thank you to paynewest insurance
TRANSCRIPT
Thank you to
for sponsoring this session
PayneWest Insurance
WWW.ALSTON.COM
Understanding Today’s Regulatory & Political Environment
Alston & Bird LLPNovember 4, 2015
Presented toWashington Bankers Association
Annual ConventionCoeur d’Alene, Idaho
June 24, 2016By
Sanford M. BrownPartner
Alston & Bird LLPDallas, Texas
WWW.ALSTON.COM
Hot button issues
Capital
Mergers and Acquisitions
The CFPB
Regulatory Update
3
WWW.ALSTON.COM
Current Regulatory “Hot Button” Issues
+ Interest rate risk+ Asset quality – relaxation of
credit underwriting standards+ Capital planning and Basel III
compliance+ Third party and vendor risk
management+ Cyber Security and IT risks+ Compliance risks+ Governance and constituent
involvement+ Social Media Compliance
“Regulators are focusing on strategic risk and operational risk.”
4
WWW.ALSTON.COM
Interest Rate Risk Management
+ COMPREHENSIVE ASSET-LIABILITY & RISK MANAGEMENT PROGRAM. Consider liquidity, gap exposures, earnings and capital implications.
+ ONGOING PROCESS. Models should not be static. They should evolve to reflect the institutional changes and market conditions.
+ STRESS TESTING. No longer a “recommendation.”
+ SECURITIES PORTFOLIO POSITIONING. The allure of higher-yielding longer term investments versus the risk of heightened unrealized losses in a rising interest rate environment and reduction in GAAP equity capital.
+ ASSET LIABILITY AND INVESTMENT POLICIES. Revisit and revise at least annually.
+ HEDGING ACTIVITIES. Use of hedging instruments to mitigate interest rate risk can be effective but the bank must understand the instruments and their potential risks.
“Prudent planning for volatile, and likely increasing, rates.”
4
WWW.ALSTON.COM
Third Party and Vendor Risk Management
+ EXPANDING RESPONSIBILITY. Risk management extends to service providers, customers, and third parties.
+ ENFORCEMENT. From BSA/AML to general principals of safety and soundness, there are broad avenues of enforcement.
+ STAYING INFORMED. Banks can no longer mind their own business – they must take an active oversight role in the business of others.
+ POLICING. Banks must actively police the business of service providers, customers, and business partners.
+ MONDAY MORNING QUARTERBACK. Compliance will be viewed in hindsight – if the bank does not “catch the bad guys,” the bank can be held liable.
“Mind your own business…and the business of your customers, vendors and business partners.”
5
WWW.ALSTON.COM
Third Party and Vendor Risk Management(cont.)
+ VICARIOUS LIABILITY. A legal theory under which someone can be liable for the actions of others. This concept typically appears in the employer-employee relationship.
+ AVENUES OF ENFORCEMENT. Regulators enforce these claims through BSA/AML, pursuant to which banks are responsible for “fraudulent” fees processed on behalf of bank customers because banks failed to perform proper due diligence. Another enforcement tactic is operation “Choke Point,” for which there has been no formal rulemaking or action.
+ RISK ASSESMENT/DUE DILIGENCE. Review the reputational, operational, compliance, and strategic risk.
+ CONTRACT CONSIDERATIONS. Appropriate provisions regarding compliance with laws, authority to conduct due diligence, ability to disclose information to regulators, indemnification, reserves, termination, etc.
“Banks are required to remain vigilant to the hazards posed by outsourcing to third parties.”
6
WWW.ALSTON.COM
Third Party and Vendor Risk Management(cont.)
+ THIRD-PARTY ASSET SELLERS. In CFPB’s enforcement action against Ally Bank (December 2013) the bank purchased loans from auto dealers at an agreed buy rate. Auto dealers negotiated higher rates with customers and retained the difference between the buy rate and the marked-up rate. CFPB raised fair lending concerns regarding the actions of the auto dealers, and Ally was held liable for the actions of the auto dealers due to failure to control, monitor and ensure that the auto dealers complied with the ECOA.
+ THIRD-PARTY ASSET PURCHASERS. OCC risk management guidance on consumer debt sales (August 2014) indicates that banks must control (and will be held responsible for?) the unlawful actions of third-party purchasers of charged-off debts.
+ AVENUES OF ENFORCEMENT. Include debt collection practices of purchasers and general safety and soundness (e.g., compliance and reputational risks of selling banks and related controls).
According to the OCC guidance:“The OCC takes appropriate supervisory action to address any unsafe or unsound banking practices associated with debt sales, to prevent harm to consumers, and to ensure compliance with applicable laws.”
