Issues in Selling to a Non-Traditional Buyer

We have seen a surge in the number of sales of smaller banks to non-traditional buyers, primarily financial technology companies and investor groups without an existing bank.

This has been driven by outside increased interest in obtaining a bank charter, the lack of natural bank buyers for smaller charters and, of course, money. Non-traditional buyers are typically willing to pay a substantially higher premium than banks and including them in an auction process may also generate pricing competition, resulting in a higher price for the seller even if it decides to sell to another bank. Additionally, buyers and sellers can structure these transactions as a purchase of equity, as opposed to the clunky and complicated purchase and assumption structure used by credit unions.

But there are also many challenges to completing a deal with a non-traditional buyer, including a longer regulatory approval process and less deal certainty. Before going down the road of entertaining a sale to a buyer like this, there are a few proactive steps you can take to increase your chances for success.

The Regulatory Approval Process
It is important to work with your legal counsel at the outset to understand the regulatory approval process and timing. They will have insights on which regulators are the toughest and how long the approval process may take.

If the potential buyer is a fintech company, it will need to file an application with the Federal Reserve to become a bank holding company. In our recent experience, applications filed with the Federal Reserve have taken longer, in part because of the increased oversight of the Board in Washington, but also because the Federal Reserve conducts a pre-transaction on-site examination of the fintech company to determine whether it has the policies and procedures in place to be a bank holding company. Spoiler alert: most of them don’t.

If the potential buyer is an individual, the individual will need to file a change in control application with the primary federal regulator for the bank. The statutory factors that regulators need to consider for this type of application are generally less rigorous than those for a bank holding company application. We have seen the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp. show more openness to next-generation business plans, as they understand the need for banks to innovate.

Conduct “Reverse” Due Diligence
Find out more about the buyer. You would be surprised at what a simple internet search will uncover and you can bet that the regulators will do this when they receive an application. We have encouraged sellers take a step further and conduct background checks on individual buyers.

Ask the buyer what steps have been taken to prepare for the transaction. Has the investor had any preliminary meetings with the regulators? What advisors has the buyer hired, and do they have a strong track record in bank M&A? Does the buyer have adequate financial resources?

Understand the key aspects of the buyer’s proposed business plan. Is it approvable? Are the new products and services to be offered permissible banking services? A business plan that adds banking as a service is more likely to be approved than one that adds international payments or digital assets. Does the buyer have a strong management team with community bank experience? What impact will the business plan have on the community? Regulators will not approve an application if they think the charter is being stripped and a community is at risk of being abandoned. We have seen buyers offer donations to local charities and engage in community outreach to show the regulators their good intentions.

Negotiate Deal Protections in the Agreement
Additional provisions can be included in the definitive agreement to protect the selling bank. For example, request a deposit of earnest money upon signing that is forfeitable if the buyer does not obtain regulatory approval. Choose an appropriate drop-dead date for the transaction. Although this date should be realistic, it should also incentivize the buyer to move quickly. We have seen sellers offer buyers options to pay for extensions. The contract should also require the buyer to file the regulatory application promptly following signing and to keep the selling bank well informed about the regulatory approval process.

While a transaction with a non-traditional buyer may be more challenging, under the right circumstances it can present an appealing alternative for a bank looking to maximize its sale price in a cash transaction.

3 Common Insurance Gaps at Banks

Banks must take risk management seriously – and part of managing risk is properly insuring property and casualty risk. Below are the three critical, yet commonly overlooked, areas that institutions should be aware of in addressing their property and casualty insurance program.

1. Think Deeply About the Bank’s Entire Risk Profile
Banks are a complicated risk entity without a cookie-cutter insurance blueprint. The bank business model makes banks a natural target for criminal acts, while daily operations leaves the bank exposed to a host of liability claims. We have also recently seen an increase in regulatory scrutiny related to banks, especially banks’ cyber exposure. Another factor working against the bank is the lack of set standards, guidance and/or oversight of their insurance program. These factors combined make banks particularly complicated to insure competently.

It is imperative that banks consider the entirety of their risks in ensuring they have appropriate coverage and limits. Risk factors to consider include ownership structure, recent financial performance, geographic location, loss history, makeup of the board and management, business model and growth projections. When these factors are considered together, a bank can more completely insure its risks as many of the core coverage lines (and policy forms) are unique only to commercial banks.

2. Cyber Exposure Needs to Be Addressed Under Three Separate Policies
When most banks hear cyber insurance, they think of their cyber liability policy. Most carriers consider this computer systems fraud and it is intended to respond to electronic claims when the bank’s funds are lost or stolen. A typical non-bank cyber liability policy will also include a crime component for electronic losses like fraudulent instruction and electronic funds transfer fraud.

However, there are additional coverages specifically available to banks for cyber loss. The second is the bank’s FI Bond. This is a broader policy and can carry much higher limits. Other coverages under the FI Bond include computer systems fraud such as hacker and virus destruction, as well as voice initiated transfer fraud. There is also an option to insure “social engineering” claims through the bond FI policy.

The third policy that may apply in a cyber loss is the bankers professional liability (BPL). If a bank does not carry social engineering on their bond and a customer’s account is hacked through its own system (opposed to the bank’s) the FI bond likely will not cover the customer’s stolen money. A BPL may provide coverage for depositor’s liability in this case.
Bank should make sure that all three of these policies have adequate limits, do not have overlapping coverage, and also do not leave any gaps in coverage.

