Five years ago few legal departments were concerned with – let alone focused on – data privacy or security. Most of those that were aware of the terms assumed that these were issues being handled by IT, HR, or marketing departments.
The world has changed. Data privacy class action litigation has erupted and data security breaches dominate the headlines. It is now well accepted that data privacy and data security issues threaten the reputation, profitability, and, sometimes, the operational survival of organizations. It is therefore perhaps not surprising to find that in almost every survey conducted of boards and senior management, data issues rank as one of their three top concerns, if not their single greatest concern. With that backdrop, organizations increasingly look to general counsel to manage data privacy and security risks.
With the end of the year approaching, it is time to start looking forward to 2018 and putting together that list of New Year’s resolutions. This list of annual goals can be especially important for community banks because, let’s face it, times are a-changin’ and community banks cannot afford to ignore this, especially in the face of the ostensible juggernaut that is fintech. “New Year, New You” doesn’t have to be a mantra solely for individuals; it can also be a mantra for community banks who want to make 2018 a successful year. To get you started, we have provided some suggestions that may help you turn 2018 into a very positive year for your bank.
Don’t be Consciously Blind
With such a vast amount of information thrown at us every day, I think we are all guilty of becoming consciously blind. It’s true, all the information can overwhelm us, making us turn a blind eye and ignore what everyone has to say and assume if something really important happens, someone will tell us. As a banker, you cannot afford to do this. With the promulgation of new regulations and advances in technology, it is important for community banks to remain aware of the financial landscape and evolve. Whether this means meeting revised regulations or updating technology to meet your customer’s needs, make a resolution to stay abreast of information that may affect your bank.
As Jonathan and I mentioned on our podcast on succession planning a few weeks ago, our patriarch and founding father, Walt Moeling, formally retired at the end of 2016. However, his knowledge and influence continue to permeate almost everything we do (and he still has the same office down the hall). One of the ways that influence can be seen continues to be in our use of stories originally told to us by Walt. Of course, his storytelling ability has been noticed, including by the press. Several years ago, as part of our succession planning, we began chronicling some of those stories. What follows is what I wrote two years ago…
In early 2010, our clients were dropping like flies, with one or two clients failing every Friday. Even as one client entered receivership, we were each likely working with three or four others that were on the same path. (Each was a horror movie, and we knew exactly how it would play out, even if our clients held out optimism each time that, for whatever reason, their story would play out differently.)
Walt and I were on the phone with one such client who had just passed the 2% leverage ratio threshold, and was in discussions on next steps. The executives were worried about how their employees would handle the receivership. Walt, as usual, slipped into a story about another (former) client that had been a client for years. Whenever Walt called, the president’s administrative assistant, Nancy, would answer the phone and chat with Walt before tracking down the bank’s president. Walt shared how he had listened as Nancy became increasingly depressed as the bank’s condition had deteriorated.
In his best Southern belle, falsetto, voice, Walt would demonstrate the decreasing pep in Nancy’s voice. From an upbeat “Good Morning, Walt!” to more and more depressing “Oh, Walt, things are hard, but we’re trying.” In the weeks leading up to that client’s receivership, Walt himself became increasingly saddened by Nancy’s stress. Calls now usually started “Oh, Walter, things are rough.”
In this the new era of banking, our clients are continually looking for ways to enhance efficiency and effectiveness at all levels of their organizations. This line of thinking has led to the revolution of the bank branch and the adoption of many new technologies aimed at serving customers and automating or otherwise increasing process efficiency. Perhaps most importantly, however, banks have begun to focus on optimizing their governance structures and practices, particularly at the board level.
(A print version of this post if you’d like to print or share with others is available here.)
As we discuss this topic with our clients, the conversation quickly turns to the role and function of the bank’s director loan or credit committee, which we refer to herein as the “Loan Committee.” We continue to believe that Loan Committees should move away from the practice of making underwriting decisions on individual credits absent a specific legal requirement, and here we set forth the position that this change should be made in order to enhance Board effectiveness, not just to avoid potential liability.
Ensuring Board Effectiveness
Whenever we advise clients with regard to governance, our fundamental approach is to determine whether a given course of action helps or hinders the Board’s ability to carry out its core functions. Defining the core functions of a Board can be a difficult task. Fortunately, the staff of the Board of Governors of the Federal Reserve System recently outlined its view of the core functions of a bank Board. We agree with the Federal Reserve’s outline of these functions as set forth in its proposed guidance regarding Board Effectiveness applicable to large banks, which was based on a study of the practices of high-performing boards. Based on our experiences, many of the concepts expressed in that proposed guidance constitute board best practices for banks of any asset size. The proposed guidance indicates that a board should:
set clear, aligned, and consistent direction;
actively manage information flow and board discussions;
hold senior management accountable;
support the independence and stature of independent risk management and internal audit; and
maintain a capable board composition and governance structure.
