Regulatory Issues to Watch In 2018

regulation-5-22-18.pngAs 2018 unfolds, all eyes in the financial services industry continue to look to Washington,D.C. In addition to monitoring legislative moves toward regulatory reform and leadership changes at federal regulatory agencies, bank executives also are looking for indications of expected areas of regulatory focus in the near term.

Regulatory Relief and Leadership Changes
Both the U.S. House of Representatives and the Senate began 2018 with a renewed focus on regulatory reform, which includes rollbacks of some of the more controversial provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act, the sweeping reform passed after the 2008 financial crisis. These legislative actions are ongoing, and the final outcomes remain uncertain. Moreover, even after a final bill is signed, regulatory agencies will need time to incorporate the results into their supervisory efforts and exam processes.

Meanwhile, the federal financial institution regulatory agencies are adjusting to recent leadership changes. The Federal Reserve (Fed), Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), and Consumer Financial Protection Bureau (CFPB) have new leaders in place or forthcoming, some of whom have been vocal supporters of a more “common sense” approach to financial regulation and who generally are supportive of regulatory relief. In the case of the CFPB, the ultimate direction of the agency could remain uncertain until a permanent director is appointed later in 2018.

Regulators’ Priorities in 2018
Notwithstanding the regulatory reform efforts, following are some areas likely to draw the most intense scrutiny from regulatory agencies during 2018 examination cycles:

Credit-related issues. While asset quality continues to be generally sound industrywide, concerns over deteriorating underwriting standards and credit concentrations continue to attract significant regulatory attention, accounting for the largest share of matters requiring attention (MRAs) and matters requiring board attention (MRBAs).

The federal banking regulators have encouraged banks in recent months to maintain sound credit standards within risk tolerances, understand the potential credit risks that might be exposed if the economy weakens, and generally strengthen their credit risk management systems by incorporating forward-looking risk indicators and establishing a sound governance framework. At the portfolio level, regulators are particularly alert to high concentrations in commercial real estate, commercial and industrial, agriculture, and auto loans, according to the FDIC.

Information technology and cybersecurity risk. The Federal Financial Institutions Examination Council (FFIEC) updated its Cybersecurity Assessment Tool in May 2017. Although its use is voluntary, federal and state banking regulators typically consider a bank’s use of the FFIEC tool or some other recognized assessment or framework as part of their assessment of an organization’s cybersecurity risk management, controls, and resilience.

On a broader scale, in February 2018, the Department of Justice announced a new cybersecurity task force. Although the task force is not directed specifically at the financial services industry, its first report, expected to be released this summer, could provide useful insight into the scope of the task force’s activities and potential guidance into what types of regulatory actions and controls to expect in the coming years.

Bank Secrecy Act and anti-money laundering (BSA/AML) compliance. The industry has seen a steady increase in enforcement actions—some of which have included severe sanctions— when regulators perceived banks had pared back resources in this area too severely. Compliance with Office of Foreign Assets Controls (OFAC) requirements and efforts to prevent terrorist financing are also continuing to draw regulatory scrutiny.

Consumer lending practices. Regulatory priorities in this area are likely to remain somewhat fluid given the leadership changes occurring at the CFPB, where a permanent director is to be appointed by September. Additionally, legislative efforts that could affect the structure and authority of the bureau also are underway.

Third-party and vendor risk management. It has been nearly five years since the OCC released OCC Bulletin 2013-29, which expanded the scope of banks’ third-party risk management responsibilities and established the expectation for a formal, enterprise-wide third-party risk management effort. Since then, regulatory agencies have issued several follow-up publications, such as OCC Bulletin 2017-7, which spells out supplemental exam procedures. Also in 2017, the FDIC’s Office of Inspector General issued a report with guidance regarding third-party contract terms, business continuity planning, and incident response provisions, and the Fed published an article, “The Importance of Third-Party Vendor Risk Management Programs,” which includes a useful overview of third-party risk issues.

Despite the industry’s hopes for regulatory relief in some areas, all financial services organizations should continue to focus on maintaining sound risk management policies and practices that reflect today’s environment of continuing change and growing competitive pressures.

Tips for Working With Fintech Companies

partnership-4-21-17.pngPartnerships with startup fintech companies can be fraught with difficulties. There are the cultural differences between bankers and tech entrepreneurs, the latter sometimes showing up for business meetings in sandals and jeans. Or there are the more practical problems of risk management with a startup that may not have been in business for more than a year or two.