3. The Areas of Greatest Exposure
Although cyber and D&O are often the first two areas of insurance a bank focuses, we believe more attention should be paid to the bankers professional liability policy. In the most basic sense, BPL covers the bank for losses arising from any service the bank provides to a customer, aside from lending activity. It’s often colloquially called Bankers E&O and is essentially broad form negligence coverage.
Conversely, lender liability is intended to cover that which BPL excludes: wrongful acts arising from a loan or lending activity. It is important that banks have lender liability included within the BPL.

There are two main reasons BPL/lender liability are important:
1. The most frequent claim for banks falls under the BPL/lender liability. In 2021, 51% of bank liability claims fell under BPL or lender liability. Cyber liability and D&O claims constituted 8% and 12% of claims, respectively.
2. Since they are usually insured under the same insuring agreement, they also usually share one limit. A borrower suit that turns into a paid claim would also erode the BPL limit.

Most peer group average BPL and lender liability limits are relatively low; it’s recommended that banks keep their limit at or slightly above average, at a minimum.

Given the complex factors above, how can you know if your bank is protected? Consider the following questions:

  • Are my financial institution and its officers protected from all the types of risk that could hurt us?
  • Do I have a partner I trust to complement my unique business and offer integrated solutions that offer the right amount of coverage?
  • How much time, productivity and fees does it cost the bank to have relationships with multiple brokers and advisors?

Insurance is complex. Threats to the security of your financial organization are ubiquitous. You should have an expert to help you navigate the process and build a tailored solution for your institution.

Current Compliance Priorities in Bank Regulatory Exams

Updated examination practices, published guidance and public statements from federal banking agencies can provide insights for banks into where regulators are likely to focus their efforts in coming months. Of particular focus are safety and soundness concerns and consumer protection compliance priorities.

Safety and Soundness Concerns
Although they are familiar topics to most bank leaders, several safety and soundness matters merit particular attention.

  • Bank Secrecy Act/anti-money laundering (BSA/AML) laws. After the Federal Financial Institutions Examination Council updated its BSA/AML examination manual in 2021, recent subsequent enforcement actions issued by regulators clearly indicate that BSA/AML compliance remains a high supervisory priority. Banks should expect continued pressure to modernize their compliance programs to counteract increasingly sophisticated financial crime and money laundering schemes.
  • In November 2021, banking agencies issued new rules requiring prompt reporting of cyberattacks; compliance was required by May 2022. Regulators also continue to press for multifactor authentication for online account access, increased vigilance against ransomware payments and greater attention to risk management in cloud environments.
  • Third-party risk management. The industry recently completed its first cycle of exams after regulators issued new interagency guidance last fall on how banks should conduct due diligence for fintech relationships. This remains a high supervisory priority, given the widespread use of fintechs as technology providers. Final interagency guidance on third-party risk, expected before the end of 2022, likely will ramp up regulatory activities in this area even further.
  • Commercial real estate loan concentrations. In summer 2022, the Federal Deposit Insurance Corp. observed in its “Supervisory Insights” that CRE asset quality remains high, but it cautioned that shifts in demand and the end of pandemic-related assistance could affect the segment’s performance. Executives should anticipate a continued focus on CRE concentrations in coming exams.

In addition to those perennial concerns, several other current priorities are attracting regulatory scrutiny.

  • Crypto and digital assets. The Federal Reserve, the Office of the Comptroller of the Currency, and the FDIC have each issued requirements that banks notify their primary regulator prior to engaging in any crypto and digital asset-related activities. The agencies have also indicated they plan to issue further coordinated guidance on the rapidly emerging crypto and digital asset sector.
  • Climate-related risk. After the Financial Stability Oversight Council identified climate change as an emerging threat to financial stability in October 2021, banking agencies began developing climate-related risk management standards. The OCC and FDIC have issued draft principles for public comment that would initially apply to banks over $100 billion in assets. All agencies have indicated climate financial risk will remain a supervisory priority.
  • Merger review. In response to congressional pressure and a July 2021 presidential executive order, banking agencies are expected to begin reviewing the regulatory framework governing bank mergers soon.

Consumer Protection Compliance Priorities
Banks can expect the Consumer Financial Protection Bureau (CFPB) to sharpen its focus in several high-profile consumer protection areas.

  • Fair lending and unfair, deceptive, or abusive acts and practices (UDAAP). In March 2022, the CFPB updated its UDAAP exam manual and announced supervisory changes that focus on banks’ decision-making in advertising, pricing, and other activities. Expect further scrutiny — and possible complications if fintech partners resist sharing information that might reveal proprietary underwriting and pricing models.
  • Overdraft fees. Recent public statements suggest the CFPB is intensifying its scrutiny of overdraft and other fees, with an eye toward evaluating whether they might be unlawful. Banks should be prepared for additional CFPB statements, initiatives and monitoring in this area.
  • Community Reinvestment Act (CRA) reform. In May 2022, the Fed, FDIC, and OCC announced a proposed update of CRA regulations, with the goal of expanding access to banking services in underserved communities while updating the 1970s-era rules to reflect today’s mobile and online banking models. For its part, the CFPB has proposed new Section 1071 data collection rules for lenders, with the intention of tracking and improving small businesses’ access to credit.
  • Regulation E issues. A recurring issue in recent examinations involves noncompliance with notification and provisional credit requirements when customers dispute credit or debit card transactions. The Electronic Fund Transfer Act and Regulation E rules are detailed and explicit, so banks would be wise to review their disputed transaction practices carefully to avoid inadvertently falling short.

