Community Bank Compliance : 2022

Sunday, February 27, 2022

Rethinking the Business Model for Community Banking

Community banks and credit unions have been a key part of the American economy since its beginning. These are the lending institutions that make loans to small sole proprietors, first-time home buyers, and dreamers of all kinds. Over the years, the business model for these institutions hardly varied. A review of the loan portfolios of community banks across the country will include three similar components:

· CRE- Commercial real estate loans have been one of the mainstays of the community banking business. These loans provide a viable, recognizable, and reliable (usually) source of income. The return on investment for these loans has been the source of a large portion of the earnings for community banks for many years. The drawback for this type of lending is that it ties up a large portion of the capital of a bank and the return on investment takes a significant amount of time to develop. A loss from one of these loans has the potential to threaten the existence of a small financial institution

· CNI – Commercial and Industrial loans have been the beating heart for community banks for many years. Very much like CRE loans, the income from these loans is recognizable and except for a few notable exceptions, reliable. Not only do these loans have the same concerns as CRE, but the competition for these loans is also fierce and smaller institutions often find themselves left with the borrowers who present the highest level of risk.

· Consumer products - In the past 15 years, consumer loans have also proven to be a good source of earnings. Interest rates for consumer products have remained well above the prime rate and for a financial institution that is properly equipped, consumer products can provide a strong stream of income. Consumer products also tend to be for smaller amounts, have higher rates of losses and are heavily regulated.

This three-pronged approach to earning income has been a steady, tried and true method for earnings at small financial institutions. However, there are several factors that are coming together that have threatened this business model.

· Fintech – Financial technology (“Fintech”) companies are those companies that use software to deliver financial products. Today one of the most recognizable fintech companies is PayPal. Using just a smartphone, PayPal gives its users the ability to make payments, pay bills, deliver gift cards and conduct financial transactions with people throughout the country. For community banks, the knowledge of the existence of PayPal is interesting, but what is more critical is the reason that PayPal was developed. PayPal, and its fintech brethren exist to fill a specific need that Banks were not meeting.

· NBFI - Operation Chokepoint program was a program spearheaded by the Justice Department that was aimed directly at Non-Bank Financial Institutions, aka Money Service Businesses. At the time the program was started, a decision was made that money service businesses represented an unacceptable money laundering risk. Ultimately, Operation Chokepoint fell into disrepute and was ended. Although Operation Chokepoint has ended, its legacy is still prevalent. MSB’s still have significant problems getting bank accounts. Despite this fact, the amount of money moved through remittances continues to grow. NBFI’s MSB’s continue to serve this market a huge market of people who are unbanked and underbanked.

· Underbanked and Unbanked- The number of unbanked and underbanked families continues to grow. Unbanked families are those without a bank account and underbanked families are those that use minimal banking services. The number of people in these families totaled approximately 90 million in 2016[1]. Equally as important as the sheer size of the unbanked and underbanked population is the reason that many of these potential customers remain that way. High fees, poor customer service and bad public image have all been contributing factors for the large population of unbanked and underbanked customers.

Customer Bases in the future

The combination of these forces will greatly impact the future of the business model for community banks. Customers will continue to change their expectations for their financial institutions. The traditional balance has changed, instead of being forced to choose the products that financial institutions offer, customers have come to demand products from their companies.

The financial needs of customers have also changed. Electronic banking, online account opening, remote deposit capture and iPhone applications are now almost necessities. Younger customers, who make up a significant number of the unbanked and underbanked population rarely use traditional forms of community banking such as branch visits. Fast information, fast movement of money, low costs transactions and accessibility are most desirable to the potential clients of today’s financial institutions.

Implications for the Small Bank Business Model

Fintech companies, NBFI’s and the need for new and different services presented by the unbanked and underbanked population will all continue to put pressure on community bankers to begin to make a change. Change may be hard, but it is also inevitable and necessary. For community banks and credit unions now is a good time to consider NBFI’s as viable and important customers. They are a vehicle for consumers to meet their ongoing needs and they need bank accounts.

Fintech companies’ reason for existing is to fill the unmet needs of unbanked and underbanked. These companies have developed applications that allow everything form alternate means of credit scoring to international transfer of funds using applications. A community bank or credit union that creates a partnership with the right fintech company can offer products and services that will greatly distinguish them in the market and allow for continued growth and alternate means of income. 2018 is a great time to start thinking about a new business model.