We believe that an evaluation of the board’s oversight role relative to the credit function is a necessary part of the proper, ongoing evaluation of a bank’s governance structure. As it conducts this self-analysis, a board should evaluate whether the practice of underwriting and making credit decisions on a credit-by-credit basis supports its pursuit of the first four functions. We believe that it likely does not.
Considering Individual Credit Decisions May Hinder the Committee’s Ability to Set Overall Direction for the Credit Function.
We have observed time and time again Loan Committee discussions diving “into the weeds” and, in our experience, once they are there they tend to stay there. In most Loan Committee meetings, the presenting officer directs the committee’s attention to an individual credit package and discusses the merits and challenges related to the proposal. Committee members then typically ask detailed questions about the particular financial metrics, borrower, or the intended project, assuming that any discussion occurs at all prior to taking a vote.
While it may sometimes be healthy to quiz officers on their understanding of a credit package, focusing on this level of detail may deprive the Loan Committee of the ability to focus on setting direction for the bank’s overall loan portfolio. In fact, in many of the discussions of individual credits, detailed questions about the individual loan package may in fact distract from the strategic and policy questions that really should be asked at the board level, such as “What is the market able to absorb with regard to projects of this type?” and “What is our overall exposure to this segment of our market?”
Bank directors have played a crucial role in the turnaround of the banking industry, an accomplishment that deserves recognition in light of the fact that it has been done under tremendous regulatory burden and tepid economic growth. Given that, why do we continue to question why the country’s most respected business people would be willing to serve as bank directors? Respected attorney and industry commentator Thomas Vartanian recently asked in an opinion piece in The Wall Street Journal, “Why would anyone sane be a bank director?” Well, sane people are serving as bank directors every day, and in doing so they are benefiting the economy without exposing themselves to undue risk.
(A print version of this post if you’d like to print or share with others is available here.)
The regulatory environment for bank directors is clearly improving. The Federal Reserve’s recent proposal to reassess the way in which it interacts with boards is appropriate if overdue, and the other banking agencies should follow the path that the Federal Reserve has set forth. We also witnessed the FDIC acting very aggressively in pursuing lawsuits against directors of failed banks in the wake of the financial crisis. However, suggesting that the FDIC relax its standards for pursuing cases against bank directors is not only unrealistic, it misses the greater point for the industry in that it needs to continue to refine its governance practices in order to provide for better decision-making by bank directors and to enhance protections from liability for individual directors.
In order to fully understand the point of this position, it is important to clear up a couple of commonly-held misconceptions. First, when the FDIC sues a bank director after a bank failure, it does so for the benefit of the Deposit Insurance Fund, which is essentially an insurance cooperative for the banking industry. As a result, the FDIC should be viewed as a purely economic actor, no different from any other plaintiff’s firm in the business of suing corporate directors. Lawsuits by FDIC should not be given any higher profile or greater credibility than any number of other suits against corporate directors that inevitability occur during market downturns. There should be no additional stigma, and certainly no additional fear, with regard to a claim by the FDIC on the basis that it is “the government.”
In the run up to the Fourth of July holiday, you may have missed that June 27 was the 50th anniversary of the first ATM and June 29 was the 10th anniversary of the first iPhone. I was struck by the coincidence of these two anniversaries occurring in the same week. It also caused me to revisit in my mind a concern that has been growing for some time.
During several recent bank board retreats and strategic planning sessions, I’ve witnessed the challenging dynamics that occur when leaders begin the process of “board refreshment.” Board refreshment is the current euphemism being used by consultants (and by the proxy advisory firms) to refer to the need for a closer match between the strategic goals of banks and the skill sets of board members. This need is especially apparent in the boards of many mid-sized regional and community banks.
We are living in a time of increasing change in the demographics (gender, race and age) of the customer base of banks, coupled with rapid technological developments which impact the ways in which commercial customers conduct their businesses and interact with other businesses, including with their banks. The typical board of a mid-sized regional or community bank, however, consists of men in their mid to upper-sixties who share similar backgrounds and whose perspectives were shaped during a different era for both business and banking. The concern I have is that continued adherence by banks to such board composition will result in competitive disadvantage.
I’ve been practicing law and advising banks for over 30 years, and for most of that period I don’t think it mattered as much how strong the typical community bank board was. What mattered was the strength and competency of the CEO, and it was a bonus if the bank had an energetic and engaged board of directors. I believe there is now an increasing need for stronger boards. Take a moment and consider how well equipped your board is to help guide your bank through the period of rapid change that is on the near term horizon.
