Banking as a Service-Implications for Community Banks -Vendor Management is Critical

Posted onJust now by James DeFrantz

We discussed the ways that Fintech companies are on a mission to “disrupt” financial services.   In this case, the disruption doesn’t necessarily have to be a negative connotation.  In fact, in many cases, the disruption that fintech are causing are geared towards improving product delivery.  At the end of the day, FinTechs are working to create efficiencies and deliver products with greater speed and flexibility, and this is ultimately a good thing for financial institutions. 

In addition to the disruptive nature of FinTechs, we also noted that these companies are aiming right at the large pool of unbanked and underbanked families. These are the households that not only represent potential customers for the current banking model, but they also represent financial institutions customer of the future.   There is a growing reliance on smart phones to conduct banking transactions.  In addition, customer expectation credit products continue to evolve.  Several platforms allow customers to apply for loans entirely online and with minimal human contact.   Even the idea of who is and is not a credit-worthy customer have changed.  Concepts such as collateral have changed; intellectual property can be a replacement for real estate in some cases.  As the needs and expectations of financial institution customers change, the manner which financial products are delivered must also change.  FinTechs are leading the change in these areas.

Despite their numerous advantages that FinTechs may have, there are inefficiencies in the regulatory scheme that have severely limited the growth and influence of these companies.   FinTechs are defined by the regulations as Money Service Business (“MSB’s”) and as such, they are required to get licenses in each of the states in which they transact business.  The process for obtaining these licenses can be tedious, time consuming and expensive.   A company may have to re-packing its information repeatedly to satisfy the application information requests for each state.  Of course, depending on the structure of the state agency and the resources available for processing applications, the process can take a long time to complete. 

Many banks today rely on outsourced functions ranging from core operating systems to monthly billing programs.  The reliance on third parties to provide core functions at banks is no longer viewed as a less  than desirable situation, it is normal.  However, over time the types of relationships that banks began to form with outside vendors became more complicated and in some cases exotic.  Some banks used third parties to offer loan products and services that would otherwise not be offered.  In many cases, the administration of the contractual relationship was minimal; especially when the relationship was profitable.

The level and type of risk that these agreements created came under great scrutiny during the financial crisis of 2009.  Among the relationships that are most often scrutinized for areas of risk are:  

• Third-party product providers such as mortgage brokers, auto dealers, and credit card providers;
• Loan servicing providers such as providers of flood insurance monitoring, debt collection, and loss mitigation/foreclosure activities;
• Disclosure preparers, such as disclosure preparation software and third-party documentation preparers;
• Technology providers such as software vendors and website developers; and
• Providers of outsourced bank compliance functions such as companies that provide compliance audits, fair lending reviews, and compliance monitoring activities.[1]

 The FDIC, the OCC and the FRB have all issued guidance on the proper way to administer vendor management.   While the published guidance from each of these regulators its own idiosyncrasies, there are clear basic themes that appear in each. 

All of the guidance has similar statements that address the types of risk involved with third party relationships and all discuss steps for mitigating risks.  We will discuss the methods for reducing risk further in part two of this series. 

Types of Risk Associated with Third-Party Relationships.

Regardless of the size of your bank, or the overall complexity of the operation, the risks that follow will exist at some level with any third-party relationship.  

Operational Risk

Operational risk is present in all products, services, functions, delivery channels, and processes.  Third-party relationships may increase a bank’s exposure to operational risk because the bank may not have direct control of the activity performed by the third party.

Operational risk can increase significantly when third-party relationships result in concentrations. Concentrations may arise when a bank relies on a single third party for multiple activities, particularly when several of the activities are critical to bank operations. Additionally, geographic concentrations can arise when a bank’s own operations and that of its third parties and subcontractors are located in the same region or are dependent on the same critical power and telecommunications infrastructures.

Compliance Risk

Compliance risk exists when products, services, or systems associated with third-party relationships are not properly reviewed for compliance or when the third party’s operations are not consistent with laws, regulations, ethical standards, or the bank’s policies and procedures. Such risks also arise when a third party implements or manages a product or service in a manner that is unfair, deceptive, or abusive to the recipient of the product or service. Compliance risk may arise when a bank licenses or uses technology from a third party that violates a third party’s intellectual property rights. Compliance risk may also arise when the third party does not adequately monitor and report transactions for suspicious activities to the bank under the BSA or OFAC. The potential for serious or frequent violations or noncompliance exists when a bank’s oversight program does not include appropriate audit and control features, particularly when the third party is implementing new bank activities or expanding existing ones, when activities are further subcontracted, when activities are conducted in foreign countries, or when customer and employee data is transmitted to foreign countries.

Compliance risk increases when conflicts of interest between a bank and a third party are not appropriately managed, when transactions are not adequately monitored for compliance with all necessary laws and regulations, and when a bank or its third parties have not implemented appropriate controls to protect consumer privacy and customer and bank records. Compliance failures by the third party could result in litigation or loss of business to the bank and damage to the bank’s reputation.

Reputation Risk

Third-party relationships that do not meet the expectations of the bank’s customers expose the bank to reputation risk. Poor service, frequent or prolonged service disruptions, significant or repetitive security lapses, inappropriate sales recommendations, and violations of consumer law and other law can result in litigation, loss of business to the bank, or negative perceptions in the marketplace. Publicity about adverse events surrounding the third parties also may increase the bank’s reputation risk. In addition, many of the products and services involved in franchising arrangements expose banks to higher reputation risks. Franchising the bank’s attributes often includes direct or subtle reference to the bank’s name.  Thus, the bank is permitting its attributes to be used in connection with the products and services of a third party.  In some cases, however, it is not until something goes wrong with the third party’s products, services, or client relationships, that it becomes apparent to the third party’s clients that the bank is involved or plays a role in the transactions. When a bank is offering products and services actually originated by third parties as its own, the bank can be exposed to substantial financial loss and damage to its reputation if it fails to maintain adequate quality control over those products, services, and adequate oversight over the third party’s activities.

