Category: Financial Institutions and Banking

FDIC offers guidance on multiple NSF fees

Recently, the FDIC issued guidance to address consumer compliance risks associated with assessing multiple nonsufficient funds (NSF) fees arising from re-presentment of the same unpaid transaction. This issue often comes up when transactions are presented for payment that can’t be covered by a customer’s balance, the bank charges NSF fees and the merchant subsequently resubmits the transaction for payment.

According to the FDIC, if the bank charges additional NSF fees for the same transaction, there’s “an elevated risk of violations of law and harm to consumers.” This risk may arise, for example, because disclosures didn’t fully or clearly describe the bank’s re-presentment policy by explaining that the same unpaid transaction might result in multiple NSF fees. As a result, there may be a heightened risk of violating the Federal Trade Commission Act’s unfair or deceptive acts or practices (UDAP) provisions.

The guidance encourages banks to review their practices and disclosures regarding NSF fees for re-presented transactions and to adjust them if necessary. If violations are noted, the FDIC expects banks to make restitution.

Complying with the updated FTC Safeguards Rule

In December 2021, the Federal Trade Commission (FTC) updated its Standards for Safeguarding Customer Information (Safeguards Rule). It’s generally applicable as of January 10, 2022, with some requirements taking effect December 9, 2022. According to the FTC, the amended rule preserves the flexibility of the original while providing more concrete guidance. “It reflects core data security principles that all covered companies need to implement,” the FTC explains. Some institutions are exempt, including those that maintain customer information concerning fewer than 5,000 consumers.

Financial institutions — including mortgage lenders, collection agencies, tax preparation firms, and non-federally insured credit unions — should review their information security programs to ensure that they comply with the latest standards. A good place to start is the FTC’s publication, “FTC Safeguards Rule: What Your Business Needs to Know,” which you can find at https://www.ftc.gov/business-guidance/resources/ftc-safeguards-rule-what-your-business-needs-know.

Failure to safeguard data may violate consumer protection laws

In a recent circular, the Consumer Financial Protection Bureau (CFPB) confirmed that banks and other financial companies that fail to safeguard consumer data may violate federal consumer financial protection laws. The circular warns companies they risk violating the Consumer Financial Protection Act if they fail to have adequate measures to protect against data security incidents. It also provides examples of data security measures that, if not implemented, may trigger liability. These include multifactor authentication, adequate password management, and timely software updates.

© 2022

Businesses need to assess their financial status periodically in light of changing economic or industry conditions. This includes examining their financial statements to ensure the statements continue to be adequate, accurate and complete. Occasionally, business owners or financial officers may determine that the financial statements need to be revised or corrected. When your borrowers provide you with corrected or restated financial statements, be vigilant and double-check the numbers. It may be that the restatements simply correct an honest mistake. Alternatively, there may be fraud involved.

When a mistake becomes intentional

When Tom took over his aunt’s marketing company, the lender quickly discovered that Tom’s accounting skills hadn’t kept pace with his marketing abilities. The company engaged in various types of related-party transactions, including seller financing and a leasing arrangement with the previous owner. Tom also seemed unsure when to capitalize or expense supplies and equipment.

After two years of sloppy, delayed financial reporting, Tom’s lender recommended hiring an accountant for financial reporting and tax expertise. Shortly thereafter, the lender received an unwelcome surprise: The company needed to reissue its financial statements for the past three years.

Ultimately, the restatements revealed that Tom had overstated profits by more than $3 million over the last three years. When confronted with the news, he confessed that he’d been intentionally padding profits, because he didn’t want to disappoint his aunt.

The lender called the company’s $4 million line of credit. Tom was forced to confess his mismanagement to his aunt, who eventually left retirement to turn around the business.

When complex rules invite misinterpretation

Not all restatements result from misleading or unethical management. Often owners and managers just aren’t on top of today’s increasingly complex accounting rules — and honest mistakes or misinterpretations cause a restatement.

Restatements typically occur when the company’s financial statements are subjected to a higher level of scrutiny. For example, restatements may happen when a borrower converts from compiled financial statements to audited financial statements or decides to file for an initial public offering. They also may be needed when the borrower brings in additional internal (or external) accounting expertise, such as a new controller or audit firm.

The restatement process can be time-consuming and costly. Regular communication with interested parties — including lenders and shareholders — can help overcome the negative stigma associated with restatements. Management also needs to reassure employees, customers and suppliers that the company is in sound financial shape to ensure their continued support.

When errors become significant

Errors are a common cause of financial restatements. For example, borrowers sometimes make mistakes when accounting for leases or reporting compensation expense from backdated stock options.

