Raising the Bar: Top Challenges Facing Bank Boards


Regulators are expecting more and more from bank management teams and boards. In this video, Lynn McKenzie, a partner at KPMG, offers solutions to help address the top challenges facing the industry.

  • Legal and Regulatory Compliance
  • Cybersecurity
  • Financial and Regulatory Reporting
  • Vendor Risk Management

How Government Disruption Impacts Fintech Innovation


fintech-innovation.png

It is a given that markets are constantly being disrupted by innovation. I would argue that the financial services marketplace is also being disrupted by legislation and regulation. Let’s face it, the payments sector is hot right now. Issues that were once solely the province of industry publications are now widely covered by mainstream media. This fact is not lost on the legislative and regulatory community.

Last year we saw the creation of the Congressional Payments Technology Caucus, a bipartisan group of lawmakers designed to keep the U.S. Congress informed of the rapid changes in the financial services industry. Over the last year, the caucus has held briefings on issues ranging from EMV Migration to mobile payments. This year, the House Financial Services Committee and Senate Banking Committee have held numerous hearings on payments-related matters as well.

One of the more contentious topics addressed is Operation Chokepoint, a controversial campaign spearheaded by the Department of Justice in conjunction with several federal consumer protection and banking regulatory agencies (including the Federal Trade Commission and the Federal Deposit Insurance Corp.) to hold acquirer financial institutions and their payment processor partners responsible for allegedly illegal acts committed by merchants and other third-party payees.

This perhaps well intentioned program has moved beyond illegal acts to targeting legal activities that are perceived by some prosecutors and regulators as undesirable, which in turn has led to the denial of banking services to businesses that operate lawfully. Legislative attempts to rein in this initiative, led by Rep. Blaine Luetkemeyer, R-MO, have passed the House but face a future that is likely dependent on the outcome of the November elections.

Given this election season and the relatively limited number of working days remaining on the congressional calendar, it is unlikely that any significant financial services or fintech legislation will pass this year. Still, there is considerable opportunity for additional market disruption by federal regulators, particularly the Consumer Federal Protection Bureau (CFPB).

Those involved in the prepaid space await the CFPB’s long delayed final rule on prepaid products that have the potential to adversely impact long established business models-thereby driving some companies out of business.

Despite its popularity and the fact that consumers must opt-in to the program, overdraft services are viewed with skepticism, if not antipathy by the CFPB. The CFPB’s goal is to issue proposed rules on this in the near future. These rules have the potential to drive up cost and reduce access to consumers who have found these services to be beneficial.

Unlike other federal agencies, the CFPB will not be affected by the November elections. Created as part of the Dodd-Frank Act, the bureau was structured as an independent entity funded by the Federal Reserve, which insulates it from the effects of a change in the administration. The term of its current director, Richard Cordray, does not expire until 2018. And though this is currently being challenged in court, the director can only be fired for cause or malfeasance.

It is difficult if not impossible for legislation or regulation to keep up with technology advances and the dramatic changes they are creating in the payments marketplace. Such efforts should be flexible enough to accommodate these changes and not create their own disruption.

How Mobile’s Popularity is Disrupting the Regulators


mobile-regulators.png

The world is going mobile and dragging banking along with it kicking and screaming. I am something of an anachronism as I still go into the branch once in a while and still worry about using my phone to deposit a check. My adult children, on the other hand, use their phone for everything, including all of their banking. They bounce from store to store paying for everything from Starbucks to bar tabs using their phones without a second thought. Banks that want to capture and hold their business will have to be very good at mobile banking and mobile payments.

One of the biggest hurdles bankers face is that as unprepared as they were, the regulators were equally unprepared and are now playing catch up with regards to mobile payments. The regulatory picture today is fairly muddled with a mishmash of state and federal agencies offering guidance and opinions to mobile payment providers and consumers. There are gaps in the current laws where no regulations apply to parts of the process—and other situations where two or more rules apply to the same part of the process. As mobile banking and payments continue to grow, the regulators will be looking to create a more coherent regulatory structure and coordinate their inter-agency efforts to protect consumers at every stage of the process.