Strategic Risk

A bank is exposed to strategic risk if it uses third parties to conduct banking functions or offer products and services that are not compatible with the bank’s strategic goals, cannot be effectively monitored and managed by the bank, or do not provide an adequate return on investment. Strategic risk exists in a bank that uses third parties in an effort to remain competitive, increase earnings, or control expense without fully performing due diligence reviews or implementing the appropriate risk management infrastructure to oversee the activity. Strategic risk also arises if management does not possess adequate expertise and experience to oversee properly the third-party relationship.

Conversely, strategic risk can arise if a bank does not use third parties when it is prudent to do so. For example, a bank may introduce strategic risk when it does not leverage third parties that possess greater expertise than the bank does internally, when the third party can more cost effectively supplement internal expertise, or when the third party is more efficient at providing a service with better risk management than the bank can provide internally.

Credit Risk

Credit risk may arise when management has exercised ineffective due diligence and oversight of third parties that market or originate certain types of loans on the bank’s behalf, resulting in low-quality receivables and loans. Ineffective oversight of third parties can also result in poor account management, customer service, or collection activities. Likewise, where third parties solicit and refer customers, conduct underwriting analysis, or set up product programs on behalf of the bank, substantial credit risk may be transferred to the bank if the third party is unwilling or unable to fulfill its obligations

Managing Risk

One of the most important points that all of the regulators are driving home is that they intend to hold financial institutions responsible for the action for the third party service providers.   For example, if an automobile dealer with whom a bank has a relationship engages in lending activities that have fair lending concerns, the bank under whose name they are providing the service will also be found to have fair lending concerns. 

This is not to say that there is a general distaste for outsourcing of third party arrangements.  It is to say that when the arrangement is made, there should be a risk management system in place ahead of the formation of the relationship.  The program should include at a minimum the following: 

• A Risk Assessment;
• Due Diligence in Selecting a Third Party;
• Contract Structuring and Review;
•  Oversight;  

---

[1] See Vendor Risk Management — Compliance Considerations

By Cathryn Judd, Examiner, and Mark Jennings, Former Examiner, Federal Reserve Bank of San Francisco 

[2] FDIC Compliance Manual

[3] OCC BULLETIN 2013-29 Managing Third Party Relationships

Having a Conversation About Compliance 

 

One of the constants in the world of compliance is change.   One of the other constants in compliance has been skepticism about consumer laws in general, and the need for compliance specifically.  It is often easy to feel the recalcitrance of the senior management at financial institutions to the very idea of compliance.  Even institutions with good compliance records often tend to do only that which is required by the regulation.  In many cases, they do the minimum for the sole purpose of staying in compliance and not necessarily because they agree with the spirit of compliance.  Indeed, skepticism about the need for consumer regulations as well as the effectiveness of the regulations are conversations that can be heard at many an institution. 

 

The combination of changes in the consumer regulations, changes at regulatory agencies and changes in the focus of these agencies presents both a challenge and an opportunity for compliance staff everywhere.  It is time to have “the talk” with senior management. What should be the point of the talk?  Enhancements in compliance can help your bank receive higher compliance ratings while improving the overall relationship with your primary regulator. 

 

The Compliance Conversation

 

While there are many ways to try to frame the case for why compliance should be a primary concern at a financial institution, there are several points that may help to convince a skeptic. 

 

1)      Compliance regulations have been earned by the financial industry.  A quick review of the history of the most well-known consumer regulations will show that each of these laws was enacted to address bad behaviors of financial institutions.  The Equal Credit Opportunity Act was passed to help open up credit markets to women and minorities who were being shut out of the credit market.  The Fair lending laws, HMDA and the Community Reinvestment Act were passed to assist in the task of the ECOA. In all of these cases, the impetus for the legislation was complaints from the public about the behavior of banks. The fact is that these regulations are there to prevent financial institutions from hurting the public. 

 

2)      Compliance will not go away!  Even though there have been changes to the primary regulations, there has been no credible movement to do away with them. Banking is such an important part of our economy that it will always receive a great deal of attention from the public and therefore legislative bodies. In point of fact, the trend for all of the compliance regulations is that they continue to expand. The need for a compliance program is as basic to banking as the need for deposit insurance.  Since compliance is and will be, a fact of banking life, the prudent course is to embrace it.  

 

3)      Compliance may not be a profit center, but a good compliance program cuts way down on the opportunity costs of regulatory enforcement actions.  Many financial institutions tend to be reactive when it comes to compliance.  We understand; there is cost benefit analysis that is done and often, the decision is made to “take our chances” and get by with a minimal amount of resources spent on compliance.   However, more often than not the cost benefit analysis does not take into account the cost of “getting caught”.  Findings from compliance examinations that require “look backs” into past transactions and reimbursement to customers who were harmed by a particular practice is an extremely expensive experience.  The costs for such actions include costs of staff time (or temporary staff), reputational costs and the costs associated with correcting the offending practice.  A strong compliance management system will help prevent these costs from being incurred and protect the institution’s reputation; which at the end of the day is its most important asset. 

4)      Compliance is directly impacted by the strategic plan.  Far too often, compliance is not considered as institutions put together their plans for growth and profitability.  Plans for new marketing campaigns or new products being offered go through the approval process without the input of the compliance team.  Unfortunately, without this consideration, additional risk is added without being aware of how the additional risk can be mitigated.   When compliance is considered in the strategic plan, the proper level of resources can be dedicated to all levels of management and internal controls. 

 

5)      There is nothing about being in compliance that will get in the way of the financial institution making money and being successful.  Many times the compliance officer gets portrayed as the person who keeps saying no; No!” to new products, “No!” to new marketing, and “No!” to being profitable.  But the truth is that this characterization is both unfair and untrue.  The compliance staff at your institution wants it to make all the money that it possibly can while staying in compliance with the laws that apply.  The compliance team is not the enemy.  In fact, the compliance team is there to solve problems.  

 

 Getting the Conversation to Address the Future. 

Today there are changes in the expectations that regulators have about responding to examination findings and the overall maintenance of the compliance management program.   There are three fronts that may seem unrelated at first, but when out together make powerful arguments about how compliance can become a key component in your relationship with the regulators. 

 

First, the prudential regulators have made it clear that they intend the review of the compliance management program to directly impact the overall “M” rating within the CAMEL ratings.   The thought behind evaluating the compliance management program as part of the management rating is that it is the responsibility of management to maintain and operate a strong compliance program.  The failure to do so is a direct reflection of management’s abilities.  Compliance is now a regulatory foundation issue. 

