BCLP Banking Blog

Bank Bryan Cave

Regulatory Exam Tip

Main Content

A Litigator’s KISS Takeaways from CFPB’s Summer 2018 Supervisory Highlights

KISS. An acronym first utilized in military equipment design in the 1960’s, “Keep it Simple Stupid.” Litigators rely on KISS in formulating trial themes and presentations to juries. Simple messages resonate. In that vein, I offer three KISS takeaways from the Bureau of Consumer Financial Protection’s Supervisory Highlights, Issue 17, Summer 2018.

KISS #1: Details Matter. 

On two key levels: (a) your business compliance operations and consumer interactions, and (b) in the Bureau’s supervision and examination conclusions. Taking these in reverse order, the Bureau’s Introduction (p. 2) provides important guardrails:

[L]egal violations described in this and previous issues of Supervisory Highlights are based on the particular facts and circumstances reviewed by the Bureau as part of its examinations. A conclusion that a legal violation exists on the facts and circumstances described here may not lead to such a finding under different facts and circumstances.

This is critical to your supervision and examination preparedness and your interactions with the Bureau.  If the Bureau spots a concern, consider providing a fulsome explanation of the analysis that went into the policy formulation, how your organization believed it was operating in good faith under applicable laws and believed that the practice would not harm or mislead consumers, what steps your organization has done in monitoring and addressing any consumer concerns regarding the policy or practice. This may sound basic, but the Bureau’s statement matters and can be referenced. The Bureau should, in my view, consider such information in assessing whether any violation has occurred, whether any consumers actually were harmed and whether any remediation is necessary. Sometimes the conclusion may be that the practice presents a risk of potential confusion or harm and simply should be modified going forward. Present your best case; the Bureau appears to be open to considering all the facts and circumstances.

Read More

FDIC Examinations and Cyberattack Risk

FDIC bank examinations generally include a focus on the information technology (“IT”) systems of banks with a particular focus on information security. The federal banking agencies issued implementing Interagency Guidelines Establishing Information Security Standards (Interagency Guidelines) in 2001. In 2005, the FDIC developed the Information Technology—Risk Management Program (IT-RMP), based largely on the Interagency Guidelines, as a risk-based approach for conducting IT examinations at FDIC-supervised banks. The FDIC also uses work programs developed by the Federal Financial Institutions Examination Council (FFIEC) to conduct IT examinations of third party service providers (“TSPs”).

The FDIC Office of the Inspector General recently issued a report evaluating the FDIC’s capabilities regarding its approach to evaluating bank risk to cyberattacks. The FDIC’s supervisory approach to cyberattack risks involves conducting IT examinations at FDIC-supervised banks and their TSPs; staffing IT examinations with sufficient, technically qualified staff; sharing information about incidents and cyber risks with regulators and authorities; and providing guidance to institutions. The OIG report determined that the FDIC examination work focuses on security controls at a broad program level that, if operating effectively, help institutions protect against and respond to cyberattacks. The program-level controls include risk assessment, information security, audit, business continuity, and vendor management. The OIG noted, however, that the work programs do not explicitly address cyberattack risk.

Read More

Regulators’ “No Stress” Message to Smaller Banks Only Tells Part of the Story

On May 14, 2012, the Federal Reserve, FDIC and the OCC released a joint statement confirming that that banking organizations with total consolidated assets of $10 billion and under will not be required to conduct formal stress tests.  Management of many smaller banking organizations had been concerned that the stress testing required of larger banks would “trickle down” in an informal sense to smaller banks.  With this regulatory statement, that concern is alleviated, at least in the official sense.

We continue to believe that the heightened (or perhaps renewed) emphasis on risk management by the regulators will affect banks of all sizes.  It is likely that regulators, directors, and shareholders of all banks will want to confirm that management has identified the key risk factors affecting the institution and that the board has established the institution’s tolerance for accepting those risks and implemented any appropriate mitigants.

We recommend that banks of all sizes, even the smallest community banks, undertake an enterprise risk management analysis to identify the key risks facing the institution.  The board of the institution, as a subpart of its strategic planning function, should review those risks and establish the institution’s risk tolerance with respect to each category of risk (many consultants will capture this analysis in a “risk appetite statement”).  Establishing and understanding those risk tolerances will form a roadmap for setting and executing the institution’s strategic initiatives.  In implementing this analysis, some institutions may undertake some level of stress testing with respect to certain risks.

This risk management analysis is a natural adjunct to the self examination process used we recommend using in preparing for a regulatory exam (see our prior “Self Exam” post).  While the self exam process is typically more focused on the bank’s current position and past performance and this risk management analysis is more forward-looking, both processes require an introspective review.  Senior regulators have repeatedly confirmed to us (and we have seen in practice) that where banks take the initiative in implementing credible risk management programs and other pre-examination preparation, the examiners are much more likely to defer to the judgment of management and the board of the bank – with the result being a much better interaction with regulators (who, in an ideal scenario, can be a partner in the risk identification process).