At a forum held by the Office of the Comptroller of the Currency in late June, Jo Ann Barefoot, a senior fellow at Harvard University, outlined the current regulatory situation. She told the packed room at the meeting that “Agencies are going to have to develop ways to work together, to be faster, to be flexible, to be collaborative with the industry. The disruption of the financial industry is going to disrupt the regulators, too. This is the most pervasively regulated industry to face tech-driven disruption. The regulators are going to be forced to change because of it.”

In a white paper released at the forum, “Supporting Responsible Innovation in the Federal Banking System: An OCC Perspective,” the OCC noted that “Supervision of the financial services industry involves regulatory authorities at the state, federal, and international levels. Exchanging ideas and discussing innovation with other regulators are important to promote a common understanding and consistent application of laws, regulations, and guidance. Such collaborative supervision can support responsible innovation in the financial services industry.”

While the OCC has noted the massive potential benefits that mobile payments and other fintech innovations can offer to consumers, particularly those who were unbanked prior to the widespread development of mobile banking and payment programs, Comptroller Thomas Curry has cautioned against what he called “unnecessary risk for dubious benefit,” and called for responsible innovation that does not increase risks for customers or the banking system itself. Mobile payments programs that target the unbanked are particularly ripe for abuse and unnecessary risk.

The Consumer Financial Protection Bureau is also heavily involved in overseeing and regulating the mobile payments industry. The bureau noted that 87 to 90 percent of the adult population in the United States has a mobile phone and approximately 62 to 64 percent of consumers own smartphones. In 2014, 52 percent of consumers with a mobile phone used it to conduct banking or payment services. The number of users is continuing to grow at a rapid rate and the CFPB is concerned about the security of user data as well as the growing potential for discrimination and fraud.

CFPB Director Richard Cordray addressed these concerns recently when announcing fines and regulatory action against mobile payment provider Dwolla. “Consumers entrust digital payment companies with significant amounts of sensitive personal information,” Cordray said. “With data breaches becoming commonplace and more consumers using these online payment systems, the risk to consumers is growing. It is crucial that companies put systems in place to protect this information and accurately inform consumers about their data security practices.”

The regulators, like the banks themselves, are latecomers to the mobile payments game. I fully expect them to catch up very quickly. The biggest challenge is going to be coordinating the various agencies that oversee elements of the regulatory process, and it looks as though the OCC is auditioning for that role following the June forum on mobile payments. Cyber security systems to keep customers data and personal information safe and secure is going to be a major focus of the regulatory process in the early stages of the coordinated regulatory efforts.

I also expect the CFPB to focus heavily on those mobile payment providers that were formerly unbanked. These tend to be lower income, less financially aware consumers that are more susceptible to fraud and abuse than those already in the banking system, and the bureau will aggressively monitor the marketing and sales practices of mobile payment providers marketing to these individuals.

The regulatory agencies are starting to catch up with the new world of banking and the mobile payment process will be more tightly controlled going forward.

How the New Regulatory Environment Could Change Bank Mergers and Acquisitions


mergers-7-25-16.pngThrough many merger cycles, the basic template for M&A deals in the banking sector hasn’t changed very much. Provisions governing the regulatory process included fairly conventional cooperation undertakings, including rights to review. Time periods and drop-dead dates were matched to the regulatory requirements and expectations. The level of effort required on the part of the buyer and the target to obtain regulatory approvals was limited: Neither party would be required to take steps that would have a material adverse effect, typically measured relative to the size of the target. Reverse termination fees, payable by buyers if regulatory approvals were not forthcoming, were rare. Covenants governing the target’s operations between signing and closing were conventional and not unduly controversial.

Deals continue to get done on this basis but in the post-Dodd-Frank era, the regulatory climate is creating new forces that could reshape some of these basic M&A terms. These changes arise for several reasons. First, regulators increasingly see mergers as an occasion to scrutinize the buyer—its compliance record, systems, capacity to integrate and general good standing. In its September 2015 approval of M&T Corp.’s acquisition of Hudson City Bancorp, the Federal Reserve starkly warned that if an examiner identifies a material weakness in an acquiring bank, it will expect the bank to withdraw its application and resolve the issue before proceeding with the transaction.

