Digitization Inside and Out of the Boardroom

digitization-4-16-18.pngAs global businesses and markets are caught in a seemingly perpetual cycle of disruption and adjustment, company leadership and directors are tasked with finding new, innovative ways of communicating and working with shareholders in an increasingly complex and fragmented landscape. This is even more important given the massive technological advancements within the last decade, which have not only shifted the ways in which companies operate, but the means in which businesses and investors convey and share information.

Recent advancements in technology have transformed everyday business processes through digitization, which, in turn, has made cybersecurity a top priority. Moreover, they have made the world a much more connected place, facilitating business at a faster pace than ever before. To help company leadership adjust, new technologies have been developed to help directors and leadership teams improve collaboration and workflow.

Today’s boards are going paperless, and the reality has become indisputable: directors are turning away from printed documents in favor of digital information that is easy to share and accessible on mobile platforms, like board portals.

Through digitization, directors are now accustomed to heightened levels of speed and efficiency across all business processes. With board portals, corporate secretaries and meeting managers are able to streamline board book creation and tighten information security. The benefits to this technology are clear: easy access to digital meeting information with user-friendly tools for assigning tasks, approvals, consent votes and secure messaging.

We have also observed a growing trend driving increased global demand for board portal solutions: the need to collaborate and share confidential information and documents across internal and external teams in a highly secured environment. The C-suite executives who already use our board portal tools for director-level collaboration are now expanding that capability across their organizations, all through a single sign-on service.

As businesses shift to digital platforms, data security plays a much bigger role. Companies must closely scrutinize how sensitive information is handled due to the risk of breaches. Cyberattacks are common and can result in significant financial and reputational damage; cybercrime damage costs are expected to total $6 trillion annually by 2021, according to CSO. This makes it especially important for boards and company leadership to take a strategic approach to data protection. Information is being shared in more rapid and innovative formats, and the methods in which boards communicate with shareholders will need to prioritize safety along with accessibility.

Protecting sensitive information should be at the top of a company’s concerns. This is why solutions should comply with strict encryption standards, multi-factor authentication and a completely cloud-less data storage system. Companies can also leverage machine learning and artificial intelligence (AI) to navigate and secure large volumes of data. These technologies can monitor and detect network anomalies that signal potential attacks and prevent further access before data is compromised.

Due to the digitization of communication channels, we are now able to connect and do business in seconds with people halfway across the world. As technology brings us closer together, it breaks barriers to information accessibility. This ease of information exchange has impacted investing by virtually removing any impediments that once stood in the way of certain markets.

Increased ease of access to information around the world means companies, and particularly company leadership, should ensure key information is digestible for all stakeholders. That’s why being equipped with full translation services for common languages can be advantageous.

Moreover, as globalization continues to facilitate business and investing opportunities, shareholder bases are broader and more diverse than ever before. With the rise of passive investing, companies lack a level of transparency that allows them to know who their stakeholders are. For this reason, it is necessary to take advantage of tools and technologies that provide actionable insights into passive investment data and provide a more comprehensive picture of shareholders.

Looking Ahead
As technology continues to augment the ways in which companies operate, boards need to keep pace, ensuring they are communicating with their shareholders in the most efficient and preferred methods possible.

What Leaders Say It Takes to Compete Today

strategy-4-5-18.pngIf it weren’t for the occasions when his kids need to borrow some cash, Frank Sorrentino says they’d never set foot in a bank branch.

Sorrentino, the CEO of $4.7 billion asset ConnectOne Bancorp in Union, New Jersey, was one of several senior bank executives who joked about millennials’ tech-savvy lifestyle during a roundtable session, sponsored by Promontory Interfinanical Network (a partner to thousands of banks), at Bank Director’s 2018 Acquire or Be Acquired conference. But the habits of younger consumers and the challenges they present, including how they affect the race for deposits, are among the top concerns of today’s bank leaders.