Read More

What Bank Directors Need to Know About Bank Secrecy Act Compliance

Ten years ago, Bank Secrecy Act (BSA)/anti-money laundering (AML) compliance was one of the biggest areas of concern for banks and their regulators.  Following September 11 and the heightened regulatory focus on BSA matters, most banks found it necessary to expend significant resources to enhance or even rebuild their BSA/AML programs.

In the past few years, bank regulators have had to focus on other matters, including residential and commercial loan concentrations, adequate capitalization, and even bank failures.  Banks also wisely have focused on these matters during these difficult economic times.

It is important, however, that these other matters do not push BSA/AML compliance aside.  This article summarizes some of the top BSA-related issues that the Board of Directors of every bank should keep in mind.

Best Practices for the Board

It is easy in difficult financial times for the Board and management to push aside compliance matters, including BSA/AML compliance.  Compliance matters can seem less important when one is worried about the bank’s very survival.

Nevertheless, compliance continues to be important.  It is critical that the Board stay informed, devote adequate resources to compliance, and set the proper tone for compliance within the organization.

The following are four best practices for Boards of Directors.

1.     Require Periodic and Thorough BSA Reports

One of the most important things for the Board to understand about the BSA and AML requirements is that the Board is expected to stay abreast of the institution’s progress and what is working and not working.  That means that the Board needs to receive at least annual BSA/AML training, and also needs to receive regular reports on BSA/AML compliance matters from its BSA officer, including on suspicious activity report (SAR) filings and trends.

Read More

Directors and the Exam Process: Get Involved Early

My colleagues and I frequently meet with bank boards that have received very sobering reports from their bank’s examiners. While the directors’ responses to bad examination reports vary greatly, there is one emotion that is nearly universal: a feeling of helplessness. As a result, directors almost always express a desire to get involved in the exam process after they receive negative feedback from the examiners, whether through requesting meetings with higher-level regulators, appealing the exam findings, or fighting a proposed enforcement action. Unfortunately, those actions, particularly if taken after a final examination report is issued, seem to have little positive impact on the examination process and may even prove to be harmful to the bank.

The good news, however, is that there is a way for directors to get involved in the regulatory examination process that can have a meaningful positive impact. Discussed below is our top recommendation for directors to be involved in the examination process. We believe early, proactive involvement can positively impact the outcome of a regulatory examination and also enhance the board’s understanding of regulatory criticism.

While most directors’ first contact with examiners is at the examiners’ exit meeting with the board, we suggest director involvement earlier in the examination process. There should be one or more outside directors present at the examiners’ preliminary exit meeting with management. During this meeting, the examiners will present their preliminary findings from the examination. In addition to highlighting the engagement and availability of the bank’s directors, attending this meeting allows the directors to understand the key issues in the examination. By hearing the examiners deliver their findings first hand, the directors will have a better sense of the seriousness of the issues being identified. Finally, directors will be able to ask questions of the examiners that might not be easily asked by members of management; e.g., asking for an interpretation of a regulation.

By attending this preliminary exit meeting, directors are also able to ensure that the bank’s board has a timely understanding of the issues presented by the examiners. Members of the bank’s executive management team have a natural tendency to relay examination criticisms to the board through their own point of view. Management may fear adverse action by the board as a result of regulatory criticisms or may feel so strongly about their point of view that they tend to “water down” the comments of the examiners. By having outside directors attend the meeting, those directors can deliver an independent report of the regulatory criticisms to the board.

Read More

Self-Exam: Improve the Health of the Bank and its Standing with Regulators

Doctors recommend various self exams to catch disease early, so it can be treated before it’s too late. As it turns out, a self examination can be good for the health of a bank as well. My colleagues and I recommend that our banking clients and friends undertake a regular self examination in order to identify potential internal and external challenges that the bank may face. As discussed more thoroughly below, these self examinations can also be very helpful when the bank’s doctor (your friendly regulator) comes in for a check-up.

Enlist internal audit

To initiate the self examination, the audit committee of the bank’s board of directors should charge management with preparing a report that outlines the current and projected status of the bank’s key areas of risk. Ideally, the bank’s internal audit function will take the lead in performing the examination and preparing the related report. In order to maximize the value of this report, the audit committee should direct management to deliver the report at least 60 days prior to the bank’s next scheduled regulatory exam. The self examination report, in its most basic form, should cover the areas that are the focus of the bank’s regulators: CAMELS (capital, asset quality, management, earnings, liquidity and sensitivity to market risk). The report should also address any key areas of risk identified by the directors.