 

Second, now more than ever, regulators are looking to banks to risk assess their own compliance and when problems are noted, to come forward with the information.  The CFPB for example, published guidance in 2013 (Bulletin 2013-06) that directly challenged banks to be corporate citizens by self-policing and self-reporting.  It is clear that doing so will enhance both the reputation and the relationship with regulators.  The idea here is that by showing that you take compliance seriously and are willing to self-police, the need for regulatory oversight can be reduced.

 

Finally, the regulators have reiterated their desire to see financial institutions address the root causes of findings in examinations.   There have been recent attempts by the Federal Reserve and the CFPB to make distinctions between recommendations and findings.  The reason for these clarifications is so that institutions can more fully address the highest areas of concern.  By “addressing”, the regulators are emphasizing that they mean dealing with the heart of the reason that the finding occurred.  For example, in a case where a bank was improperly getting flood insurance, the response cannot simply be to tell the loan staff to knock it off!  In addition to correcting mistakes, there is either a training issue of perhaps staff are improperly assigned.  What is the reason for the improper responses?  That is what the regulators want addressed.   

The opportunity exists to enhance your relationship with your regulators through your compliance department.  By elevating the level of importance of compliance and using your compliance program as a means of communicating with your regulators, the compliance conversation can enhance the overall relationship between your institution and your regulator.

 

Compliance is here to Stay

Every culture has its own languages and code words.  Benign words in one culture can be offensive in another.  For example, there was a time when something that was “Phat” was really desirable and cool while there are very few people who would like to be called fat!  Compliance is one of those words that, depending on the culture, may illicit varying degrees of response.  In the culture of financial institutions, the word compliance has some negative associations.   Compliance is often considered an unnecessary and crippling cost of doing business.  Many of the rules and regulations that are part of the compliance world are confusing and elusive.  For many institutions, has been the dark cloud over attempts to provide new and different services and products.  

Despite the many negative connotations that surround compliance in the financial services industry, there are many forces coming together to alter the financial services landscape.  These forces can greatly impact the overall view of compliance.  In fact, it is increasingly possible to view expenditures in compliance as an investment rather than a simple expense

Why do we have Compliance Regulations?

 Many a compliance professional can tell you about how difficult it is to keep everybody up to date on the many regulations that apply to financial institutions.  However, if you ask why exactly do we even have an Equal Credit Opportunity Act or a Home Mortgage Disclosure Act (“HMDA”), it would be difficult to get a consensus.   All of the compliance regulations share a very similar origin story.   There was bad or onerous behavior on the part of financial institutions, followed by a public outcry, legislative action to address the bad behavior and then eventually regulations.  The history of Regulation B provides a good example:

A Little History

The consumer credit market as we now know it grew up in the time period from World War II and the 1960’s.  It was during this time that the market for mortgages grew and developed and became the accepted means for acquiring property, financing businesses, developing wealth and upward mobility.  By the late 1960’s the consumer credit market was booming. 

The Equal Credit Opportunity Act (“ECOA”) and regulation B are not nearly as old as you might think. In fact, the first attempt at regulating credit access was the Consumer Credit Protection Act of 1968.  This legislation was passed to protect consumer credit rights that up to that point been largely ignored.  The 1968 regulation was passed as the result of continuing growth in consumer credit and its effects on the economy.  For example, in the year before the regulation was passed, consumers were paying fees and interest that equaled the government’s payments on the national debt!  One of the goals of the Consumer Credit Protection Act was to protect consumer rights and to preserve the consumer credit industry.  

The Civil Rights Movement was occurring at the same time as the passage of the CCPA and in 1968, the Fair Housing Act was passed by Congress.  The FHA was designed to assist communities that that had been excluded from credit markets obtain access to credit.  We will discuss the Fair Housing Act in more detail next month.  

One of the things that the CCPA did was to empanel a commission of Congress called the National Commission on Consumer Finance.  This commission was directed to hold hearings about the structure and operation of the consumer credit industry.  

 

Unintended Consequences

While performing the duties they were assigned, the members of the National Commission on Consumer Finance conducted several hearings about the credit approval process for consumer loans.  The stories and anecdotes from these hearings raised a tremendous public outcry about the behavior of banks and financial institutions that were in the business of granting credit.   One of the common themes of the testimonies given was that women and minorities were being left behind when it came to the growth of the consumer credit market.  Public pressure forced additional hearings on the consumer credit market, and the evidence showed that women in particular and minorities in general were being given unfair and unequal treatment by banks. 

 

What was Going On? 

So, what were banks doing that was a cause of concern?  There were several practices that had become normal and regular for banks when the applicant for consumer credit was a woman or a member of a racial minority group.  

Women had more difficulty than men in obtaining or maintaining credit, more frequently were asked embarrassing questions when applying for credit, and more frequently were required to have cosigners or extra collateral.   When a divorced or single woman applied for credit, she was immediately asked questions about her life choices, sexual habits, and various other personal information that was both irrelevant to the credit decision and not asked of men. 

Racial minorities had difficulty even obtaining credit applications let alone credit approvals.  In cases, where members of minority groups attempted to get a loan applicant, there were either told that the bank was not making consumer loans, or that the area that the person lived was outside of the lending area of the bank. 

For applicants that receive public assistance, child support of alimony, banks would not consider these as sources of income under the theory that they were temporary and might disappear.  

Despite being subjected to embarrassing or incorrect information, in the cases where women and minorities persisted and completed a credit application, banks would drag out the process for interminable time periods and would engage in strong efforts to discourage the applicant from going forward.  

In many cases, when a person lived in a neighborhood that was predominately comprised of minorities, the borrower was told that the collateral did not have enough value without further explanation.  

 

The ECOA

Though these stories created a great deal of interest, the CCPA was not amended until 1974 when the first Equal Credit Opportunity Act was passed.  This Act prevented discrimination in credit based on sex and marital status. 

 

What was the ECOA Designed to Do?

The development of the consumer credit market brought with it a series of bad behaviors that directly and negatively impacted the ability of women and minorities to obtain credit.   These behaviors included asking women to check with their husbands before getting a loan, denying a single woman credit, discouraging minorities from applying for credit and outright refusal to grant credit.  