Reimagining Compliance as a Potential Product or Service

For man institutions, the barrier to entering the Fintech, or NFBI market is a lack of the proper compliance resources. However, much like the shared services agreements that are being made with vendors in other areas, compliance resources can also be expanded with the right partnerships. For the institution that is properly positioned, the possibility exists that compliance resources and expertise can be packaged and outsourced.

In part three we will look at the use of compliance as an asset or resource.

James DeFrantz is the Principal of Virtual Compliance Management Services

For more Discussion and or Questions contact him at contactus@VCM4you.com

[1] In our most recent survey, published in October 2016, the FDIC reported that 7 percent of households were unbanked, lacking any account relationship at an insured institution. The survey also showed that an additional one-in-five (or 19.9 percent of) households were underbanked, defined as households in which a member had a bank account, but nevertheless turned to alternative financial services providers during the year to address one or more needs for transactional services such as check cashing or credit. Altogether, the survey reported that some 90 million Americans, or nearly 27 percent of households, are unbanked or underbanked.

Saturday, February 19, 2022

Re-Imagining Compliance- A Series

Part One – Compliance is here to Stay

Every culture has its own languages and code words. Benign words in one culture can be offensive in another. For example, there was a time when something that was “Phat” was really desirable and cool while there are very few people who would like to be called fat! Compliance is one of those words that, depending on the culture, may illicit varying degrees of response. In the culture of financial institutions, the word compliance has some negative associations. Compliance is often considered an unnecessary and crippling cost of doing business. Many of the rules and regulations that are part of the compliance world are confusing and elusive. For many institutions, has been the dark cloud over attempts to provide new and different services and products.

Despite the many negative connotations that surround compliance in the financial services industry, there are many forces coming together to alter the financial services landscape. These forces can greatly impact the overall view of compliance. In fact, it is increasingly possible to view expenditures in compliance as an investment rather than a simple expense. In this three-part blog, we ask that you reimagine your approach to compliance.

Why do we have Compliance Regulations?

Many a compliance professional can tell you about how difficult it is to keep everybody up to date on the many regulations that apply to financial institutions. However, if you ask why exactly do we even have an Equal Credit Opportunity Act or a Home Mortgage Disclosure Act (“HMDA”), it would be difficult to get a consensus. All of the compliance regulations share a very similar origin story. There was bad or onerous behavior on the part of financial institutions, followed by a public outcry, legislative action to address the bad behavior and then eventually regulations. The history of Regulation B provides a good example:

A Little History

The consumer credit market as we now know it grew up in the time period from World War II and the 1960’s. It was during this time that the market for mortgages grew and developed and became the accepted means for acquiring property, financing businesses, developing wealth and upward mobility. By the late 1960’s the consumer credit market was booming.

The Equal Credit Opportunity Act (“ECOA”) and regulation B are not nearly as old as you might think. In fact, the first attempt at regulating credit access was the Consumer Credit Protection Act of 1968. This legislation was passed to protect consumer credit rights that up to that point been largely ignored. The 1968 regulation was passed as the result of continuing growth in consumer credit and its effects on the economy. For example, in the year before the regulation was passed, consumers were paying fees and interest that equaled the government’s payments on the national debt! One of the goals of the Consumer Credit Protection Act was to protect consumer rights and to preserve the consumer credit industry.

The Civil Rights Movement was occurring at the same time as the passage of the CCPA and in 1968, the Fair Housing Act was passed by Congress. The FHA was designed to assist communities that that had been excluded from credit markets obtain access to credit. We will discuss the Fair Housing Act in more detail next month.

One of the things that the CCPA did was to empanel a commission of Congress called the National Commission on Consumer Finance. This commission was directed to hold hearings about the structure and operation of the consumer credit industry.

Unintended Consequences

While performing the duties they were assigned, the members of the National Commission on Consumer Finance conducted several hearings about the credit approval process for consumer loans. The stories and anecdotes from these hearings raised a tremendous public outcry about the behavior of banks and financial institutions that were in the business of granting credit. One of the common themes of the testimonies given was that women and minorities were being left behind when it came to the growth of the consumer credit market. Public pressure forced additional hearings on the consumer credit market, and the evidence showed that women in particular and minorities in general were being given unfair and unequal treatment by banks.

What was Going On?

So, what were banks doing that was a cause of concern? There were several practices that had become normal and regular for banks when the applicant for consumer credit was a woman or a member of a racial minority group.

Women had more difficulty than men in obtaining or maintaining credit, more frequently were asked embarrassing questions when applying for credit, and more frequently were required to have cosigners or extra collateral. When a divorced or single woman applied for credit, she was immediately asked questions about her life choices, sexual habits, and various other personal information that was both irrelevant to the credit decision and not asked of men.