7
WWW.ALSTON.COM
Cyber Security
AN EPIDEMIC: CYBER CRIME IS PROLIFERATING. Target, Home Depot, Sony and the list goes on……
SOPHISTICATION. Cyber attacks are increasingly more sophisticated and include corporate account takeovers, malware and phishing. Wire fraud with respect to business customers.
ARM AND TEST. Banks must continually evaluate, modify and test cyber security systems and controls framework, including those of third-party vendors.
CRISIS MANAGEMENT. Banks should prepare for a data breach (i.e., have a detailed and actionable plan in place for crisis management, regulatory involvement and timely and effective customer communications). Proper preparation for a data breach should include appropriate employee training.
INSURANCE COVERAGE. Consider cyber fraud and data breach insurance coverage.
“Hackers are the new bank robbers.”
8
WWW.ALSTON.COM
Questions CEO’s Should Ask?
Governance
•How is the staff at my institution providing me with accurate and timely information about our risks and our ability to mitigate them, so that I can prioritize our resource allocations and inform the board of directors?
Threat Intelligence
•How is my organization identifying and monitoring cyber threats and attacks both to my institution and to the sector as a whole? How is this information used to inform my risk assessment process?
Third-Party Relationships
•How are we managing the third-party relationship risk management life cycle at our institution to ensure that we are selecting the best third parties and identifying, monitoring, and mitigating the risk expose -re for third parties?
Incident Response and Resilience
•How often is my institution testing its plans to respond to a cyber attack? Do these tests include our key internal and external stakeholders?
Cyber Risk Management
Current Threat
ATM Cash Out
Current Threat
Corporate Account Takeover and Wire Fraud
Current Threat
Software End of Life
Current Threat
Distributed DDOS Attacks
9
WWW.ALSTON.COM
Social Media Compliance Risk Management
+ FFIEC GUIDANCE. On December 11, 2013, the FFIEC issued a guidance on applicable laws with regard to social media activities of banks. The guidance summarizes the applicability of federal consumer protection and compliance laws, regulations and policies to activities conducted via social media by banks.
+ APPLICABLE LAW. There are at least 15 laws, plus applicable regulations, potentially applicable to social media activities.
+ RISK AREAS. The use of social media to attract and interact with customers can impact a financial institution’s risk profile, including risk of harm to consumers, compliance and legal risks, operational risks, and reputation risks. Increased risk can arise from poor due diligence, oversight, or control on the part of the financial institution.
“Banks need to understand, identify and manage risks associated with social media use.”
10
WWW.ALSTON.COM
Compliance
+ FAIR LENDING + “Disparate impact” is the theory on which the
Obama Administration has relied to enforce most fair lending actions
+ Supreme Court addressed “disparate impact” in Texas Department of Housing and Community Affairs v. Inclusive Communities Project
+ Not the decision we wanted, but it is not all bad news
+ UDAAP+ “Abusive” practices standard – CFPB’s position is
“taking unreasonable advantage” of a consumer+ Language and practices in marketing products+ Debt collection practices + Third-party provider activities+ Excess and unauthorized fees
+ COMMUNITY REINVESTMENT ACT
+ MORTGAGE LENDING
+ BSA/AML
+ FLOOD INSURANCE
“Compliance issues are a deal killer –the elephant in the room every banker hopes to avoid.”
11
WWW.ALSTON.COM
Corporate Governance Practices
+ LESSONS LEARNED FROM THE CRISIS. The crisis demonstrated that one consequence of a bank having weak corporate governance could be significant losses or even bank failure. There is INTENSE regulatory focus on corporate governance practices.
+ BOARD PRACTICES. Good governance is a top down culture implemented by the board. Its not just about having the right policies but the right practices and disciplines. DEFINE WHAT RISKS YOU WILL TAKE AND WHAT RISKS YOU WON’T TAKE.
+ RISK MANAGEMENT FRAMEWORK. Leading banks have robust risk identification and disciplined risk management practices implemented by the board. The regulatory bar for enterprise risk management has increased. There are expectations around establishing baseline assessments, where each risk is mapped to a number of indicators.
+ INTERNAL CONTROLS. Strong internal controls with defined relevant metrics to monitor risks.
+ PROPER COMMITTEE STRUCTURES. Banks must have appropriate and effective committee structures. This is not one size fits all but depends on the bank’s risk profiles.
“There has been a deliberate shift in the regulatory focus on corporate governance practices driven by concerns over strategic risks.”