Technology is a disruptive force that has permeated the banking industry, affecting operations and decisions for directors at all levels. “Today, to me it appears that things are changing right beneath our feet,” Sorrentino says. “The speed of adoption, speed of change, is just something that’s breathtaking.”

An 800-pound gorilla NOT named Amazon
The threat posed by big banks that are competing aggressively for consumers is very real for regional and smaller community banks—though some do see bright spots.

The ability of the largest banks to chart their own courses with technology could hurt regional and community banks, especially if that technology were to become proprietary or exclusive.

“They can decide to turn up or turn down product almost at whim, and very quickly put pressure on anyone in this room in…a very negative way,” Sorrentino says. “I’m not so sure the next-generation 800-pound gorilla is going to be thinking the same way.”

Sorrentino pointed to the widespread adoption of Zelle, a peer-to-peer (P2P) payments product that is currently being offered by 58 banks and credit unions, including ConnectOne. That type of product is helpful, he says, and works as long as banks of all sizes have access to it.

But the disrupting factors of the future may be the tech giants like Amazon or could just be the direction technology is leading customers—which is to say, far away from traditional banks.

Convenience in banking has trumped much of the traditional channels, which are largely based on in-person relationships. “That same experience now has to come through those interactions over the [smart] phone,” says Chuck Shaffer, chief financial officer and head of strategy at Seacoast Bank Corp. in Stuart, Florida, which has $6 billion in assets.

“When my own children, who live in New York City, say that they went and opened up an account at Chase because that’s where they can transact their Venmo [a competing P2P service offered by PayPal] without having to pay a fee, it’s very concerning,” says David Provost, president and CEO of Chemical Financial Corp., a $20 billion-asset institution headquartered in Midland, Michigan.

Data-fueled growth strategies
Other executives have similar assessments of the competition, though some remain optimistic about the potential for growth through more conventional means and using technology for that purpose, as well.

“I think customers come to you first; [it] doesn’t mean they don’t get better offers. It doesn’t mean that you don’t have to maybe match offers that normally you might not, but I think that there is still a degree of loyalty,” says Sally Steele, chairman of the board at Community Bank Systems, a $10 billion-asset bank based in Dewitt, New York. “But on the other hand, as the Zelles of the world roll through the banking industry, we’re all going to be beneficiaries of that.”

Nearly two-thirds of directors and CEOs surveyed for Bank Director’s 2018 M&A Survey say they are planning to grow organically, rather than through acquisitions, using strategies rooted in modern technology.

Shaffer’s 90-year-old bank has been around long enough to be familiar with the days before the internet, but Seacoast has been deliberate in investment and integration of data-backed strategies, both internally and purchased. “We operate in one data platform. We built a SAS database over top of that, then built automated marketing over top of that,” he says.

This data-driven approach has generated customized service and marketing pitches tailored to any demographic group and is now yielding significant revenue. “Three years later, we’re doing over $300 million; this year we’ll do around $400 million largely because we’re making the right offer at the right moment to the right customer,” Shaffer says. “We’ve been explosive in building exponential growth in the organization.”

2018 L. William Seidman CEO Panel

Former FDIC chairman and Bank Director’s publisher, the late L. William Seidman, advocated for a strong and healthy U.S. banking market. In this panel discussion led by Bank Director CEO Al Dominick, three CEOs—Greg Carmichael of Fifth Third Bancorp, Gilles Gade of Cross River Bank and Greg Steffens of Southern Missouri Bancorp—share their views on the opportunities and threats facing banks today.

Highlights from this video:

  • Reaching Today’s Consumer
  • Front and Back-Office Technologies That Matter
  • Competitive Threats Facing the Industry
  • The Future of Community Banking


RegTech: A New Name for an Old Friend

regtech-3-20-18.pngWith all of the buzz around regtech, it’s easy to forget that banks have leveraged technology for compliance and reporting for decades. But thanks to recent developments in data architecture, artificial intelligence and more, regtech is on the rise, and it’s evolving into something a lot more sophisticated.

