be documented at the board level.  We would recommend that every institution institute a clawback policy for executive compensation.  This is a good citizenship move, makes sense from all angles, and is easy to implement.  We also expect to see more incentive compensation paid in the form of restricted stock for public companies.

—John Gorman, Luse Gorman Pomerenk & Schick, PC  

Podvin_John.jpgThe interagency rules implementing Section 956 of Dodd-Frank limiting compensation in banks larger than $1 billion in assets are not finalized yet.  It remains to be seen whether these rules will change the product mix offered by banks going forward under the guise of restricting compensation.  It also remains to be seen whether there will be “trickle-down” of these rules to banks with assets of less than $1 billion.  Another unintended consequence might be if the rules restrict compensation to an extent that some of the best and brightest minds leave the banking industry for greener pastures. Does that actually make the banking industry safer? 

—John Podvin, Haynes and Boone, LLP  

Mark-Nuccio.jpgFundamentally, this is less about safety than it is a criticism of board level supervision of executive pay levels. At least, compensation consultants are happy. 

—Mark Nuccio, Ropes & Gray LLP 


Horn_Charles.jpgThe regulation of incentive-based compensation practices is a key aspect of the Dodd-Frank Act.  It is based on the view that executive and senior manager compensation practices at financial institutions during the years leading up to the financial crisis failed to properly align compensation with appropriate risk-taking, and may have led to practices and activities that were inconsistent with the long-term health of financial institutions. The financial regulatory agencies proposed incentive compensation standards and disclosure requirements 18 months ago, and these rules are expected to be adopted in final form in the relatively near term. To the extent that these rules encourage financial institutions’ directors and senior management to pay closer attention to the risk incentives created by compensation practices and activities, and take appropriate action to better reward behaviors that emphasize the longer-term health of a financial firm while discouraging activities that do not accomplish this objective, the new rules should assist in reducing inappropriate risk in financial firms.

—Charles Horn, Morrison Foerster LLP

Foreign Banks Watch Out: A Look at Liquidation Law in New York

caution.jpgIn light of the “living will” resolution plan requirements that were recently promulgated as part of the 2010 Dodd-Frank legislation, large foreign banks doing business in the U.S. should pay close attention to applicable ring-fencing regimes in the U.S. such as the New York bank insolvency law, which includes a ring-fencing provision. 

The New York law allows the superintendent of the New York State Department of Financial Services to seize certain assets of foreign banks doing business in New York for the benefit of creditors of their New York branches and agencies.  The law doesn’t apply to domestic U.S. banks, which are subject to receivership by the Federal Deposit Insurance Corp. To underscore the effectiveness of the New York law, every liquidation of a foreign branch or agency ever completed under the law has resulted in every New York creditor of such branch or agency having claims paid in full.

If the superintendent determines that, among other things, a foreign banking organization, called an FBO, is in liquidation either in its home country or elsewhere or that there is reason to doubt an FBO’s ability or willingness to pay the claims of its New York creditors, he may, at his discretion, take possession of the “business and property” in New York of any FBO that has been licensed in New York. “Business and property” in New York State includes all property of the FBO (a) located anywhere in the world that constitutes part of the business of the New York branch or agency and (b) located within New York regardless of whether it is part of the business of the New York branch or agency.

Upon taking possession of such property, title to the acquired property vests with the superintendent by operation of law and the superintendent then begins the process of liquidating the “business and property” in accordance New York banking law.

The superintendent is required to notify anyone who may have a claim against the FBO to present such claim for consideration.  New York law permits the superintendent to accept only those claims of the FBO’s creditors that arise out of transactions that were “had” with the FBO’s New York branches and agencies. The superintendent is also not permitted to accept any claim which would not represent an enforceable legal obligation against such branch or agency if such branch or agency were a separate and independent legal entity or any claim that is not reflected in the books and records of the branch or agency or that are not presented with sufficient documentary evidence from the creditor.

New York law requires a lengthy and detailed statutorily mandated process of accepting and prioritizing claims, which is administered by the superintendent and overseen by the New York courts. After all permitted New York claims have been paid, any remaining assets are then turned over to other U.S.-based offices of the foreign bank that are being liquidated in the U.S.  After all U.S. claims have been paid, any remaining assets are then turned over to the principal office of the FBO or its home country liquidator/receiver.