Income statement and balance sheet misclassifications also cause a large number of restatements. For instance, a borrower may need to shift cash flows among investing, financing and operating on the statement of cash flows. Other leading causes of restatements are equity transaction errors, such as improper accounting for business combinations and convertible securities, and valuation errors related to common stock issuances. Preferred stock errors and the complex rules related to acquisitions, investments, revenue recognition and tax accounting also can cause restatements.

You can minimize your dependence on bad numbers by requiring independent audits for private borrowers. You also may request cost-effective internal control testing procedures for prospective and high-risk borrowers, such as those that engage in hedge accounting, issue stock options, use special purpose or variable interest entities, or consolidate financial statements with related parties.

Mistakes happen

Even the most well-managed business may slip up and make financial statement mistakes that need to be corrected. But some restatements are a warning flag — not just of potential fraud but of mismanagement or carelessness. When a borrower presents you with financial restatements, investigate the underlying cause to stay ahead of any potential problems.

© 2022

New ACH rules issued for “micro-entries”

Earlier this year, the National Automated Clearing House Association (Nacha) adopted rule changes regarding micro-entries — the small ACH credits and debits originators or third-party senders use to validate customer account information. The changes are designed to standardize practices and formatting of micro-entries in order to improve the effectiveness of micro-entries as a means of account validation; better enable identification and monitoring of micro-entries; and improve ACH Network quality.

Effective September 16, 2022, micro-entries are defined as ACH credits of less than one dollar — and any offsetting debits — used for account validation. Credit amounts must equal or exceed debit amounts, and credits and debits must be transmitted to settle at the same time. Originators must use “ACCTVERIFY” in the company entry description field. In addition, the company name must be easily recognizable and similar to the name used in subsequent entries.

Effective March 17, 2023, originators must use commercially reasonable fraud detection, including monitoring micro-entry forward and return volumes.

Proposal would modernize Community Reinvestment Act

Under the Community Reinvestment Act (CRA), federal banking agencies periodically evaluate community banks’ records in meeting their communities’ needs and make those evaluations available to the public. They also consider a bank’s CRA rating when reviewing requests to approve mergers or acquisitions, charters, branch openings, and deposit facilities. Recently, the agencies issued a proposal to modernize their CRA regulations. Among other things, the proposed regulations would: 1) promote expanded access to credit, investment, and basic banking services in low- and moderate-income communities, 2) update CRA assessment areas to include activities associated with online and mobile banking, branchless banking, and hybrid models, and 3) provide greater clarity and consistency by adopting a metrics-based approach to CRA evaluations of retail lending and community development financing.

Black box credit models don’t excuse ECOA non-compliance

The Consumer Financial Protection Bureau (CFPB) has issued a warning to banks and other lenders that use complex algorithms (popularly known as “black box” models) to make credit decisions. A recent CFPB circular warned that the use of these models doesn’t allow lenders to avoid their obligations under the Equal Credit Opportunity Act (ECOA). The act requires lenders to provide applicants with specific reasons for the denial of credit or other adverse actions. The circular makes clear that a lender isn’t relieved of this obligation, even if a black box model prevents it from accurately identifying the specific reasons for an adverse action. According to the circular, “A creditor’s lack of understanding of its own methods is … not a cognizable defense against liability for violating ECOA.”

Contact one of our experts if you have any questions about the new ACH rules, the Community Reinvestment Act, or the Equal Credit Opportunity Act.

Blockchain, the technology behind Bitcoin and other cryptocurrencies, has been in the news a great deal in recent months. Headlines about the volatility of cryptocurrencies and their relative lack of regulatory oversight have generated widespread skepticism about the technology. But the uses of blockchain go well beyond cryptocurrency. And its potential benefits for banks have led many to believe that blockchain is poised to transform the industry.

What is blockchain?

The technology that powers blockchain is complex. But the concept is relatively simple: A blockchain is a distributed database (or “ledger”) that’s shared among thousands or even millions of computers or servers, called “nodes,” maintained by independent third parties (individuals or organizations).

The lack of centralized storage or control makes it extremely difficult for someone to tamper with the ledger. It can accept new transactions only if they’re verified by these third parties through established consensus protocols. As a result, the ledger is highly resistant to errors or fraud. In addition, the technology uses encryption and digital signatures to protect participants’ identities.

How can it be used in banking?

