Banking on the Future: 2021 Community Bankers Symposium, Part 2
This is our second post summarizing the 2021 Community Bankers Symposium, held virtually on October 22. Our first post covered the opening remarks, keynote address, and a special presentation on the future by Brett King. Read it here. In this post, we summarize the view from the CSBS, expert perspectives on cyber security, the regulatory panel, and new initiatives from the FDIC, including an investment fund for mission-driven banks and their communities. The FDIC overview was provided by Chair Jelena McWilliams.
View from the CSBS
John Ryan, president and CEO of the Conference of State Bank Supervisors (CSBS) discussed what he termed the five Cs—the issues that he said will have the greatest impact on the banking system. They are: crypto currency, climate risk, cyber attacks and security, chartering, and central bank digital currency (CBDC). These issues impact policy at the state and federal level, he argued, and can impact the future of banking and specifically the future of community banking.
Crypto currency has grown from a market cap of approximately $4 billion in 2014 to $2.4 trillion dollars (an increase of 59,900%), Ryan said. The regulators and Financial Stability Oversight Council (FSOC) are trying to identify the risks to the financial stability of the banking system. Ryan argued that crypto currencies threaten to cause disintermediation within the financial system, and that the regulatory structure concerning cryptos needs to be addressed.
On climate risk, Ryan said that as the country moves policy toward more sustainable energies, banks may experience transition risk in state and local economies.
Cyber attacks are not slowing down, and ransom-related attacks are up 30% from 2020, Ryan said. Given the cost to protect systems, he added, it is important to fix inefficiencies and push innovation and not risk losing the diversity of the banking system to consolidation.
Chartering in this context is specifically related to the uninsured chartered institutions, Ryan said. These uninsured fintech chartered institutions are not covered by federal law or conditions of the Federal Deposit Insurance Act or Bank Holding Company Act and are not held to the same level of scrutiny related to capital, Community Reinvestment Act, or safety and soundness, he added. Ryan said this creates an un-level playing field, and the chartering of these institutions gives the appearance of federal support. States like Wyoming have passed laws to help define and control these charters, he noted.
A central bank digital currency is a fiat currency that is backed by the full faith and credit of the issuing government. China and other countries are experimenting with CBDCs. This can promote financial inclusion to the unbanked (adults that do not have their own bank account), Ryan pointed out, but may change forever how banking is done.
Ryan concluded that federal regulatory authorities understand the value proposition of community banking and the importance of the lending relationship, as well as how community banks can reach underserved markets throughout the country. As an example, he said, 51% of Payment Protection Program (PPP) funds were distributed through state-chartered banks.
Cyber risk: Perspectives from the Secret Service and CISA
Patrick Hogan, U.S. Secret Service, Chicago Cyber Fraud Task Force, and Tony Enriquez, U.S. Department of Homeland Security, Cyber Security & Infrastructure Security Agency (CISA), provided their perspectives on cyber risk and current threats. Hogan shared some of the salient trends the Secret Service is seeing in the areas of e-skimming (infecting online shopping or service checkout pages with malware to steal payment and personal information), business email compromise (BEC), ransomware, and fraudulent activities related to Covid-19. Enriquez spoke about how CISA focuses on mitigating and responding to disruptions in communications and cyber threats while making Homeland Security’s IT infrastructure more resilient.
Hogan noted that cyber criminals have shifted from point-of-sale terminal hacks to e-skimming because payment card industry standards and chip-enabled cards have made point-of-sale transactions more secure. Supply chains as well as third-party vendors, such as those that provide payment platforms or web analytics are more commonly being targeted, in cases where it is easier to cause harm to the target through this mode. BEC resulted in 35% of all fraud losses reported to the Secret Service in 2019 and 29% of all fraud losses in 2020, Hogan said. He added that $1.8 billion was reported in BEC fraud losses to the FBI in 2020, with $26 billion reported worldwide.
Ransomware is on the rise, Hogan said, with a 17% increase in cyber insurance claims between 2019 and 2020. He reiterated law enforcement’s stance of advising businesses not to pay when they are victims of ransomware as there are additional risks that include violating government and/or financial regulations based on the jurisdictions where payments are sent. Hogan highlighted the Ransomware Self-Assessment Tool, released in October 2020, which consists of 16 questions focused on how a system is being protected, what detection methods are in place, responses to ransomware, and systems recovery. Lastly, Hogan highlighted the Secret Service’s other investigative priorities, including various Covid-19 related frauds, apps that install malware, phishing schemes, sale of counterfeit goods, and CARES Act fraud.
