August/September 2016 Banking Exchange

Competitive intelligence for bankers

August/September 2016 bankingexchange.com

digital

expectations Why finding the right strategy is critical now

blockchain: what you need to know CRA/fair lending disconnect 1

The Designated Difference Designation of Distinction

Whether you hold commercial or residential loans, you need objective appraisals to help guard against inflated valuations and to help mitigate risk. That’s where Appraisal Institute professionals with the MAI, SRPA, SRA, AI-GRS or AI-RRS designations come in. Because they have met rigorous requirements relating to education, experience and demonstration of knowledge, appraisers holding the Appraisal Institute’s MAI, SRPA, SRA, AI-GRS or AI-RRS designations have been long respected by banks, government agencies, courts, corporations and others seeking real estate appraisal services. Designated members of the Appraisal Institute are committed to conducting business in accordance with the highest ethical standards. Look to their experience, integrity and knowledge to help you better understand complex real estate valuation issues.

To find an appraiser in your area, visit www.appraisalinstitute.org/findappraiser

/Contents August/September 2016

16 Digital Strategies Bankers and others weigh in on why mobile account opening, fintech partners, analytics, and a strategy reset are keys to success By Lisa Valentine, senior contributing editor Cover image: Shutterstock

22 Blockchain need-to-know Five questions cover the essentials, including “What does this mean for banks?� By Steve Cocheo, executive editor

August/September 2016

BANKING EXCHANGE

1

/ contents / 4 On the Web

Aug. 2016-Sept. 2016, Vol. 2, No. 4 Editorial and Executive Offices: 55 Broad St., New York, N.Y. 10004 Phone: (212) 620-7210 Fax: (212) 633-1165 Email: bankingexchange@sbpub.com Web: www.bankingexchange.com Twitter: @BankingExchange

Breaking up (again) would be hard to do; When political involvement isn’t right

6 Like it or Not We’ve moved from the Computer Age to the Digital Age­and the difference is huge

Subscriptions: (800) 895-4389, (402) 346-4740 Fax: (402) 346-3670 Email: bankingexchange@halldata.com

8 Threads Whistle blowing: high-stakes game; Bond questions; Panama Paper AML impact; How long is your attention span?

8 13 Seven Questions CFPB’s Peggy Twohig covers exam prioritization, complaints, and why “unfair” and “deceptive” shouldn’t be such a mystery

27 Compliance Watch Got a “satisfactory” or better CRA rating? You may still get dinged for fair lending

27 32 Bank Tech “Alexa, pay my mortgage.” Virtual assistants come to banking

30 Risk Adjusted Ransomware is the cyberthreat nobody talk’s about. Here’s what you can do

32

36 Counterintuitive Follow these three rules and you’ll be free from the e-mail millstone (yes, some people will be upset with you)

Chairman & President Arthur J. McGinnis, Jr. Editor & Publisher William Streeter bstreeter@sbpub.com Executive Editor & Digital Content Manager Steve Cocheo scocheo@sbpub.com Creative Director Wendy Williams Associate Graphic Designers Nicole Cassano Aleza Leinwand Editorial & Sales Associate Andrea Rovira arovira@sbpub.com Contributing Editors Ashley Bray, John Byrne, Nancy Castiglione, Dan Fisher, Jeff Gerrish, John Ginovsky, Steve Greene, Lucy Griffin, Ed O’Leary, Melanie Scarborough, Lisa Valentine Director, National Sales Robert Vitriol bvitriol@sbpub.com Production Director Mary Conyers mconyers@sbpub.com Circulation Director Maureen Cooney mcooney@sbpub.com Marketing Manager Erica Hayes ehayes@sbpub.com