As regulator priorities continue to evolve, boards and executive teams should monitor developments closely in order to stay informed and respond effectively as new issues arise.

Regulatory Crackdown on Deposit Insurance Misrepresentation

Federal banking regulators have recently given clear warnings to banks and fintechs about customer disclosures and the significant risk of customer confusion when it comes to customers’ deposit insurance status.

On July 28, 2022, the Federal Deposit Insurance Corporation and the Federal Reserve issued a joint letter to the crypto brokerage firm Voyager Digital, demanding that it cease and desist from making false and misleading statements about Voyager’s deposit insurance status, in violation of the Federal Deposit Insurance Act, and demanded immediate corrective action.

The letter stated that Voyager made false and misleading statements online, including its website, mobile app and social media accounts. These statements said or suggested that: Voyager is FDIC-insured, customers who invested with the Voyager cryptocurrency platform would receive FDIC insurance coverage for all funds provided to, and held by, Voyager, and the FDIC would insure customers against the failure of Voyager itself.

Contemporaneously with the letter, the FDIC issued an advisory to insured depository institutions regarding deposit insurance and dealings with crypto companies. The advisory addressed the following concerns:

  1. Risk of consumer confusion or harm arising from crypto assets offered by, through or in connection with insured banks. This risk is elevated when a nonbank entity offers crypto assets to the nonbank’s customers, while offering an insured bank’s deposit products.
  2. Inaccurate representations about deposit insurance by nonbanks, including crypto companies, may confuse the nonbank’s customers and cause them to mistakenly believe they are protected against any type of loss.
  3. Customers can be confused about when FDIC insurance applies and what products are covered by FDIC insurance.
  4. Legal risk of insured banks if a crypto company or other third-party partner of the bank makes misrepresentations about the nature and scope of deposit insurance.
  5. Potential liquidity risks to insured banks if customers move funds due to misrepresentations and customer confusion.

The advisory also includes the following risk management and governance considerations for insured banks:

  1. Assess, manage and control risks arising from all third-party relationships, including those with crypto companies.
  2. Measure and control the risks to the insured bank, it should confirm and monitor that these crypto companies do not misrepresent the availability of deposit insurance and should take appropriate action to address any such misrepresentations.
  3. Communications on deposit insurance must be clear and conspicuous.
  4. Insured banks can reduce customer confusion and harm by reviewing and regularly monitoring the nonbank’s marketing material and related disclosures for accuracy and clarity.
  5. Insured banks should have appropriate risk management policies and procedures to ensure that any services provided by, or deposits received from, any third-party, including a crypto company, effectively manage risks and comply with all laws and regulations.
  6. The FDIC’s rules and regulations can apply to nonbanks, such as crypto companies.

At a time when crypto companies are increasingly criticized for courting perceived excessive risk and insufficient transparency in their business practices, the FDIC and other banking agencies are moving to ensure that these companies’ practices do not threaten the banking industry or its customers. On Aug. 19, the FDIC issued letters demanding that five crypto companies cease and desist from making false and misleading statements about their FDIC deposit insurance status and take immediate corrective action.

In addition to the FDIC’s suggestions in its advisory, we suggest both banks and fintech vendors consider the following measures to protect against regulatory criticism or enforcement:

  1. Banks should build the right to review and approve all communications to bank customers into their vendor contracts and joint venture agreements with fintechs and should revisit existing contracts to determine if any adjustments are needed.
  2. Banks should consult with legal counsel as to current and expected regulatory requirements and examination attitudes with respect to banking as a service arrangements.
  3. Fintechs should engage with experienced bank regulatory counsel about the risks inherent in their business and contractual arrangements with insured banks by which the services of the fintech is offered to bank customers.
  4. Banks should conduct appropriate diligence as to their fintech partners’ compliance framework and record.

Additionally, should a bank’s fintech partner go bankrupt, the bank should obtain clarity — to the extent that it’s unclear — as to whether funds on deposit at the bank are property of the bankruptcy estate or property of a non-debtor person or entity; in this case, the fintech’s customers. If funds on deposit are property of non-debtor parties, the bank should be prepared to address such party’s claims, including by obtaining bankruptcy court approval regarding the disposition of such funds on deposit. Additionally, the bank may have claims against the bankrupt fintech entity, including claims for indemnity, and should understand the priority and any setoff rights related to such claims.

Fed Account Guidance Yields More Confusion

In seeking answers from the Federal Reserve Board and one of the regional banks, a crypto fintech’s lawsuit may have forced the regulator to issue guidance on how other companies can gain access to the nation’s vaunted payment rails. 

At issue are which companies are eligible to request master accounts at the 12 Federal Reserve Banks, and in turn, how the Reserve Banks should consider those requests. Central to this debate — and the timing of this guidance — is the Custodia lawsuit.

The day after the Board released the guidance, it asked a judge to dismiss a lawsuit from Custodia, a company that holds a special purpose depository institutions charter from the Wyoming Department of Banking. Custodia, which focuses on digital asset banking, custody and payment solutions, applied for a master account from the Federal Reserve Bank of Kansas City in October 2020, and sued both the Kansas City Fed and the Board this year to force a decision; the Board cited the final guidelines in its justifications for a dismissal. 

“Honestly, it makes the guidelines seem like they were written, in part, to get courts to give [the Board] more deference when it winds up in litigation,” says Julie Hill, a law professor at the University of Alabama who has written about Fed account access. 

Outside of the lawsuit, the guidance speaks to the interest that fintechs and companies with novel bank charters have shown in opening Fed accounts. A Fed account comes with access to the payment rails; the entire banking as a service (BaaS) business line is premised on banks serving as intermediaries and account holders for fintechs to send and store customer money. 

