The Beneficial Ownership Rule- A Two Part Series

 

UBO TWO

 

Part Two – Due Diligence-the Fifth Pillar

In the first part of this series we described the new beneficial ownership rule.  We talked about the reasons that the rule was passed, and we noted that the central idea of this rule is making sure that financial institutions get complete information when an account is opened for a legal entity.   This is especially true when a legal entity has a complex ownership structure.    There is a second aspect of the rule that changes the due diligence process for legal entities to a dynamic one.   This portion of the rule is called the “fifth pillar” of BSA/AML compliance programs.

Due Diligence

Under the new Beneficial Ownership rule, the definition of due diligence is essentially changed, especially for accounts that are opened for legal entities.   The rule specifically requires institutions to obtain background information on any person that owns, or controls the legal entity.  For purposes of this rule, ownership is defined as anyone who maintains an ownership stake of 25% or more of the entity.  Control means anyone who has a significant responsibility to manage or direct the entity.  A controlling person could have zero ownership interest in an entity.

 

Currently information about the persons who control, or own legal entities is not necessarily required, although as a best practice, this information should often be considered important to the due diligence process.   The Beneficial Ownership rule makes obtaining the ownership and control information a requirement of the account opening and due diligence process.  The rule also requires that financial institutions should write policies and procedures that reflect these requirements.     The rule notes that the policies and procedures should be risk based and should detail the various steps taken based upon the risk rating of the account.   The types of documentation that can be considered acceptable for meeting the requirements of the rule are described.

Due Diligence as a dynamic process

When developing your compliance program to meet the requirements of the new rule, consider that due diligence for legal entities should become a dynamic process.  It won’t be enough to obtain ownership and control information at the time the account is opened and then stop.  There must be ongoing monitoring of accounts for changes in the ownership or control and analysis of what those changes mean.

In recent years, one of the tactics that money launders have employed is to take over legitimate long-standing business to hide “dirty money”.   For example, in late 2014, the Los Angeles area garment industry was overrun by a scheme known as “Black Market Peso Exchanges.   Drug money was used to purchase goods and then the goods were shipped to other countries where they were resold and converted back to cash.  In many cases, the reason that this scheme was able to proceed was that the person or persons that desired to launder the money became a part owner of what was once a legitimate business.

In a similar manner, when a person who has bad intentions is able to control an entity, then the possibility that suspicious activity might occur goes up exponentially.   An important part of ongoing monitoring for suspicious activity must be continuing due diligence on both the ownership and controlling persons of an entity.

Asking the second Question

Once information is obtained about the owners and/controllers of a legal entity there is an additional review process that should occur.   Does the owner or controller of the legal entity increase the likelihood or potential for money laundering?  In the alternative, does the information that you have obtained about the owner or controller leave more questions than answers?  For example, suppose your corporate customer runs a small flower shop on main street.  One day, a 30 % interest in the flower shop is purchased by a man who is the owner of the local casino.  Why would the owner of a casino want a flower shop business?  Since a casino is a high cash, high risk, business, and people do still buy flowers with cash, there is an increased risk that the new controlling person may try to move some of his money through the deposits of the flower shop.  In this case, the best practice would be to find out all that you could about the new owner and why this controlling interest makes sense.   Moreover, now is the time to determine whether or not your BSA department still has the capability to monitor the flower shop now that it has a new owner.  Do you have the ability to determine whether suspicious activity might be occurring?  Not only should due diligence be dynamic, it should also include the analysis necessary to make the most efficient use of the information obtained.

 

 

***James DeFrantz is Principal at Virtual Compliance Management. For more information please visit our website at www.VCM4you.com ***

Changing Your Outlook on Internal Audits

Change part two

There are myriad whitepapers and scholarly articles discussing control environment theories. Many of these documents discuss in detail the components of the concept of controls.  At the heart of the matter, the control environment is comprised of your institutions ability to identify the risks inherent in ongoing operations compared to the steps you have taken to mitigate those risks.   Put another way, why DO you have written policies and procedures?  What are they designed to do?   Policies and procedures often seem like an arcane phrase that auditors and examiners like to glibly toss out, but they really are the heart of the control environment.  The process of developing policies and procedures should follow the development of a risk assessment.  Risk assessments are too often performed as a matter of course and then forgotten throughout the year.

An effective risk assessment of your compliance program can be an excellent source document for various things including budgeting requests for additional resources and scoping of audits.   Completing the assessment includes considering the inherent risk at your institution, the internal controls that have been established to address risk and a determination of the residual risk.   The process is intended to be one of self-reflection and consideration of the areas of potential weakness.  For those areas that have the potential to be a problem, the best practice is to make sure they are included in the scope of an audit.  Audit firms are more than happy to work with the management of the institutions they are reviewing on developing a scope.  One of the crucial goals of the audit is to uncover areas where there are weaknesses in internal controls.  For example, in your risk assessment, you may have noted a large number or errors in disclosures for new accounts.  This are should subsequently be a focus for the internal auditors when the compliance audit is performed.

 

In the previous blog, we talked about the FFIEC compliance rating system gives a great deal of incentive to follow a process in this order

  • Complete risk assessment covering products and services
    • Plus
  • Development of the policies and procedures designed to address the risk identified in the first step
    • Plus
  • Development of the policies and procedures designed to address the risk identified in the first step
    • Equals
  • Your control environment

 

Of course, that is not the end of the story.   If fact, that is only the first half.   Once the control environment has been established, it is critical to determine which controls are preventative and which are detective.

Preventative Controls:  are designed to keep errors or irregularities from occurring in the first place. They are built into internal control systems and require a major effort in the initial design and implementation stages.   Put another way, preventative controls are designed to keep bad things form happening at the inception.

Detective Controls:  is an internal control intended to find problems within a company’s processes. Detective controls are designed to find problems in delivery and implementation

The way that you test these controls depends on how they are designed to work.  In the case of preventative controls, the test is to determine whether they keep a transaction form being completed based upon an error.  Detective controls are designed to catch problems in the overall process such as adverse actions that have a problem trend.

Consider the implications for the internal audit process.  The current process tests the results and not the control environment.  Your auditor could test 50 loans and find no problem.  The conclusion that is drawn is that all is well; but really how do you know that loans 51-70 are not all problem loans?   The idea here is to self-police by testing the control environment

As we noted in the first part of this series, the scope of the internal audit function at financial institutions has been an area of focus for regulators.  Regulators have focused on whether the scope of internal audits meets both regulatory standards and is appropriate in light of the overall risk profile of a financial institution.  It is the second of these two considerations that has most often caused findings and created concerns.    It is, therefore, critical that the scope of audits reflect an understanding of the risks inherent at your financial institution.

A control risk assessment (or risk assessment methodology) documents the internal auditor’s understanding of the institution’s significant business activities and their associated risks. These assessments typically analyze the risks inherent in a given business line, the mitigating control processes, and the resulting residual risk exposure of the institution. They should be updated regularly to reflect changes to the system of internal control or work processes, and to incorporate new lines of business.[1]

At smaller institutions, there generally is not a full-time internal auditor on staff.  This does not obviate the need for comprehensive and timely risk assessments.  Unfortunately, the risk assessment process is often overlooked.   The risk assessment should consider the following:

Past Examination and Audit Results

It goes without saying that the past can be a prelude to the future.   Prior findings are an immediate indication of lack of effectiveness of internal controls.  It is important that the root cause of the finding or recommendations from regulators is identified and addressed.  Internal audits should coordinate with the risk assessment to test the effectiveness of the remediation.