Subscription Information: Banking Exchange Magazine (Print ISSN 2377-2913, Digital ISSN 2377-2921) is published February/March, April/May, June/ July, August/September, October/November, December/January by Simmons-Boardman Publishing Corp., 55 Broad Street, 26th Floor, New York, NY 10004 Pricing: Qualified individuals in the banking industry may request a free subscription. Non-qualified subscription printed or digital version: 1 year, financial institutions $67; other business $93; foreign $508. 2 year, financial institutions $114; other business $155; foreign $950. Single Copies are $35 each. Subscriptions must be paid for in U.S. funds. Copyright © Simmons-Boardman Publishing Corporation 2016. All rights reserved. Contents may not be reproduced without permission. Reprints For reprint information Contact: Mary Conyers, (212) 620-7250, mconyers@sbpub.com For Subscriptions, & Address Changes: Please call: (800) 895-4389, (402) 346-4740, or Fax: (402) 346-3670, e-mail: bankingexchange@halldata.com Write to: PO Box 1172, Skokie, IL 60076-8172 Postmaster: Send address changes to Banking Exchange magazine, PO Box 1172, Skokie, IL 60076-8172 2

BANKING EXCHANGE

August/September 2016

Editorial Advisory Board Jo Ann Barefoot, Jo Ann Barefoot Group, LLC Ken Burgess, FirstCapital Bank of Texas, N.A. Steve Ellis, Wells Fargo & Co Mark Erhardt, Fifth Third Bank Joshua Guttau, TS Bank Jane Haskin, First Bethany Bank Trey Maust, Lewis & Clark Bank Earl McVicker, Central Bank and Trust Co. Chris Nichols, CenterState Bank of Florida, N.A. Dan O’Malley, Eastern Bank Dan Soto, Ally Bank McCall Wilson, Bank of Fayette County

THE FUTURE OF MOBILE BANKING WILL BE BUILT ON A HIGH-PERFORMANCE NETWORK. The future of banking is digital. In fact, 32% of adults currently use mobile banking, and that’s only expected to grow. While this new era of banking offers opportunities to increase revenue, it also comes with new layers of complexity. The expanding functionalities of mobile banking require a network that makes it all feel as seamless as the consumer expects. The Comcast Business high-performance,

low-latency network solutions offer a level of customization that allows banks to focus on revenue, not the network. And with one of the nation’s largest advanced networks, it’s built to connect multiple locations so banks can meet the demands of the future. Visit business.comcast.com/ nancial-services or call 888-317-9627 to learn more.

Rest Res stricttion ions ons app apply. ly Call for fo details ils.. © Comc Com a ast s 2016. All rights reserved. d

INTRODUCING COMCAST BUSINESS ENTERPRISE SOLUTIONS

/ ON THE WEB / Popular stories on

bankingexchange.com

Can banking survive “augmentation”?

Why breaking up again would be hard to do

Politics beckons: Should your bank follow?

In her review of Brett King’s latest book, Augmented: Life in the Smart Lane, banker Jane Haskins says King paints a challenging picture for banks. The book also looks at technology’s impact more broadly. Read more at tinyurl.com/BEbookreview-King

Replace Dodd-Frank with a reinstated Glass-Steagall? Ed O’Leary puts a “whoa there” on that horse trade with several reasons why it’s not practical, won’t work, and would be bad for banking. Read more at tinyurl.com/ Dodd-Frank-horsetrade

In terms of grassroots participation, the answer is, “Absolutely.” But blogger Jeff Gerrish draws a distinction between what’s appropriate and what’s obnoxious. He cites examples and raises several questions. Read more at tinyurl.com/politicalbankers

Fair lending from a veteran’s perspective D.C. attorney Andrew Sandler has been in the thick of fair-lending legal cases for decades. In an interview with Banking Exchange, Sandler says the election outcome won’t greatly alter fair-lending enforcement. He also covers marketplace lending, differences in focus between Justice and CFPB, and more. Read more at tinyurl.com/FairLendingVeteran

Subscribe to our free weekly newsletters, Tech Exchange and Editors Exchange at bankingexchange.com/newsletters