Enriquez said that our nation’s critical infrastructure sectors are becoming increasingly vulnerable to ransomware attacks that severely impact business processes and cripple an organization’s ability to deliver mission-critical services. Ransomware threatens public and private networks, costing billions of dollars in post-incident recovery. Enriquez highlighted how ransomware can affect individuals from a personal perspective, by gaining access to personal files, saved passwords, and financial information, as well as the risk of data being destroyed or lost. From an organizational standpoint, an entity can temporarily or permanently lose corporate data or intellectual property, as well as suffering a loss of revenue, in addition to potential legal fees and damaged reputation. Enriquez highlighted two CISA resources: the joint Ransomware Guide and the Ransomware Campaign Toolkit. He stressed that we all need to work together to raise awareness about the threat ransomware poses, sharing key actions that make organizations more resilient. Additionally, Enriquez provided an overview of the purpose and benefits of CISA’s range of cybersecurity assessments, including vulnerability scanning and cyber resilience review.
Regulatory panel: Current and emerging issues
Cathy Langlois, vice president, Federal Reserve Bank of Chicago, moderated a panel of bank regulators from across the District. The panel featured Stephen Wheatley, assistant vice president, community banking organization supervision, Federal Reserve Bank of Chicago; Brian James, deputy comptroller central district, OCC, Greg Bottone, regional director, FDIC; and Thomas Fite, director, Indiana Department of Financial Institutions.
Wheatley discussed how the supervisory approach changed during the pandemic. The focus was to help ensure that banks could continue to provide credit and services to their customers in an unprecedented environment, he said. He detailed the necessity to modify examination timelines and expectations during this period, and ultimately examinations were paused, while health checks were conducted, and contingency plans were monitored. Wheatley noted that a lot has been learned during this period, and as examiners begin to move to a more normal examination environment, they will continue to maintain a risk-focused approach and look for ways to reduce regulatory burden. Even though virtual exams have gone well, Wheatley emphasized the importance of some on-site presence and the value of face-to-face conversations. He noted that examiners will look to use more of a hybrid approach going forward, coordinating with the regulated institutions and state counterparts.
Fite discussed strategic risks and how the industry is evolving. He noted that the pandemic accelerated the rate at which new financial service providers showed up with new products and services. Fite said he was concerned that some of these products or services might be coming to market without regulation. For example, Venmo used to be a simple way to pay your friend to split a dinner bill, he said, and now Venmo will send you offers for credit cards, offers to have your paycheck directly deposited to a Venmo account, and offers to exchange crypto currency. Fite explained that banks can’t ignore these products but they do need to focus on safe and sound banking as they approach new products. He explained that state regulators do regulate some fintechs, and that there is a really big difference between a charter and a license, as Banks are chartered, while a lot of fintechs are licensed, though some are uninsured fintech chartered institutions. States are working on ways to regulate these marketplaces, he said. Fite noted that regulators need to avoid picking winners and losers as the regulatory environment is being established.
Bottone agreed that the pace of change is accelerating. He added that some banking institutions have not been thinking enough about the future or evolving as much as they might need to. Bankers need to focus on what they are good at, Bottone said, and on what they can offer existing customers and how they can grow with new customers. Bankers need to develop new products and services, he said, but they first need to assess whether they have the appropriate processes in place, the appropriate staff, and evaluate items with their compliance team. After a careful assessment, they may find out it is not profitable to get into something, he added.
James discussed the lessons learned over the last two years that are important for supervised institutions to know. “We fully appreciate the importance of community banks,” he said. Community banks demonstrated strong financial resilience and were effective at utilizing government support programs for pandemic relief; “the PPP is a great example of that,” he added. He also noted that communities, not just customers, realized the value of community banks during this time, and that community banks have made great strides in risk management practices since the Great Recession. The banks went into the pandemic-related slowdown with strong asset quality, good earnings, and improved capital positions, due to better underwriting and lower concentration risks, James said. Community banks really adapted quickly from an operational perspective, he added, but challenges remain, and this highlights the need for strong operational resiliency, he said.