The specter that the buyer’s challenges or standing can cause the target to be left at the altar has not yet fully worked its way through our M&A contract provisions. This is quite a different sort of regulatory risk, from the target’s point of view, than concerns about potential liabilities of the target or concerns about the competitive effects of the combination, which both parties can evaluate. Already, this regulatory focus has led targets to perform regulatory diligence on buyers, even in cash deals. As the M&A process continues to evolve, targets may try to distinguish between different kinds of regulatory risk and seek explicit protection where the sins of a buyer spoil the ceremony. Alternatively, it may prove too difficult to determine with certainty the cause of a regulatory obstacle, which could lead targets to seek greater protection for any regulatory failure. In either event, the result could be more requests for regulatory break-up fees—targeted or broad-based.

A number of other M&A provisions could be affected as well. For example, as the pendency of agreements becomes longer to allow time for an uncertain regulatory process, the market and intervening events that could change the value of the target or the buyer’s currency become more important, which in turn will increase the importance of material adverse effect conditions, interim covenants, the structure of “fiduciary outs” enabling a target board no longer to recommend an agreed deal, the size of break-up fees, the timing of shareholder votes, and the consequences of a no vote. In stock-for-stock deals between companies of comparable size, there is often a helpful symmetry to the parties’ situations and incentives, which could result in both parties wanting to limit the conditions under which they can back out of a deal—or, conceivably, the reverse. In cash deals or other true acquisitions, that symmetry is absent and each side can be expected to push for protection from the other’s problems. For the buyer, this may mean seeking greater conditionality in the event of adverse developments as well as tougher interim covenants. For the target, it may mean more regulatory protection and greater flexibility to respond to intervening events.

Longer delays and greater volatility also impact techniques for determining the merger consideration in stock deals. A fixed exchange ratio in which the buyer offers an agreed number of its shares in exchange for each share of the target, long a staple, implicitly presumes that the value of the two companies will likely move in sync. As the prospect of asymmetrical changes in value increases—which can be a result of an increasingly vigorous regulatory environment—there is some urge to fix the value of the buyer’s consideration, rather than the number of buyer shares. More fixed value deals will lead to negotiation over “collars” that create minimum and maximum numbers of shares the buyer is obligated to issue in the transaction, and, perhaps, walk-away rights that enable one party or the other to terminate the deal if the buyer’s stock price becomes too high or too low.

It’s too early to assess the impact of the changing regulatory climate on the M&A craft, but there are many reasons to think the current template will evolve, perhaps quite rapidly. That, of course, will put a premium on thoughtful lawyering and creative, practical solutions.

Gaining a Competitive Advantage through Regtech


regtech.png

The newly-coined term “regtech,” which is a combination of regulation and technology, is a useful concept to a highly-regulated industry like banking. Regtech is distinct from fintech in that regtech refers to a combination of regulatory strategies that a regulated business can use to secure a business advantage.

Banks sail on a sea of pervasive regulation. We see several ways that banks can chart a new course on this sea and make more money through regulatory innovation, beginning with the use of technology to make regulatory compliance more efficient. Most of the literature sees regtech as a single idea: using technology to drive efficiency in regulatory compliance. We think that such efficiencies are a very important part of regtech–but are only part of the story. The topic of compliance efficiency has several elements:

  • Identify areas where the bank’s compliance oversight is not effective–typically because human resources have the wrong priorities or are spread too thin. Many institutions risk fines and enforcement actions and put their long-term viability at risk by tolerating gaps in their compliance oversight–and yet they still manage to spend too much.
  • Identify a technology provider whose software and services are a good fit for your bank’s existing and projected growth.
  • Communicate with regulators to spot any regulatory objections to the technology provider and the overall strategy as early as possible in the process.