@BankingExchange

4

BANKING EXCHANGE August/September 2016

To suggest topics, new blog subjects, and other web ideas, contact Steve Cocheo, digital content manager, scocheo@sbpub.com, 212-620-7219

more convenience greater security lower cost get it all with card@once® Card@Once® makes it easy for any size bank to issue and replace cards on the spot at any branch location. This can be a great value add for customers. Our simple "plug and play" system is EMV® ready and comes with all security requirements already in place and certified.

cardatonce.com

Card@Once delivers 100% turnkey card issuance, ®

including key management. • • •

Small & Convenient Built-In Firewall & Router Advanced Personalization Features

• • •

PCI Certified Encrypted Web-Based Data Transfer Self-Selected PIN

100% P E ACE OF MIND

30%

OR MORE SAVINGS

100%

CARDHOLDER SATISFACTION Patent Awarded 8.429.075 EMV is a registered trademark or trademark of EMVCo LLC in the United States and other countries.

www.cpicardgroup.com U.S. 1-800-446-5036 Canada 905-761-8222 U.K. +44 (0)1206 845555 © 2016 CPI Card Group

/ like it or not /

Welcome to “digitalization”

I

n the first of two noteworthy quotes in this issue, Denny Hudson, CEO of Seacoast Bank, Stuart, Fla., says in the cover story: “This is a fascinating time for banks. We are in an industry in which usage of our highest cost channels is declining and our lower cost channels are exploding. There’s got to be a way to turn that into real success.” Seacoast is working on doing that along with a growing number of banks willing to step outside the familiar. The article (p. 16) focuses on the need to develop a digital strategy—that is, a way to adapt to, and profit from, the shift to a digital world. Although the article focuses primarily on consumer business, the trend is universal. Nor is the focus only on mobility—even though mobile phones dominate the discussion because of their ubiquity and capabilities. Other important factors include use of data analytics and having the right team in place. “Digitalization” is the current oneword description of the sweeping changes being wrought by the reengineering of processes, habits, and ways of thinking. Bits and bytes have been part of banking for 50 years or more, but that was the “Computer Age” and it had a longer gestation period. The “Digital Age” requires a much quicker response. Astute readers may recall that two issues ago, I wrote here that “it’s not all about digital.” The above comments may seem like a f lip-f lop worthy of a politician. I’ll leave the assessment to you, but I think my earlier statement still stands. Even though digitalization affects nearly ever y thing—customer behavior and expectations, markets, competition, strategies, business models, risks, processes, and more—in the end, it still comes down to people figuring out the best ways to take advantage of all the changes to meet customer needs (and make a buck in the process). And since the skills and talents of leaders and employees vary greatly, it is indeed a very interesting time, as Denny Hudson observed. Seacoast is an example of an old-line bank moving aggressively away from the

6

BANKING EXCHANGE

August/September 2016

traditional model, in part by bringing in some outsiders. Not everyone is ready to move so quickly, and, depending on their customer base, may not need to. But one thing is clear, no bank anywhere can simply not change. Despite dig italization, the nature of people hasn’t changed. As we wrote last issue, timeless qualities endure and contribute to success in whatever “age” we are in. But the way people work and live changes all the time. Digitalization has sped up the pace of such change immensely, and a bank—any organization—either adapts or fades away. What’s the second noteworthy quote? You’ll get a chuckle out of not only the quote, but the fact that it appears to contradict all of the above. In Steve Cocheo’s excellent feature about the blockchain’s impact on banking (p. 22), he quotes Jack Henry’s Ron Mazursky, who does a nice job of tamping down some of the rampant hy pe about this important, but still emerging technology. Comparing blockchain’s stage of development to the ongoing effort to shift to real-time payments, Mazursky says: “If real time is the wild west, blockchain is still at creation.” Just remember though, the time from creation to status quo gets shorter every year. Read Cocheo’s story, and then (if you haven’t already), select a bright, interested person to track blockchain developments and to report periodically to the CEO and the board. The blockchain has the potential to impact every bank even more than mobile phones. ••• In the last issue, I w rote about “Six qualities that def y time.” (Read it at tinyurl.com/JuneJulycolumn.) These are: patience, courage, calmness, the will to go on, adaptability, and humility. In response, bankers emailed suggestions for other timeless qualities to add to the list. Two were: “curiosity (always learning)” from Cherie Trice of First Niagara, and “kindness” from McCall Wilson of Bank of Fayette County. What qualities would you add? Email me at bstreeter@sbpub.com