Changes in Staff and Management

Change is inevitable and along with changes comes the possibility that additional training should be implemented or that the resources available to staff should also change.  For example, suppose the head of Note Operations is brand new.  This new manager will want to process loans using her/his own system.  Loan staff who may be used to past procedures may become confused.  Change generally increases the possibility of findings or mistakes.   Your risk assessment should take into account the risks associated with changes and how best to address them.  In addition, this is an area that should be covered by internal audit as it presents a risk.

Changes in Products, Customers or Branches

It is also important that your risk assessment consider all of the different aspects of changes that have occurred or will occur during the year.  Any new products or services, new vendors, and/or marketing campaigns that are designed to entice new types of customers are all changes that impact the overall risk profile of the institution.    The resources necessary to address these changes should also be a consideration for the internal audit.

Changes in Regulations

Over the past few years, there have been a huge number of changes to regulations, guidance and directives from Federal and State agencies.  Many of these changes do not impact smaller institutions directly, but many do.  Moreover, there are often regulations that are finalized in one year that don’t become effective until the following year.   Part of your risk assessment process has to consider changes that will affect your institution.  The internal audit scope should also consider whether the institution is prepared to meet changing regulatory requirements.

Monitoring systems in place

The information systems being employed to monitor the effectiveness of internal controls should be considered.  For many institutions, this system is comprised of word of mouth and the results of audits and examinations.  Information used by senior management and reported to the Board should be sufficient to allow credible challenges by the Board.[2]

Using the Risk assessment to Set Audit Scopes

Once a risk assessment is completed, the results should be directly tied to the internal audit schedule.   The FIIEC guidance points out the relationship between the internal audit plan and the risk assessment:

An internal audit plan is based on the control risk assessment and typically includes a summary of key internal controls within each significant business activity, the timing and frequency of planned internal audit work, and a resource budget.[3]

The risk assessment should prioritize the potential for findings, while the audit scope should be developed to test mitigation steps made to reduce findings.

The criticism that is often raised about outsourced audit is that the scope is incomplete.  This is often the case because outsourced vendors have developed their scope based upon best practices, and their experiences at various institutions.  While this is obviously a best practice for the audit vendor, the problem is that it doesn’t always fit the individual institution.   Information from a comprehensive risk assessment should be incorporated into the scope of an internal audit.

In this manner, the auditor can best consider the areas of risk that are the highest priority at a particular institution.  For example, when developing the scope for an independent audit of a BSA/AML program, the scope should include the most recent risk assessment.  Changes in the customer base, an increase in the overall risk profile of the bank or a change in personnel are all factors that should be included in the audit scope.  In addition, the auditor should consider whether current monitoring systems have the capability to properly monitor the additional level of risk.  Finally, the professional abilities of the BSA staff should be considered as they relate to additional risk.

Outsourced internal audit firms design the scopes for the audits that they conduct based upon their knowledge of auditing, regulatory trends, best practices and the overall knowledge of their staff.  This practice allows the firms to bring a wealth of experience and important information from outside of the financial institutions that they are reviewing.   When your audit firm presents you the scope that they propose it is based upon completely external actors and considerations.  This is not a criticism of the firm, it is a standard practice.   However, setting of the scope for internal audits is really supposed to be a collaborative effort, and both the audit firm and your institution are best served by developing the scope for audits together, after all, who knows the strengths and weaknesses of your institution better than the management?  To get the biggest bang for your buck, why not tie the audit scope into the results of your risk assessment?

Ultimately, it is the responsibility of the Board to ensure that the internal audit is effectively testing the strength of internal controls.

[1] Interagency Policy Statement on the Internal Audit Function and its Outsourcing

[2] See for example, OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations

 

[3] Interagency Policy Statement on the Internal Audit Function and its Outsourcing

Changing Your Outlook on Internal Audits -a Two-Part Series

change

Part One- A New System of Review    

Starting in 2017, the FFIEC (the organization that is comprised of the major financial institution regulators) changed the way compliance programs are rated.  Instead of a one grade for the program there is now actually a three-prong test that makes up the final rating.   The three-parts of the test are

  1. The overall compliance program including the written program, resources dedicated to the program compared to the overall risk profile of the portfolio, experience and competency of management
  2. Board and management oversight- essentially the level and quality of reporting to management.  In addition, the follow-up to problems noted and remediation implemented
  3. Harm to consumers- The violations that are discovered have varying degrees of potential for harm to consumers.  Some are very technical in nature and can be remedied by a small fix.  Other violations might require the dreaded ‘look-back” and reimbursement.

In its press release describing the new rating system, the FFIEC wrote extensively about the goals for using this approach for compliance going forward. [1] Among the goals are to make the compliance examination more risk based and to allow each institution the opportunity to develop and maintain a compliance program that is tailored to the risk profile of the institution

One of the aspects of this new rating system that is often overlooked is the focus on the “self-policing”

Opportunities Provided by These Changes

The new compliance rating represents significant changes in the ability of banks to alter their compliance destiny.   The emphasis on self- detection and self-policing allows financial institutions to perform self-evaluation and diagnose compliance issues internally.

In the new rating system, there is a premium placed on the idea that an institution has compliance and/or audit systems in place that are extensive enough to find problems, determine the root of the problems and make recommendations for change.  To impress the regulators that an organization is truly engaged in self-policing, there must be evidence that senior management has taken the issue seriously and has taken steps to address whatever the concern might be.  For example, suppose during a compliance review, the compliance team discovers that commercial lenders are not consistently given a proper ECOA notification.  This finding is reported to the Compliance Committee along with a recommendation for training for commercial lending staff.   The Compliance Committee accepts the recommendation and tells the Compliance Officer to schedule Reg. B training for commercial lenders.  This may seem like a reasonable response, but it is incomplete.

This response does not rise to the level of self-policing that is discussed in the FFIEC memo; a further step is necessary.  What is the follow-up from senior management?   Will senior management follow up to make sure that the classes have been attended by all commercial lending staff?  Will there be consequences for those who do not attend the classes?  The answers to these questions will greatly impact the determination of whether there is self-policing that is effective.   Ultimately, the goal should be to show that the effort at self-policing for compliance is robust and taken seriously at all levels of management.  The more the regulators trust the self-policing effort, the more the risk profile decreases, and the less likely enforcement action will be imposed.

Self-Reporting

At first blush self-reporting seems a lot like punching oneself in the face, but this is not the case at all!   The over-arching idea from the FFIEC guidance is that the more the institution is willing to work with the regulatory agency, the more likely that there will be consideration for reduced enforcement action.  Compliance failures will eventually be discovered and the more they are self-discovered and reported, the more trust that the regulators have in the management in general and the effectiveness of the compliance program.   The key here is to report at the right time.  Once the extent of the violation and the cause of it have been determined, the time to report is imminent.  While it may seem that the best time to report is when the issue is resolved, this will generally not be the case.  The regulators may want to be involved in the correction process.  In any event, you don’t want to wait until it seems that discovery of the problem was imminent (e.g. the regulatory examination will start next week).