Racial minorities had difficulty even obtaining credit applications let alone credit approvals. In cases, where members of minority groups attempted to get a loan applicant, there were either told that the bank was not making consumer loans, or that the area that the person lived was outside of the lending area of the bank.

For applicants that receive public assistance, child support of alimony, banks would not consider these as sources of income under the theory that they were temporary and might disappear.

Despite being subjected to embarrassing or incorrect information, in the cases where women and minorities persisted and completed a credit application, banks would drag out the process for interminable time periods and would engage in strong efforts to discourage the applicant from going forward.

In many cases, when a person lived in a neighborhood that was predominately comprised of minorities, the borrower was told that the collateral did not have enough value without further explanation.

The ECOA

Though these stories created a great deal of interest, the CCPA was not amended until 1974 when the first Equal Credit Opportunity Act was passed. This Act prevented discrimination in credit based on sex and marital status.

What was the ECOA Designed to Do?

The development of the consumer credit market brought with it a series of bad behaviors that directly and negatively impacted the ability of women and minorities to obtain credit. These behaviors included asking women to check with their husbands before getting a loan, denying a single woman credit, discouraging minorities from applying for credit and outright refusal to grant credit.

The law and regulation are designed to open credit to all who are worthy by limiting practices that unfairly exclude groups of people and by making sure that applicants are fairly informed of the reasons for a denial.

The regulations exist because there was bad behavior that was not being addressed by the industry alone. Many of the compliance regulations share the same origin story.

Compliance is not all Bad

Sometimes, we are caught up on focusing on the negative to the point that it is hard to see the overall impact of bank regulations. One of the positive effects of compliance regulations is they go a long way toward “leveling the playing field” among banks. RESPA (the Real Estate Settlement Procedures Act) provides a good example. The focus of this regulation is to get financial institutions to disclose the costs of getting a mortgage in the same format throughout the country. The real costs associated with a mortgage and any deals a bank has with third parties, the amount that is being charged for insurance taxes and professional reports that are being obtained all have to be listed in the same way for all potential lenders. In this manner, the borrower is supposed to be able to line up the offers and compare costs. This is ultimately good news for community banks. The public gets a chance to see what exactly your lending program is and how it compares to your competitors. The overall effect of this legislation is to make it harder for unscrupulous lending outfits to make outrageous claims about the costs of their mortgages. This begins to level the playing field for all banks. The public report requirements for the Community Reinvestment Act and the Home Mortgage Disclosure Act can result in positive information about your bank. A strong record of lending within the assessment area and focusing on reinvigoration of neighborhoods is a certainly a positive for the bank’s reputation. The overall effects of the regulations and should be viewed as a positive.

Protections not just for Customers

In some cases, consumer regulations provide protection not just for consumers but also for banks. The most recent qualifying mortgage and ability to repay rules present a good case. These rules are designed to require additional disclosures for borrowers that have loans with high interest rates. In addition to the disclosure requirements, the regulations establish a safe harbor for banks that make loans within the “qualifying mortgage” limits. This part of the regulation provides strong protection for banks. The ability to repay rules establish that when a bank makes a loan below the established loan to value and debt to income levels, then the bank will enjoy the presumption that the loan was made in good faith. This presumption is very valuable in that It can greatly reduce the litigation costs associated with mortgage loans. Moreover, if a bank makes only “qualifying mortgages’ the level of regulatory scrutiny will likely be lower than in the instance of banks that make high priced loans.

Compliance regulations will no doubt be a part of doing business in the financial industry for the foreseeable future. However, all is not Considering a strategy that embraces the regulatory structure as an overall positive will allow management to start to re-imagine compliance and consider greater investment. In our next blog, we will discuss the forces that are converging to make the return on investment in compliance strong.

James DeFrantz is the Principal of Virtual Compliance Management Services

For more Discussion and or Questions contact him at contactus@VCM4you.com

Sunday, February 6, 2022

Banking as a Service

Implications for Community Banks

Vendor Management is Critical

We discussed the ways that Fintech companies are on a mission to “disrupt” financial services. In this case, the disruption doesn’t necessarily have to be a negative connotation. In fact, in many cases, the disruption that fintech are causing are geared towards improving product delivery. At the end of the day, FinTechs are working to create efficiencies and deliver products with greater speed and flexibility, and this is ultimately a good thing for financial institutions.