BILL STREETER, Editor & Publisher bstreeter@sbpub.com

The ‘Computer Age’ had much longer development times. The ‘Digital Age’ requires a much quicker response

October 5-6 | Chicago

Set your course for a NEW immersive conference experience. Let BAI Beacon be your guide forward on the most important issues impacting financial services. Engage in dynamic learning experiences and explore industry innovations—not in theory, but in action—that solve real problems and drive positive change.

EXPLORE the latest innovations in action, solve real problems and drive positive change in financial services, including the U.S. premiere of FinTechStage, led by cofounders and industry innovators, Lazaro Campos and Matteo Rizzi.

CONNECT with unbiased perspectives on key issues related to sales, marketing, product development, channel strategies, payments, fraud, compliance, small business, analytics and technology. Experience unmatched opportunities to engage with other financial services leaders facing similar challenges to accelerate your learning.

ACT and leverage your onsite experience and new connections to confidently power smart business decisions and inspire your organization.

View the full Agenda and Register Today at BAIBeacon.com

/ THREADS GOLDEN WHISTLES

Whistleblower case spotlights high stakes for banks By Melanie Scarborough, contributing editor

T

he SEC ’s recent enforcement action against Bank of America Merrill Lynch, in which Merrill Lynch agreed to pay $425 million to settle charges that it violated customer protection law, demonstrates the enormous stakes that banks, regulators, and whistleblowers have in profits, penalties, and rewards. According to the SEC, Merrill Lynch violated the Customer Protection Rule by misusing customer cash that should have been deposited in a reserve account. The agency said Merrill Lynch engaged in complex options trades from 2009 to 2012 that artif icially reduced the required deposit of customer cash in reserve, freeing up billions for its own trading—ex posing clients’ a ssets to greater risks. The practice was investigated after two former Merrill Lynch brokers took their concerns to the SEC. In a statement, Merrill Lynch said it

SHORT AND SWEET We’re not sure how they measured the attention span of a goldfish, but the trend for humans is clear: We spend less and less time on any one thing, but a lot of time cumulatively on email, according to StatisticBrain. For an interesting take on email and its effect on our ability to focus, read Counterintuitive on page 36. Source: www.statisticbrain.com/attention-span-statistics/; April 2015

8

BANKING EXCHANGE August/September 2016

12 SECONDS Average attention span, 2000

cooperated fully with the SEC and that no customers were harmed or losses incur red. Nonetheless, it sa id, “ We have dedicated significant resources to reviewing and enhancing our processes. The issues related to our procedures and controls have been corrected.” Attorney Rebecca K atz of Kessler Topaz, which represented the whistleblowers, says there are likely to be more investigations. “The SEC has announced that this case is an indication that it will be looking more closely at these types of profits,” she says. “A lot of [these products] are very profitable for banks, but may not be appropriate for retail customers.” Christopher Cole, executive vice-president and senior regulatory counsel for the Independent Community Bankers of America, says proprietary trading is at odds with banks’ obligation to serve a public purpose. “Proprietar y trading is conducted for the sole purpose of generating profits for the bank’s owners and not related to the entity’s banking activities or to providing services to customers,” he says. A spokesman for the American Bankers Association declined to comment on the case. One thing is clear: whistleblowers have a financial incentive to engage the SEC. Last month, the SEC announced a n awa rd of more tha n $17 million to a whistleblower whose tip led to