For example, the forward publishing function in software available in HotDocs, a popular provider of document assembly technology, allows banks and other financial institutions to maintain their own lending or operational forms. This means that changes to an institution’s form documents can be applied prior to new regulations coming in and accurate, updated templates can be made available to document users on the legally required date. Version control ensures that only the most up to date template is available for use, negating the risk of any old and non-compliant documents being issued. Such an automated system for updating forms based on regulatory changes is a classic example of technology making a compliance task faster, more efficient and effective.

Marrying technology to compliance will result in a much more effective compliance team. They can use their time to review dashboards, clear exceptions and otherwise exercise their experience and judgment instead of wasting time on rote or repetitive busywork. It also makes possible much more valuable internal and external compliance audits as well as meaningful reports to the bank’s board of directors on operational and compliance risks. Being smart in this area of regtech is mission critical for community banks and financial technology companies.

Another new approach is the creation and exploitation of intellectual property based on regulatory insights. Many times, figuring out a way to offer a new product or service, or offer an existing product in in a new way, depends on finding a regulatory interpretation that allows the innovation to proceed.—•?_ There is precedent for patenting new regulatory loopholes, including tax-related loopholes discovered and patented by CPAs and others. Some examples include a derivatives-related patent application, in which one of the authors of this article was a co-inventor, as well as several patents obtained by the consulting firm Promontory Financial, which are based on regulatory insights. Those patents have made possible new business processes and services.

A financial institution that has a flash of insight on how to improve an existing process or develop a new innovation should carefully consider seeking a patent or otherwise surrounding the regulatory insight with as much intellectual property protection as possible. We think that doing so is another great way to use regtech to get a business advantage.

Most banks and financial technology companies have important choices in deciding how and by whom they will be regulated in a particular jurisdiction. If you know you want to be a depository institution, you still need to choose (1) a state or national charter and (2) if a state charter, the chartering state; (3) the type of charter including a commercial bank, savings bank, savings and loan or credit union; and (4) depending on what charter you choose, whether to be a member institution in the Federal Reserve. Also available are a few “bank-lite” charters, such as an industrial loan company (ILC) charter that is available in seven states including Utah, or a trust company charter from one of several states. Some banks would do well to carefully consider changing their charter—and in the process, their regulator–to something that better supports their business goals.

For a business model based on lending money, there are the bank models mentioned above as well as a range of non-depository charters, such as the ILC charter and other state lending licenses. Many of these are only valid in the issuing state, which means that building a national business in the U.S. using multiple state lending licenses can quickly become a complex endeavor. Similarly, for a business model premised on moving money, including money transmission, payments, stored value cards, wallets and remittances to name a few, there is a similar choice between a web of state licenses or a carefully-crafted bank partnership, a blend of the two, or possibly one of the new federal charters being discussed by the Office of the Comptroller of the Currency.

Rent-a-charter is a derogatory term for a partnership between a bank or other chartered or non-chartered institution in which the bank lends its name (and little else) to the other party. Such an arrangement can lead to allegations that the non-chartered party is the “de facto” lender or other real party in interest and that the bank is not exercising sufficient oversight or control over the process. However, bank partnerships are crucial in the financial world and most of the time a business model can be built on a properly-structured bank partnership. The details of the partnership are extremely important and we think rise to the level of true regtech.

These are foundational choices with numerous and conflicting considerations. However, the business that shrewdly chooses its chartering path (and therefore its regulators) can gain a crucial edge on its competitors. For example, some financial technology companies are learning that some business models actually face a more complex and expensive compliance burden by not being a bank than they would have experienced by acquiring a bank charter. Thus, we think that the initial and ongoing chartering strategy is an element of regtech.

And finally, we think good old-fashioned lobbying is properly considered part of regtech. Think about the varied tactics used in Uber and Lyft’s efforts to beat back challenges to their shared ride business model. A large company like Uber, which has immense popularity with consumers, can use that popularity in its lobbying and negotiation with regulators. Might can make right.

For most other companies that lack the market clout of an Uber, lobbying can take more traditional forms such as convincing a range of stakeholders and legislators that statutory reform is necessary and appropriate to achieve a broader social good. Think about recent California legislation exempting free credit building loans (low or no-interest loans designed to help people build a good credit score) from finance lender legislation. Or think about the Consumer Financial Protection Bureau’s current advertising campaign—an effort ostensibly designed to raise consumer awareness of the bureau’s services that also helps build political support during an election year for a controversial agency.