The superintendent may, at his discretion, repudiate certain contracts, including qualified financial contracts, or “QFCs” (other than those subject to a multi-branch netting agreement) and real estate leases to which the New York branch or agency of an FBO is a party. Perfected security interests are not disturbed by the New York law. If a party to a QFC with the branch or agency has a valid lien or security interest related to such QFC, they may retain that collateral to satisfy claims against the branch or agency. The superintendent’s taking possession and liquidation of an FBO puts into effect an automatic stay with respect to certain actions and proceedings. This stay does not affect, among other things, perfected security interests, rights of set-off or automatic terminations of QFCs.

At its most benign, the NY ring-fencing statute becomes an added wrinkle in liquidations involving the branches and agencies of foreign banks in New York. At a more practical level, it often acts to tie up the assets of liquidating foreign banks in New York for lengthy periods of time, thereby depriving the home country liquidator and its creditors of much needed liquidity while providing recognized creditors of the New York branch or agency with ample assets against which to assert their claims.

Is Banking’s Future in the Cloud?

Cloud_Puzzle_Pieces.jpgThe buzz on cloud computing is growing louder, leaving bank chief information officers—and the boards they report to—to examine whether cloud computing is a good fit for their banks. Broadly defined, it is the storage and management of data, which can then be accessed from virtually anywhere—on the road, from your home or from the office—via the web. According to Tom Garcia, CEO of InfoSight, Inc., an IT security firm based in Miami Lakes, Florida, the cloud is “really in its infancy” but “growing exponentially.” While regulators seem to be approaching cloud like any other vendor-provided service, a lot of bankers today are taking a wait and see approach, wondering, “Am I going to open up Pandora’s box with an examiner if I do this?” explains Garcia.

Atlanta-based SunTrust Banks, a $178.2-billion institution, is one banking company that is already on the cloud, using a private cloud that is unique to the company for customer relationship management software that allows the company to keep track of sales leads. Anil Cheriyan, SunTrust’s chief information officer, says the board of directors is actively engaged in a discussion about cloud computing, and SunTrust sees benefits in cost savings, efficiencies and flexibility. “The speed and agility [cloud computing] provides is of significant benefit,” he says, and it “clearly enables us to get our products and services to market much quicker.” He declined to describe the exact cost savings as those numbers vary.

Due to its ability to expand and contract quickly based on usage, Garcia adds that banks can see “great economies in cost savings” with cloud—as high as 40 percent for applications like hosted email over a traditional in-house solution. 

SunTrust has been steadily increasing oversight of vendor-provided services in general since the financial crisis began in 2008, Cheriyan says, so cloud computing has not directly resulted in any increases in oversight.

“We’ve taken that task of increased oversight anyway,’’ states Cheriyan, and continue to be “more and more aggressive [in terms of] how our data is protected.”

BNC Bancorp’s Bank of North Carolina, a $2.4-billion institution based in High Point, North Carolina, is at a fork in the road when it comes to the cloud, says Michael Bryan, the bank’s chief information officer. The bank outsources 90 percent of its core and ancillary systems already, and he feels good about cloud computing for core systems, seeing several benefits, particularly from a business continuity aspect in regards to disaster recovery. With cloud, if something happens to Bank of North Carolina’s operations center, “all I have to do is restore an Internet connection.”  As it is now, Bryan has to “spend more money” to acquire and maintain hardware. However, benefits found in cost, time and continuity are, to Bryan, not worth the loss of control if there is a security breach. Cloud vendors are not going to take on liability, “So if something goes wrong there; it’s up to you. Well, you don’t have any control over it,” Bryan says. “How do I explain that to my regulator?”

Once the security issues are worked out, Bryan sees tremendous opportunity. “Life would be a lot simpler,’’ he says.

SunTrust’s Cheriyan shares some of Bryan’s security concerns, and won’t trust everything to the cloud. “I wouldn’t trust our bank data on the public cloud at all,” he says. While SunTrust’s directors and management might read about exciting developments in the retail space, “You certainly have to weigh that against all the security concerns and manage core banking systems on much more secure environments.”

Due to the higher levels of regulation required in the financial industry, public cloud adoption rates will be slower. Can the benefits outweigh the risks? In areas like human resources and customer relations management Garcia believes so, and cautions that retail banks that hesitate to take advantage of the cloud may do so at their peril.

As the cloud industry grows, bankers’ trust in it—and their need for a competitive edge—could evolve. Can bank boards eventually trust their data to the public cloud?  In the world of technology, Cheriyan says, “Never say never.”