enforcement action. Since it was created almost five years ago, the SEC’s whistleblower program has awarded more than $85 million to 32 whistleblowers. “Whistleblowers have been a key component of restoring the credibility and trust in the banking industry that was severely damaged during the crisis,” says Jordan Thomas, an SEC whistleblower lawyer with Labaton Sucharow. “I’m seeing more people than ever before use the SEC’s whistleblower program to help clean up the industry. Not only are there substantial rewards available, but the program’s protections for retaliation and anonymity have worked extremely well.” Katz says Merrill Lynch rebuffed her clients’ concerns for four years. “My clients tried to work it out with Merrill and only brought this action because they couldn’t get anywhere with Merrill and wanted to make their clients whole,” she says. “Bankers need structured products to be completely transparent and have full disclosure if the instruments are complex.” Banks that engage in proprietary trading are subject to the Volcker Rule, which prevents government subsidies, like federal deposit insurance, from funding speculative trading. That’s appropriate, in Cole’s view: “The recent financial crisis and the ensuing government bailout show what happens when banks depart from the fundamental business of banking.”

8.25 SECONDS

9 SECONDS

Average attention span, 2015

Average goldfish attention span

Banking Exchange wins 9 awards

A

mong some of the toughest competition in the B2B publishing world, Banking Exchange won six regional awards and three national awards for editorial and design excellence. The coveted awards, known as “Azbees,” are given out by ASBPE. Editor & Publisher Bill Streeter said: “To be singled out by your peers is satisfying. It reinforces our goal: to offer bankers high-quality, unbiased, and useful articles.” The awards were: • Silver (national and regional) for e-Newsletter/General Excellence: Editors Exchange newsletter, by Steve Cocheo. • Silver (and gold regional) for Best Overall Typography: Banking Exchange magazine. • Bronze (and silver regional) in the How-to Online Category: Community Banking blog, by Jeff Gerrish. • Other regionals: Regular Department, Threads (silver); General Interest Feature, “Disruption Everywhere,” by Jo Ann Barefoot (silver); and How-to Online, Talking Credit blog, by Ed O’Leary (bronze).

30 TIMES/HOUR Average times a worker checks email

August/September 2016

BANKING EXCHANGE

9

/ THREADS /

BOND PORTFOLIO QUestion

HTM portfolios have been climbing; some question the strategy By Nathan Stovall and Venkatesh Iyer, SNL Financial staff writers

B

anks have prepared for higher interest rates and reacted to new capital and liquidity standards by placing larger amounts of securities in held-to-maturity (HTM) portfolios. While the strategy has gained popularity in recent years, some advisers have argued against the approach, noting that the Street is not concerned about short-term changes in bond portfolio valuations. Even as rates declined, many banks expected rates to go higher and built their HTM buckets, which, unlike available-for-sale (AFS) portfolios, are not subject to mark-to-market adjustments on a quarterly basis. Those mark-to-market adjustments in AFS portfolios f low through accumulated other comprehensive income (AOCI) and impact tangible common equity. Banks have sought to mitigate the impact of changes in market valuations on their book values by relying on their HTM portfolios more in recent years. HTM portfolios represented 23.6%

of all securities at the end of the first quarter, up from 23.2% at the end of the fourth quarter and 20.9% a year ago, according to SNL data (see chart, below). As long-term rates fell back near historic lows, some institutions invested cautiously, keeping in mind the negative AOCI impact that could come if interest rates begin to rise.

Asset/liability needs must drive bond investments, not markto-market concerns Many securities banks hold are likely to see their values come under pressure if rates rise. This has become even more pronounced for institutions with more than $50 billion in assets, which are subject to the liquidity coverage ratio (LCR). That provision requires them to hold higher concentrations of market sensitive securities, like Treasuries and Ginnie Maes.