If the path to applying for a master account becomes clearer, institutions with novel banking charters could bypass bank partnerships, and request and operate these accounts directly. But experts tell Bank Director that the Aug. 15 guidance codifies existing practices while offering little insight into how nonbanks can get these accounts — leaving most fintechs and bank partners where they started. 

Companies that want Fed accounts request access from one of the 12 Reserve Banks, depending on which district the company is located in. The final guidance that the Federal Reserve Board issued is directed to those Reserve Banks; its involvement in these regional banks’ decision-making indicates that the Board is trying make these decisions consistent across regions and may be involved in individual requests as well, experts say.

The Fed’s guidance includes six principles that the regional Reserve Banks should use when evaluating these requests, along with a three-tiered review framework for the amount of due diligence and scrutiny that the Reserve Banks should apply to requests submitted by different types of institutions. 

But observers still see shortcomings in the guidance. Several experts pointed out that the guidance doesn’t address which companies are eligible to apply, which is the first hurdle nonbanks must address before requesting an account. It was one of the most frequently asked questions that companies submitted to the regulator, says Matthew Bisanz, a partner in Mayer Brown’s financial services regulatory and enforcement practice. 

The guidance retains the “substantial discretion” that Reserve Banks have in deciding approvals, meaning that institutions still do not have a clear path to account access, according to a Mayer Brown client note. The process is so unclear that these accounts are granted via requests rather than applications that regulators would normally employ, Hill points out.

Observers are waiting to see how the guidance figures into the Custodia case. Hill says that Custodia is an interesting test case; the company is in a strong position to request an account and addresses many of the regulator’s stated risk concerns. It has an ABA routing number and applied to become a member of the Kansas City Fed, which could advance it from tier three to tier two in the review framework. The company also accepts U.S. dollar deposits but does not have FDIC deposit insurance, which is one factor in the tier one considerations.

What’s Next
Hill says the next step for the Reserve Banks is potentially getting together to develop a sort of operating procedure, which could make the request and decision-making process more consistent across regions. And fintechs that might be interested in a novel bank charter may want to reach out to sympathetic lawmakers in Congress and explain their cause. Custodia and other crypto companies have found a champion in Sen. Cynthia Lummis, R-Wyo., and an ally in Sen. Pat Toomey, R-Pa., both of whom have raised concerns with the Fed and could author legislation that is more accommodative to novel banking charters that the Fed would need to follow. 

In the meantime, companies that want a Fed account and aren’t interested in becoming bank holding companies or partnering with a BaaS bank may find themselves in limbo for a while. Bisanz points out that in litigation, the Fed cited a case that said delays of three to five years are not unreasonable; Custodia brought its lawsuit to expedite a decision. For novel banks, waiting years for a decision may as well mean the death of a business model. 

“There is no guarantee of an application under these guidelines, and there is no guarantee of a decision,” Bisanz says. “Nothing in these guidelines says that the Reserve Banks will act expeditiously. People should read the guidelines, consider applying — but also be ready to sit tight.”

Effective Oversight of Fintech Partnerships

For today’s banks, the shift to digital and embracing financial technology is no longer an option but a requirement in order to compete.

Fintechs enable banks to deploy, originate and service customers more effectively than traditional methods; now, many customers prefer these channels. But banks are often held back from jumping into fintech and digital spaces by what they view as insurmountable hurdles for their risk, compliance and operational teams. They see this shift as requiring multiple new hires and requiring extensive capital and technology resources. In reality, many smaller institutions are wading into these spaces methodically and effectively.

Bank oversight and management must be tailored to the specific products and services and related risks. These opportunities can range in sophistication from relatively simple referral programs between a bank and a fintech firm, which require far less oversight to banking as a service (often called BaaS) which requires extensive oversight.

A bank’s customized third-party oversight program, or TPO, is the cornerstone of a successful fintech partnership from a risk and compliance perspective, and should be accorded appropriate attention and commitment by leadership.

What qualifies as an existing best-in-class TPO program at a traditional community bank may not meet evolving regulatory expectations of a TPO that governs an institution offering core products and services through various fintech and digital partners. Most banks already have the hallmarks of a traditional TPO program, such as reviewing all associated compliance controls of their partner/vendor and monitoring the performance on a recurring basis. But for some banks with more exposure to fintech partners, their TPO need to address other risks prior to onboarding. Common unaccounted-for risks we see at banks embarking on more extensive fintech strategies include:

  • Reviewing and documenting partners’ money transmission processes to ensure they are not acting as unlicensed money transmitters.
  • Reviewing fintech deposit account’s set up procedures.
  • Assessing fintech partner marketing of services and/or products.
  • Ensuring that agreements provide for sufficient partner oversight to satisfy regulators.
  • Procedures to effectively perform required protocols that are required under the Bank Secrecy Act, anti-money laundering and Know Your Customer regulations, and capture information within the bank’s systems of record. If the bank relies on the fintech partner to do so, implementing the assessment and oversight process of the fintech’s program.
  • Assessing the compliance and credit risks associated with fintech partner underwriting criteria such as artificial intelligence, alternative data and machine learning.
  • Assessing the impact of the fintech strategy on the bank’s fair lending program and/or Community Reinvestment Act footprint.
  • The potential risk of unfair, deceptive or abusive acts or practices through the fintech partner’s activities.
  • True lender risks and documenting the institution’s understanding of the regulations surrounding the true lender doctrine.
  • Assessing customer risk profile changes resulting from the expansion of the bank’s services and or products and incorporating these changes into the compliance management system.
  • Revising your overall enterprise risk management program to account for the risks associated with any shift in products and services.

