- Understand the regulatory expectations for larger banks, despite your institution's size.
- Appreciate the difference between operational expectations for management and oversight expectations for directors.
- Stay ahead of heightened regulatory expectations as your bank pursues growth opportunities.
- Expect additional scrutiny from regulators regarding bank sales practices.
- Execute practical cybersecurity strategies and conduct real-time exercises to stress-test cyber responses.
- The increasing importance of Regtech.
ABA Banking Law Committee Discussion
Whether trying to predict how the Trump Administration will reorganize the CFPB, or the extent to which the new Congress will revise Dodd-Frank, uncertainty was in the air at the 2017 American Bar Association (ABA) Banking Law Committee meeting that some of our attorneys recently attended in Washington. Below are some observations on a few of the issues that we discussed with the regulatory agencies and our fellow banking law practitioners.
Clarifying Board Roles. Regulators increasingly have been expecting more from bank directors, to the point that their roles have been blurred with those of management. The agencies appear to be acknowledging this concern, and said that they would try to be more explicit in their guidance regarding the separation of the roles between operational expectations for management and oversight expectations for directors.
Strategic / Growth Issues. As banks pursue growth opportunities, they should note the increased importance of getting ahead of heightened regulatory expectations, such as those surrounding compliance and BSA/AML. Regarding strategic risk, realize that sometimes not doing anything can also be a risky strategy.
Spotlight on Sales Practices. In light of recent practices at large banks, banks should expect additional scrutiny from regulators regarding bank sales practices, including compensation packages, incentive programs, and general compliance culture.
Trickle Down Regulations. All banks generally should understand regulatory expectations for larger banks, because examiners may informally expect a watered down version at their institutions. An example includes the importance of maintaining three lines of risk defense, namely the front line business unit, independent risk management, and internal audit.
Practical Cybersecurity. Beware of cybersecurity policies that are too short to be meaningful or too long to be useful. Banks never really know how good their cybersecurity response will be unless they conduct real-time tabletop exercises to stress test their responses. It was noted that having a bad cyber examination could be the least of a bank's problems, and they should take seriously any regulatory findings.
Emergence of Regtech. The industry is moving beyond Fintech into the increasing importance of Regtech, the use of technology to further automate the ever complicated world of regulatory compliance. Stay tuned throughout 2017 as this issue becomes more prominent.
We Can Help You
Please call us if you would like to discuss any of these issues or if we can otherwise be of assistance.