The definition of regtech is simple. According to New-York-based analytics firm CB Insights, regtech is “technology that addresses regulatory challenges and facilitates the delivery of compliance requirements.” Regtech can be as simple as using an Excel spreadsheet for financial reporting or as complex as using adaptive algorithms to monitor markets. By studying the evolution of regtech, banks can begin to decipher which technologies are aspirational and which ones are crucial to navigating today’s demanding regulatory regime.

Regtech has and is evolving in three key phases, according to the CFA Institute Research Foundation, a nonprofit research group in Charlottesville, Virginia. The first phase was focused on quantifying and monitoring credit and market risks. A powerful illustration of the forces driving this initial phase can be seen in the Basel II accord, which was published in 2004. Basel II focused on three pillars: minimum capital requirements, supervisory review by regulators and disclosure requirements meant to enhance market discipline.

Despite the enhanced regulatory requirements of Basel II, the global financial crisis of 2008 exposed serious deficiencies in capital requirements that spurred the second and current phase of regtech’s evolution. New anti-money laundering (AML) and Know Your Customer (KYC) laws have drastically increased compliance costs. According to Medici, a financial media company, financial institutions spend more than $70 billion annually on compliance. In addition, increased fines for banks, new capital requirements and stress testing have resulted in a heavily burdened banking system. With increased regulatory requirements, we have seen a corresponding increase in technology solutions poised to meet them. The following are a few key areas banks should explore:

  • Modeling and Forecasting: Even if your bank is not subject to the Dodd-Frank Act Stress Test (DFAST) or Comprehensive Capital Analysis and Review (CCAR), it should still be able to leverage modeling and forecasting tools to manage liquidity, meet CECL (current expected credit loss) accounting standards and monitor important trends.
  • KYC/AML: Regulatory requirements that require your financial institution to “know your customer” when you onboard them often rely heavily on paper-based processes and duplicative tasks. In addition, the Bank Secrecy Act requires banks to perform intense transaction monitoring to help prevent fraud. Both of these obligations can be curtailed through the use of technology, and solutions are available to digitize client onboarding and use AI to monitor transactions.
  • Monitoring Regulations: Rules and regulations are being promulgated and revised at a rapid pace. Instead of hiring a cadre of attorneys to keep up, banks can use regtech to monitor requirements and recommend actions to keep the bank in compliance.

Banking is, by necessity, a risk-averse industry. As such, taking a leap with companies that will touch bank data, gather information from back-office software or deploy AI can seem like a scary proposition. Some regtech providers on the marketplace today are new, but some were forged through the fires of the financial crisis, and others are time-tested vendors that have been around for decades. Whether a regtech partner is established or emerging, banks can (and should) hedge their bets by communicating with their regulators and forming a plan to monitor the new technology.

The CFA Institute Research Foundation posits that we are on the precipice of phase three in the evolution of regtech. This future state will be marked by a need for regulators to develop a means of processing the large amounts of data that regtech solutions generate. In addition, regtech has the potential to enable real-time monitoring. Both advancements will require a rethinking of the regulatory framework, and more openness between banks and regulators.

Despite the portmanteau (which is usually reserved for new or unfamiliar concepts), regtech is an old friend to the banking industry. Its future may hold the keys to a new conceptualization of what oversight means. For now, though, regtech represents an opportunity for banks to leverage technology for what it was intended to do: Save humans time, labor and money.

2018 Risk Survey: Technology’s Impact on Compliance

regtech-3-19-18.pngIn addition to better meeting the needs of consumers, technology’s promise often revolves around efficiency. Banks are clamoring to make the compliance function—a significant burden on the business that doesn’t directly drive revenue—less expensive. But the jury’s out on whether financial institutions are seeing greater profitability as a result of regtech solutions.