12
WWW.ALSTON.COM
Capital Matters
Basel III Matters Expansion of Small BHC Policy Statement Current Expected Credit Loss (CECL)
14
WWW.ALSTON.COM
Basel III — Final Rule
+ Effective January 2015 - revised regulatory capital definitions and minimum ratios
+ Redefines Tier 1 Capital as two components+ Common Equity Tier 1 Capital+ Additional Tier 1 Capital
+ Creates a new capital ratio: Common Equity Tier 1 Risk-based Capital Ratio
+ Implements a Capital Conservation Buffer+ Revises Prompt Corrective Action (PCA) thresholds and adds the new
ratio to PCA framework+ Changes risk weights for certain assets and off-balance sheet
exposures+ AOCI Opt-out
14
WWW.ALSTON.COM
ANY WHERE IN THE US NATIONAL BANKRelevant Actual and Projected Capital Ratios
Bank with sample capital structure2015 2016 2017 2018 2019
Well Capitalized (2) Actual Well Capitalized (2) Projected Well Capitalized (2) Projected Well Capitalized (2) Projected Well Capitalized (2) Projected
Common Equity Tier 1 Risk-Based Capital Ratio (1) (7)
6.5% 6.5% 6.5% 6.5% 6.5%
Capital Conservation Buffer N/A 0.625% 1.25% 1.875% 2.50%
CET1 (minimum) plus Capital Conservation Buffer (3)
4.5% 5.125% 5.75% 6.375% 7.0%
Tier 1 Capital Ratio (well capitalized)(4) 8% 8% 8% 8% 8%
Tier 1 Capital Ratio (minimum) plus Capital Conservation Buffer
6% 6.625% 7.25% 7.875% 8.5%
Total Capital Ratio (well capitalized) (5) 10% 10% 10% 10% 10%
Total Capital Ratio (minimum) plus Capital Conservation Buffer
8% 8.625% 9.25% 9.875% 10.5%
Leverage Ratio (well capitalized) (6) 5% 5% 5% 5% 5%
15
WWW.ALSTON.COM
ANY WHERE IN THE US NATIONAL BANK(footnotes)
(1) Common equity tier 1 capital divided by risk weighted assets; common equity tier 1 capital is the sum of common stock and related surplus, retained earnings, AOCI (see below), common equity tier 1 minority interests, and common stock issued as part of an ESOP subject to certain requirements. Banks that chose the one-time irrevocable AOCI opt-out election will be permitted to exclude from regulatory capital most of the components of AOCI. The AOCI opt-out election must be made on the first call report filed after January 1, 2015.
(2) For purposes of this table (except for items 3, 5, and 7), this table assumes the bank desires to maintain a well-capitalized capital category for purposes of the prompt corrective actions rules, 12 CFR §6.1 et seq.
(3) In addition to the minimum risk based capital requirements, all banks must hold common equity tier 1 capital in an amount greater than 2.5% (phased in until January 1, 2019) of total risk-weighted assets to avoid being subject to limits on capital distributions and certain bonus payments to executive officers.
(4) Tier 1 capital is common equity tier 1 capital and additional tier 1 capital; See 12 CFR§3.20(c) for definition of additional tier 1 capital.
(5) Total capital is Tier 1 capital and tier 2 capital. See 12 CFR §3.20(d) for definition of Tier 2 capital. For example, Tier 2 capital includes ALLL up to 1.25 percent of the national bank's standardized total risk-weighted assets not including any amount of the ALLL (and excluding in the case of a market risk national bank, its standardized market risk-weighted assets). Certain subordinated debt and preferred stock will qualify as Tier 2 capital.
(6) A national bank's leverage ratio is the ratio of the national bank's tier 1 capital to the national bank's average total consolidated assets as reported on the national bank's Call Report minus amounts deducted from tier 1 capital under §3.22(a), (c) and (d) (such as goodwill, intangible assets, deferred tax assets.
(7) Increased risk weights for past due loans (150% risk weight for the portion that is not guaranteed or secured) and high volatility commercial real estate exposures (150% risk weight) and increased credit conversion factors for certain short term loan commitments (20% CCF) 16
WWW.ALSTON.COM
+ Raises threshold from $500 million in assets to $1 billion
+ Includes S&L Holding Companies
+ Changes Reporting Requirements
+ Eliminates quarterly consolidated financial reporting requirements (FR Y-9C)
+ Requires parent-only financial statements (FR Y-9SP)
+ Potential Signal for Additional Regulatory Relief
Expansion of Small BHC Policy Statement
“Bank holding companies that are covered by the Small Bank Holding Company Policy Statement (but not their subsidiary banks) are exempt from the Basel III capital requirements and generally have more flexibility with the amount of debt they can issue.”
17
WWW.ALSTON.COM
FASB Proposed Changes/Expected Credit Loss+ BELIEF CURRENT TREATMENT LED TO OVERSTATEMENT OF ASSETS.