Remediation

What will your institution do to correct the problem?  Has there been research to determine the extent of the problem and how many potential customers have been affected?      How did management make sure the problem has been stopped and won’t be repeated?  What practices, policies and procedures have been changed as a result of the discovery of the problem?  These are all questions that the regulators will consider when reviewing efforts at remediation.  For example, if it turns out that loan staff has been improperly disclosing transfer taxes on the Loan Estimate, an example of strong mediation would include:

  • A determination if the problem was systemic or with a particular staff member
  • A “look back” on loan files that for the past 12 months
  • Reimbursement of any customers who qualify
  • Documentation of the steps that were taken to verify the problem and the reimbursements
  • Documentation of the changed policies and procedures to ensure that there is a clear understanding of the requirements of the regulation
  • Disciplinary action (if appropriate for affected employees)
  • A plan for follow-up to ensure that the problem is not re-occurring

Self-policing allows an institution the ability to positively impact its regulatory fortunes.   The goal under this new system is to document the effectiveness of the system of controls in place.  The effectiveness of the control environment will impact all three of these ratings.  Generally, more favorable ratings will extend the amount of time before your next examination is scheduled.

Ultimately, the new compliance ratings system highlights a financial institutions ability to establish its control environment.

In part Two we will discuss the control environment

 

*** James Defrantz is Principal at Virtual Compliance Management Services LLC***

***For More Information Please Feel free to contact Us at WWW.VCM4you.com***

[1] The full press release can be found at http://www.ffiec.gov/press/pr110716.htm

 

 

Why IS There a Regulation B

rules-regulations-book-desk-137796762

As anyone in compliance can attest to, there are Myriad consumer compliance regulations.  For bankers, these regulations are regarded as anything from a nuisance, to the very bane of the existence of banks.  However, the truth is, there are no bank consumer regulations that were not earned by the misbehavior of banks in the past.  Like it or not these regulations exist to prevent bad behavior and/or to encourage certain practices.   We believe that one of the keys to strengthening a compliance program is to get your staff to understand why regulations exist and what it is the regulations are designed to accomplish.  To further this cause, we have determined that we will from time to time through the year; address these questions about various banking regulations.  We call this series “Why is there….”

A Little History

The consumer credit market as we now know it grew up in the time period from World War II and the 1960’s.  It was during this time that the market for mortgages grew and developed and became the accepted means for acquiring property, financing businesses, developing wealth and upward mobility.  By the late 1960’s the consumer credit market was booming.

The Equal Credit Opportunity Act (“ECOA”) and regulation B are not nearly as old as you might think. In fact, the first attempt at regulating credit access was the Consumer Credit Protection Act of 1968.  This legislation was passed to protect consumer credit rights that up to that point been largely ignored.  The 1968 was passed as the result of a continuing growth in consumer credit its effects on the economy.  For example, in the year before the regulation was passed, consumers were paying fees and interest that equaled the government’s payments on the national debt!  One of the goals of the Consumer Credit protection Act then was to protect consumer rights and to preserve the consumer credit industry.

The Civil Rights Movement was occurring at the same time as the passage of the CCPA and in 1968, the Fair Housing act was passed by Congress.  The FHA was designed to assist communities that that had been excluded from credit markets obtain access to credit.  We will discuss the Fair Housing Act in more detail next month.

One of the things that the CCPA did was to empanel a commission of congress called the National Commission on Consumer Finance.  This commission was directed to hold hearings about the structure and operation of the consumer credit industry.  These hearings were conducted throughout 197.  The commission made its report and disbanded.

Unintended Consequences

While performing the duties they were assigned,   the members of the National Commission on Consumer Finance conducted several hearings about the credit approval process for consumer loans.  The stories and anecdotes from these hearings raised a tremendous public outcry about the behavior of banks and financial institutions that were in the business of granting credit.   One of the common themes of the testimonies given was that women and minorities were being left behind when it came to the growth of the consumer credit market.  Public pressure forced additional hearings on the consumer credit market, and the evidence showed that women in particular and minorities in general were being given unfair and unequal treatment by banks.

 

What was Going On? 

So what was it that bans were doing that was causing a concern?    There were several practices that had become normal and regular for banks when the applicant for consumer credit was a woman or a member of a racial minority group.

Women had more difficulty than men in obtaining or maintaining credit, more frequently were asked embarrassing questions when applying for credit, and more frequently were required to have cosigners or extra collateral. [1]  When a divorced or single woman applied for credit she was immediately asked questions about her life choices, sexual habits, and various other personal information that was both irrelevant to the credit decision and not asked of men.

Racial minorities had difficulty even obtaining credit applications let alone credit approvals.  In cases, where members of minority groups attempted to get a loan applicant, there were either told that the bank was not making consumer loans,  or that the area that the person lived was outside of the lending area of the bank.

For applicants that receive public assistance, child support of alimony, banks would not consider these as sources of income under the theory that they were temporary and might disappear.

Despite being subjected to embarrassing or incorrect information, in the cases where women and minorities persisted and completed a credit applications, banks would drag out the process for interminable time periods and would engage in strong efforts to discourage the applicant from going forward.

In many cases, when a person lived in a neighborhood that was predominately comprised of minorities, the borrower was told that the collateral did not have enough value without further explanation.

The ECOA

Though these stories created a great deal of interest, the CCPA was not amended until 1974 when the first Equal Credit Opportunity Act was passed.  This Act prevented discrimination in credit on the basis of sex and marital status.

In 1976, the ECOA was amended to prohibit credit discrimination on the basis of

 

  1. Race, color, religion, national origin, sex, marital status or age
  2. When all or part of the applicant’s income derives from public assistance
  3. If the applicant had filed a former claim of discrimination

 

The 1976 amendment also added the requirement that the financial institution had to notify the applicant of the reasons for a decline.   Regulation B establishes the rules that implement the ECOA.  .    These include the following:

  1. Limitations on the types of information that can be requested in a credit application.
  2. Limitations on the characteristics that can be considered about an applicant.
  3. Rules on when an applicant’s spouse can be requested to sign a loan applicant
  4. Rules on the time limits for when a credit decision can be made.
  5. Copy of Appraisals An applicant on a real estate secured loan now must receive a copy of the appraisal or evaluation used to establish the value of the collateral
  6. Collection of Government Monitoring Information- In cases of loan requests for the purchase or refinancing of a primary residence, government monitoring information (race, sex, and ethnicity) must be obtained.

 

What is Regulation B designed to do?

There are two main goals of the ECOA and its implementing regulation, Regulation B.

 

  • Enhanced Credit Opportunities for women and minorities

 

  • Greater consumer education

 

Credit Opportunities

One of the complaints about consumer banking regulation that is often raised is that it promotes bad loans.  However, for the inception of these regulations, Congress made clear that these laws apply only to credit worthy individuals.  It has never been the case that Congress or the regulators want banks to make bad loans.  The problem was and is that people who are truly creditworthy were being overlooked and excluded based on factors that were outside of their control.

The law then is designed to prevent discrimination on an   illegal basis.  Even today, a great deal of disagreement over what discrimination might mean.  Of course, each and even decision to make or not make a loan is a form of discrimination.  That is part of the natural process of decision making.  Instead here what is prevented is discriminating on an illegal basis; making the adverse action based on who the applicant is rather than their credit worthiness.