In addition to the disruptive nature of FinTechs, we also noted that these companies are aiming right at the large pool of unbanked and underbanked families. These are the households that not only represent potential customers for the current banking model, but they also represent financial institutions customer of the future. There is a growing reliance on smart phones to conduct banking transactions. In addition, customer expectation credit products continue to evolve. Several platforms allow customers to apply for loans entirely online and with minimal human contact. Even the idea of who is and is not a credit-worthy customer have changed. Concepts such as collateral have changed; intellectual property can be a replacement for real estate in some cases. As the needs and expectations of financial institution customers change, the manner which financial products are delivered must also change. FinTechs are leading the change in these areas.

Despite their numerous advantages that FinTechs may have, there are inefficiencies in the regulatory scheme that have severely limited the growth and influence of these companies. FinTechs are defined by the regulations as Money Service Business (“MSB’s”) and as such, they are required to get licenses in each of the states in which they transact business. The process for obtaining these licenses can be tedious, time consuming and expensive. A company may have to re-packing its information repeatedly to satisfy the application information requests for each state. Of course, depending on the structure of the state agency and the resources available for processing applications, the process can take a long time to complete.

Many banks today rely on outsourced functions ranging from core operating systems to monthly billing programs. The reliance on third parties to provide core functions at banks is no longer viewed as a less than desirable situation, it is normal. However, over time the types of relationships that banks began to form with outside vendors became more complicated and in some cases exotic. Some banks used third parties to offer loan products and services that would otherwise not be offered. In many cases, the administration of the contractual relationship was minimal; especially when the relationship was profitable.

The level and type of risk that these agreements created came under great scrutiny during the financial crisis of 2009. Among the relationships that are most often scrutinized for areas of risk are:

· Third-party product providers such as mortgage brokers, auto dealers, and credit card providers;

· Loan servicing providers such as providers of flood insurance monitoring, debt collection, and loss mitigation/foreclosure activities;

· Disclosure preparers, such as disclosure preparation software and third-party documentation preparers;

· Technology providers such as software vendors and website developers; and

· Providers of outsourced bank compliance functions such as companies that provide compliance audits, fair lending reviews, and compliance monitoring activities.[1]

The FDIC, the OCC and the FRB have all issued guidance on the proper way to administer vendor management. While the published guidance from each of these regulators its own idiosyncrasies, there are clear basic themes that appear in each.

All of the guidance has similar statements that address the types of risk involved with third party relationships and all discuss steps for mitigating risks. We will discuss the methods for reducing risk further in part two of this series.

Types of Risk Associated with Third-Party Relationships.

Regardless of the size of your bank, or the overall complexity of the operation, the risks that follow will exist at some level with any third-party relationship.

Operational Risk

Operational risk is present in all products, services, functions, delivery channels, and processes. Third-party relationships may increase a bank’s exposure to operational risk because the bank may not have direct control of the activity performed by the third party.

Operational risk can increase significantly when third-party relationships result in concentrations. Concentrations may arise when a bank relies on a single third party for multiple activities, particularly when several of the activities are critical to bank operations. Additionally, geographic concentrations can arise when a bank’s own operations and that of its third parties and subcontractors are located in the same region or are dependent on the same critical power and telecommunications infrastructures.

Compliance Risk

Compliance risk exists when products, services, or systems associated with third-party relationships are not properly reviewed for compliance or when the third party’s operations are not consistent with laws, regulations, ethical standards, or the bank’s policies and procedures. Such risks also arise when a third party implements or manages a product or service in a manner that is unfair, deceptive, or abusive to the recipient of the product or service. Compliance risk may arise when a bank licenses or uses technology from a third party that violates a third party’s intellectual property rights. Compliance risk may also arise when the third party does not adequately monitor and report transactions for suspicious activities to the bank under the BSA or OFAC. The potential for serious or frequent violations or noncompliance exists when a bank’s oversight program does not include appropriate audit and control features, particularly when the third party is implementing new bank activities or expanding existing ones, when activities are further subcontracted, when activities are conducted in foreign countries, or when customer and employee data is transmitted to foreign countries.

Compliance risk increases when conflicts of interest between a bank and a third party are not appropriately managed, when transactions are not adequately monitored for compliance with all necessary laws and regulations, and when a bank or its third parties have not implemented appropriate controls to protect consumer privacy and customer and bank records. Compliance failures by the third party could result in litigation or loss of business to the bank and damage to the bank’s reputation.