On April 20, 2017, the American Banker reported that U.S. Bank’s new high-end credit card features an interesting differentiator from the high-end cards recently introduced by other large credit card issuers. U.S. Bank’s new high-end credit card significantly incents mobile usage over conventional swipe or chip dip for purchases. While the other card offerings typically provide triple miles for travel and entertainment purchases, the U.S. Bank “Altitude Reserve Visa Infinite” card puts its money on getting cardholders to enroll their cards in mobile wallets – Apple Pay, Android Pay, Samsung Pay and Microsoft Wallet.
For a generation of customers who want to do everything, or as much as possible, on their phones, millennials have not adopted mobile payments as quickly as expected. Personally, I constantly encourage everyone to enroll their cards in the mobile wallet on their phone ASAP and use it that way at every opportunity.
I do that for two reasons – 1) it is much more secure than swiping your stripe or dipping your chip and 2) it is much faster than inserting your chip card at the terminal to complete the transaction.
Plus, it looks really cool to wave your phone at the terminal and “boing” you’re done. I smugly watch the people in line behind me watching this transaction with interest.
The transaction is more secure because the phone wallets keep card credentials in a secure element on the phone, which is highly resistant to hacking, and more importantly, does not transmit real card credentials to the merchant. Instead, the merchant only receives a one-time use tokenized version of your card credentials. This means that if the merchant’s database is hacked, the tokenized version of your card credentials that are exposed are just useless gibberish.
This saves the card issuer from eating losses under Reg Z for unauthorized transactions and crediting your account for charges the hacker racked up on a spending spree for fenceable goods. Actually, most of those unauthorized charges flow back to the merchant who was hacked, but the issuers whose cards are exposed typically do not recover their full costs.
From 2006 through 2016, the number of insured depository institutions in the United States has fallen from 8,691 charters to 5,922, a decline of 2,769 charters or a 32% loss. This headline loss number is worth talking about, but is neither news nor new. The loss of charters is a frequent source of discussions around bank board rooms, stories from trade press, and chatter at banking conferences. The number of insured charters has also been in steady decline, with at least 33 years of declining numbers.
However, a deeper dive into the numbers reveals some unexpected trends below the headline 32% loss of charters.
In his first weeks in office, President Trump has taken steps to undo or alter major components of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”). These include delaying implementation of the “Fiduciary Rule,” which regulates the relationship between investors and their financial advisors, directing the Treasury Secretary to review the Dodd-Frank Act in its entirety, and signing a resolution passed by Congress that repeals a Dodd-Frank regulation on disclosures of overseas activity by energy companies.
In the past few months, there has been a lot of speculation regarding the future of many administrative agencies under Trump’s administration. However, two current cases pending in the D.C. Circuit have the potential to have a dramatic impact on administrative agencies and past and present regulatory enforcement actions by such agencies.
In Lucia v. SEC, the SEC brought claims against Lucia for misleading advertising in violation of the Investment Advisers Act of 1940. The enforcement action was initially resolved by an administrative law judge (ALJ); however Luica was later granted a petition for review based on an argument that the administrative hearing was unconstitutional because the ALJ was unconstitutionally appointed. The issue made it up to the U.S. Court of Appeals for the D.C. Circuit who recently held that the ALJ was constitutionally appointed because the judge was an “employee”, not an officer. However, other courts have held just the opposite. In December, the 10th Circuit held in Bandimere v. SEC that ALJs were “inferior officers” and thus must be appointed pursuant to the Appointments Clause. A rehearing en banc has been granted in Lucia to address this issue.
On the heels of Lucia, in PHH v. CFPB, the CFPB brought claims against PHH for violations of the Real Estate Settlement Procedures Act. Similarly, this enforcement proceeding was originally decided by an ALJ. However, PHH appealed the ALJ decision for a multitude of reasons and the appeal has also made it up to the D.C. Circuit where a rehearing en banc was granted last month. In the court’s order granting a rehearing en banc, the court ordered, among other things, that the parties address what the appropriate holding would be in PHH if the court holds in Lucia that the ALJ was unconstitutional.
If you have any questions regarding anything discussed on this blog, the attorneys and other professionals of the Financial Institutions Group of Bryan Cave LLP are available to answer your questions. Please click here for a list of our Professionals or fill out the contact request form below.
Thank you for reaching out to us.
First, though, we have to tell you a couple of things:
Your email will not create an attorney-client relationship between you and us. Attorney-client relationships can only be created in writing, signed by both you and us.
Until you become a client:
You will not tell us anything you would not want made public.
We cannot respond to any question about the law or legal options.
We may represent a party adverse to you, now or in the future.
The attorneys of Bryan Cave Leighton Paisner make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.