Blockchain generates validated, immutable records that are readily available to all parties. This helps establish trust while minimizing the need for intermediaries to authenticate or certify transactions. It’s well suited, therefore, for a variety of banking functions. Here are a few examples:

Processing payments and transfers. Payments and bank transfers, especially international transactions, can be costly and time-consuming. A simple bank transfer must wind its way through a complex system of correspondent banks, custodians, and other intermediaries to reach its destination, adding time and fees to the process. Blockchain makes it possible to clear and settle these transactions almost instantly, often outside traditional banking hours, without the need for multiple intermediaries. Most blockchain-based payments and transfers are made using stablecoins — cryptocurrencies that are tied to the value of a fiat currency, such as the U.S. dollar, thereby limiting volatility.

Verifying customers’ identities. “Know your customer” requirements can make it costly and cumbersome for banks to verify their customers’ identities. By storing customer information on a blockchain, the process can be streamlined. It allows various financial institutions, as well as business units within those institutions, to access and verify customer information while protecting customer privacy.

Processing mortgages and other loans. Blockchain has the potential to streamline loan processing. Using “smart contract” technology to create, store and execute documents, blockchain avoids confusion and errors by ensuring that everyone is working off of the same version of a document. It also prevents anyone from modifying it without alerting others. And if a change or correction is required, it’s added to the blockchain, together with supporting documentation, creating a permanent audit trail.

Blockchain also can greatly speed up the transaction process by automating some tasks. For example, funds can automatically be released from escrow upon verification of specific preconditions, such as title clearances or loan approvals.

Ready for prime time?

These examples are just a few potential uses of blockchain in the banking industry. The technology is still relatively new and might not be quite ready for prime time, especially for community banks. But given the potential benefits — in terms of efficiency, security, and cost savings — it’s definitely worth exploring further.

Contact one of our experts if you have questions about blockchain.

In an uncertain economy, with rampant inflation and other significant economic headwinds, it’s a good idea for community banks to ensure their loans are based on sound funding sources and that the degree of liquidity risk they’re carrying is reasonable and manageable for the foreseeable future. This means your bank needs to have adequate procedures in place to mitigate risk and stay solvent through tough times.

What are the problems?

The recent economic downturn is just one reason for the increase in liquidity risk. It’s also tied to loan growth accompanied by shrinking liquid asset holdings and increasing reliance on noncore and wholesale sources — such as borrowings, brokered deposits, internet deposits, deposits obtained through listing services and uninsured deposits — to fund loan growth.

Typically, these alternative funding sources are more expensive and volatile than insured core deposits. And they’re subject to legal, regulatory, and counterparty requirements that can create liquidity stress, particularly if a bank has credit quality issues or deteriorating capital levels.

The Federal Deposit Insurance Corporation (FDIC) recognizes that alternative funding sources can be an important component of a well-managed bank’s liquidity and funding strategy. But these sources can be problematic if a bank relies on them too heavily. Incorporating a balanced funding strategy into a comprehensive liquidity risk management plan is key to success.

How can you manage liquidity risk?

The FDIC urges banks to consult the federal banking regulators’ Interagency Policy Statement on Funding and Liquidity Risk Management, which outlines the essential elements of sound liquidity risk management. The statement notes that banks should balance the use of alternative funding sources “with prudent capital, earnings, and liquidity considerations through the prism of the institution’s approved risk tolerance.” Specifically, they should:

• Ensure effective board and management oversight,
• Adopt appropriate strategies, policies, procedures, and limits to manage and mitigate liquidity risk,
• Implement appropriate liquidity risk measurement and monitoring systems,
• Actively manage intraday liquidity and collateral,
• Have a diverse mix of existing and potential future funding sources, and
• Hold adequate levels of highly liquid marketable securities that are free of legal, regulatory, or operational impediments.

What’s the backup plan?

Banks also should design a comprehensive contingency funding plan (CFP) that sufficiently addresses potential adverse liquidity events and emergency cash flow requirements. Finally, they need to set up appropriate internal controls and internal audit processes.

For banks that rely heavily on volatile funding sources, it’s important to ensure that the banks’ risk tolerances and recovery strategies are reflected in their asset-liability management programs and CFPs. A well-developed CFP should help a bank manage a range of liquidity stress scenarios by establishing clear lines of responsibility and articulating implementation, escalation, and communication procedures. It also needs to address triggering mechanisms, early warning indicators, and remediation steps that cover the use of contingent funding sources.

CFPs should identify alternative liquidity sources and ensure ready access to contingent funding because liquidity pressures can spread during a period of significant stress. Examples of backup funds providers include federal home loan banks, correspondent institutions, and others that facilitate repurchase agreements or money market transactions.