Still, many banks are very much interested in doing business with fintech companies, in part because they fear innovation will lure customers away from the banking industry, or to more technologically savvy competitors. In a recent PwC survey of some 1,308 financial services executives, including banks, asset managers and insurance companies, 80 percent believe their profits are at risk from innovators, and 82 percent expect to increase their partnerships with fintech companies in the next three to five years.

Of course, banks have relied for a long time on financial technology companies in the form of core processors who provide everything from online banking to transaction services. But the sheer number of new financial technology firms has dwarfed the core processors and is quickly changing the landscape for financial services. Globally, some 6,500 fintech companies have received about $100 billion in funding in the last several years, according CB Insights, a research firm that tracks startup investments.

[Fintech companies] have the innovation, the great user experience and the efficiency the bank doesn’t have,” says Jo Ann Barefoot, a former deputy comptroller of the currency, who is now an advisor and CEO of Barefoot Innovation Group. She is a speaker at the FinXTech Annual Summit Wednesday in New York City, an event for bank executives, fintech companies and venture capitalists. “The banks are hard pressed to build it in-house unless it’s a really big bank, and even the big banks have trouble doing it.”

So what are some tips for banks interested in partnering with fintech companies?

Go Straight to the Investors
There are so many fintech companies out there, it’s hard to get a handle on what the best offerings may be for your bank. Manoj Govindan, a senior vice president in the Office of Innovation and Advanced Tech/Partnerships for Wells Fargo & Co., says the bank reduces the cycle time by building relationships with venture capital firms and angel investors who put their money into fintech companies. That helps the investors know what the bank is looking for and problems it needs to solve. It also helps the bank learn about solutions. Their conversations are “not about shiny objects,” he said. “It’s very focused on the three, or four or five things we know we need to solve for. It’s about educating the venture capitalists [and] that vastly reduces the feedback loop.”

Think Beyond Build or Buy
Govindan also urges banks to think beyond the notion that the bank can either build the technology solution or buy it. APIs, or application programming interfaces, are a great way for innovators to tap into the bank’s customer base and provide what customers need, he says. Wells Fargo and JPMorgan Chase & Co. recently inked a deal with Intuit to develop APIs so the bank’s customers can use Intuit’s products, including Mint and Quicken, in a way the bank can control and secure.

Accept Cultural Differences
One important first step to partnering with fintech companies is to recognize cultural differences. PayPal CEO Dan Schulman, for example, wears sandals or cowboy boots to business meetings. “Banks should recognize that there is a casual culture that is not slacker, or lax or disrespectful,’’ Barefoot says. You need to be open to how young some of these entrepreneurs are, and how great the technology can be, she adds.

Adjust the Vendor Risk Management Process
Traditional aspects of vendor risk management go by the wayside in dealing with fintech companies that haven’t been around for more than a year or two and may not have a source of funding beyond another few years. The $1 billion asset Radius Bank, based in Boston, does physical inspections of vendor sites, interviews the vendors in terms of compliance and risk management and sets up a wall, at least in the early part of the partnership, so that vendors don’t have access to customer data. The bank also has early conversations with regulators to make sure they are comfortable with the partnership and the risk management process, according to president and CEO Mike Butler in this video interview. Barefoot says banks must do serious vetting of fintech companies, especially on cybersecurity and anti-money laundering compliance. Some vendors sell customer data to third parties, so be clear about whether the fintech’s goals and policies match the bank’s. “Most of them are trying to do something good for the customer,” Barefoot says. “But you can’t take that for granted.”

A Bank CEO Manages the Risks of Doing Business with Fintechs

Not all banks are comfortable taking on the risks of partnerships with startup fintech companies. Mike Butler is the president and CEO of Radius Bank, a $1 billion asset, Boston-based bank with three offices, and a national customer base serviced through innovative online and mobile technology. He explains how he handles the risk of doing business with fintech companies.

The video includes information on:

  • Radius Bank’s Approach to Vendor Risk Management
  • Regulatory Concerns
  • The “Wall” That Protects Customer Data
This article first appeared in the Bank Director digital magazine.

Raising the Bar: Top Challenges Facing Bank Boards

Regulators are expecting more and more from bank management teams and boards. In this video, Lynn McKenzie, a partner at KPMG, offers solutions to help address the top challenges facing the industry.

  • Legal and Regulatory Compliance
  • Cybersecurity
  • Financial and Regulatory Reporting
  • Vendor Risk Management