Finally, regulators expect this shift to more fintech partnerships to become the norm rather than the exception. They view it as an opportunity for banks to provide greater access to products and services to the underbanked, unbanked and credit invisible. Over the last couple of years, we have seen a number of resources deployed by bank regulators in this space, including:

  • Regulators creating various offices to address how banks can best utilize data and technology to meet consumer demands while maintaining safety, soundness, and consumer protection. The Federal Deposit Insurance Corp. has built FDITECH, the Office of the Comptroller of the Currency has an Office of Innovation, as does the Federal Reserve Board. The CFPB has aggregated their efforts to deploy sandboxes and issue “No-Action Letters” through its own Innovation Office.
  • The Federal Reserve issued a guide for community banks on conducting due diligence on financial technology firms in August 2021.
  • OCC Acting Comptroller Michael Hsu gave remarks at the Fintech Policy Summit 2021 in November 2021.
  • In November 2021, the OCC issued a release clarifying bank authority to engage in certain cryptocurrency activities, as well as the regulator’s authority to charter national trust banks.

Adopting best practices like the ones we listed above, as well as early communication with regulators, will place your bank in a great position to start successfully working with fintechs to expand and improve your bank’s products and services and compete in today’s market.

Creating a Comprehensive ESG Approach, From Compliance to Competitiveness

Not only are investors increasingly incorporating environmental, social and governance, or ESG, factors in decisions about how to allocate their capital, but customers, employees and other stakeholders are also placing greater emphasis on ESG matters.

ESG will also continue to be a focus for regulators, with a particular emphasis on climate-related risks. It has rapidly evolved from a compliance matter to a strategic and competitive consideration; boards of directors and management teams should respond with both short-term action and preparation for the longer term. We review key developments and offer six steps that boards and management can take now to position a bank for the current ESG environment.

SEC’s Approach to Climate Change
The Securities and Exchange Commission has made considerations relating to ESG topics a top priority going forward, especially with respect to climate change-related issues. Chair Gary Gensler has charged SEC staff with developing a rule proposal on mandatory climate risk disclosure by the end of this year. Based on Gensler’s statements, the rulemaking is likely to be distinct from approaches developed by private framework providers and may not necessarily be tailored according to company size, maturity or other similar metrics.

Gensler has emphasized the importance of climate change disclosures generating “consistent and comparable” and “decision-useful” information. These disclosures may be contained in Form 10-K; given the tight timeframes associated with preparation of Form 10-K filings, this approach may require certain registrants to adjust their data collection and verification practices.

Bank Regulators’ Approach to Climate Change
Federal Reserve Chair Jerome Powell has indicated that he supports the Fed playing a role in educating the public about the risks of climate change to help inform elected officials’ policy decisions. The Fed established a Financial Stability Climate Committee to identify, assess and address climate-related risks to financial stability across the financial system, as well as the Supervision Climate Committee to help understand implications of climate change for financial institutions, infrastructure and markets.

The Office of the Comptroller of the Currency and Federal Deposit Insurance Corp. are also taking climate risk seriously. In July, the OCC joined the Network of Central Banks and Supervisors for Greening the Financial System and announced the appointment of Darrin Benhart as its first climate change risk officer. Most recently, Acting Comptroller of the Currency Michael Hsu said the OCC is working with interagency peers to develop effective climate risk management guidance. The FDIC expects financial institutions to consider and address climate risks in their operating environment.

ESG as Competitive Advantage
Many companies have begun integrating ESG considerations into their products and strategies. Some research has shown that ESG can drive consumer preferences, with certain consumer demographics using ESG factors to differentiate among products. Younger demographics, for example, are choosing banks according to ESG credentials. Moreover, ESG considerations are becoming increasingly important to certain employee bases.

ESG issues are also top-of-mind for many investors, driven by prominent institutional investors that are linking a company’s ESG profile with its long-term financial performance and other stakeholders who want to align investments with social values and goals.

Directors and management teams should engage in an honest self-assessment of their bank’s ESG status, including determining which ESG matters are most material to their business. They should establish processes for board-level ESG strategy and oversight, along with clear management authority and reporting lines. They should also strengthen controls around ESG quantitative reporting. Ultimately, management should now consider whether and how to begin integrating ESG into commercial activities and overall strategy. With that in mind, here are six steps that boards and management can take now:

  1. Conduct a self-assessment on ESG matters, including on materiality, performance and controls.
  2. Begin preparations for an imminent SEC rulemaking on mandatory climate change disclosure that could potentially apply to Form 10-Ks in time for the 2022 fiscal year.
  3. Strengthen ESG processes and controls, while allowing flexibility for frequent reevaluation.
  4. Understand the key players in the ESG space and their varied perspectives.
  5. Establish responsibility for maintenance of a core ESG knowledge base and awareness of key developments.
  6. Monitor ESG developments as part of operational and strategic planning.

A Look at the Great Loan Modification Experiment

After almost a year, Congress’ decision to suspend loan modifications rules was an unprecedented, unorthodox and, ultimately, effective way to aid banks and borrowers.

The banking industry is going on four quarters of suspended requirements for coronavirus loan modifications. Suspending the reporting rules around loan modifications was a creative way for regulators and lawmakers to encourage banks in the spring of 2020 to work with borrowers facing coronavirus-related hardships. The result is that the industry, and economy, had more time to reassess the rapidly uncertain environment before needing to process troubled credits.