An independent party should regularly review and evaluate the various components of a bank’s liquidity management process. The review should match the process against regulatory guidance and industry best practices as adjusted for the bank’s liquidity risk profile. The reviewer then should report the results to management and the board of directors.

How do you stay afloat?

Clearly, for community banks, managing liquidity risk is key to staying solvent and profitable. Without appropriate strategies in place for dealing with potential funding source issues, your bank could be left to flounder in an ocean of problems. Help your bank stay afloat by ensuring you have robust practices in place.

Contact one of our experts if you need help staying on top of liquidity risk.

8 tips for a successful succession plan

One of the biggest challenges community banks face today is a shortage of banking talent. So, it’s critical for banks to develop a solid succession plan to manage transition risk. When key management personnel retire or leave unexpectedly, a succession plan helps ensure that the bank is prepared for the change and proactively addresses the vacancy.

Tailor your plan

Keep in mind that your succession plan must be tailored to your bank’s size, complexity, location, culture, risk profile, product and service mix, management “bench strength,” and other characteristics. With that in mind, here are eight tips to get you started:

• Look within. There are many advantages to identifying internal candidates to succeed the CEO and other key management personnel. They’re already immersed in your bank’s culture and are familiar with its operations, goals, and strategies. Another big advantage of promoting from within is that your board of directors is likely already familiar with internal candidates’ work and personalities.

• Have a leadership development program. A formal program for developing potential successors improves your chances of identifying internal successors. By providing training, mentoring, and coaching, you help candidates develop the skills they need to succeed in a management role — and you have an opportunity to evaluate their performance over time. In addition, your investment in employees may help with retention.

• Consider external candidates. Although promoting from within has significant advantages, in some cases considering external candidates may be necessary or desirable. For example, if a CEO or other executive departs unexpectedly, you might not have a suitable internal candidate. Or perhaps the board feels that your bank would benefit from an outsider’s fresh perspective or experience at other types of institutions.

• Look beyond the CEO. Many banks’ succession plans are limited to the top role. But it can be equally important to plan for the departure of other key positions — such as the CFO, chief risk officer or chief technology officer — as well as division or department heads who are critical to the bank’s operations and success. As you review your bank’s organizational chart, examine each position, consider the potential impact of a sudden vacancy and plan accordingly.

• Think both short- and long-term. It’s important to have a short-term plan in the event someone leaves unexpectedly. This may involve designating interim successors who can fill in until a permanent replacement is found (which, in some cases, may be the interim successor). To minimize disruptions, a bank can use cross-training to ensure the availability of backup staff who can assume management responsibilities on an interim basis.

• Make implementation part of your plan. Outlining your succession goals and strategies isn’t enough. Your plan should also include a “playbook” that sets forth processes for implementing the plan. For example, if you plan to hire from outside the bank, the playbook should specify where you’ll look for candidates, where you’ll post job listings and how you’ll identify the right people for the job. It might include checklists or other tools for evaluating candidates.

• Communicate your plan. Transparency is key. It’s important to communicate your plans to all involved and manage candidates’ expectations to avoid losing people when one person is selected as successor. Make sure participants view the process as a career development opportunity, not a competition, and that you have a clear career path for those who aren’t chosen.

• Revisit your plan regularly. A succession plan isn’t something you can put on a shelf and forget about until it’s time to implement it. To ensure that your plan continues to make sense for your institution, review it periodically and update it if necessary to reflect changes in your bank’s strategies, size, product and service offerings, regulatory environment, or other circumstances. Suppose, for example, that three years after developing a succession plan, a bank implements mobile banking applications and other digital technologies and hires a CTO. Unless the plan is updated, the bank’s operations could be disrupted if the CTO leaves.

Start early

Ideally, succession planning should start several years before potential succession events. You’ll need to give yourself plenty of time to define the qualifications you’re looking for, draft job descriptions, and evaluate internal and external candidates. You’ll also need backup plans for unexpected departures. By planning for management transitions, you’ll head off transition problems before they have a chance to derail your bank.

Sidebar: Regulatory expectations regarding succession planning

Federal banking agencies view succession planning as a key governance and risk management tool. In a recently published Q&A on succession planning, Federal Reserve representatives note that “management capabilities and succession prospects are considered throughout the examination process” and that these factors influence the “assessment of the bank’s viability.”

The Q&A also says that “given the importance of maintaining qualified bank leadership, any significant disruption in the bank’s operations can have far-reaching, negative ramifications for a bank’s safety and soundness. Hence, an effective succession plan is nimble enough to respond to changes in bank leadership in a timely fashion.”

Contact one of our experts with any questions about managing transition risk.