The law and regulation are designed to open credit to all who are worthy by limiting practices that unfairly exclude groups of people and by making sure that applicants are fairly informed of the reasons for a denial.  

The regulations exist because there was bad behavior that was not being addressed by the industry alone.  Many of the compliance regulations share the same origin story. 

 

Compliance is not all Bad

Sometimes, we are caught up on focusing on the negative to the point that it is hard to see the overall impact of bank regulations.   One of the positive effects of compliance regulations is they go a long way toward “leveling the playing field” among banks.   RESPA (the Real Estate Settlement Procedures Act) provides a good example.  The focus of this regulation is to get financial institutions to disclose the costs of getting a mortgage in the same format throughout the country.   The real costs associated with a mortgage and any deals a bank has with third parties, the amount that is being charged for insurance taxes and professional reports that are being obtained all have to be listed in the same way for all potential lenders.  In this manner, the borrower is supposed to be able to line up the offers and compare costs.  This is ultimately good news for community banks.  The public gets a chance to see what exactly your lending program is and how it compares to your competitors.  The overall effect of this legislation is to make it harder for unscrupulous lending outfits to make outrageous claims about the costs of their mortgages.   This begins to level the playing field for all banks.  The public report requirements for the Community Reinvestment Act and the Home Mortgage Disclosure Act can result in positive information about your bank.    A strong record of lending within the assessment area and focusing on reinvigoration of neighborhoods is a certainly a positive for the bank’s reputation.  The overall effects of the regulations and should be viewed as a positive.  

 

Protections not just for Customers

In some cases, consumer regulations provide protection not just for consumers but also for banks.  The most recent qualifying mortgage and ability to repay rules present a good case.  These rules are designed to require additional disclosures for borrowers that have loans with high interest rates.   In addition to the disclosure requirements, the regulations establish a safe harbor for banks that make loans within the “qualifying mortgage” limits.  This part of the regulation provides strong protection for banks.  The ability to repay rules establish that when a bank makes a loan below the established loan to value and debt to income levels, then the bank will enjoy the presumption that the loan was made in good faith.  This presumption is very valuable in that It can greatly reduce the litigation costs associated with mortgage loans.  Moreover, if a bank makes only “qualifying mortgages’ the level of regulatory scrutiny will likely be lower than in the instance of banks that make high priced loans. 

 

Compliance regulations will no doubt be a part of doing business in the financial industry for the foreseeable future.   However, all is not Considering a strategy that embraces the regulatory structure as an overall positive will allow management to start to re-imagine compliance and consider greater investment

James DeFrantz is the Principal of Virtual Compliance Management Services

For more Discussion and or Questions contact him at contactus@VCM4you.com

 

Rethinking Compliance in  Crypto, Fintech, Banking as a Service World- A Multi-Part Series 

Community banks and credit unions have been a key part of the American economy since its beginning.  These are the lending institutions that make loans to small sole proprietors, first time home buyers and dreamers of all kinds.  Over the years, the business model for these institutions has hardly varied.   A review of the loan portfolios of community banks across the country will include three similar components:

• CRE- Commercial real estate loans have been one of the mainstays of the community banking business.  These loans provide a viable, recognizable and reliable (usually) source of income.   The drawback for this type of lending is that it ties up a large portion of the capital of a bank and the return on investment takes a significant amount of time develop.  A loss from one of these loans has the potential to threaten the existence of a small financial institution
• CNI – Commercial and Industrial loans have been the beating heart for community banks many years.  Very much like CRE loans, the income from these loans is recognizable and except for a few notable exceptions, reliable.  Not only do these loans have the same concerns as CRE, but the competition for these loans is also  fierce and smaller institutions often finds themselves left with the borrowers who present the highest level of risk. 
• Consumer products - In the past 15 years, consumer loans have also proven to be a good source of earnings.  Interest rates for consumer products have remained well above the prime rate and for a financial institution that is properly equipped, consumer products can provide a strong stream of income.   Consumer products also tend to be for smaller amounts, have higher rates of losses and are heavily regulated. 

This three-pronged approach to earning income has been a steady, tried and true method for earnings at small financial institutions,   However, there are several factors that are coming together that have threatened this business model. 

• Fintech – Financial technology (“Fintech”) companies are those companies that use software to deliver financial products.  Today one of the most recognizable fintech companies is PayPal.  Using just a smart phone, PayPal gives its users the ability to make payments, pay bills, deliver gift cards and conduct financial transactions with people throughout the country.   For community banks, the knowledge of the existence of PayPal is interesting, but what is more critical is the reason that PayPal was developed.  PayPal, and its fintech brethren exist to fill a specific need that Banks were not meeting.  
• NBFI - Operation Chokepoint was a program spearheaded by the Justice Department that was aimed directly at Non-Bank Financial Institutions, aka Money Service Businesses.  At the time the program was started, a decision was made that money service businesses represented an unacceptable money laundering risk.   Ultimately, Operation Chokepoint fell into disrepute and was ended.  Although Operation Chokepoint has ended, its legacy is still prevalent.  MSB’s still have significant problems getting bank accounts.    Despite this fact, the amount of money moved through remittances continues to grow.  NBFI’s MSB’s continue to serve this market a huge market of people who are unbanked and underbanked.    
• Underbanked and Unbanked- The number of unbanked and underbanked families continues to remain significant.  Unbanked families are those without a bank account and underbanked families are those that use minimal banking services.   The number of people in these families totaled   approximately 23 million in 2021^[1].   Equally as important as the sheer size of the unbanked and underbanked population is the reason that many of these potential customers remain that way.  High fees, poor customer service and bad public image have all been contributing factors for the large population of unbanked and underbanked customers. 

 

Fintech’s to the Rescue?

Financial inclusion, especially providing services to those people and small businesses that traditionally avoided full-service banking, has long been a calling card for financial technology (“Fintech”) firms.

Interest rates near zero and an untapped market of millions of adults helped the industry flourish, from financial services firms to cryptocurrency startups.

But inflation and rate hikes have slowed new funding to a trickle. As investors’ push for profits grows, so too does concern that FinTechs will abandon their pledges to cater to the underserved.