“Standing here today, having completed most of my year in audit and having a pretty good idea of how things are panning out — I would call it a raging success,” says Mandi Simpson, a partner in Crowe’s audit group. She adds that the decision to pause loan payments may have helped avoid a number of business closures and foreclosures, which will help the economy stabilize and recover long-term.

Ordinarily, these modifications, like no payments or interest-only payments for a period of time before restarting payments and catching up, would have been categorized as troubled debt restructurings, or TDRs, under U.S. generally accepted accounting principles.

TDRs occur after a bank offers a concession on a credit that it wouldn’t otherwise make to a borrower experiencing financial difficulties or hardship. The CARES Act suspended the determination that a loan modified because of the coronavirus would count as a TDR, “including impairment for accounting purposes.” Banks could now offer deferments and modifications to borrowers impacted by the coronavirus without needing to record them as TDRs.

The suspension came as part of the Coronavirus Aid, Relief, and Economic Security Act of 2020, or CARES Act, and was extended in the stimulus bill passed before the end of the year. The move was supported by the U.S. Securities and Exchange Commission, the Financial Accounting Standards Board and bank regulators, who had encouraged banks to work with borrowers prior to the suspension. It is scheduled to be in effect through until Jan. 1, 2022, or 60 days after the termination of the national emergency, whichever is earlier.

“The regulatory community gets a high-five for that, in my opinion,” says Christopher Marinac, director of research at Janney Montgomery Scott. “Think about the accounting change in TDRs as another form of stimulus … For the companies and the clients that received deferrals – this pandemic is not their fault. … There was a recognition that this gave people a way to buy time. The one variable you can’t quantify in a crisis is time.”

The widespread forbearance allowed borrowers to adapt their businesses, get a handle on their finances or apply for Paycheck Protection Program funding from the Small Business Administration. It also gave banks a chance to reassess their borrowers’ evolving risk and offer new loan terms, if needed.

Reported Bank Deferral Data for 2020

Quarter Loans in deferral, median Low range High range Number of banks reporting
Q1’2020 11.1% 0.3% 38% 224
Q2’2020 15.3% 1.2% 46.4% 234
Q3’2020 3% 0% 21.5% 240
Q4’2020 1.4% 0% 14.5% 238

Source: Reports authored by Brad Milsaps, managing director at Piper Sandler & Co.

A number of institutions took advantage of the suspension to offer borrowers relief. Simpson remembers that many banks freely offered short-term forbearance in the second quarter, and panicked borrowers accepted. When those forbearance periods expired in the third quarter, borrowers had a better sense of their financial condition — aided by the PPP — and banks were better prepared to work with customers under continued pressure.

By the end of the second quarter, most banks “expressed optimism” about the direction of deferrals and reported “minimal” second requests, mostly related to restaurant and hotel borrowers, wrote Brad Milsaps, managing director at Piper Sandler & Co.

He expected deferrals to become “less of a focus going forward,” as those loans’ performance normalized or banks felt confident in marking them as nonaccruals. To that end, the median ratio of criticized loans to total loans, excluding Paycheck Protection Program loans, increased to 3.6% at the end of the third quarter, from 2.9% in the second quarter.

“Deferrals were an impactful tool utilized at the beginning of the pandemic, but have fallen to a very minimal level given the impact of PPP, the CARES Act, and improvement in the economy,” he wrote in a February 2021 report. “Although deferral data continues to be disclosed by most banks, the investment community has mostly moved on from deferrals as an area of primary focus.”

But the suspension of TDR guidance is not a green light for banks to wholly ignore changing credit risk. If anything, the year of deferrals gave banks a better sense of which customers faced outsized challenges to their businesses and whether they could reasonably and soundly continue supporting the relationship. Marinac points out that many banks have risk-rated loans that received modifications, set aside reserves for potential losses and migrated those that continued to have stress over time.

And as documented in Milsaps’ reports, a number of banks decided to share their modification activity with the broader public, with many including geography, industry and sometimes even the type of modification offered. These disclosures weren’t required by regulators but demonstrated the credit strength at many banks and reassured investors that banks had a handle on their credit risk.

The suspension of TDR reporting requirements through the end of 2021 gives the industry and stakeholders like FASB, the accounting board FASB, to consider the usefulness of the existing TDR guidance.

The reporting involved with TDRs involves an individual discounted cash flow analysis, which makes the accounting complicated and tedious. TDRs also can carry negative connotations that are impossible to shake: A modified TDR, even if it’s performing, is always recorded as a TDR. Simpson points out that the loan modification disclosures banks made in lieu of reporting TDRs was, in many cases, more useful and insightful than if the banks had just treated all modified loans as TDRs. And while mass loan modifications may have been a lot of work for banks in the midst of the pandemic’s most uncertain days, it would have been exponentially more complicated to do mass restructuring recordings and discount cash flow analyses over those four quarters.

“If you aren’t going to do TDR reporting at the time when — in theory — it would be the most valuable, doesn’t that call into question whether TDR identification is really that useful after all?” Simpson asks. “The standard-setters are doing some outreach and taking a second look with exactly that in mind.”

When All The Examiners Left

What would happen if all the bank examiners left?

In 1983, the ninth district of the Federal Home Loan Bank lost almost all of its examiners when the office hastily relocated from Little Rock, Arkansas, to Dallas. The move was the culmination of a campaign from congressional and business efforts beginning in the 1950s, the efforts of which had previously been staved off by Arkansas’ representatives.