In Bank Director’s 2018 Risk Survey, 55 percent of directors, chief executive officers, chief risk officers and other senior executives of U.S. banks above $250 million in assets say that the introduction of technology to improve the compliance function has increased the bank’s compliance costs, forcing them to budget for higher expenses. Just 5 percent say that technology has decreased the compliance budget.

Regtech solutions to comply with the Bank Secrecy Act, vendor management and Know Your Customer rules are widely used, according to survey respondents.

Accounting and consulting firm Moss Adams LLP sponsored the 2018 Risk Survey, which was conducted in January 2018 and completed by 224 executives and board members. The survey examines the risk landscape for the banking industry, including cybersecurity, credit risk and the impact of rising interest rates.

Fifty-eight percent say that the fiscal year 2018 budget increased by less than 10 percent from the previous year, and 26 percent say the budget increased between 10 and 25 percent. Respondents report a median compliance budget in FY 2018 of $350,000.

Additional Findings

  • Cybersecurity remains a top risk concern, for 84 percent of executives and directors, followed by compliance risk (49 percent) and strategic risk (38 percent).
  • Respondents report that banks budgeted a median of $200,000 for cybersecurity expenses, including personnel and technology.
  • Seventy-one percent say their bank employs a full-time chief information security officer.
  • Sixty-nine percent say the bank has an adequate level of in-house expertise to address cybersecurity.
  • All respondents say that their bank has an incident response plan in place to address a cyber incident, but 37 percent are unsure if that plan is effective. Sixty-nine percent say the bank conducted a table top exercise—essentially, a simulated cyberattack—in 2017.
  • If the Federal Reserve’s Federal Open Market Committee raises interest rates significantly—defined in the survey as a rise of 1 to 3 points—45 percent expect to lose some deposits, but don’t believe this will significantly affect the bank.
  • If rates rise significantly, 45 percent say their bank will be able to reprice between 25 and 50 percent of the loan portfolio. Twenty-eight percent indicate that the bank will be able to reprice less than 25 percent of its loan portfolio.
  • One-quarter of respondents are concerned that the bank’s loan portfolio is overly concentrated in certain types of loans, with 71 percent of those respondents concerned about commercial real estate concentrations.

To view the full results to the survey, click here.

How Wells Fargo Targets Its Innovation Investments

innovation-3-9-18.pngGlobal investment in fintech startups hit $16.6 billion in 2017, according to the analytics firm CB Insights, based in New York. And the biggest banks in the U.S. are among the investors in the space. These investments indicate a few things about the nation’s largest banks, according to Lex Sokolin, global director of fintech strategy and a partner at London-based Autonomous Research. First, the bank’s investment indicates that it believes the technology holds promise, and that the company’s performance indicates it will be successful in delivering that technology. Also, “it may be a way for the bank to pre-acquire a company, by getting visibility through the board and incremental control of ownership,” he says, with the bank acquiring the company outright later on, or continuing to watch the company and replicate the product.

This second approach appears to be most similar to the strategy so far for Wells Fargo & Co., which came in as the second most innovative bank in Bank Director’s 2018 Ranking Banking study, released in November 2017. At the time, Bank Director cited the bank’s direct work with startup companies, including its accelerator program. Wells Fargo has continued to invest in fintech firms, with an eye to improving the capabilities of the organization. These investments include R3—the New York-based blockchain consortium that last year attracted a $106 million investment from 43 companies—and the data analytics firm Kensho, in Cambridge, Massachusetts, which last year received $50 million from nine investors, including six U.S. banks, in a Series B round. In early March, S&P Global, which was among Kensho’s investors, announced that it would acquire the startup for $550 million.

At Wells Fargo, innovation investment occurs at two different levels within its corporate structure. While both are focused on emerging technologies that will ultimately improve the customer experience, the two areas differ when it comes to tactics.

Wells Fargo Securities houses the fintech investment arm that participates in larger investments. “We want to partner with relevant, emerging technologies, and then invest in the appropriate fintech and enterprise IT companies whereby we can serve our clients better,” says Tom Richardson, managing director and head of market structure and electronic trading services. “Our primary mandate is that it’s strategic—that the target is a company we’ll have a commercial relationship with and where our investment dollars can facilitate deeper partnership.”