There are two tests for illegal discrimination. The first is the effects test.  Under this test, if the overall effect of a credit policy results in an uneven or disproportionate negative result, it may be in violation of the regulation.   Suppose for example, a bank decided that it would not include temporary work income as income for credit applications.  In this case, the decision to do so would be applied across all lines and to all borrowers.  However, the effect of this decision would impact women and minorities in greater numbers because temporary workers are way more likely to be women and minorities in the assessment area of the bank.  This would be an effects test violation of regulation B.

The second test is the intent test.  This test is pretty straight forward.  This would be cases where a lender intended to treat applicants differently based on who they are and in fact did so.  While this area was largely in evidence in the 1960’s when these laws were first enacted, the number of cases of intentional discrimination has significantly reduced over the years.

Borrower Education

The borrower education portion of the ECOA and Reg. B is typified by the notice requirements.  In an effort to make banks inform the applicant about the decision that was made, the regulations require a quick and concise decision process.  The notice requirement is designed to let the applicant know the specific reasons why their credit application was declined so that they can address the problem. If there are problems with the credit report, then the borrower needs to know what the problems are and who is reporting them.  In this manner the borrower is informed and the bank is kept “honest” about its decisions.

The reasons that the examiners test adverse actions for timing and accuracy is that borrowers should have the ability to know exactly what is wrong and have an opportunity to fix it.  This is the reasoning behind requiring a copy of an appraisal report.

Why are there a Regulation B and the ECOA?

The development of the consumer credit market brought with it a series of bad behaviors that directly and negatively impacted the ability of women and minorities to obtain credit.   These behaviors included asking women to check with their husbands before getting a loan, denying a single woman credit, discouraging minorities from applying for credit and outright refusal to grant credit.

The law and regulation are designed to open up credit to all who are worthy by limiting practices that unfairly exclude groups of people and by making sure that applicants are fairly informed of the reasons for a denial.

Embrace your inner compliance officer by knowing that this regulation is well earned, well intended and provides a good outcome for people who would otherwise not be able to obtain credit through no fault of their own.

 

[1] Gates, Margaret J., “Credit Discrimination Against WomenCauses and Solution,” Vanderbilt Law.

Why Don’t examiners Like MSB’s

diske

 

 

For many thousands of workers in the United States, the end of the week renews a weekly ritual; payday.  For those workers who are expatriates, payday renews another ritual, the trip to the local money transmitter also known as Money Service Businesses.  Money Services businesses are defined by FinCEN as follows:

The term “money services business” includes any person doing business, whether on a regular basis or as an organized business concern, in one or more of the following capacities:

  • Currency dealer or exchanger.
    (2) Check casher.
    (3) Issuer of traveler’s checks, money orders or stored value.
    (4) Seller or redeemer of traveler’s checks, money orders or stored value.
    (5) Money transmitter.
    (6) U.S. Postal Service.

 

For many years MSB’s have served the needs of the expatriate workers who are sending money home.  The remittance market is a multi-billion-dollar business serving a large population of the people who tend to be underbanked or unbanked.

Storm Clouds

In 2013 the US Department of Justice initiated Operation Chokepoint.  This initiative was described in a 2013;

Operation Choke Point was a 2013 initiative of the United States Department of Justice, which would investigate banks in the United States and the business they do with firearm dealers, payday lenders, and other companies believed to be at higher risk for fraud and money laundering.[1]

The Justice Department’s decision to focus on the activities of MSB’s directly impacted their treatment by banks.  Soon, MSB’s became persona non-grata; the major theme was that these organizations have high potential for money laundering and therefore had to be given scrutiny.   There was a second theme that was less prominent; the better the monitoring the lower the risk.   Eventually the regulators were forced to cease the initiative.  Unfortunately, a great deal of the stigma associated with MSB’s remains.

Community Banking Transitions  

Today community banks are experiencing strong  competition for interest margins in traditional business lines.  Competition for C & I and CRE has become fierce, making lending in these areas more expensive.   In the meantime, the main reason for community banking- serving the underserved is still an area that has a great deal of space for growth.   In 2016, the FDIC estimated that 27% of all households were unbanked or underbanked.

The Remittance Market

Remittances are a growing market that continues to grow according to the world bank statistics $138,165,000,000 in remittances was sent from United States to other countries in 2016.  The market is expected to continue to grow in the next few years.   The average size of an individual remittance remains $200.00.   There are a number of money transfer business that have developed systems that are familiar to the customers and efficient in their delivery.  The forces created by operation chokepoint and growing remittance market are creating great opportunities.  Despite the huge demand and potential for fee income, many MSB’s are in search of a banking relationship.

Why Should a community bank consider an MSB relationship?    

Because of the history we have already discussed for many banks, the term MSB ends the discussion.  However, for those banks that are looking for ways to improve overall profitability; there are several positives to consider

o   Fee income:  Because the business model is built on small dollar transactions, there is a large volume of transaction.  Each transaction has the potential to generate fees.  The experience of banks that offer accounts to MSB’s has been a steady reliable source of fee income.

O  Small Expenditures of Capital:  The expenditure of capital that is necessary is largely dependent on the strength of your overall BSA compliance program.  At the end of the day, the financial institution must dedicate sufficient resources to monitor the activity of the MSB.

o   Extremely Low Cost:  The costs of the resources mentioned above can and often is covered by the client MSB.

o   Serving the Underserved:   As we previously noted, the vast majority of the customers using MSB’s are part of the larger underbanked and unbanked population.

o   Opportunities for new markets, projects and a whole new generation of bank customers: Today’s MSB customer can easily be tomorrow’s entrepreneur who opens a large business account at your bank.

 

MSB’s and Risk

For many institutions the decision has been made that the regulatory risk associated with Money Service Business is too great to justify offering the product.  Of course, most reason for this decision harkens back to the struct scrutiny of Operation Chokepoint.

The fact that so many MSB’s lost their banking relationships caused the FDIC (the main “tormentor of financial institutions in this area) to issue FIL 5-2015 which was directed at the mass “de-risking” that that banks were forcing on MSB’s.

The FDIC is aware that some institutions may be hesitant to provide certain types of banking services due to concerns that they will be unable to comply with the associated requirements of the Bank Secrecy Act (BSA). The FDIC and the other federal banking agencies recognize that as a practical matter, it is not possible for a financial institution to detect and report all potentially illicit transactions that flow through an institution.   Isolated or technical violations, which are limited instances of noncompliance with the BSA that occur within an otherwise adequate system of policies, procedures, and processes, generally do not prompt serious regulatory concern or reflect negatively on management’s supervision or commitment to BSA compliance. When an institution follows existing guidance and establishes and maintains an appropriate risk based program, the institution will be well-positioned to appropriately manage customer accounts, while generally detecting and deterring illicit financial transactions.[2]

Put another way, the regulators were noting that despite the appears otherwise the principles for managing the risks of MSB’s still applied; the better the monitoring, the lower the risk.   When considering whether to offer an MSB a bank account, your financial institutions should be able to administrate the account to keep risks low.  In addition to the guidance published by the FDIC, FinCen, the FFIEC and the other banking regulatory agencies have all published guidance making it clear that there are no absolute regulatory restrictions on banking MSB’s.

