Developing a Digital-First Approach to Risk Management

The world has leaned further and further into the digital realm, largely thanks to a younger, more tech-dependent generation.

The Covid-19 pandemic accelerated a years-long push toward online and mobile banking use. Does your institution have a true digital banking strategy to deliver simple and secure digital banking services to your customers? As the primary channel through which customers conduct nearly all their banking activities, digital is your bank now.

But as more consumers turn to digital channels, cybercriminals are following suit — as demonstrated by increasing incidents of fraud and unauthorized account access. To mitigate cybersecurity threats and protect your customers, your bank’s risk management strategy now requires a digital-first approach.

Risk Management in Digital Banking
Even though customers demand digital transformation, delivering frictionless experiences comes with certain inherent challenges and risks. Once you identify these hurdles, you can mitigate them so that your institution can move forward.

The most pressing digital banking risk management issues fall into two categories: overcoming organizational challenges and mitigating regulatory risks. Each of them has several considerations and variables your institution should consider.

Overcoming Organizational Challenges

Outdated corporate culture: Entrenched processes and perspectives can stall your digital transformation. Promoting a more forward-thinking culture must start at the top and flow down in order for the entire institution to embrace change. Confirm your bank’s risk management personnel are onboard, and involve them from the beginning to ensure a secure and safe transformation.

Refocusing of key positions: Some of your bank’s key positions may change in response to digital transformation. Digitization may shift the focus of some, but these positions are still critical to the institution’s success. For example, instead of manually performing tasks, employees working in an operations department may begin focusing on automating processes for the institution.

Resistance to change: Many institutions have executives that will champion progress, while others are resistant to the changes required to adopt a digital-first approach. Identify the champions at your institution and empower them to lead your digital transformation.

Lack of innovative thought leadership: It will take true out-of-the-box thinking to digitally compete with the big banks and emerging fintech companies. Encourage that kind of modern thinking within your institution.

Misguided beliefs: Quash any notions that a mobile banking app is the only component of a digital strategy, or that a digital-first approach means that personalization is no longer needed. Back-end operations and internal processes must fully support a digital environment that effectively identifies and fulfills individual customer needs based on their actions and behaviors — without adding friction to the customer experience.

Mitigating Regulatory Risks

Digital compliance and cybersecurity: Banks operating in a digital environment must still comply with all applicable laws and regulations. This includes paying attention to uniquely digital processes that are covered under specific rules, such as electronically signing documents per the E-Sign Act. To mitigate risk, institutions should invest in technology designed to ensure compliance and strengthen cybersecurity.

Third-party risk management: Many banks are outsourcing all or part of their digital strategy to fintechs and other third-party vendors out of necessity. But institutions are still ultimately responsible for all functions, whether they are performed internally or externally. A robust vendor management program is key to avoiding unqualified third-party providers. A provider must understand applicable regulatory requirements, be able to adhere to them and guarantee compliance.

Fraud and identity theft: The increase in banking without face-to-face interaction can increase the risk of synthetic identity fraud, traditional identity theft and account takeovers. Your bank should meet these challenges by reviewing and strengthening your Bank Secrecy Act/anti-money laundering (BSA/AML), know your customer (KYC), customer due diligence (CDD), cybersecurity and other relevant compliance programs. Digitizing internal processes will result in more available data as well as the ability to use AI to monitor customer behaviors and efficiently identify potential fraud.

While digitization can increase certain risks for banks that undertake such a transformation, enabling enhanced digital banking risk management to secure digital channels, mitigate risk and deliver a frictionless customer experience is worth the effort.

Seven Costs of Saying “No” to Cannabis Banking

Ask the typical bank executive why their institution isn’t providing banking services to state-legal cannabis-related businesses (CRBs), and you will likely hear a speedy retort along these lines:

“We’re not allowed to — it’s still federally illegal.”

“We would love to, but we don’t know enough about that industry to manage the risk.”

“We don’t think our customers would want our name and reputation associated with that.”

On the surface, these prudent practices make perfect sense. A complex legal landscape, inability to assess regulatory risk and desire to protect the institution’s reputation are compelling reasons to stay far away from cannabis-related proceeds. But there are hidden costs to saying “no” to cannabis banking. These hidden costs accrue to CRBs, the communities in which they are located, the financial institutions that avoid them and potentially society at large.

Community Risks

Community risks stem from direct and indirect sources. The obvious risks, such as the increased potential for crime and the resulting challenges to law enforcement, are frequently cited. The indirect risks are less obvious, such as a community’s inability to identify or collect appropriate taxes on CRB proceeds.

Cash on hand invites crimes of opportunity. A retail location that is known to have large volumes of cash on hand produces a seductive temptation for the criminal element.

Cash is easy to conceal from revenue officials. Fewer dollars in the public coffers are the inevitable outcome when revenue goes uncollected. In its “Taxing Cannabis” report, the Institute on Taxation and Economic Policy indicates that tax evasion and ongoing competition from illicit marijuana operations remain an ongoing concern in legal use states.

Opportunity Costs

Early adopters have demonstrated that the cannabis industry is willing and able to accept higher price points from financial institutions in exchange for the safety and convenience of obtaining traditional banking services. Your bank’s avoidance means forfeiting both short-term and long-term opportunities to generate fee income while giving others a head start on future business opportunities.

Cost of lost fee income. It is not uncommon to hear of small financial institutions generating multimillion-dollar annual fee income from CRB accounts. In less-established markets, accounts yield monthly fees based on their average deposit balances.