Richardson’s unit has more skin in the game, so it’s seeking a closer relationship with the companies it invests in, which could include board representation and more C-suite interaction. Due to this high level of interaction, “we’re more selective,” says Richardson.

The investments made by Wells Fargo’s innovation group are limited to the low- to mid-six figures, and its goals differ. Bipin Sahni, the group’s head of head of innovation R&D, says his performance is judged on finding and working with budding innovative companies, and bringing those solutions into the fold—not on a financial or strategic return. “The landscape for our customers is changing. They’re looking for better solutions and seamless experiences from a bank of our size, [so it’s] a perfect time to collaborate and partner with these startups,” says Sahni. Wells Fargo brings with it a sizeable customer base to work with, and the startups provide the innovative solutions.

To help identify these companies, Sahni says he has regular conversations with venture capital firms. It’s a collaborative discussion—he wants to know which companies venture capitalists are interested in, and he also shares his knowledge of promising startups.

A potential partner that Wells’ innovation group might invest in has to have a few key traits. First, Sahni says that he’s seeking a strong management team with a vision—he wants to know that the company can execute on the technology. He also wants to ensure that the startup understands Wells Fargo’s needs, as well as those of the consumer. “The whole premise for us to invest in these companies is … to use these products and services in our road map,” says Sahni. “That’s a big win for us and for them.”

He says he’s seeing some “cool stuff” coming out of the startup world, citing newer forms of customer authentication, including various forms of biometrics. Wells Fargo also sees promise in blockchain’s potential to create efficiencies, and has deep interest in data analytics and artificial intelligence. Two specific startups, Kensho and H2O.ai, another Wells Fargo investment based in Mountain View, California, offer developments in predictive analytics and better understanding of behaviors.

Sahni believes that the digital evolution is still in relatively early stages, and there’s still too much paper used in the industry. “From a trends perspective, paper to electronic—we have not completed the journey yet.” Advancements in wearable technology, like the Apple Watch, and smart home assistants like Amazon’s Alexa, continue to change consumer interactions, and their expectations for the seamless delivery of products and services. Truly smart technology should predict behaviors and do what consumers want automatically, without being asked, but the technology isn’t there yet, says Sahni. Wells Fargo’s continued investment in and monitoring of the startup space will help the company find these up-and-coming innovators.

A Path to Transparency for Alternative Investments

investments-3-7-18.pngCapital has been flowing into the alternative investment industry over the past few years, with some experts predicting that money invested in private funds will reach as much as $20 trillion by 2020. Preqin, which collects data on the alternative investment industry, recently published a study stating that there are as many as 17,000 private funds open for investment.

Strong returns and opportunities for diversification have attracted high net worth and institutional investors, who can invest in exponentially larger quantities than the average investor. Though these investors come with a greater ability to deploy capital, their size and influence translate into greater expectations and hurdles to meet in order to invest.

The word that best sums-up these growing expectations and hurdles is “transparency,” and this word has become a lightning rod when it comes to alternative investments like hedge, private equity and venture funds, along with special purpose vehicles and real estate.

As alternative assets have become a more common avenue for investment, transparency has grown in importance for investors. A 2017 study titled “Alts Transparency: Finding the Right Balance” by the Economist Intelligence Unit highlights this growth. Sixty-three percent of respondents listed “degree of transparency” as “very important” for alternative investments, which was ahead of all other considerations. Another statistic showed that the importance of transparency as a key issue for private fund managers has increased almost six-fold since the 2008 financial crisis.

Breaking this down further, the issue of transparency can be separated into two different types: (1) information about the fund, and (2) information about investors’ holdings within that fund. The first type deals with greater transparency of the overall performance of the fund, which includes the underlying assets in which that fund is invested and how risk is assessed and managed. The second type deals with greater transparency relating to investor-level performance. This includes metrics like investors’ allocation and return, and how fees are calculated.