In response, 37 of 48 employees in the department of supervision chose not to relocate and left, according to Washington Post archival articles; the remaining 11 were mostly low-level administrators. The two remaining field agents split monitoring almost 500 savings and loans across a 550,000 square-mile area.

The move was capricious, political, expensive and, ultimately, disastrous.

The result was a rare natural experiment that explores the importance that bank supervision plays in regulation and enforcement, according to a recent fascinating paper published by Federal Reserve Bank economists John Kandrac and Bernd Schlusche.

The situation became so bad that the Federal Home Loan Bank Board in Washington implemented a supervision blitz in 1986, sending 250 supervisory and examination staffers from across the country to conduct intensive exams in the region. The number of exams conducted during the six weeks was more than three times the number performed in 1985; for many institutions, it was their first comprehensive exam in two or three years.

Here are several takeaways from the paper.

Major Setback to Supervision
The dramatic loss of expertise within the supervision division plagued the FHLB’s ninth district for at least two years. Even though Dallas is the region’s financial capital, it would take years to tutor supervision trainees to the level of the departed senior examiners. The other option the bank had was trying to poach examiners from another region or agency, which creates deficiencies of its own.

When the Cat’s Away, the Mice Will Play
The paper finds that less intensive supervision and less frequent supervision comes with some risk to the stability of institutions.

Unsupervised thrifts increased their risk-taking behaviors and appetites compared to both thrifts outside the region receiving regular examinations and commercial banks in the region. They grew “much more rapidly” by entering newly deregulated and riskier lending spaces, funded the growth with funds like brokered deposits and “readily engaged in accounting gimmicks to inflate their reported capital ratios.”

“[A]ffected institutions increased their risky real estate investments as a share of assets by about 7 percentage points. The size of the treatment effect is economically large,” the paper finds, adding later: “Our results are consistent with the hypothesis that risk taking is a function of supervisory attention.”

Some of this risk-taking led to insolvency. The paper found that the lack of supervision activity led to about 24 additional failures, which cost the insurance fund about $5.4 billion — over $10 billion in 2018 dollars.

Someone Needs to Enforce the Rules
Rules alone were insufficient for these institutions to manage their risk. The paper stresses the role that examiners play in effective enforcement of regulation — an issue that has taken on renewed relevancy given both a lengthening of the examination cycle to 18 months for some community banks and the changes in in-person visits due to the coronavirus pandemic.

Bank supervisors have many tools — formal and informal — by which they can influence a bank’s behavior. The paper notes how regular interactions and conversations, coupled with power of bank regulation itself, seem to be more effective at curbing or correcting risky behavior at banks than self-regulation alone. The six-week supervision blitz in 1986 led to a 76% increase in enforcement actions compared to the year prior, as well as management replacement actions, liquidation requests and 500 criminal referrals to the Department of Justice.

“[S]upervision and examination matter even for what many considered to be the most ineffectual supervisor in the United States. Therefore, even if the importance of supervision has diminished over time on average, we should still expect modern supervisors to meaningfully limit bank risk taking,” the paper reads.

The Trouble That Johnny Allison Sees

Johnny Allison, chairman and chief executive officer at Home Bancshares in Conway, Arkansas, prides himself on running a very conservative institution with a strong credit culture. And Allison has not liked some of the behavior he has witnessed in other bankers, who are slashing their loan rates and loosening terms and conditions to win business in a highly competitive commercial loan market.

Allison says those chickens will come home to roost when the market eventually turns, and many of those underpriced and poorly structured loans go bad.

“Now is a dangerous time to be in banking, in my opinion. It is a scary time because our people want to match what somebody else did,” said Allison during an extensive interview with Bank Director Editor in Chief Jack Milligan for a profile in the 1st quarter issue of Bank Director magazine. (You can read the story, “Will Opportunity Strike Again for Johnny Allison?” by clicking here.)

Allison feels strongly enough about the credit quality at $15 billion asset Home that he’s willing to sacrifice loan growth, even if it hurts his stock price. In the following excerpt, Allison — whose blunt and colorful talk has become his trademark — opens up about the challenge of maintaining underwriting discipline in a highly competitive market.

The Q&A has been edited for brevity, clarity and flow.

BD: You said some very powerful things in your third quarter earnings call. And you said it in sort of the Johnny Allison way, which makes it fun and entertaining. But you were fairly blunt about the fact that you see stupid people doing stupid things. That has to have an impact on your performance in 2019. You’re letting certain kinds of loans run off because you don’t like the terms and conditions and the pricing. That impacts your growth, which then impacts your stock price. That has to be a difficult choice to make.
JA: It’s extremely tough, because my people in the field are seeing dumb stuff being done. “Well, so and so did this, or so and so did that, and, Johnny, they gave him three-and-a-half fixed for 10 [years], and interest only, and nonrecourse.” I mean, there will be a day of reckoning on those kinds of bad decisions, in my opinion. Am I going to write at three and a quarter [percent] fixed for 10 to 15 years? I’m not going to do that. Do I not think I’ll have a better opportunity coming next year to where I haven’t spent that money, and I spend it next year? So, my attitude is [to] take what they give us. Stay close to your customers, support your customers. It is extremely tough. It is one tough job keeping the company disciplined. Don’t let it get off the tracks. We’re known as a company that runs a good net interest margin. We’re known as a company that has good asset quality, that runs a good ship.