 

[1] Zibel, Alan; Kendall, Brent (August 8, 2013). “Probe Turns Up Heat on Banks”The Wall Street Journal

[2] FIL 5-2015

Whats New in Fintech- and Why should a Community Bank Care?

Fintech

 

Among the things that community banks must consider in the next decade is how best to navigate the landscape that is being created by Fintech companies.  Financial technology companies (Fintech’s) have been quickly changing the financial services landscape for some time.   The Independent Community Bankers Association recognized these changes and prepared a document entitled the Fintech Strategy Roadmap.  In this document, the ICBA points out:

Fintech is simply the intersection of financial services and technology. The innovation within this intersection is robust, and the positive impact to community banks is wide-reaching. Digital wallets and real-time transactions bring instant results to bank customers. New lending platforms offer streamlined experiences and faster credit decisions. Business intelligence solutions provide new ways for community banks to manage and anticipate customer activity, while transformed cloud infrastructures give banks more secure and efficient opportunities for data security and storage.  [1]

There are a number of developments in Fintech that will directly impact access to customers for community banks.  Initially, Fintech companies were designed and built to replace services that traditional banks, provide.  More recently, the energy in this field has been towards work with banks to enhance products and services.  One example of this change is described here:

Take Teslar, one of the accelerator cohort and the Banker’s Choice winner at this year’s IBCA LIVE national convention.  The company was founded by bankers with a passion for supporting community banking by streamlining systems.  Teslar offers a software solution to bring systems together to interoperate form a single platform-helping banker actively manage their daily tasks for their portfolio.  Everything from exception tracking to loan closing documentation is available through the platform. [2]

The driving force for development and innovation in this field is the desire to meet the ends of a rather large population, unbanked and underbanked families.  These are families that either have no bank accounts (unbanked) or just one transaction account (underbanked).  A large portion of the families that find themselves using minimal banking serves are millennials.  This group of consumers are looking for speedy delivery of products, minimal contacts with branch personnel and technology that matches their lifestyle.

The good news is that community banks are naturally a better fit for Fintech companies and the customers that they seek.   The same small businesses that are served by community banks are also the “sweet spot” for fintech companies.  FinTechs are looking sell a suite of products such payment systems, credit applications and faster delivery of funds.    On the other hand, community banks continue to look for various opportunism to increase income including seeking new clients and the ability to offer products and services that add to the bottom line.   Some of the innovations that can greatly assist community banks  include:

  • Lending: Loan origination platforms, either direct or indirect, offer community banks an opportunity to access borrower data and make credit decisions in a more expeditious manner. These systems provide vast amounts of customer data to guide timely underwriting decisions and help to automate a consistent lending process.
  • Finance, Business Intelligence, and Liability Management: Product pricing tools, profitability modeling, and report automation offer ways to operate more efficiently and improve net interest margins. Customer data acquired from transactional activities also provide community banks access to new behaviors and insights into account movements and patterns that allow for better predictive assessments.
  • Payments: Digital wallets, real-time payments, global remittances, and digital currency movement all stand to enhance the practices customers use to move money from one place to another. The settlement practices have expanded the universe of merchants, customers, and financial institutions taking advantage of the new technologies.
  • Wealth Management and Personal Financial Management: Technological advances and advanced analytics allow for more accurate, automated, and low-cost ways to manage funds and even offer investment advice. This appeal has moved beyond just the millennial base and is now part of the mainstream wealth management arena.
  • Regtech: Technologies can offer banks opportunities to outsource regulatory maintenance, monitoring, data collection, and customer due diligence. Regtech looks to enhance all aspects of a bank’s Compliance Management System including customer account alerts and monitoring, customer risk identification, and the fair application of lending practices.

To Join or Not to Join

So, since these firms can provide software and solutions that are potentially very valuable to a community bank, consideration of a partnership is wise.   Because the fintech firm has spent money and resources on research and development, investing in a partnership comes with a minimum of capital outlay.   The risks associated with these firms generally are operational; the community bank that wants to form a partnership should have conducted a risk assessment to ensure that the Fintech company is really a good fit.

Regulatory Advantage of Community Banks

For all of their technology and state of the art cutting edge software, there are several advantages that community banks have over FinTechs.  First, as part of state and national banking systems, community banks have access to deposit insurance and the liquidity that comes form maintaining insured deposits.  Many fintech firms run on venture capital money which allows time for development but comes with the expectation that the product will be sold, and investors reimbursed.   Overall access to ongoing funding is still limited for these firms.

FinTechs are regarded by most regulators’ as Money Service Businesses (MSB’s), which means that they must get a license as an MSB for every state in which they intend to do business.   A partnership with a community bank can provide a fintech with the ability to continue to conduct business without having to chase licenses in all fifty states.   Finally, community banks have access to the Federal Reserve  and therefore the ability to clear transactions.  There is a great deal of incentive for FinTechs to work directly with community banks.

Partnerships Have to be Pursued Cautiously

There are a great deal of synergies between Fintech companies and community banks.  Despite the exciting opportunities that such a partnership offers, the relationship can only go as far as each partner can take it.  A Bank’s infrastructure, as well as the knowledge and expertise of the staff to use a product must be considered as part of partnership.  A complete risk assessment that considers the ability of the bank to effectively administrate the program is a critical component for a successful partnership.

 

Ultimately, what’s new in fintech should be an important part of strategic considerations for a community bank.

 

 

 

 

James Defrantz the principal at Virtual Compliance Management Services LLC.

** For more information about trends in community banking, please contact us at http://www.VCM4you.com**

[1] Fintech Strategy Roadmap for Community Banks March 2018

[2] How Fintech Changes the Game for Community Banks and Their Customers- Kevin Tweddle, Chief Operating Officer, ICBA services Network

Re-Imagining Compliance- A Three-Part series

dreamstime_m_79954523

Part One – Compliance is here to Stay

Every culture has its own languages and code words.  Benign words in one culture can be offensive in another.  For example, there was a time when something that was “Phat” was really desirable and cool while there are very few people who would like to be called fat!  Compliance is one of those words that, depending on the culture, may illicit varying degrees of response.  In the culture of financial institutions, the word compliance has some negative associations.   Compliance is often considered an unnecessary and crippling cost of doing business.  Many of the rules and regulations that are part of the compliance world are confusing and elusive.  For many institutions, has been the dark cloud over attempts to provide new and different services and products.

Despite the many negative connotations that surround compliance in the financial services industry, there are many forces coming together to alter the financial services landscape.  These forces can greatly impact the overall view of compliance.  In fact, it is increasingly possible to view expenditures in compliance as an investment rather than a simple expense.   In this three-part blog, we ask that you reimagine your approach to compliance.

Why do we have Compliance Regulations?

Many a compliance professional can tell you about how difficult it is to keep everybody up to date on the many regulations that apply to financial institutions.  However, if you ask why exactly do we even have an Equal Credit Opportunity Act or a Home Mortgage Disclosure Act (“HMDA”), it would be difficult to get a consensus.   All of the compliance regulations share a very similar origin story.   There was bad or onerous behavior on the part of financial institutions, followed by a public outcry, legislative action to address the bad behavior and then eventually regulations.  The history of Regulation B provides a good example:

A Little History

The consumer credit market as we now know it grew up in the time period from World War II and the 1960’s.  It was during this time that the market for mortgages grew and developed and became the accepted means for acquiring property, financing businesses, developing wealth and upward mobility.  By the late 1960’s the consumer credit market was booming.