There are a few reasons why the industry has struggled to deliver this type of information:

Complexity of Private Funds
There are key differences in reporting metrics between the various types of private funds. Performance metrics shown to an investor in a more liquid fund, such as a hedge fund, should be different than those reported for less liquid vehicles, such as private equity funds. Adding to the complexity, investments in alternatives can come in the form of limited partnerships, co-investments and direct holdings.

Outdated Technologies That Trap Data
Many of the widely used technologies for portfolio and investor-level accounting were created several years ago and because they lack Application Programming Interfaces, or APIs, they cannot integrate with each other or with other systems. This effectively traps the data contained within these systems, thereby restricting its usefulness and portability. This in turn has curtailed the ability to provide transparency to investors, as it restricts or prevents the necessary type of analysis, aggregation and modern presentation of data.

Lack of Leadership and Reporting Standardization
There is a lack of uniform reporting standards within the alternative investment industry. Although an increase in regulation along with the presence of organizations like the Institutional Limited Partners Assn. have helped advance standards in private equity, there is no current reporting standard across all types of private funds. Additionally, the party that should be responsible for delivering on transparency is unclear.

Despite these hurdles, the alternative investment industry must evolve and adapt. I would argue there are two key steps the industry must take to be able to deliver on investor demands for transparency and keep new capital flowing into private funds:

Move Towards True Digital Reporting
As it stands today, much of the industry reports performance information via static documents like PDFs, but this method traps data and inhibits interaction. By embracing new technology, the industry can move toward the type of dynamic, digital presentation of data that is experienced in brokerage and personal banking accounts. For example, cloud-based technology offerings can be integrated with accounting systems to liberate the data contained within for purposes of data mining, analysis and presentation.

Fund Administrators Must Take a Stronger Leadership Role
Fund administrators are best positioned to deliver on transparency needs given their role as independent third parties. They typically subscribe to the accounting systems that house this data and therefore have access to or create much of the analysis and reporting that is needed to deliver on transparency demands.

Helping their fund manager clients with transparency is good business for fund administrators, as it improves their overall quality of service to clients. All indications point to another banner year for alternative investments in 2018. However, investor demand for transparency will only continue to grow as alternative assets become more commonplace. The industry must modernize and adapt in order to stay ahead of the curve in the race for assets.

Should Banks Focus on Potential Acquirers, or Future Partners?

partnership-2-22-18.pngEvidence of how intertwined banking and technology have become could be seen at Bank Director’s 24th annual Acquire or Be Acquired Conference in Arizona, where nearly 20 percent of all sessions at the M&A event were devoted to technology. And while the results of audience response surveys showed that this shift is well-founded, they also uncovered lingering resistance to explore new capabilities and partnerships from the many bank C-Suite executives in attendance. Given the rapid decline in the number of U.S. banks and the fact that the build-to-sell model is still alive and well, perhaps a community bank’s time is better spent courting potential acquirers than potential fintech partners.

The audience at the Acquire or Be Acquired Conference is a powerful industry sampling, with over 650 bank CEOs, senior executives and directors from both private and publicly held financial institutions across the nation. Much can be gleaned from the inclinations of this crowd with regard to the broader banking industry in the U.S., so Bank Director takes several audience polls throughout the conference to harness that collective insight. Some interesting statistics emerged from this year’s conversations. The bankers polled indicated that:

  • The primary driver of bank M&A activity in 2018 will be limited growth opportunities (45.9 percent). Only 7.2 percent of the audience cited the rise in technology-driven competition as the primary force behind M&A.
  • Yet, when asked about what 2018 holds for online-only lenders, 29.9 percent said that banks will lose business to them and they may become even greater competitive threats.
  • In addition, bankers at the conference believe their officers and directors will spend the most time talking about new technologies in 2018 (33.3 percent). Talent issues are potentially the second biggest topic for discussion (31.8 percent), which makes sense given that banks are working hard to compete against technology companies for talent. (See Bank Director’s 2017 Compensation Survey to learn more.)
  • While fintech is acknowledged as a competitive threat, 57.6 percent of the audience disagreed with the premise that using fintechs to improve profits and attract customers is critical for their bank’s near-term success.
  • What’s more, 65 percent of those polled rate their key vendors (payments, digital, core, lending, risk/fraud, etc.) as merely adequate—but still plan to re-sign with them when the time comes.