Consider the online bank Varo Bank, which raised $510 million and boasted a $2.5 billion valuation last September. Then, like many FinTechs, it hit a wall in 2022.

With losses mounting, it laid off 75 staffers, cut back on advertising and shifted strategy, moving away from growing its total client base and shedding what CEO Colin Walsh called “expensive customer acquisition” in an interview this month with Axios.

Those expensive customers usually end up being from Black, brown and other marginalized communities that cost more to reach and generate the lowest revenues, said Mehrsa Baradaran, a professor at the University of California Irvine School of Law and author of the book “How the Other Half Banks.”

Preparing to fill the breach are community development financial institutions—small, community-based lenders that focus on providing funding to largely women- and minority-owned small businesses with less than $1 million in revenue, said Patrick Davis, the senior vice president of strategy at Community Reinvestment Fund USA.

The Biden administration has committed more than $1 billion accessible through CDFIs for the smallest startup businesses. Banks have also been increasing their contributions to CDFIs with the express goal of getting money to hard-to-reach small businesses.

 

Customer Bases in the future 

The combination of these forces will greatly impact the future of the business model for community banks.  Customers will continue to change their expectations for their financial institutions.   The traditional balance has changed, instead of being forced to choose the products that financial institutions offer, customers have come to demand products from their companies.  

The financial needs of customers have also changed.  Electronic banking, online account opening, remote deposit capture and iPhone applications are now almost necessities.   Younger customers, who make up a significant number of the unbanked and underbanked population rarely use traditional forms of community banking such as branch visits.  Fast information, fast movement of money, low costs transactions and accessibility are most desirable to the potential clients of today’s financial institutions. 

Implications for the Small Bank Business Model  

Fintech companies, NBFI’s and the need for new and different services presented by the unbanked and underbanked population will all continue to put pressure on community bankers to begin to make a change. Change may be hard, but it is also inevitable and necessary.  For community banks and credit unions now is a good time to consider NBFI’s as viable and important customers.  They are a vehicle for consumers to meet their ongoing needs and they need bank accounts. 

Reimagining Compliance as a Potential Product or Service

For many institutions the barrier to entering the Fintech, or NFBI market is a lack of the proper compliance resources.  However, much like the shared services agreements that are being made with vendors in other areas, compliance resources can also be expanded with the right partnerships.  For the institution that is properly positioned, the possibility exists that compliance resources and expertise can be package and outsourced.

 

We will explore the possibilities for compliance in our series this month.   In Part Two- we will ask- What if compliance could be a profit center?

 

James DeFrantz is the Principal of Virtual Compliance Management Services

For more Discussion and or Questions contact him at contactus@VCM4you.com

---

[1] An estimated 4.5 percent of U.S. households were “unbanked” in 2021, meaning that no one in the household had a checking or savings account at a bank or credit union (i.e., bank). This proportion represents approximately 5.9 million U.S. households. Converse­ly, 95.5 percent of U.S. households were “banked” in 2021, meaning that at least one member of the house­hold had a checking or savings account at a bank. This proportion represents approximately 126.6 million U.S. households.

 

An estimated 14.1 percent of U.S. households—repre­senting approximately 18.7 million households—were “underbanked” in 2021, meaning that the household was banked and in the past 12 months used at least one of the following nonbank transaction or credit prod­ucts or services that are disproportionately used by unbanked households to meet their transaction and credit needs

 

 

 

Rethinking the Business Model for Community Banking

 

Community banks and credit unions have been a key part of the American economy since its beginning.  These are the lending institutions that make loans to small sole proprietors, first-time home buyers, and dreamers of all kinds.  Over the years, the business model for these institutions hardly varied.   A review of the loan portfolios of community banks across the country will include three similar components:

·        CRE- Commercial real estate loans have been one of the mainstays of the community banking business.  These loans provide a viable, recognizable, and reliable (usually) source of income.  The return on investment for these loans has been the source of a large portion of the earnings for community banks for many years.  The drawback for this type of lending is that it ties up a large portion of the capital of a bank and the return on investment takes a significant amount of time to develop.  A loss from one of these loans has the potential to threaten the existence of a small financial institution

·        CNI – Commercial and Industrial loans have been the beating heart for community banks for many years.  Very much like CRE loans, the income from these loans is recognizable and except for a few notable exceptions, reliable.  Not only do these loans have the same concerns as CRE, but the competition for these loans is also fierce and smaller institutions often find themselves left with the borrowers who present the highest level of risk. 

·        Consumer products - In the past 15 years, consumer loans have also proven to be a good source of earnings.  Interest rates for consumer products have remained well above the prime rate and for a financial institution that is properly equipped, consumer products can provide a strong stream of income.   Consumer products also tend to be for smaller amounts, have higher rates of losses and are heavily regulated. 

This three-pronged approach to earning income has been a steady, tried and true method for earnings at small financial institutions.  However, there are several factors that are coming together that have threatened this business model. 

·        Fintech – Financial technology (“Fintech”) companies are those companies that use software to deliver financial products.  Today one of the most recognizable fintech companies is PayPal.  Using just a smartphone, PayPal gives its users the ability to make payments, pay bills, deliver gift cards and conduct financial transactions with people throughout the country.   For community banks, the knowledge of the existence of PayPal is interesting, but what is more critical is the reason that PayPal was developed.  PayPal, and its fintech brethren exist to fill a specific need that Banks were not meeting.  

·        NBFI - Operation Chokepoint program was a program spearheaded by the Justice Department that was aimed directly at Non-Bank Financial Institutions, aka Money Service Businesses.  At the time the program was started, a decision was made that money service businesses represented an unacceptable money laundering risk.   Ultimately, Operation Chokepoint fell into disrepute and was ended.  Although Operation Chokepoint has ended, its legacy is still prevalent.  MSB’s still have significant problems getting bank accounts.    Despite this fact, the amount of money moved through remittances continues to grow.  NBFI’s MSB’s continue to serve this market a huge market of people who are unbanked and underbanked.    

·        Underbanked and Unbanked- The number of unbanked and underbanked families continues to grow.  Unbanked families are those without a bank account and underbanked families are those that use minimal banking services.   The number of people in these families totaled approximately 90 million in 2016[1].   Equally as important as the sheer size of the unbanked and underbanked population is the reason that many of these potential customers remain that way.  High fees, poor customer service and bad public image have all been contributing factors for the large population of unbanked and underbanked customers. 