Cost of missing out. Just like its social media counterpart — FOMO or fear of missing out — COMO is real. If 5% to 10% of your peers are already banking CRBs, imagine what will happen as the next 10% step in. And then the next 10% after that. Before the real race has even begun, you’ve ceded some portion of the addressable market simply by not being present in the market today.

Economic Costs

The suppression of legal cannabis businesses weakens their potential to inform decisions and progress. Anecdotal and scientific evidence supports that mental and physical health benefits can be derived from responsibly sourced and properly administered cannabis-based products. Data from countries that are moving quickly to align public policy with sentiment and science on these issues indicates that sustainable economic benefits are possible.

Cost of falling behind in medical and other scientific research and advances. In 2018, 420Intel identified six countries for their cannabis research: Spain, Canada, the Czech Republic, Uruguay, the Netherlands and Israel. This type of research cannot be conducted in the United States because of federal prohibitions that require clearing multiple regulatory hurdles, at great cost.

Costs of pain and suffering to those in need of relief. Even if your personal belief sets don’t allow you to explore cannabis topics with an open mind, you need look no further than your media feeds or internet searches to find immeasurable examples of individuals who claim that using cannabis or cannabinoids have provided them with physical and mental health benefits.

Cost of lost economic growth potential. While exact numbers are hard to come by, there more than 110 studies taking place in Israel alone, funded at rates in the six and seven figures apiece. BNN Bloomberg reported that Canada’s legalized cannabis sector contributed $8.26 billion to its gross domestic product in its first 10 months of national legalization.

So before your bank decides the risks of saying “yes” to banking CRBs is still too high, pause to consider the risks you’re allowing to affect your institution and local community when you say “no.” Perhaps it’s time to take a fresh look at whether CRB banking is for you.

Good Corporate Governance Starts With the Articles and Bylaws


governance-11-14-16.pngJust as a good diet and regular exercise contribute to a healthy lifestyle, good corporate governance and board oversight often serve as the foundation for the health and stability of any corporate organization. Corporate governance is often a difficult concept to nail down. In the highly regulated banking industry, the importance of good corporate governance practices is significantly amplified due to the additional layer of regulatory risk that may not affect businesses in other industries.

Although good corporate governance is often associated with maintaining certain policies and procedures, such as guidelines, codes of conduct, committee charters, shareholder agreements and intercompany and tax sharing agreements, we routinely encounter financial institutions that ignore or overlook one of the most fundamental aspects of corporate governance: the articles of incorporation and bylaws. In fact, we experience many situations in which financial institutions have articles and bylaws that are significantly outdated and have not been revised to comply with current laws, regulations and other corporate best practices. Failure to keep these governing documents current can not only raises legal and regulatory concerns, but oftentimes compromises the ability of the management team to protect and preserve the interests of its shareholders.

A comprehensive review of the articles and bylaws is recommended, particularly if you have not conducted such a review in the past. Set forth below is a summary of certain terms and provisions that may be of particular interest to your management and board of directors.

Compliance With State Corporate Laws
State corporate laws provide the basic foundation for the conduct of business of most banks and bank holding companies. Over time, these state corporate laws are revised or replaced with more modern corporate statutes. Although the corporate laws may evolve over time, many financial institutions fail to adapt their articles and bylaws to conform to these changes. In many cases, we encounter articles and bylaws that reference outdated and repealed laws and statutes that could lead to questionable legal interpretations and uncertainty in many critical situations.

Limitation of Personal Liability and Indemnification of Directors and Officers
Most state corporate laws have provisions that permit a corporation to limit the personal liability of, and/or provide indemnification to, directors and officers pursuant to provisions in its articles or bylaws. Typically, the ability to limit liability and provide indemnification to directors and officers is eliminated in certain situations such as a breach of fiduciary duty or intentional misconduct. However, we routinely experience situations in which the limitation of liability and indemnification are either not addressed by the articles or bylaws or contain provisions that may not fully protect the interests of the management team.

Electronic Communications
As technology continues to evolve, many state corporate statutes have been revised to permit certain shareholder and director communications, such as notices of shareholder and director meetings, to be delivered in electronic format. Despite these statutory revisions, if your institution’s articles and bylaws require physical delivery of these notices, you might not be able to take advantage of these newer and less costly forms of communication.

Uncertificated Shares
As financial institutions continue to consolidate and increase their shareholder base, the use of third-party transfer agents is becoming more prevalent for the management of stock transfer records. Most transfer agents have implemented uncertificated book-entry systems as a means of recording stock ownership, which eliminates the need for physical stock certificates. However, it is not uncommon for the articles and bylaws to specifically require the issuance of physical stock certificates to their shareholders. Obviously, these provisions must be revised before implementing an uncertificated stock program.

In addition to the specific matters addressed above, some other important areas to consider when reviewing your articles and bylaws include the shareholders’ ability to call special meetings, the process for including shareholder proposals at annual or special meetings, the implementation of a classified board of directors, the process for the removal of directors, mandatory retirement age for directors, shareholder vote by written consent and a supermajority vote standard for certain article and bylaw amendments, such as limitation of liability and indemnification.

A review of your institution’s articles and bylaws is only one component of the broader corporate governance umbrella, but it is one of the more important and fundamental aspects of your board’s corporate governance responsibilities. Routine maintenance of these fundamental corporate documents will be a good start towards enhancing your institution’s overall corporate governance structure.