Community banks that have weathered the economic extremes of the coronavirus pandemic and a rapidly changing interest rate environment may find themselves with another important looming deadline: the $10 billion asset threshold.
In 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act (often called Dodd-Frank) created a regulatory demarcation for banks above and below $10 billion in assets. In 2018, regulatory reform lessened one of the more-stringent expectations for $10 billion banks, but failed to eliminate many of the other regulatory burdens. Experts that have worked with banks to cross the divide since the law went into effect recommend that institutions around $5 billion begin preparing for the costs and expectations of being a larger bank.
“The list of changes when going from $9.9 billion to $10 billion isn’t long. It’s the significance of those changes that can create challenges if not appropriately planned for,” writes Brandon Koeser, financial services senior analyst with RSM US LLP, in an email. “Banks need to take a thorough look at their entire institution, including people, processes and risk oversight.”
The pandemic may have delayed or complicated the work of banks who are preparing to cross the threshold. Anna Kooi, a partner and national financial services industry leader at Wipfli, says she has clients at banks whose growth accelerated over the last two years and are approaching the $10 billion asset line faster than expected.
Bank Director has assembled a guide for boards that reviews some areas that are impacted by the threshold, along with questions directors can use to kick off conversations around preparation.
Lost Income
The Dodd-Frank Act’s Durbin Amendment capped the interchange fees on debit card transactions that banks above $10 billion can charge; interchange fees are not reduced for banks under $10 billion. The capped fees have cost card issuers nearly $106 billion in interchange revenue since 2012, including an estimated $15.2 billion in 2020, according to an Electronic Payments Association analysis in August 2021 using data from the Federal Reserve.
Banks preparing to cross $10 billion should analyze how big the reduction of debit interchange revenue could be, as well as alternatives to make up for that difference, Kooi says. The interchange cap impacts banks differently depending on the depositor base: commercial banks may not miss the income, while institutions with a larger retail base that use their debit cards may experience a significant hit. Banks that have more time to consider alternatives will be better positioned when the interchange cap goes into effect, she says.
Regulatory Expectations
Banks over $10 billion in assets gain a new regulator with a new round of exams: the Consumer Financial Protection Bureau. While other banking regulators tend to focus on prudential safety and soundness, the CFPB aims to promote “transparency and consumer choice and preventing abusive and deceptive financial practices” among markets for financial services and products, according to the agency’s mission statement. This exam shift means banks may want to reach out to consultants or other external partners that have familiarity with the CFPB to prepare for these exams.
“The focus is going to be more intense in certain areas,” says Adam Maier, partner and co-chair of Stinson’s banking and financial services division. “They’re going to bring in a different regulatory approach that is very unique, and at times, can be difficult.”
Expectations from other regulators may also increase, and increased scrutiny could lead to a higher risk that examiners discover something at a bank that needs to be addressed.
“A guaranteed place of focus from regulators will be over the bank’s risk program,” Koeser writes. “Undertaking an assessment of the risk management function, including the risk program, staffing levels and quality of talent will be key. In a new world above $10 billion, the old mantra of ‘If it isn’t broke, don’t fix it,’ won’t fly.”
While banks don’t have to participate in the annual Dodd Frank Act Stress Test, or DFAST, exercise until they are $100 billion, regulators may want to see evidence that the bank has some way to measure its credit and capital risk exposure.
“What I’ve heard [from] banks is the regulators, the OCC in particular, still want to talk about stress testing, even though [the banks] don’t have to do it,” Maier says. “I would follow the lead of your primary regulator; if they want you to still demonstrate something, you still have to demonstrate it.”
And importantly, the Dodd-Frank Act mandates that bank holding companies above $10 billion have a separate board-level risk committee; this provision was changed to $50 billion in the 2018 financial reforms bill. The committee must have at least one risk management expert who has large-company experience.
Staffing and Systems
Heightened regulatory expectations may require a bank to bring on new talent, whether it’s for the board or the executive team. Some titles Kooi says a bank may want to consider adding include a chief risk officer, chief compliance officer and a chief technology officer — all roles that would figure into a robust enterprise risk management framework. These specialty skill sets may be difficult to recruit locally; Kooi says that many community banks preparing for the threshold retain a recruiter and assemble relocation packages to bring on the right people. Oftentimes, banks seek to poach individuals who have worked at larger institutions and are familiar with the systems, capabilities and expectations the bank will encounter.
Additionally, boards will also want to revisit how a bank monitors its internal operational systems, as well as how those systems communicate with each other. Maier says that banks may need to bulk up their compliance staff, given the addition of the CFPB as a regulator.
M&A Opportunities
A number of banks have chosen to cross $10 billion through a transaction that immediately offsets the lost revenue and higher compliance expenses while adding earnings power and operational efficiency, writes Koeser. M&A should fit within the bank’s strategic and long-term plans, and shouldn’t just be a way to jump over an asset line.
Banks that are thinking about M&A, whether it’s a larger bank acquiring a smaller one or a merger of equals, need to balance a number of priorities: due diligence on appropriate partners and internal preparations for heightened regulatory expectations. They also need to make sure that their prospective target’s internal systems and compliance won’t set them back during integration.
Additionally, these banks may need to do this work earlier than peers that want to cross the threshold organically, without a deal. But the early investments could pay off: An $8 billion institution that is prepared to be an $11 billion bank after a deal may find it easier to secure regulatory approvals or address concerns about operations. The institution would also avoid what Maier calls “a fire drill” of resource allocation and staffing after the acquisition closes.
Questions Boards Should Ask
- Do we have a strategy that helps us get up to, and sufficiently over, $10 billion? What is our timeline for crossing, based on current growth plans? What would accelerate or slow that timeline?
- Will the bank need to gain scale to offset regulatory and compliance costs, once it’s over $10 billion?
- What do we need to do between now and when we cross to be ready?
- What role could mergers and acquisitions play in crossing $10 billion? Can this bank handle the demands of due diligence for a deal while it prepares to cross $10 billion?
- Are there any C-level roles the bank should consider adding ahead of crossing? Where will we find that talent?
- Do we have adequate staffing and training in our compliance areas? Are our current systems, processes, procedures and documentation practices adequate?
- How often should the board check in with management about preparations to cross?
- Have we reached out to banks we know that have crossed $10 billion since the Dodd-Frank Act? What can we learn from them?
Article was updated on Nov. 15, 2022, to reflect that $50 billion banks are now mandated to have a board-level risk committee.
Regulators can’t afford to wait any longer in developing a framework for their oversight of the fast-rising fintech sector. The number of fintech companies, and the amount of investment in them, is growing too rapidly for regulators to hope that they can supervise the sector by applying existing regulations for banks to fintech companies on an ad-hoc basis. That will only create gaps in regulators’ monitoring of the sector, and confusion among fintech companies trying to grasp the complexities of financial regulation in the U.S. Such gaps and confusion are already evident: Many fintech companies are failing to implement best practices in securing customer data, and many of them are also unaware of how existing regulations apply to them.
In recent days and months, there has been much discussion about the challenges small banks face to comply with increased regulatory requirements, particularly those stemming from the Dodd-Frank Wall Street Reform and Consumer Protection Act. Though the costs of compliance have increased and can prove burdensome, especially to small banks, industry observers and participants who approach the requirements with a glass-half-empty attitude are missing an important opportunity: If community banks take a strategic approach to compliance, they can differentiate themselves from the competition.