Other situations are better suited for a quiet one-on-one approach. Sometimes this can result in a published interpretation or no-action letter that expressly blesses the proposed innovation. Probably more frequently, a no-names inquiry through lawyers or other representatives can get equally valuable information that has the added benefit of not being publicly available to competitors. With good faith around the key regulatory elements of a proposed innovation, a company can be first to market with a new product or service.

In summary, we think that regtech is not only useful in sparking thought and conversations in the financial industry, it may even spur innovation and profitability.

Zions Bank Grapples with Regulation



In the wake of the financial crisis, all the big banks had to change executive compensation plans to reduce risks. Regulators are keeping a close eye on these plans and sometimes requiring a mountain of paperwork to document them. Here, Scott Law, the executive vice president and director of compensation at $58 billion asset Zions Bancorporation, talks about how the changes have impacted his company.

How Size Matters: Regulatory Considerations for Growth


Growth is good, right? But what about new regulations that apply to your bank after you reach certain asset thresholds? While increasing asset size to new levels is ideal, there could be unforeseen challenges your bank could encounter. Gregory Lyons of Debevoise discusses the nuances of different asset thresholds and what banks must consider.


Mind These Gaps


5-13-15-Al.pngProbably one of the worst moments for a bank board and management team is to make an acquisition and find out it was a bad one. Over the past few years, it strikes me that three pitfalls typically upend deals that, on paper, looked promising:

  • Loss of key talent/integration problems;
  • Due diligence and regulatory minefields; and
  • Bad timing/market conditions.

While timing is everything, I thought to address the first two pitfalls here.

Losing Key Talent
A CEO with experience selling a bank tells me that number one on her list is to “personally reach out to top revenue generators ASAP and let them know they are going to have a great future in the combined company. It always amazes me how key leaders think they can wait on that while they talk to staff folks.”

But don’t stop there. If the merger is designed to significantly reduce costs and there is a lot of overlap, your staff will know that there are going to be significant job losses. “My advice, be honest,’’ the CEO says. “If you have a plan or process, tell them what it is. If you don’t tell them, you will let them know the second you do. Don’t sugar coat it. Call the key ones you know you will need with a retention offer ASAP.”

This advice had me seeking the counsel of Todd Leone, a principal with the management consulting firm of McLagan. Leone suggests those in key positions with change-in-control contracts usually stay as they are going to get paid.  Also, those in true key positions negotiate at the time of the deal to stay on after the merger. However, it can be complicated to retain the next level of staff.  As Todd says, “[It’s best to] negotiate at time of deal.”

Regulatory and Due Diligence Minefields
Now, as much as the drain of talent threatens the long-term success of a deal, there are other minefields to navigate. Bill Hickey, principal and co-head of the Investment Banking Group at Sandler O’Neill + Partners, cautions me that in today’s interest rate environment, significant loan pay-downs could be looming.

Another due diligence matter is an IT contract that requires large termination fees. Aaron Silva, the president and CEO of Paladin fs, says that banks need to implement terms and conditions into their agreements ahead of time that protect shareholders from unreasonable termination risk, separation expense and other obligations that may impact any M&A strategy.

Building on these talent and technology risks, John Dugan and Rusty Conner, both partners at the law firm of Covington & Burling, say that in today’s bank M&A market, “all of the historical issues related to pricing, diligence, and integration remain very relevant, but there are three issues that have taken on new prominence thereby impacting execution and certainty of closing.”  They are:

  • The reaction of the regulators to the proposed transaction—particularly if the acquiring institution is approaching a designated size threshold;
  • Protests by community groups—which can materially delay a transaction even if the complaint is without merit—especially [since] these groups are now targeting much smaller deals than ever before; and
  • Shareholder suits by the acquired institution’s shareholders—which are also increasingly making their way to smaller deals.

As Dugan opines, “parties need to anticipate and build into their pricing and timing the impact of these factors.”