Reputation Risk

Third-party relationships that do not meet the expectations of the bank’s customers expose the bank to reputation risk. Poor service, frequent or prolonged service disruptions, significant or repetitive security lapses, inappropriate sales recommendations, and violations of consumer law and other law can result in litigation, loss of business to the bank, or negative perceptions in the marketplace. Publicity about adverse events surrounding the third parties also may increase the bank’s reputation risk. In addition, many of the products and services involved in franchising arrangements expose banks to higher reputation risks. Franchising the bank’s attributes often includes direct or subtle reference to the bank’s name. Thus, the bank is permitting its attributes to be used in connection with the products and services of a third party. In some cases, however, it is not until something goes wrong with the third party’s products, services, or client relationships, that it becomes apparent to the third party’s clients that the bank is involved or plays a role in the transactions. When a bank is offering products and services actually originated by third parties as its own, the bank can be exposed to substantial financial loss and damage to its reputation if it fails to maintain adequate quality control over those products, services, and adequate oversight over the third party’s activities.

Strategic Risk

A bank is exposed to strategic risk if it uses third parties to conduct banking functions or offer products and services that are not compatible with the bank’s strategic goals, cannot be effectively monitored and managed by the bank, or do not provide an adequate return on investment. Strategic risk exists in a bank that uses third parties in an effort to remain competitive, increase earnings, or control expense without fully performing due diligence reviews or implementing the appropriate risk management infrastructure to oversee the activity. Strategic risk also arises if management does not possess adequate expertise and experience to oversee properly the third-party relationship.

Conversely, strategic risk can arise if a bank does not use third parties when it is prudent to do so. For example, a bank may introduce strategic risk when it does not leverage third parties that possess greater expertise than the bank does internally, when the third party can more cost effectively supplement internal expertise, or when the third party is more efficient at providing a service with better risk management than the bank can provide internally.

Credit Risk

Credit risk may arise when management has exercised ineffective due diligence and oversight of third parties that market or originate certain types of loans on the bank’s behalf, resulting in low-quality receivables and loans. Ineffective oversight of third parties can also result in poor account management, customer service, or collection activities. Likewise, where third parties solicit and refer customers, conduct underwriting analysis, or set up product programs on behalf of the bank, substantial credit risk may be transferred to the bank if the third party is unwilling or unable to fulfill its obligations

Managing Risk

One of the most important points that all of the regulators are driving home is that they intend to hold financial institutions responsible for the action for the third party service providers. For example, if an automobile dealer with whom a bank has a relationship engages in lending activities that have fair lending concerns, the bank under whose name they are providing the service will also be found to have fair lending concerns.

This is not to say that there is a general distaste for outsourcing of third party arrangements. It is to say that when the arrangement is made, there should be a risk management system in place ahead of the formation of the relationship. The program should include at a minimum the following:

· A Risk Assessment;

· Due Diligence in Selecting a Third Party;

· Contract Structuring and Review;

· Oversight;

[1] See Vendor Risk Management — Compliance Considerations

By Cathryn Judd, Examiner, and Mark Jennings, Former Examiner, Federal Reserve Bank of San Francisco

[2] FDIC Compliance Manual

[3] OCC BULLETIN 2013-29 Managing Third Party Relationships

Sunday, January 30, 2022

Banking as a Service

Implications for Community Banks

Part Three Choose Your Partner Wisely

For a community bank that is considering developing banking as s service, there are several issues to consider. While the overall public impression of banks and financial institutions took a major hit during the 2008 financial crisis, in large part, the damage was being slowly repaired. However, it is obvious that the relationship between financial institutions and the public has changed forever. Even before the coronavirus hit the economy, a broad wave of consumer distrust buffeted the banking industry's reputation. Let's face it, the current times are not exactly the best for the image of banks. In addition to the mortgage crisis, there have been several highly publicized scandals involving some of the larger and best-known banks.

As pointed out in Bankshot^{^[1]} banking journal- “What’s at stake? Customers have more choice than ever when it comes to where they do their banking, including from an increasing array of fintech competitors with arguably less cultural and emotional baggage than the traditional banking industry. Now, more than ever before, there are real alternatives to banking.

The need for nontraditional banking services is one of the main drivers of the financial technical “fintech” industry. Many bankers seem to understand that fintech companies present the possibilities for significant change in the industry. According to a survey conducted by PWC:

FinTech is a driver of disruption in the market. Financial Institutions are increasingly likely to lose revenue to innovators, with 88% believing this already is occurring. The perceived business at risk trend has continued to rise, to 24% on average this year among all sectors.
Incumbents are becoming more aware of the disruptive nature of FinTech, shown well by the fact that, in 2017, 82% of North American participants believe that business is at risk, up from 69% in 2016. Insights from PwC’s DeNovo also indicate that 30% of consumers plan to increase usage of non-traditional Financial Services providers and only 39% plan to continue to use only traditional Financial Services provider. In addition, asset backed lenders have largely increased their share of lending (the lending club and other peer-to- peer business).