 

Customer Bases in the future 

The combination of these forces will greatly impact the future of the business model for community banks.  Customers will continue to change their expectations for their financial institutions.   The traditional balance has changed, instead of being forced to choose the products that financial institutions offer, customers have come to demand products from their companies.  

The financial needs of customers have also changed.  Electronic banking, online account opening, remote deposit capture and iPhone applications are now almost necessities.   Younger customers, who make up a significant number of the unbanked and underbanked population rarely use traditional forms of community banking such as branch visits.  Fast information, fast movement of money, low costs transactions and accessibility are most desirable to the potential clients of today’s financial institutions. 

Implications for the Small Bank Business Model  

Fintech companies, NBFI’s and the need for new and different services presented by the unbanked and underbanked population will all continue to put pressure on community bankers to begin to make a change. Change may be hard, but it is also inevitable and necessary.  For community banks and credit unions now is a good time to consider NBFI’s as viable and important customers.  They are a vehicle for consumers to meet their ongoing needs and they need bank accounts. 

Fintech companies’ reason for existing is to fill the unmet needs of unbanked and underbanked.   These companies have developed applications that allow everything form alternate means of credit scoring to international transfer of funds using applications.  A community bank or credit union that creates a partnership with the right fintech company can offer products and services that will greatly distinguish them in the market and allow for continued growth and alternate means of income.   2018 is a great time to start thinking about a new business model.

 

Reimagining Compliance as a Potential Product or Service

For man institutions, the barrier to entering the Fintech, or NFBI market is a lack of the proper compliance resources.  However, much like the shared services agreements that are being made with vendors in other areas, compliance resources can also be expanded with the right partnerships.  For the institution that is properly positioned, the possibility exists that compliance resources and expertise can be packaged and outsourced.  

 

In part three we will look at the use of compliance as an asset or resource.  

 

James DeFrantz is the Principal of Virtual Compliance Management Services

For more Discussion and or Questions contact him at contactus@VCM4you.com

---

[1] In our most recent survey, published in October 2016, the FDIC reported that 7 percent of households were unbanked, lacking any account relationship at an insured institution. The survey also showed that an additional one-in-five (or 19.9 percent of) households were underbanked, defined as households in which a member had a bank account, but nevertheless turned to alternative financial services providers during the year to address one or more needs for transactional services such as check cashing or credit. Altogether, the survey reported that some 90 million Americans, or nearly 27 percent of households, are unbanked or underbanked.

 

Re-Imagining Compliance- A Series

 

Part One – Compliance is here to Stay

Every culture has its own languages and code words.  Benign words in one culture can be offensive in another.  For example, there was a time when something that was “Phat” was really desirable and cool while there are very few people who would like to be called fat!  Compliance is one of those words that, depending on the culture, may illicit varying degrees of response.  In the culture of financial institutions, the word compliance has some negative associations.   Compliance is often considered an unnecessary and crippling cost of doing business.  Many of the rules and regulations that are part of the compliance world are confusing and elusive.  For many institutions, has been the dark cloud over attempts to provide new and different services and products.  

Despite the many negative connotations that surround compliance in the financial services industry, there are many forces coming together to alter the financial services landscape.  These forces can greatly impact the overall view of compliance.  In fact, it is increasingly possible to view expenditures in compliance as an investment rather than a simple expense.   In this three-part blog, we ask that you reimagine your approach to compliance.  

Why do we have Compliance Regulations?

 Many a compliance professional can tell you about how difficult it is to keep everybody up to date on the many regulations that apply to financial institutions.  However, if you ask why exactly do we even have an Equal Credit Opportunity Act or a Home Mortgage Disclosure Act (“HMDA”), it would be difficult to get a consensus.   All of the compliance regulations share a very similar origin story.   There was bad or onerous behavior on the part of financial institutions, followed by a public outcry, legislative action to address the bad behavior and then eventually regulations.  The history of Regulation B provides a good example:

A Little History

The consumer credit market as we now know it grew up in the time period from World War II and the 1960’s.  It was during this time that the market for mortgages grew and developed and became the accepted means for acquiring property, financing businesses, developing wealth and upward mobility.  By the late 1960’s the consumer credit market was booming. 

The Equal Credit Opportunity Act (“ECOA”) and regulation B are not nearly as old as you might think. In fact, the first attempt at regulating credit access was the Consumer Credit Protection Act of 1968.  This legislation was passed to protect consumer credit rights that up to that point been largely ignored.  The 1968 regulation was passed as the result of continuing growth in consumer credit and its effects on the economy.  For example, in the year before the regulation was passed, consumers were paying fees and interest that equaled the government’s payments on the national debt!  One of the goals of the Consumer Credit Protection Act was to protect consumer rights and to preserve the consumer credit industry.  

The Civil Rights Movement was occurring at the same time as the passage of the CCPA and in 1968, the Fair Housing Act was passed by Congress.  The FHA was designed to assist communities that that had been excluded from credit markets obtain access to credit.  We will discuss the Fair Housing Act in more detail next month.  

One of the things that the CCPA did was to empanel a commission of Congress called the National Commission on Consumer Finance.  This commission was directed to hold hearings about the structure and operation of the consumer credit industry.  

Unintended Consequences

While performing the duties they were assigned, the members of the National Commission on Consumer Finance conducted several hearings about the credit approval process for consumer loans.  The stories and anecdotes from these hearings raised a tremendous public outcry about the behavior of banks and financial institutions that were in the business of granting credit.   One of the common themes of the testimonies given was that women and minorities were being left behind when it came to the growth of the consumer credit market.  Public pressure forced additional hearings on the consumer credit market, and the evidence showed that women in particular and minorities in general were being given unfair and unequal treatment by banks. 

What was Going On? 

So, what were banks doing that was a cause of concern?  There were several practices that had become normal and regular for banks when the applicant for consumer credit was a woman or a member of a racial minority group.  