The Equal Credit Opportunity Act (“ECOA”) and regulation B are not nearly as old as you might think. In fact, the first attempt at regulating credit access was the Consumer Credit Protection Act of 1968.  This legislation was passed to protect consumer credit rights that up to that point been largely ignored.  The 1968 regulation was passed as the result of continuing growth in consumer credit and its effects on the economy.  For example, in the year before the regulation was passed, consumers were paying fees and interest that equaled the government’s payments on the national debt!  One of the goals of the Consumer Credit Protection Act was to protect consumer rights and to preserve the consumer credit industry.

The Civil Rights Movement was occurring at the same time as the passage of the CCPA and in 1968, the Fair Housing Act was passed by Congress.  The FHA was designed to assist communities that that had been excluded from credit markets obtain access to credit.  We will discuss the Fair Housing Act in more detail next month.

One of the things that the CCPA did was to empanel a commission of Congress called the National Commission on Consumer Finance.  This commission was directed to hold hearings about the structure and operation of the consumer credit industry.

 

Unintended Consequences

While performing the duties they were assigned, the members of the National Commission on Consumer Finance conducted several hearings about the credit approval process for consumer loans.  The stories and anecdotes from these hearings raised a tremendous public outcry about the behavior of banks and financial institutions that were in the business of granting credit.   One of the common themes of the testimonies given was that women and minorities were being left behind when it came to the growth of the consumer credit market.  Public pressure forced additional hearings on the consumer credit market, and the evidence showed that women in particular and minorities in general were being given unfair and unequal treatment by banks.

 

What was Going On? 

So, what were banks doing that was a cause of concern?  There were several practices that had become normal and regular for banks when the applicant for consumer credit was a woman or a member of a racial minority group.

Women had more difficulty than men in obtaining or maintaining credit, more frequently were asked embarrassing questions when applying for credit, and more frequently were required to have cosigners or extra collateral.   When a divorced or single woman applied for credit, she was immediately asked questions about her life choices, sexual habits, and various other personal information that was both irrelevant to the credit decision and not asked of men.

Racial minorities had difficulty even obtaining credit applications let alone credit approvals.  In cases, where members of minority groups attempted to get a loan applicant, there were either told that the bank was not making consumer loans, or that the area that the person lived was outside of the lending area of the bank.

For applicants that receive public assistance, child support of alimony, banks would not consider these as sources of income under the theory that they were temporary and might disappear.

Despite being subjected to embarrassing or incorrect information, in the cases where women and minorities persisted and completed a credit application, banks would drag out the process for interminable time periods and would engage in strong efforts to discourage the applicant from going forward.

In many cases, when a person lived in a neighborhood that was predominately comprised of minorities, the borrower was told that the collateral did not have enough value without further explanation.  

 

The ECOA

Though these stories created a great deal of interest, the CCPA was not amended until 1974 when the first Equal Credit Opportunity Act was passed.  This Act prevented discrimination in credit based on sex and marital status.

 

What was the ECOA Designed to Do?

The development of the consumer credit market brought with it a series of bad behaviors that directly and negatively impacted the ability of women and minorities to obtain credit.   These behaviors included asking women to check with their husbands before getting a loan, denying a single woman credit, discouraging minorities from applying for credit and outright refusal to grant credit.

The law and regulation are designed to open credit to all who are worthy by limiting practices that unfairly exclude groups of people and by making sure that applicants are fairly informed of the reasons for a denial.

The regulations exist because there was bad behavior that was not being addressed by the industry alone.  Many of the compliance regulations share the same origin story.

 

Compliance is not all Bad

Sometimes, we are caught up on focusing on the negative to the point that it is hard to see the overall impact of bank regulations.   One of the positive effects of compliance regulations is they go a long way toward “leveling the playing field” among banks.   RESPA (the Real Estate Settlement Procedures Act) provides a good example.  The focus of this regulation is to get financial institutions to disclose the costs of getting a mortgage in the same format throughout the country.   The real costs associated with a mortgage and any deals a bank has with third parties, the amount that is being charged for insurance taxes and professional reports that are being obtained all have to be listed in the same way for all potential lenders.  In this manner, the borrower is supposed to be able to line up the offers and compare costs.  This is ultimately good news for community banks.  The public gets a chance to see what exactly your lending program is and how it compares to your competitors.  The overall effect of this legislation is to make it harder for unscrupulous lending outfits to make outrageous claims about the costs of their mortgages.   This begins to level the playing field for all banks.  The public report requirements for the Community Reinvestment Act and the Home Mortgage Disclosure Act can result in positive information about your bank.    A strong record of lending within the assessment area and focusing on reinvigoration of neighborhoods is a certainly a positive for the bank’s reputation.  The overall effects of the regulations and should be viewed as a positive.

 

Protections not just for Customers

In some cases, consumer regulations provide protection not just for consumers but also for banks.  The most recent qualifying mortgage and ability to repay rules present a good case.  These rules are designed to require additional disclosures for borrowers that have loans with high interest rates.   In addition to the disclosure requirements, the regulations establish a safe harbor for banks that make loans within the “qualifying mortgage” limits.  This part of the regulation provides strong protection for banks.  The ability to repay rules establish that when a bank makes a loan below the established loan to value and debt to income levels, then the bank will enjoy the presumption that the loan was made in good faith.  This presumption is very valuable in that It can greatly reduce the litigation costs associated with mortgage loans.  Moreover, if a bank makes only “qualifying mortgages’ the level of regulatory scrutiny will likely be lower than in the instance of banks that make high priced loans.

 

Compliance regulations will no doubt be a part of doing business in the financial industry for the foreseeable future.   However, all is not Considering a strategy that embraces the regulatory structure as an overall positive will allow management to start to re-imagine compliance and consider greater investment.   In our next blog, we will discuss the forces that are converging to make the return on investment in compliance strong

Outsourcing and Collaboration – The Time Has Come

A Three-Part Series.  Part Three -Choose Your Partner

Print

Many banks today rely on outsourced functions ranging from core operating systems to monthly billing programs.  The reliance on third parties to provide core functions at banks is no longer viewed as a less than desirable situation, it is normal.  However, over time the types of relationships that banks began to form with outside vendors became more complicated and in some cases exotic.  Some banks used third parties to offer loan products and services that would otherwise not be offered.  In many cases, the administration of the contractual relationship was minimal; especially when the relationship was profitable.