Fintech companies have been in the business of designing products that address some of the concerns raised by the unbanked or underbanked. For example, speed of delivery, consideration of alternative means for credit underwriting and ease of delivery.

Despite the idea that fintech equals disruption, it doesn’t have to be a negative thing. Disruption often results in improvement in efficient and better service. In fact, there are several places where fintech companies and financial institutions, especially community banks have converging interests.

Community banks and credit unions have overall higher levels of trust and a better public image than their larger brethren. Because community banks are smaller, they are nimbler and making changes to products lines can happen quickly and in response to customer needs. The independent bankers association published the “Fintech strategy Roadmap in 2017” as a guide for the many opportunities that fintech companies can present. A summary of these opportunities includes;

Increased Operational Efficiency and Scale
Increased Access to Customers with a Younger Age Demographic
Increased Access to Loan Customers in New Markets
Enhanced Brand Reputation
Enhanced Customer Experience

Disruption is simply that- it doesn’t necessarily have to be a bad thing. In fact, disruption can result in greater efficiencies and more effective. Some good news, these companies have done all of the research and development work with venture capital funds! They have worked out a lot of the bugs that are usually part of delivery of a new product. Some more good news, these companies are burdened by a regulatory scheme that really limits them. That is that they are considered MSB’s and must get state licenses to operate in each state. Because of this, many FinTechs are looking for a partnership with a bank- in this way they get around the need for licenses.

Successful collaboration means having a risk assessment, strategic plan and most importantly, strong vendor management. The FDIC, the OCC and the FRB have all issued guidance on the proper way to administer vendor management. While the published guidance from each of these regulators its own idiosyncrasies, there are clear basic themes that appear in each. All of the guidance has similar statements that address the types of risk involved with third party relationships and all discuss steps for mitigating risks.

One of the considerations that are necessary is about what level of due diligence is required for a third-party contract. The level of due diligence is heavily impacted by determination of whether the activity being considered is a critical activity. The OCC guidance defines a critical activity as:

• Critical activities—significant bank functions (e.g., payments, clearing, settlements, custody) or significant shared services (e.g., information technology), or other activities that could cause a bank to face significant risk if the third party fails to meet expectations;

• Could have significant customer impacts require significant investment in resources to implement the third-party relationship and manage the risk;

• Could have a major impact on bank operations if the bank has to find an alternate third party or if the outsourced activity has to be brought in-house.^{^[2]}

The steps that are necessary for the proper engagement of a third party for a critical activity are discussed in each of the regulatory guidance documents that have been released. The OCC bulletin provides the most comprehensive list that includes:

• Relationship Plan: Management should develop a full plan for the type of relationship it seeks to engage. The plan should consider the overall potential risks, the manner in which the results will be monitored and a backup plan in case the vendor fails in its duties.

• Due Diligence: The bank should conduct a comprehensive search on the background of the vendor, obtain references, information on its principals, financial condition and technical capabilities. It is during this process that a financial institution can ask a vendor for copies of the results of independent audits of the vendor. There has recently been a great deal of attention given to the due diligence process for vendors. Several commenters and several banks have interpreted the guidance to require that bank research a vendor and all of its subcontractors in all cases. We do not believe that this is the intention of the guidance. It is not at all unusual for a third-party provider to use subcontractors. We believe that a financial institution should get a full understanding of how the subcontracting process works and consider that as part of the due diligence, however, it impractical to expect a bank to research the backgrounds of all potential subcontractors before engaging a provider.

• Risk Assessment: Management should prepare a risk assessment based upon the specific information gathered for each potential vendor. The risk assessment should compare the characteristics of the firms in a uniform manner that allows the Board to fully understand the risk associated with each vendor. ^{^[3]}

• Contract Negotiation: The contract should include all of the details of the work to be performed and the expectations of management. The contract should also include a system of reports that will allow the bank to monitor performance with the specifics of the contract. Expectations such as compliance with applicable regulations must be spelled out.