Analyze your market

In addition to analyzing the typical CAMELS components and other areas of risk, a very important part of the self examination process is a market study. The report should present facts, trends and projections related to the market area in order to define the opportunities and challenges being faced by the bank’s customers. While many bank directors have a good feel for market trends, we have found that this data, when presented with specific facts and trends, can inform the board’s discussions of a variety of topics a great deal. It can also provide the bank with support for dealing with its examiners, who conduct their own market analysis prior to each examination.

Read More

Bank Buildings: When Directors Are the Landlords

Are any of your bank branches and offices owned by directors? That could spell trouble but it can be handled well. Here’s how.

During the mid-2000’s, it was commonplace for a bank, particularly a de novo bank, to lease some or all of their bank facilities from an entity controlled by the bank’s directors. At the time, these arrangements truly represented a “win-win” situation. The bank was able to occupy built-to-suit facilities while conserving liquidity so that cash could be deployed through making loans with attractive yields. At the same time, the directors, many of whom were real estate professionals, were able to make a sound real estate investment with the knowledge that a very stable tenant would occupy the property.

As we know, much has changed since the mid-2000’s. Vacancies in commercial properties have caused market lease rates to plummet.  Similarly, market values of commercial properties have decreased substantially. Many banks have excess liquidity caused by soft loan demand, making a potential investment in fixed assets more attractive.

Because many of these leases were written with five-year initial terms, a number of banks are now weighing their options with respect to renewal, extension or renegotiation of the leases. To make matters more complex, many director-controlled entities borrowed money to construct the bank facilities. If those notes had five-year terms, they are coming up for renewal, and the lending bank may be eager to move the commercial real estate loans off of its books.

This fact presents a particularly difficult challenge for the affected directors. Banking regulations require that transactions with affiliates be made on terms at least as favorable to the bank as those terms prevailing at the time for transactions with unaffiliated parties. Most bank directors understand their duty to act in the best interests of the bank, but they are also facing personal financial exposure if the lease is not renewed on terms that allow the entity to continue to service its debt obligations. In addition, given public scrutiny of directors and officers who are perceived to have profited at the expense of the bank they serve, creating a proper process to manage these situations has never been more important.

Read More

Regulatory Exam Tip: Early Intervention

By now, many bankers have experienced the following situation:  you have just left a management exit meeting with regulatory examiners, and you are stunned by the negative conclusions that the examiners have reached.  In the wake of this disappointment, many bankers wait for the examiners to meet with their board and issue the Report of Examination before putting “their side of the story” on the record in a written response to the Report of Examination.

While we always recommend that bankers point out any factual inaccuracies in a Report of Examination via a written response, we believe that bankers may be able to help themselves by presenting additional information before the Report of Examination is issued.  This approach may be particularly helpful if a bank believes its regulatory ratings are being downgraded as a result of inaccurate or incomplete findings by their examiners.  As stated in a recent article by SNL Financial (subscription required):

[Danny Payne, former commissioner of the Texas Department of Savings and Mortgage Lending and now an industry consultant,] said there may be instances where examiners have been overzealous or harsh in their recommendations or findings. “But before the reports are issued, the pre-report communication processes and negotiations between the bank and examiners usually result in a fair ruling,” he said. “By the time issues reach the enforcement order stage, all subjective debates and negotiations typically have been completed and decided.”

We have found that many disagreements with examiners can be resolved through the presentation of additional information.  At the very least, these discussions help bankers gain further understanding of the analysis by examiners.

As we move further into this economic cycle, we are seeing more “borderline” cases where presenting details to examiners can make a difference in the conclusions reached by examiners.  As a result, we encourage bankers to communicate openly with examiners about the condition of their banks.  If you would like to discuss these concepts, please contact any member of our Bryan Cave financial institutions group.

Read More

Regulatory Exam Tip: Write Your Own Exam Report

Over the last few years, we have heard from many of our clients that statements and conclusions in their exam reports are unfair and inaccurate. It is important to understand that regulatory Reports of Examination based upon the data that is given to examiners and the examiners’ interactions with management during the exam process. As a result, we encourage bankers to prepare extensively for regulatory exams by creating presentations that tell the Bank’s story, especially highlighting improvements in the bank’s condition since the time of the most recent regulatory exam or visitation.

While the information in the presentations may seem obvious to bankers, the data reviewed by the examiners may not reveal important and helpful trends in the bank’s condition. For most of our clients, these trends are not obvious when reviewing financial statements and the other information typically provided to the bank’s regulators.

We are happy to share our experiences with approaches that have had a positive influence on the exam process and to refer bankers to resources that may help with preparation for regulatory exams. For more information, please feel free to contact any member of our Bryan Cave financial institutions group.

Read More
The attorneys of Bryan Cave Leighton Paisner make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.