The level and type of risk that these agreements created came under great scrutiny during the financial crisis of 2009.  Among the relationships that are most often scrutinized for areas of risk are:

 

  • Third-party product providers such as mortgage brokers, auto dealers, and credit card providers;
  • Loan servicing providers such as providers of flood insurance monitoring, debt collection, and loss mitigation/foreclosure activities;
  • Disclosure preparers, such as disclosure preparation software and third-party documentation preparers;
  • Technology providers such as software vendors and website developers; and
  • Providers of outsourced bank compliance functions such as companies that provide compliance audits, fair lending reviews, and compliance monitoring activities.[1]

 

According to the FDIC, a third-party relationship could be considered “significant” if:

 

  • The institution’s relationship with the third party is a new relationship or involves implementing new institution activities;
  • The relationship has a material effect on the institution’s revenues or expenses;
  • The third party performs critical functions;
  • The third party stores, accesses, transmits, or performs transactions on sensitive customer information;
  • The third-party relationship significantly increases the institution’s geographic market;
  • The third party provides a product or performs a service involving lending or card payment transactions
  • The third party poses risks that could materially affect the institution’s earnings, capital, or reputation;
  • The third party provides a product or performs a service that covers or could cover a large number of consumers;
  • The third party provides a product or performs a service that implicates several or higher risk consumer protection regulations;
  • The third party is involved in deposit taking arrangements such as affinity arrangements; or
  • The third-party markets products or services directly to institution customers that could pose a risk of financial loss to the individual

 

The FDIC, the OCC and the FRB have all issued guidance on the proper way to administer vendor management.   While the published guidance from each of these regulators its own idiosyncrasies, there are clear basic themes that appear in each.

All of the guidance has similar statements that address the types of risk involved with third party relationships and all discuss steps for mitigating risks.  We will discuss the methods for reducing risk further in part two of this series.

Level of Due Diligence

One of the questions that we noted above was about what level of due diligence is required for a third-party contract.  The OCC guidance defines a critical activity as

 

Critical activities—significant bank functions (e.g., payments, clearing, settlements, custody) or significant shared services (e.g., information technology), or other activities that

  • could cause a bank to face significant risk if the third party fails to meet expectations;
  • could have significant customer impacts require significant investment in resources to implement the third-party relationship and manage the risk;
  • Could have a major impact on bank operations if the bank has to find an alternate third party or if the outsourced activity has to be brought in-house.[1]

For those arrangements that involve critical activities, the expectation is that the  that bank will perform comprehensive due diligence at the start of the contracting process as well as monitoring throughout the execution of the contract.

The steps that are necessary for the proper engagement of a third party for a critical activity are discussed in each of the regulatory guidance documents that have been released.  The OCC bulletin provides the most comprehensive list that includes:

 

  • Relationship Plan:  Management should develop a full plan for the type of relationship it seeks to engage.  The plan should consider the overall potential risks, the manner in which the results will be monitored and a backup plan in case the vendor fails in its duties.
  • Due Diligence:   The bank should conduct a comprehensive search on the background  of the vendor, obtain references, information on its principals, financial condition and technical capabilities.   It is during this process that a financial institution can ask a vendor for copies of the results of independent audits of the vendor.    There has recently been a great deal of attention given to the due diligence process for vendors.  Several commenters and several banks have interpreted the guidance to require that a bank research a vendor and all of its subcontractors in all cases.  We do not believe that this is the intention of the guidance.  It is not at all unusual for a third-party provider to use subcontractors.   We believe that a financial institution should get a full understanding of how the subcontracting process works and consider that as part of the due diligence, however, it impractical to expect a bank to research the backgrounds of all potential subcontractors before engaging a provider.
  • Risk Assessment:  Management should prepare a risk assessment based upon the specific information gathered for each potential vendor.  The risk assessment should compare the characteristics of the firms in a uniform manner that allows the Board to fully understand the risk associated with each vendor. [2]
  • Contract Negotiation:  The contract should include all of the details of the work to be performed and the expectations of management.  The contract should also include a system of reports that will allow the bank to monitor performance with the specifics of the contract.   Expectations such as compliance with applicable regulations must be spelled out.   The OCC bulletin includes the following phrase:

Ensure that the contract establishes the bank’s right to audit, monitor performance, and require remediation when issues are identified. Generally, a third-party contract should include provisions for periodic independent internal or external audits of the third party, and relevant subcontractors, at intervals and scopes consistent with the bank’s in-house functions to monitor performance with the contract

This language has also been the subject of a great deal of media and financial institution attention.  Some have interpreted this phrase to mean that a community bank that uses one of the large core providers has the right to perform an independent audit of the provider.  We believe that this interpretation is inaccurate as it would be impractical to carry out.  We believe that the phrase means that the financial institution is entitled to a copy of the report of the independent auditor.

 

 

 

  • Ongoing Monitoring:   Banks must develop a program for ongoing monitoring of the performance of the vendor.   We recommend that the monitoring program should include not only information provided by the vendor, but also internal monitoring including

 

    • Customer complaints;

 

o    Significant changes in sources of expenses and revenues

 

o    Changes in loan declines, withdrawals or approvals

 

o    Changes in the nature of customer relations ships (e.g. large growth in CD customers).

 

  • Oversight and Evaluation:  There should be a fixed period for evaluating the overall success and efficacy of the vendor relationship.  The Board should, on a regular basis evaluate whether or not the relationship with the vendor is on balance a relationship with keeping.

 

While all of the above steps represent best practices for developing relationships with vendors, it is important to remember that a balance must be maintained.  The vendor management program cannot be so time consuming or stringent that a bank is left without the ability to engage consultants.  However, there must be sufficient diligence and monitoring of vendor relationship to ensure that the bank is managing risks effectively.

 

 

James DeFrantz is the Principal of Virtual Compliance Management Services LLC.  He can be reached directly at JDeFrantz@VCM4you.com

[1] OCC BULLETIN 2013-29

[2] Ibid.

Collaboration and Outsourcing- the Time has Come

 

 

 

Business Teamwork

A Three-Part Series.  Part One- Why Outsource? 

For many financial institutions, resources are the main limitation for the offering or products and services.   While traditional products such as business loans, commercial real estate, mortgages and consumer loans remain the mainstay of the offerings by financial institutions, the competition for customers in these areas remains fierce.   According to the FDIC, community banks and smaller  institutions have found that the  traditional model for income has experience some positive growth in the past two years, but this growth continues to be strained by  the number fintech companies that have begun to “disrupt” the financial services industry.   Fintech, regtech and other software companies continue to make inroads in the traditional community bank and credit union customer base.

“Researchers have projected that fintech could be responsible for a reduction of between 10% and 40% of bank revenue by 2025. It’s estimated that between 15% and 25% percent of U.S. banks could be gone by 2020 as a result of consolidation brought about largely by the rise of fintech and increased regulations on banks.[1]

Opportunities Abound in Other Areas

As competition for customers  in the traditional banking products continues  to increase, the need for innovation that will increase overall non-interest income becomes more important.   While there are other opportunities available, financial institutions often find themselves unable to attempt new things based upon limited  resources such as training, software and experience.   Despite the fact that there may be some difficulties, the returns on the investment in these products is worth the effort.    For example,

“McKinsey, a consultancy, analyzed the impact of fintech on retail banks from an opportunity standpoint. It determined that progressive banks can increase revenues from innovative new offers and business models by 5%; increase revenues from new products and distinctive digital sales by 10%; and lower operational costs through automation, digitization and transaction migration by 30%. This would result in a total potential net profit opportunity of +45 percent. [2]

In addition to the innovations in fintech and in the software’s overall effectiveness in general, often overlooked markets such as the remittance market remain a  strong source of potential income.