Women had more difficulty than men in obtaining or maintaining credit, more frequently were asked embarrassing questions when applying for credit, and more frequently were required to have cosigners or extra collateral.   When a divorced or single woman applied for credit, she was immediately asked questions about her life choices, sexual habits, and various other personal information that was both irrelevant to the credit decision and not asked of men. 

Racial minorities had difficulty even obtaining credit applications let alone credit approvals.  In cases, where members of minority groups attempted to get a loan applicant, there were either told that the bank was not making consumer loans, or that the area that the person lived was outside of the lending area of the bank. 

For applicants that receive public assistance, child support of alimony, banks would not consider these as sources of income under the theory that they were temporary and might disappear.  

Despite being subjected to embarrassing or incorrect information, in the cases where women and minorities persisted and completed a credit application, banks would drag out the process for interminable time periods and would engage in strong efforts to discourage the applicant from going forward.  

In many cases, when a person lived in a neighborhood that was predominately comprised of minorities, the borrower was told that the collateral did not have enough value without further explanation. 

The ECOA

Though these stories created a great deal of interest, the CCPA was not amended until 1974 when the first Equal Credit Opportunity Act was passed.  This Act prevented discrimination in credit based on sex and marital status. 

What was the ECOA Designed to Do?

The development of the consumer credit market brought with it a series of bad behaviors that directly and negatively impacted the ability of women and minorities to obtain credit.   These behaviors included asking women to check with their husbands before getting a loan, denying a single woman credit, discouraging minorities from applying for credit and outright refusal to grant credit.  

The law and regulation are designed to open credit to all who are worthy by limiting practices that unfairly exclude groups of people and by making sure that applicants are fairly informed of the reasons for a denial.  

The regulations exist because there was bad behavior that was not being addressed by the industry alone.  Many of the compliance regulations share the same origin story. 

Compliance is not all Bad

Sometimes, we are caught up on focusing on the negative to the point that it is hard to see the overall impact of bank regulations.   One of the positive effects of compliance regulations is they go a long way toward “leveling the playing field” among banks.   RESPA (the Real Estate Settlement Procedures Act) provides a good example.  The focus of this regulation is to get financial institutions to disclose the costs of getting a mortgage in the same format throughout the country.   The real costs associated with a mortgage and any deals a bank has with third parties, the amount that is being charged for insurance taxes and professional reports that are being obtained all have to be listed in the same way for all potential lenders.  In this manner, the borrower is supposed to be able to line up the offers and compare costs.  This is ultimately good news for community banks.  The public gets a chance to see what exactly your lending program is and how it compares to your competitors.  The overall effect of this legislation is to make it harder for unscrupulous lending outfits to make outrageous claims about the costs of their mortgages.   This begins to level the playing field for all banks.  The public report requirements for the Community Reinvestment Act and the Home Mortgage Disclosure Act can result in positive information about your bank.    A strong record of lending within the assessment area and focusing on reinvigoration of neighborhoods is a certainly a positive for the bank’s reputation.  The overall effects of the regulations and should be viewed as a positive.  

 

Protections not just for Customers

In some cases, consumer regulations provide protection not just for consumers but also for banks.  The most recent qualifying mortgage and ability to repay rules present a good case.  These rules are designed to require additional disclosures for borrowers that have loans with high interest rates.   In addition to the disclosure requirements, the regulations establish a safe harbor for banks that make loans within the “qualifying mortgage” limits.  This part of the regulation provides strong protection for banks.  The ability to repay rules establish that when a bank makes a loan below the established loan to value and debt to income levels, then the bank will enjoy the presumption that the loan was made in good faith.  This presumption is very valuable in that It can greatly reduce the litigation costs associated with mortgage loans.  Moreover, if a bank makes only “qualifying mortgages’ the level of regulatory scrutiny will likely be lower than in the instance of banks that make high priced loans. 

Compliance regulations will no doubt be a part of doing business in the financial industry for the foreseeable future.   However, all is not Considering a strategy that embraces the regulatory structure as an overall positive will allow management to start to re-imagine compliance and consider greater investment.   In our next blog, we will discuss the forces that are converging to make the return on investment in compliance strong. 

 

James DeFrantz is the Principal of Virtual Compliance Management Services

For more Discussion and or Questions contact him at contactus@VCM4you.com

 

Banking as a Service

Implications for Community Banks 

Vendor Management is Critical 

We discussed the ways that Fintech companies are on a mission to “disrupt” financial services.   In this case, the disruption doesn’t necessarily have to be a negative connotation.  In fact, in many cases, the disruption that fintech are causing are geared towards improving product delivery.  At the end of the day, FinTechs are working to create efficiencies and deliver products with greater speed and flexibility, and this is ultimately a good thing for financial institutions. 

In addition to the disruptive nature of FinTechs, we also noted that these companies are aiming right at the large pool of unbanked and underbanked families. These are the households that not only represent potential customers for the current banking model, but they also represent financial institutions customer of the future.   There is a growing reliance on smart phones to conduct banking transactions.  In addition, customer expectation credit products continue to evolve.  Several platforms allow customers to apply for loans entirely online and with minimal human contact.   Even the idea of who is and is not a credit-worthy customer have changed.  Concepts such as collateral have changed; intellectual property can be a replacement for real estate in some cases.  As the needs and expectations of financial institution customers change, the manner which financial products are delivered must also change.  FinTechs are leading the change in these areas.

 

 

Despite their numerous advantages that FinTechs may have, there are inefficiencies in the regulatory scheme that have severely limited the growth and influence of these companies.   FinTechs are defined by the regulations as Money Service Business (“MSB’s”) and as such, they are required to get licenses in each of the states in which they transact business.  The process for obtaining these licenses can be tedious, time consuming and expensive.   A company may have to re-packing its information repeatedly to satisfy the application information requests for each state.  Of course, depending on the structure of the state agency and the resources available for processing applications, the process can take a long time to complete. 

 Many banks today rely on outsourced functions ranging from core operating systems to monthly billing programs.  The reliance on third parties to provide core functions at banks is no longer viewed as a less  than desirable situation, it is normal.  However, over time the types of relationships that banks began to form with outside vendors became more complicated and in some cases exotic.  Some banks used third parties to offer loan products and services that would otherwise not be offered.  In many cases, the administration of the contractual relationship was minimal; especially when the relationship was profitable.