Is this the portrait of an industry that’s resistant to change, more risk averse than driven to grow, or does a closer look reveal pragmatic reasons for avoiding the headlong rush to adopt new technology solutions?

On day one of Acquire or Be Acquired, Curtis Carpenter, principal and head of investment banking at Sheshunoff & Co. Investment Banking, shared some stark statistics about the shrinking banking industry. We currently see both a lack of de novo bank openings (just eight new banks since 2010) and rapid consolidation, which Carpenter said is creating larger community banks and a focus on exit planning. Another audience poll confirmed that over half (52.8 percent) of the audience still believe the build-to-sell business model is viable. In addition, a majority of the crowd (42.4 percent) believes that the banks with the best chance to thrive operate an acquisition-driven growth model. If bankers think their best bet is to build their bank into an attractive acquisition target and wait to be bought, it’s no wonder they’re in no rush to bear the time and expense of adopting new technologies focused on organic growth.

From the stage, Carpenter posed a startling if central question: “Is this the end of community banking?” With consolidation on the rise and de novos all but extinct, the answer seems to trend to yes. If that’s true, are fintechs better served by targeting the banks with active acquisition programs as potential partners instead of potential sellers?

As consolidation continues, banks and fintechs need to keep a weather eye on one another. Each side of the equation has valuable information and strategies to offer the other, and the fates of these two industries are inextricably linked. Whatever course the banking industry takes, Bank Director and FinXTech will be there to help explore the strategies and relationships that unfold.

Cybersecurity and Fintech: A Regulator’s Point of View

cybersecurity-2-15-18.pngAs if banks couldn’t be more nervous about the cybersecurity threats facing the industry, 2018 opens up with a new method of attack: jackpotting, in which criminals install malware to take control of ATMs to gain vast amounts of cash. It’s no wonder that Robin Wiessmann, the secretary of the Pennsylvania Department of Banking and Securities, says that cybersecurity is the top issue for her department, and that she was one of the first state regulators to create a task force to focus on the issue. In this interview, which has been edited for length and clarity, she shares her thoughts on this top risk, as well as her views on safe and sound partnerships between banks and fintech firms.

BD: As your state’s banking regulator, what are the top issues you’re looking at relative to the banking industry right now?
RW: I think the overarching goal of the department is to ensure that the industry is healthy, and viable, and competitive. Specifically, as relates to the top issues, I think the overall challenge for community banks and banks of all types is adaptation to the new banking models, and that’s driven by a number of things. One [are the changes] in technology and the way the delivery of services [is] provided, as well as banks choosing what services they want to provide to their particular marketplaces. That is a fundamental question or challenge for banks right now. Technology is changing the business models, but they also have to make a decision about how they’re actually going to utilize fintech. I don’t think it’s a question of whether or not they should or not. It’s hard to not do it.

And then the other overarching challenge is that of cybersecurity—making sure that there is confidence in our banking and our financial services sector.

So those are the three major elements: adaptation to the new banking models, changing the choice of services and the delivery of services—how they’re going to apply fintech—and how they’re going to deal with the necessity for cybersecurity.