• Ongoing Monitoring: Banks must develop a program for ongoing monitoring of the performance of the vendor. We recommend that the monitoring program should include not only information provided by the vendor, but also internal monitoring including

• Customer complaints: Customer complaints are a direct indication of issues or problems within a program or product offering. A system that tracks complaints and their resolution is a critical component of evaluating the overall effectiveness of a program.

• Oversight and Evaluation: There should be a fixed period for evaluating the overall success and efficacy of the vendor relationship. The Board should, on a regular basis evaluate whether the relationship with the vendor is on balance a relationship with keeping.

[1] https://www.americanbanker.com/bankshot

[2] OCC BULLETIN 2013-29

[3] Ibid.

Sunday, January 23, 2022

Banking as a Service- Implications for Community Banks

Part Two- Technology is the Key

In the first blog in this series, we discussed the overall concept of Banking as a Service (“BaaS”). A recent Cornerstone Advisors survey of bank executives found that one in 10 banks is in the process of developing a BaaS strategy and another 20% are considering pursuing a BaaS strategy. This is only likely the beginning! There are a couple of major factors that are driving the need for BaaS.

First, as we noted in the first blog- cellphones are ubiquitous and as a result mobile banking applications are growing. In addition to that, the number of unbanked and underbanked households presents an opportunity. There is a huge pool of potential customers for financial institutions. This pool represents a large source of potential income that is untapped. The pool we are referring to is the large number of unbanked and underbanked households in the United States.

Who are the Unbanked and Underbanked?

The unbanked have no ties to an insured economic institution. Essentially, they have no checking or savings account and no debit or ATM card. Meanwhile, the underbanked do use some of these services – often a checking account – but they also used alternative financial options within the past year. This population has been estimated to be as many as 30 million people. Around 20 percent of Americans are underbanked, according to the FDIC, which means they have either a checking or savings account, though rarely both. Households are also usually given the underbanked distinction if they've used alternative financing options during the previous year, such as money orders or rent-to-own services. Around 67 million Americans are underbanked, or the equivalent of 24.5 million households, based on 2019 figures from the most up to date FDIC survey.[1]

Just as important as the number of people who are unbanked and underbanked are the reasons that they have limited contact with banks. The most recent FDIC study on the unbanked and underbanked was published in 2019. In the study, the main reasons for not having bank accounts included:

· Do not have enough money to keep in an account”.

· Don’t trust banks”

· Bank account fees are too high

· Bank account fees are unpredictable”

· Higher proportions of unbanked households that were not at all likely or not very likely to open a bank account in the next 12 months cited “Don’t trust banks” (36.2 and 31.5 percent, respectively) in 2019, compared with unbanked households that were somewhat likely or very likely to open a bank account in the next 12 months (24.7 and 21.0 percent, respectively).[2]

When we put this all together there is a huge market opportunity for banking as a service. This is where the FinTechs and banking comes together. And the way they do so is through technology; including API’s and BaaS infrastructure that allows for widespread adaptation of the products and services that are being designed and offered.

API’s

These are software programs called application programming interfaces. This is a fancy word for patches that allow different forms of data to recognize each other. In the real world an API is like the adapter that you put on a three-pronged plug to make it fit into two pronged outlets.

Financial API’s are specifically designed to allow financial data to be shared between entities that naturally would want to share data- for example, your bank account and Turbo Tax.

There are three types of API’s

· Internal – these generally don’t touch activity that is consumer facing. They are designed to help the flow of internal information with an organization

· Partner – these are API’s that connect to distinct businesses-organizations. These are the API’s that are most often used by banks that want to offer specific products and services

· Open- These are the applications that allow financial data to third party service providers. These are the applications that allow a person to be offered direct pay for bills and subscriptions

The development of API’s has made it possible for banks to apply technology that was unavailable in the past.

Infrastructure

These software platforms allow banks to take full advantage of API’s and to offer new and innovative products and services. Reasons why infrastructure is necessary include

· Costs of development

· Resources and organizations that are not designed for software development

· Technology that isn’t compatible

BaaS infrastructure providers have begun to ramp up their services – these will be needed partners as the industry develops. We will discuss the aspects of vendor management in a later blog.

[1] FDIC National Survey of Unbanked and underbanked Households

[2] Unbanked versus underbanked: Who they are and how they differ. Dec, 23, 2017 Waly Wojciechowski

Monday, January 17, 2022

Banking as a Service- What it means for Community Banking

Introduction

One of the hottest topics in the financial service industry todays is the development of the are called “Banking as a Service” (“BaaS”). Put in it most simple terms, BaaS is the combining of a financial services platform with digital access to a banking account. Banking as a Service platforms allow non-bank financial institutions to offer all kinds of financial products. You may have seen some of the products if you recently purchased an airline ticket, or large appliance. When you proceed to check out, you get a notice that you can (on approval), finance the purchase and pay installments rather than paying the whole price right away.