Their views complement those of Curtis Carpenter, managing director of Sheshunoff & Co. He’s of the opinion that in today’s market, “regulatory and compliance matters have become critical components for both the seller and buyer. It is more important than ever for sellers to put in place generous pay-to-stay bonuses for key personnel who are in positions likely to be eliminated in the merger. The heightened regulatory scrutiny surrounding the merger process can result in long approval periods—sometimes many months.” 

Where most bank mergers fail isn’t in the transaction itself. No two deals are alike, but addressing these challenges is simply good business.

Safeguarding Your Institution’s Anti-Money Laundering Compliance Program


12-5-14-Covington.jpgThe Financial Crimes Enforcement Network (FinCEN) earlier this year issued an advisory, FinCEN Bulletin 2014-A007, “Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance,” stressing the need for financial institutions to have a strong culture of anti-money laundering (AML) compliance. A financial institution without such a culture, FinCEN asserts, is likely to have shortcomings in its Bank Secrecy Act/AML compliance program.

FinCEN’s advisory is just one of the latest governmental developments that places tremendous pressure on a bank’s board of directors to focus on AML compliance. The advisory attributes a strong compliance culture to, among other factors, the board of directors’ active support and understanding of the bank’s AML compliance efforts.

The need for a bank’s board of directors to be involved with AML compliance has been emphasized repeatedly in the past year. Recent enforcement actions against all types of banks, from multinational banking organizations to small community banks, have required boards of directors to play a prominent role in understanding and ultimately executing the enforcement action. Many actions have imposed remedial requirements on the board of directors itself to strengthen board oversight of the bank’s AML compliance program.

However, significant fines, compliance costs, and reputational damage from an enforcement action are not the only risks from a deficient AML compliance program. The federal banking agencies have delayed approval of several mergers, acquisitions, and other corporate transactions due to deficiencies in one of the parties’ AML compliance program. If a federal banking agency withholds its approval for a corporate transaction due to AML compliance, the closing for the transaction can be substantially delayed, thereby having the potential to make public in a highly visible fashion the compliance deficiencies as well as any remedial measures being taken by the bank.

All of these reasons demonstrate the importance of AML compliance to a bank and the imperative that the board of directors plays a significant role in overseeing the AML compliance program.

An effective AML compliance program requires significant resources and consists of several key components. The federal banking agencies’ enforcement actions and guidance have emphasized the following components:

  • Tone at the top—FinCEN Bulletin 2014-A007 stresses the need for a culture of compliance, and this culture starts with a clear expression from the bank’s board of directors that the bank does not engage in money laundering and terrorist financing and will not tolerate deficiencies in its compliance program.
  • Risk assessment—The cornerstone of an AML compliance program is a detailed risk assessment that identifies and measures the various areas of AML risk at the bank. The risk assessment provides insight into the areas of potential exposure to the bank, prioritizes ways to reduce risk within the compliance program, and enables the board of directors to track over time areas of risk and senior management’s implementation of internal controls to reduce risk. An AML risk assessment should be sufficiently detailed, updated periodically, and accessible to functions and business units in the bank with responsibility for AML compliance.
  • Monitoring and reporting—Day-to-day AML compliance requires extensive monitoring of transactions for suspicious activity and compliance with reporting obligations. Aside from compliance with these legal requirements, however, daily monitoring and internal reporting help ensure that bank employees not only react appropriately to overtly suspicious activity but also proactively identify circumstances that, although not facially suspicious, warrant further review.
  • Independent review—An AML compliance program is required to contain a mechanism for an independent review of the program. Independent review is an essential check on the program and those employees who are responsible for its administration.
  • Training—AML training for employees has evolved substantially from its earliest forms as a single presentation made available to all employees on a company intranet page. Training can be customized to the business line or function, include frequent team updates to pass along information quickly and directly, and culminate with a mandatory test that employees must successfully pass.

Boards of directors should have confidence that senior management has taken the necessary steps to implement an effective AML compliance program that includes these components. The potential consequences for AML compliance deficiencies are simply too severe and far-reaching for a board of directors to be passive and not actively engaged with the program.