BD: If you were more aggressive on loan growth, if you were willing to play the same game that other banks were playing and not worry about the future so much, would your stock price be higher today?
JA: We don’t believe that. If I loan you $100 and I charge you 6%, or I loan you $100 and I charge you 3%, you’ve got to do twice as many loans just to keep up with me. And there’s a limit to how much you can loan, right? We got $11 billion worth of loans. We’re about 97% loan-to-deposit [ratio]. Could we go up to 100%? Sure. We were at [100%] over six years ago. The examiners fuss at you a little bit. But we’ve got lots of capital. So, we kind of run in those areas close to 100% loan to deposit. But we’ve got $2.7 billion worth of capital, so we can rely on that. Plus, the company makes a lot of money.

BD: You said in the earnings call that you were building up the bank’s capital because you didn’t quite know where the world was going, or you weren’t quite certain about the future. So, how do you see the future?
JA: I’m very positive with the future, except the fact I keep hearing these naysayers on and on. We’re optimistic people. I’m rocking with the profitability of this company, and [people] tell me the world’s coming to an end. Then the [bank’s] examiner came in during [the] third quarter and said, “The world’s coming to an end, Johnny. Get ready. Be prepared. Get your reserves [up].” We didn’t ever see it. It didn’t happen. Could somebody be right? Could there be a hiccup coming? Let me say this, and I said it on the call, banks are in the best financial condition that they’ve ever been in.

Someone said, “Boy, you give the regulators credit for that.” I said, “Regulators had nothing to do with it. Absolutely nothing to do with it.” What did it was [the financial crisis in] ’08, ’09, and those people who wanted to survive, and those people who wanted to keep their companies and don’t want to cycle through that again. What’s happening is, the shadow banking system is coming into the [market], and they’re taking our loans. How many [loan] funds are out there? They all think they’re lenders. Every one of them think they’re lenders. And they’re coming into the bank space. Where we’re at 57% loan to value, they’re going to 95% loan to value.

There’s the next blow up, and that’ll hurt us. We’re going to get splashed with it. We’re not going to get all the paint, but we’re going to get splashed with that.

That’s the next problem coming, these shadow bankers, the people chasing yield. REITs. Oh, God. REITs. I’m in at $150,000 a key in Key West, Florida, with a guest house owner who is a fabulous operator. We financed her for years and years, and she’s built this great program with these guest houses. She sold it to an REIT for $500,000 a key. Now, let me tell you something, you can’t have an airplane late getting into Key West. There can never be a wreck on [U.S. Highway 1]. And there can never be another hurricane. Everything has to be hitting on all cylinders and be perfect to make that work. That’s kind of scary to me. We’ve seen several of these REITs coming [in with] so much money. They won’t give any money back to the investors. They won’t say, “We failed.” Instead, they’ll go invest that money. And they’re just stretching that damn rubber band as far as they can stretch it, and I think some of those rubber bands are going to pop.

[Editor’s note: An REIT, or real estate investment trust, owns and often operates income-generating real estate.]

So, I think that’s the danger. I don’t think it’s the normal course of business. I think those things are the danger. And when it slows down a little bit like it did, these bankers panic. They just panic. “What can we do to keep your business? What can we do?” They just lay down and play dead. “What can I do? What can I do? Two and a half? Okay, okay, okay. We’ll do [loans at] two and a half [percent].” We just got back from a conference, and they’re talking in the twos. Bankers are talking in the twos. I don’t even know what a three looks like, and I sure don’t know what a two looks like. So, I can’t imagine that kind of stupidity.

BD: So, where are we in the credit cycle?
JA: Well, two schools of thought. One, that we’re in a ten-year cycle, and it’s time for a downturn.

BD: Just because it’s time.
JA: Just because it’s time. Johnny’s thought is that we were in an eight-year cycle with [President Barack] Obama, and he didn’t do one thing to help business. Absolutely zero things to help any kind of business at all. Didn’t know what he was doing. Nice guy. Be a great guy to drink beer with. Had no clue. And then here comes [President Donald] Trump. So, did the cycle die with Obama and start with Trump? That’s my theory. My theory is that [the Obama] cycle died, and we’re in the Trump cycle. Now, if we have a downturn, if something happens somewhere, he’s going to do everything he can to get reelected, right? So, he’s going to try to keep this economy rolling. But if we have a downturn, it’s not going to be anything like ’08, ’09.

The regulators blame construction for the [financial crisis]. It wasn’t construction that caused the crash. It was the lenders and the developers that caused the crash, because nobody put any money in a deal. Nobody had any equity in a deal. I remember many times, my CEO, I’d say, “See if you can get us 10%.” No. [The customer] got it done for 100% financing. If you want the deal, they give it to you. But it’s 100% financing. There wasn’t any money in the deal. There was no money in those deals, and when the music stopped, they just pitched the keys to the bankers, and here went the liquidation process. I was involved in it, too. I did some of it myself. So, I’m not the brilliant banker that skated that. I was involved in it. Not proud of that, but I learned from that lesson. I learned from that lesson.

Now is a dangerous time to be in banking, in my opinion. It is a scary time, because our people want to match what somebody else did. That’s my toughest job. And a lot of them think I’m an ass because I hold so tight to that. Now, let me tell you. This is my largest asset. This is my baby in lots of respects. I have lots of my employees that are vested in this company. I have lots of shareholders, local Arkansas shareholders that are vested. We have created more millionaires in Arkansas than J.B. Hunt [Transport Services], or Walmart, or Tyson Foods. Individual millionaires, because they believed in us and invested with us, and I am very proud of that.