There are several firms that are no providing point of sale financing that allow for short term installment loans to pay for larger purchases. This is a form of BaaS.

For community banks, the growth of BaaS can present both an opportunity and a potential challenge. As an opportunity, BaaS presents the ability to reach out to a much larger number of customers who have been unbanked and underbanked and offer services and products at a reasonable cost.

FinTechs as the Basis for BaaS

We hear a lot about fintech companies financial technology, also known as FinTech, is a line of business based on using software to provide financial services. Financial technology companies are generally, startups founded with the purpose of disrupting incumbent financial systems and corporations that rely less on software.

The overall goal of Fintech companies include:

· Efficient and speedy delivery of funds

· Development of alternate means of solutions for ongoing problems

· Especially in the financial industry there are a lot of naysayers, but the fact of the matter is that there are structural reasons for the potential success of FinTechs. Underbanked and unbanked people represents a huge potential market. The FDIC produces a great deal of information about the unbanked and underbanked every two years. The study is called 2019 FDIC National Survey of Unbanked and Underbanked Households. As of 2019, the combined number of unbanked and underbanked was almost 30 million people.

Fintech companies are pointed directly at the needs of the underbanked and unbanked

· When thinking of a fintech, it is important to note that what they are trying to do is to get money to people is a manner that is both fast and cheap

· FinTechs are also working on ways to meet the needs of a large group of people who are outside of the banking industry

· Fintech companies understand that while not everyone has a banking account, mostly everyone has a cell phone or a similar electronic device

Using this technology, fintech companies are reducing the need for bank accounts. FinTech companies are really going after this population of people who for the most part are potential bank customers by providing solutions to problems that people have with banks. One of the things that Fintech companies have focused on are the many uses of the smartphone. For example, smartphones can be used for stored value. That is, just like a reloadable debit card, the smartphone can be used to reload value repeatedly. Fintech companies such as Zoom, Square and Amazon is making it possible to transfer funds and store funds. Other Fintech companies are changing the way that credit is underwritten. Fintech also has increased a small institutions ability to offer different products and services. As traditional means for profit become scarcer, Fintech opens the possibilities for additional income streams.

The 30 million people in the underbanked and unbanked populations are your potential customers! The statistics show that this group is getting younger and more internet savvy. The more that the customers use their smartphones, the less likely they are to rely on banks

Some examples of the many uses of a smartphone in the fintech industry includes the following:

· Stored Value - A stored-value the card is a payments card with a monetary value stored on the card itself, not in an external account maintained by a financial institution. Stored-value cards differ from debit cards, where the money is on deposit with the issuer, and credit cards which are subject to credit limits set by the issuer.

· APIs - An open API is a publicly available application programming interface that provides developers with programmatic access to a proprietary software application or web service. APIs are sets of requirements that govern how one application can communicate and interact with another.

· Nationwide Reach- Using data analytics, fintech companies can have access to customer behavior data and assist with marketing opportunities

For many of the unbanked, fintech companies represent a much-welcomed alternative to the use of high-cost check cashers. In addition, there are companies that are taking on Payday lenders who up to this point have not had a great deal of competition. One of the other things that these companies do is give financial institutions the ability to offer products and services

Information is power and even for a small institution, if you are unaware of what your customers want and are going to want in the future, it is a problem. The regulatory agencies that cover financial institutions have recognized this synergy and have issued guidance and taken steps that are designed to ease the process for relationships between financial institutions and Regtech companies. These included:

· Regulators are encouraging institutions to pool resources when it is feasible

· Joint Statement on Banks and Credit Unions Sharing Resources to Improve Efficiency and Effectiveness of Bank Secrecy Act Compliance was issued in October of 2018

· One of the main points of the statement is that there are ways that financial institutions can leverage what other banks or firms are doing

· Fintech companies have the ability to help in a number of ways. Some of these companies have developed programs that are help with analytics and security

· The Office of the Comptroller of the Currency has initiated the Fintech charter program that was designed to allow Fintech companies to have special banking powers. This charter has been called into question by a decision of a federal court that is now undergoing appeal.

Regardless of the outcome from the appeal of the Fintech charter, the regulatory agencies have noted that fintech and banking are a natural combination that will continue to grow and in scope and activity.