James noted that operational risk, resiliency, incident response, data recovery, and business resumption plans will be a supervisory focal point going forward. Bank management and examiners must be diligent to ensure risk management is maintained as we adapt to the changing environment and manage the changing risks, he said. The OCC will approach examinations with a risk-based focus, taking into consideration the excess liquidity and its impact on earnings and capital, but focusing on banks’ ability to manage the risks, he said. James added that credit uncertainty remains, and while the OCC supports banks working with borrowers, bank management should continue to rate credit appropriately. Lastly, James highlighted the importance of good due diligence as we move forward.
Chair McWilliams shares new initiatives from the FDIC
Closing remarks were presented by Jelena McWilliams, who was sworn in as the twenty-first Chair of the FDIC on June 5, 2018. McWilliams noted that in times like these, it is crucial to come together to celebrate the successes of our community banks and address the challenges. She said that as of year-end 2019, community banks held 36% of small business loans, despite holding only 12% of banking assets. At the same time, community banks accounted for over one-third of commercial real estate loans and 70% of farm and agriculture loans. She also highlighted the impact community banks have in reaching minority, rural, and low- and moderate-income communities. There are currently 608 counties nationwide, McWilliams said, where one or more community banks represent the only FDIC-insured institutions physically present. Despite improvements over the past decade, there continue to be more than 7 million unbanked households in the United States, translating into many more individuals who do not have a basic banking relationship.
Today, as we think about the regulatory system we want to build coming out of the pandemic, McWilliams said, innovation will be critical to fostering financial inclusion and the competitiveness of community banks—challenges that are intertwined.
And the FDIC is addressing these dual challenges head-on, McWilliams said. First, they are taking a multi-pronged approach to supporting financial inclusion in ways that McWilliams hopes will drive home the message that “this is not your grandmother’s FDIC.” Just recently she introduced the Mission Driven Bank Fund. McWilliams explained that based on her conversations with community development financial institutions (CDFIs) and minority depository institutions (MDIs), it became clear that what these organizations need most is capital. McWilliams challenged the FDIC to come up with a framework that would match these banks with investors interested in the particular challenges and opportunities facing these banks and their communities. She said that Microsoft and Truist Financial Corporation are the anchoring investors in this fund, and Discovery Inc has announced its intention to join as a founding member. Combined, these investors are pledging $120 million to support mission-driven banks and the communities they serve, with additional investments expected in the coming months.
The funds will support CDFIs and MDIs to build size, scale, and capacity that will in turn allow them to provide affordable financial products and services to individuals and businesses, McWilliams said. The FDIC will not manage the fund, contribute capital, or be involved in the fund’s investment decisions.
The FDIC is also using tech sprints run by their Office of Innovation, or FDITech, as a novel tool to tackle the gap in financial inclusion, said McWilliams. A tech sprint brings together a diverse set of stakeholders in collaborative settings for a short period to focus intensely on specific issues with implications important to the FDIC and its regulated entities. The first such tech sprint was launched in July of this year and involved eight teams tasked with exploring new technologies and techniques that would help expand the capabilities of banks to meet the needs of unbanked consumers. A demo was held on September 10 and three winning teams were selected.
As part of its efforts to promote financial inclusion, McWilliams said, the FDIC is also conducting an assessment of where their rules may cause impediments. For example, Section 19 of the Federal Deposit Insurance Act was amended in 2020 to reduce barriers to employment in the banking industry.
McWilliams stressed the urgency of innovation to support community banks’ ability to compete and thrive in the modern banking sector. Innovation is no longer an option, she said, but a must. To this end, the FDIC is challenging external parties to develop tools for providing more timely and granular data to the FDIC on the health of the banking sector—more than what is provided in the standard Call reports banks are required to file with their regulators, McWilliams said. Four technology firms have been selected to propose a proof of content for their respective technologies, she added, and the goal is to conduct a pilot program with up to nine FDIC supervised institutions to test the reporting technologies and determine their potential.
The FDIC has also been working on several initiatives to facilitate partnerships between fintechs and banks to allow banks to reach new customers and offer new products, McWilliams said. At the end of 2020, she noted, the FDIC updated their brokered deposit regulations—the first substantial update in approximately 30 years—which removed the regulatory hurdles to certain types of innovative partnerships between banks and fintechs.
In conclusion, McWilliams said her goal as FDIC chair is to lay the foundation for the next chapter of banking by encouraging innovation that meets consumer demand, promotes community banking, reduces compliance burdens, and modernizes supervision while increasing access to banking services. The importance of these goals has only been underscored by the upheaval caused by the pandemic, she said.