The changes are driven in part by belief that waiting for probable loss/impairment leads to large losses provisions in midst of downturns exacerbating cycles.
+ REQUIRES ALL ESTIMATED “EXPECTED LOSSES” OVER LIFE. Proposal is expected to require inclusion of “reasonable and supportable” forecasts that affect collectability of assets.
+ APPLIES TO LOANS AND DEBT SECURITIES. Applies to both and losses assumed at origination/purchase.
+ REASONABLE AND SUPPORTABLE FORECASTS. The current expectation is that the changes will require “reasonable and supportable” forecasts affecting collectability of assets.
+ IMPACT ON EARNINGS. The lack of potential phase in could result in significant impact to earnings.
+ PREPARING FOR POSSIBLE IMPLEMENTATION. The final changes and timeline for implementation are not yet clear. However, preparations for implementation should include evaluating potential alternatives for projections, additional data collection regarding portfolios, borrowers, economic factors and consideration of costs associated with current and planned initiatives and other preparations for the potential variability injected by the new requirements.
“There is no question that implementation of the FASB proposal will require most banks to boost their allowance … perhaps in the neighborhood of 30% to 50% system-wide if applied today.”
- Thomas J. Curry to the AICPA Banking Conference September 16, 2013.
18
WWW.ALSTON.COM
Considerations in Mergers/Acquisitions
Regulatory Considerations M&A Best Practices
19
WWW.ALSTON.COM
Regulatory Considerations
Applications are subject to heightened regulatory scrutiny
+ Preview transaction with regulators in preliminary stages of negotiations
+ Approval threshold is higher for deals+ Provide detailed analysis of due diligence findings
and conclusions+ Robust pro forma financial projections (including
purchase accounting adjustments and capital projections)
Impact of new Basel III – Capital rules+ Sources of funding Address regulatory compliance issues Avoid change in control “gun jumping”
features in definitive agreements+ Target board and committee observation rights+ Low limits on loan approvals Third-party protests and comments on
applications is becoming increasingly more common
“Today, there is no such thing as a routine regulatory approval.”
20
WWW.ALSTON.COM
M&A Best Practices
Buyers:+ Adopt a disciplined approach to acquisitions+ Know your targets + Comprehensive due diligence+ Understand the impact of purchase accounting and
goodwill+ Discuss transaction with regulators early in the
process+ Have your funding source identified
Sellers:+ Know your probable merger partners+ Protect your key employees+ Carefully assess long-term contracts (data
processing, employment agreements, BOLI)+ Avoid unprofitable branches and out-of-territory loans+ Asset quality is critical+ Carefully evaluate “deal certainty”
“Sometimes the best deals are the ones you don’t do.”
21
WWW.ALSTON.COM
The CFPB: A Domestic Terrorist Organization
Independent Agency Unlimited Funding
22
WWW.ALSTON.COM
CFPB Targets
Mortgages Auto Loans Payday Loans Overdraft Protection Add-on Products
24
WWW.ALSTON.COM
CFPB Actions
Enforcement Actions Rulemaking Intimidation
24
WWW.ALSTON.COM
Political Observations White House Congress House Senate
Agencies Fed FDIC OCC CFPB
Dodd-Frank24
WWW.ALSTON.COM
2016 Elections and Banking Clinton or Trump?
Policies People
Congressional Leadership Senate Shelby Schumer Warren
House Ryan Hensarling Watters
24
WWW.ALSTON.COM
Questions and Answers
25
WWW.ALSTON.COM
Sanford Brown – PartnerSanford Brown counsels and represents financial institutions and specialty finance companies, in matters involving state and federal banking laws, regulations and enforcement actions and in corporate transactions, such as mergers, acquisitions, securities offerings, holding company formations, Subchapter S corporation elections, and in matters involving privacy and identity theft. Mr. Brown served in the Office of the Comptroller of the Currency from 1987 to 1989. His responsibilities included a wide range of matters relating to the regulation of national banks, including the development of banking policy in the areas of risk-based capital and dividends.
Alston & Bird, LLP2828 N. Harwood Street, Suite 1800Dallas, Texas 75201(214) [email protected]
26
WWW.ALSTON.COM
Disclaimer
This PowerPoint presentation is an educational tool that isgeneral in nature and for purposes of illustration only. Thematerials in this presentation are not exhaustive, do notconstitute legal advice and should not be considered asubstitute for consulting with legal counsel. If legal adviceor other expert assistance is required, the services of acompetent professional should be sought.
27
Bank regulation is as complicated as ever
That is the price we pay for Federal deposit insurance
There are no easy deals Maintain good relationships with your
regulators Stay involved in the political process
Thank you to
for sponsoring this session
PayneWest Insurance