The level and type of risk that these agreements created came under great scrutiny during the financial crisis of 2009.  Among the relationships that are most often scrutinized for areas of risk are:  

 

·        Third-party product providers such as mortgage brokers, auto dealers, and credit card providers;

·         Loan servicing providers such as providers of flood insurance monitoring, debt collection, and loss mitigation/foreclosure activities;

·         Disclosure preparers, such as disclosure preparation software and third-party documentation preparers;

·         Technology providers such as software vendors and website developers; and

·         Providers of outsourced bank compliance functions such as companies that provide compliance audits, fair lending reviews, and compliance monitoring activities.[1]

 

 The FDIC, the OCC and the FRB have all issued guidance on the proper way to administer vendor management.   While the published guidance from each of these regulators its own idiosyncrasies, there are clear basic themes that appear in each. 

 All of the guidance has similar statements that address the types of risk involved with third party relationships and all discuss steps for mitigating risks.  We will discuss the methods for reducing risk further in part two of this series. 

 Types of Risk Associated with Third-Party Relationships.

 

Regardless of the size of your bank, or the overall complexity of the operation, the risks that follow will exist at some level with any third-party relationship.  

 Operational Risk

 Operational risk is present in all products, services, functions, delivery channels, and processes.  Third-party relationships may increase a bank’s exposure to operational risk because the bank may not have direct control of the activity performed by the third party.

Operational risk can increase significantly when third-party relationships result in concentrations. Concentrations may arise when a bank relies on a single third party for multiple activities, particularly when several of the activities are critical to bank operations. Additionally, geographic concentrations can arise when a bank’s own operations and that of its third parties and subcontractors are located in the same region or are dependent on the same critical power and telecommunications infrastructures.

 Compliance Risk

 Compliance risk exists when products, services, or systems associated with third-party relationships are not properly reviewed for compliance or when the third party’s operations are not consistent with laws, regulations, ethical standards, or the bank’s policies and procedures. Such risks also arise when a third party implements or manages a product or service in a manner that is unfair, deceptive, or abusive to the recipient of the product or service. Compliance risk may arise when a bank licenses or uses technology from a third party that violates a third party’s intellectual property rights. Compliance risk may also arise when the third party does not adequately monitor and report transactions for suspicious activities to the bank under the BSA or OFAC. The potential for serious or frequent violations or noncompliance exists when a bank’s oversight program does not include appropriate audit and control features, particularly when the third party is implementing new bank activities or expanding existing ones, when activities are further subcontracted, when activities are conducted in foreign countries, or when customer and employee data is transmitted to foreign countries.

 Compliance risk increases when conflicts of interest between a bank and a third party are not appropriately managed, when transactions are not adequately monitored for compliance with all necessary laws and regulations, and when a bank or its third parties have not implemented appropriate controls to protect consumer privacy and customer and bank records. Compliance failures by the third party could result in litigation or loss of business to the bank and damage to the bank’s reputation.

Reputation Risk

 Third-party relationships that do not meet the expectations of the bank’s customers expose the bank to reputation risk. Poor service, frequent or prolonged service disruptions, significant or repetitive security lapses, inappropriate sales recommendations, and violations of consumer law and other law can result in litigation, loss of business to the bank, or negative perceptions in the marketplace. Publicity about adverse events surrounding the third parties also may increase the bank’s reputation risk. In addition, many of the products and services involved in franchising arrangements expose banks to higher reputation risks. Franchising the bank’s attributes often includes direct or subtle reference to the bank’s name.  Thus, the bank is permitting its attributes to be used in connection with the products and services of a third party.  In some cases, however, it is not until something goes wrong with the third party’s products, services, or client relationships, that it becomes apparent to the third party’s clients that the bank is involved or plays a role in the transactions. When a bank is offering products and services actually originated by third parties as its own, the bank can be exposed to substantial financial loss and damage to its reputation if it fails to maintain adequate quality control over those products, services, and adequate oversight over the third party’s activities.

Strategic Risk

A bank is exposed to strategic risk if it uses third parties to conduct banking functions or offer products and services that are not compatible with the bank’s strategic goals, cannot be effectively monitored and managed by the bank, or do not provide an adequate return on investment. Strategic risk exists in a bank that uses third parties in an effort to remain competitive, increase earnings, or control expense without fully performing due diligence reviews or implementing the appropriate risk management infrastructure to oversee the activity. Strategic risk also arises if management does not possess adequate expertise and experience to oversee properly the third-party relationship.

Conversely, strategic risk can arise if a bank does not use third parties when it is prudent to do so. For example, a bank may introduce strategic risk when it does not leverage third parties that possess greater expertise than the bank does internally, when the third party can more cost effectively supplement internal expertise, or when the third party is more efficient at providing a service with better risk management than the bank can provide internally.

 Credit Risk

Credit risk may arise when management has exercised ineffective due diligence and oversight of third parties that market or originate certain types of loans on the bank’s behalf, resulting in low-quality receivables and loans. Ineffective oversight of third parties can also result in poor account management, customer service, or collection activities. Likewise, where third parties solicit and refer customers, conduct underwriting analysis, or set up product programs on behalf of the bank, substantial credit risk may be transferred to the bank if the third party is unwilling or unable to fulfill its obligations

Managing Risk

 One of the most important points that all of the regulators are driving home is that they intend to hold financial institutions responsible for the action for the third party service providers.   For example, if an automobile dealer with whom a bank has a relationship engages in lending activities that have fair lending concerns, the bank under whose name they are providing the service will also be found to have fair lending concerns. 

 

This is not to say that there is a general distaste for outsourcing of third party arrangements.  It is to say that when the arrangement is made, there should be a risk management system in place ahead of the formation of the relationship.  The program should include at a minimum the following: 

 

·         A Risk Assessment;

·         Due Diligence in Selecting a Third Party;

·         Contract Structuring and Review;

·          Oversight;  

 

 

 

 

 

---

[1] See Vendor Risk Management — Compliance Considerations

By Cathryn Judd, Examiner, and Mark Jennings, Former Examiner, Federal Reserve Bank of San Francisco 

[2] FDIC Compliance Manual

[3] OCC BULLETIN 2013-29 Managing Third Party Relationships