BD: You wrote recently that cybersecurity is the word of the year for your agency. Why is this the issue for 2018 for the entities that the agency regulates?
RW: I think our role is to provide a focus on the most pressing matters of the day, as well as the long-term viability and the vitality of [the] commercial banking marketplace. And I don’t think there’s any other challenge greater at this point in time than cybersecurity. This is not obscure; it’s not theoretical any longer—it’s got real practical implications and if we can’t manage that—we know we can’t prevent it all but if we don’t manage it properly, we will not only lose the confidence of the marketplace, we can potentially lose the ability to function in our marketplace through hacking. The risk of security breaches grows exponentially every day, and it’s not only disruptive in terms of our personal information but also the very framework of our business and our economy. That’s why it’s at the top of the list.

BD: What are your expectations for bank boards around cybersecurity?
RW: I’ve been on boards previously…and I’ve seen the evolution to more focus on the audit committee which has historically been [the] bottom line of defense in terms of the reporting out of operations and actual operations. But [the audit committee has] now evolved into a broader risk management, and that’s for the business model—how economically viable it is—as well as the operations. So, I would expect that the boards today are dealing with the classification of risk management—either inside the audit committee or as a stand-alone committee, because risk management encompasses a lot.

The companies that do pay attention to this existential risk will do well, and those who don’t provide that particular focus leave themselves to be very vulnerable. We know the responsibilities [of] corporate board directors have increased and bank directors, of course, perhaps even more so. Any organization that does not recognize the threat really does risk the loss of their customer base, their partners, their vendors. So, it requires a particular focus, a separate monitoring if you will, by the board of directors.

BD: We’re seeing more partnerships between banks and fintech firms. As a regulator, what do you want to see occur to ensure that those are safe and sound relationships?
RW: What we have observed in terms of fintech companies is, they’re financial services [firms] that are driven by technology—that’s the way I think about it—but many of these fintech firms think of themselves as technology companies, so they may not be aware of how they actually are regulated in terms of whether or not they’re money transmitters, if that’s what they’re doing, or if they’re lenders, or they’re investing or any combination thereof. So fundamentally, we want to make sure that there’s knowledge and awareness of their responsibilities under the law. For the fintech firms.

Now obviously the partnerships between banks and fintech firms, they have to figure out where that balance lies. Are there requirements for separate registrations? If they’re partnering with a company—a lot of them are going to [ask], do we buy, do we build or do we partner? And each one of [those options] has a different implication, obviously. Building the technology internally is clearer from a regulatory standpoint, but it may take longer, and there may be things in the marketplace that suit their interests. I think we’re going to see a lot of buying of these technologies, because I think that’s part of the goal of some of these technologies, is to be acquired at a premium price.

But I do think there may be many, maybe most, situations where there’s real partnering, and the responsibility will ultimately rest with the bank to make sure their partners are complying with whatever laws they need to, because the partners may be doing business in 50 different states, and there are different laws and regulations applying to them.

So, it’s about due diligence, it’s about thinking through very carefully and figuring out literally where the buck stops. Because if you put the overlay of cybersecurity on top of these partnerships, then you really appreciate that if you’re partnering with someone, you want to be sure that your clients’ information is safe, so how do you create a firewall? How do you manage that information sharing while protecting the privacy of the data? And where are vulnerabilities, and under what circumstances, if there was something that happened to your partner—and we’ve seen this recently in a number of corporate situations as it relates to identifying information—if there’s something that happens to your partner, what do they have in place to handle it? Do they have policies and procedures in place, and what are their responsibilities to you as an entity, in terms of not just informing but managing the situation?

There’s great upside for business models, but there’s also great [exposure] for security and operational risk, and you just have to deal with that.

Capitalizing on Good Times

With a strong economy, a corporate tax cut and more sympathetic regulators in Washington, banks have a lot to look forward to in 2018. But don’t confuse brains with a bull market—or a tax cut, says Tom Brown of Second Curve Capital. Happy days may be here again, but banks can’t afford to be complacent. In this interview with Steve Williams, a principal at Cornerstone Advisors, Brown offers four tips for CEOs looking to invest their bank’s expected tax windfall back into the business.

  • The Need To Transform
  • How CEOs Should Focus Their Attention