  • Global remittances have grown to a record level of $613-billion in 2017, a 7% increase from $573-billion in 2016, according to the World Bank.
  • Payments to low- and middle-income countries rose at a high percentage: up 8.5% to $466-billion last year, from $429-billion the year before, according to the World Bank’s Migration and Development Brief.[3]

“Operation chokepoint”- the rather infamous program brought heavy scrutiny on money services business in general and remittances specifically has now ended.  However, the fear of regulatory concerns still remains with many financial institutions.  As a result, this huge market with its potential for large amounts of noninterest income fees remains largely untapped.

Outsourcing   

With the proper understanding of how a money remitter (’MSB’) works and combined with outsource resources to properly monitor transactions, MSBs present an outstanding opportunity for noninterest income.

There are ways for institutions to address this concern and that is what the interagency guidance on third party resources is intended to address.  According to the recent guidance published by the FFIEC

Collaborative arrangements involve two or more banks with the objective of participating in a common activity or pooling resources to achieve a common goal. Banks use collaborative arrangements to pool human, technology, or other resources to reduce costs, increase operational efficiencies and leverage specialized experience [4]

This is not to say that you should offer products that you don’t understand.  On the other hand, under the right circumstances,  financial institutions can offer  full range of products using the services of a third party

By using the collaborations not only with other financial institutions, but with fintech firms, regulatory tech firms and specialized consulting firms the possibilities for growth and additional products increases dramatically.

In part two we will discuss the risk assessments process

James DeFrantz is the Principal of Virtual Compliance Management Services LLC.  He can be reached directly at JDeFrantz@VCM4you.com

[1] How the Rise of Fintech Could Affect Your Bank  Josh Beard  The Whitlock Company

[2] Ibid

[3]Global Remittances Reach $613 Billion Says World Bank  Toby Shapshak  Forbes Magazine May 2018

 

 

[4] Interagency Statement on Sharing Bank Secrecy Act Resources  October 3, 2018

Making the Case for MSB’s

 

MSB!

For many thousands of workers in the United States, the end of the week renews a weekly ritual; payday.  For those workers who are expatriates, payday renews another ritual, the trip to the local money transmitter also known as Money Service Businesses.  Money Services businesses are defined by FinCEN as follows:

The term “money services business” includes any person doing business, whether on a regular basis or as an organized business concern, in one or more of the following capacities:

(1) Currency dealer or exchanger.
(2) Check casher.
(3) Issuer of traveler’s checks, money orders or stored value.
(4) Seller or redeemer of traveler’s checks, money orders or stored value.
(5) Money transmitter.
(6) U.S. Postal Service.

For many years MSB’s have served the needs of the expatriate workers who are sending money home.  The remittance market is a multi-billion-dollar business serving a large population of the people who tend to be underbanked or unbanked.

 

Storm Clouds

In 2013 the US Department of Justice initiated Operation Chokepoint.  This initiative was described in a 2013;

Operation Choke Point was a 2013 initiative of the United States Department of Justice, which would investigate banks in the United States and the business they do with firearm dealers, payday lenders, and other companies believed to be at higher risk for fraud and money laundering.[1]

The Justice Department’s decision to focus on the activities of MSB’s directly impacted their treatment by banks.  Soon, MSB’s became persona non-grata; the major theme was that these organizations have potential for money laundering and therefore had to be given scrutiny.   There was a second theme that was less prominent; the better the monitoring the lower the risk.   Eventually the regulators were forced to cease the initiative.  Unfortunately, a great deal of the stigma associated with MSB’s remains.

Community Banking Transitions  

Today community banks are experiencing shrinking margins in traditional business lines.  Competition for C & I and CRE has become fierce, shrinking margins and making lending in these areas more expensive.   In the meantime, the main reason for community banking- serving the underserved is still an area that has a great deal of space for growth.   In 2016, the FDIC estimated that 27% of all households were unbanked or underbanked.

The Remittance Market

Remittances are a growing market that continues to grow according to the world bank statistics $138,165,000,000 in remittances was sent from United States to other countries in 2016.  In 2018, the market is expected to grow more than in the previous two years for several reasons.   The average size of an individual remittance remains $200.00.   There are a number of money transfer business that have developed systems that are familiar to the customers and efficient in their delivery.  The forces created by operation chokepoint and growing remittance market are creating great opportunities.  Despite the huge demand and potential for fee income, many MSB’s are in search of a banking relationship.

Why Should a community bank consider an MSB relationship?    

Because of the history we have already discussed for many banks, the term MSB ends the discussion.  However, for those banks that are looking for ways to improve overall profitability; there are several positives to consider

  • Fee income: Because the business model is built on small dollar transactions, there is a large volume of transaction.  Each transaction has the potential to generate fees.  The experience of banks that offer accounts to MSB’s has vbeen a steady reliable source of fee income.
  • Small expenditures of capital: The expenditure of capital that is necessary is largely dependent on the strength of your overall BSA compliance program.  At the end of the day, the financial institution must dedicate sufficient resources to monitor the activity of the MSB.
  • Extremely Low Cost: The costs of the resources mentioned above can and often is covered by the client MSB.
  • Serving the underserved: As we previously noted, the vast majority of the customers using MSB’s are part of the larger underbanked and unbanked population.
  • Opportunities for new markets, projects and a whole new generation of bank customers: Today’s MSB customer can easily be tomorrow’s entrepreneur who opens a large business account at your bank.

 

 

 

 

MSB’s and Risk

For many institutions the decision has been made that the regulatory risk associated with Money service Business is too great to justify offering the product.  Of course, most of make this decision harken back to the struct scrutiny of Operation Chokepoint.

The fact that so many MSB’s lost their banking relationships caused the FDIC (the main “tormentor of financial institutions in this area) to issue FIL 5-2015 which was directed at the mass “de-risking” that that banks were forcing on MSB’s.

 

The FDIC is aware that some institutions may be hesitant to provide certain types of banking services due to concerns that they will be unable to comply with the associated requirements of the Bank Secrecy Act (BSA). The FDIC and the other federal banking agencies recognize that as a practical matter, it is not possible for a financial institution to detect and report all potentially illicit transactions that flow through an institution.   Isolated or technical violations, which are limited instances of noncompliance with the BSA that occur within an otherwise adequate system of policies, procedures, and processes, generally do not prompt serious regulatory concern or reflect negatively on management’s supervision or commitment to BSA compliance. When an institution follows existing guidance and establishes and maintains an appropriate risk based program, the institution will be well-positioned to appropriately manage customer accounts, while generally detecting and deterring illicit financial transactions.[2]

Put another way, the regulators were noting that despite the appears otherwise the principles for  managing the risks of MSB’s still applied; the better the monitoring, the lower the risk.   When considering whether to offer an MSB a bank account, your financial institutions should be able to administrate the account to keep risks low.  In addition to the guidance published by the FDIC, FinCen, the FFIEC and the other banking regulatory agencies have all published guidance making it clear that there are no absolute regulatory restrictions on banking MSB’s.

The time is now for community banking institutions to consider the possibility of baking relationship with MSB’s

[1] Zibel, Alan; Kendall, Brent (August 8, 2013). “Probe Turns Up Heat on Banks”The Wall Street Journal

[2] FIL 5-2015