HTM portfolios have grown by 93.7% since the LCR surfaced in proposed form in fall 2013, while increasing by nearly 191.1% since the Basel III rules were first proposed. Conversely, banks’ AFS portfolios have risen 1.8% since fall 2013, but declined 2.5% since summer 2012. Still, some advisers have encouraged banks to not let their interest rate outlook dictate their investment strategy. ... Others have argued that banks should not be focused on valuation changes in their bond portfolios no matter what happens to rates. Scott Hildenbrand, chief balance sheet strategist at Sandler O’Neill, said during a June webinar that asset/liability needs should drive investments in the bond portfolio, not mark-to-market concerns. Hildenbrand further noted that as long as banks recover the funds they put to work in their bond portfolios, institutions should not worry too much about fluctuations in the market. Read the full article at tinyurl.com/ HTMquestions

AFS and HTM securities at US banks and thrifts Total HTM securities ($ trillion)

4.0

24

3.5

21

3.0

18

2.5

15

2.0

12

1.5

9

1.0

6

0.5

3 0

0.0 Q1

Q2

Q3

Q4

2013

Q1

Q2

Q3 2014

Q4

Q1

Q2

Q3 2015

Q4

Q1 2016

Date compiled June 28, 2016. Source: SNL Financial, an offering of S&P Global Market Intelligence Analysis includes U.S. government, state & municipal and residential mortgage-backed securities at U.S. commercial banks, savings banks and savings & loan associations. Industrial banks, nondepository trusts and cooperative banks were excluded.

10

BANKING EXCHANGE

August/September 2016

(%)

($ trillion)

Total AFS securities ($ trillion) HTM securities/total securities (%)

PANAMA PAPER AML IMPACT High-profile leak puts new focus on beneficial ownership By Manish Chopra and Jeffrey Ingber, Genpact

A

s was inevitable, the Panama Papers scandal (involving Panamanian law f irm Mossack Fonseca), which highlighted the use of shell companies to hide assets and avoid taxes, has triggered a vigorous regulatory response. It is now clear that the key to antimoney laundering compliance survival increasingly revolves around customer transparency. Financial institutions need to “kick the tires” on their AML programs in a number of ways. One area in particular is “beneficial ownership.” In July 2014, the Financial Crimes Enforcement Network issued a longawaited proposed rule requiring banks and other financial institutions to collect and maintain information on individuals who hold 25% or more of an interest in a customer or who otherwise control it. After languishing until now, this rule has been made f inal, and banks will have two years to comply. The Treasury Department also has proposed legislation to require U.S.-formed companies to

know and disclose the identities of their owners at the time of creation or ownership transfer, and to establish a central registry of beneficial ownership. The challenges regarding beneficial ownership are great, and include the difficulty of “looking through” layers of legal ownership—particularly for shell companies, trusts, partnerships, and special purpose vehicles. There also is the need t o c onsider ow ner sh ip a nd c ontrol

changes globally, and to keep pace with the enormous number of such changes. Histor ic a lly, complia nce of f icers have implement ed procedures t hat require navigating through a multitude of corporate registries; internet pages; mergers and acquisition data; and public databases. While they may appear comprehensive, these time-consuming searches often prove to be unproductive. Banks need to up their game. Customers, especially those rated “high-risk,” should be required to periodically provide meaningful data about changes in beneficial ownership. Moreover, as customer-provided data can be unreliable, banks should consider increasingly targeted and automated searches using the most advanced solutions for scouring and analyzing country registries; sanctions and enforcement lists; and intelligenceservice-based databases. All data should be assimilated into the bank’s overall customer due diligence knowledge base. Read the full article at tinyurl.com/ AML-beneficial

BACK TO THE FUTURE?

CRE lending under increased scrutiny—multifamily in particular By Steve Cocheo, executive editor

A

mid a generally increased level of concern about bank credit, the Comptroller’s Office has increased its focus on commercial real estate credit. In releasing Semiannual Risk Perspective for the first half of the year, OCC’s National Risk Committee said that CRE credit had moved from “monitoring status” to “an area of additional emphasis.” “Banks continue to ease underwriting standards and practices across a variety of credit products as they strive for volume and yield in an increasingly competitive environment,” the committee stated. “Easing standards are particularly evident in indirect auto, C&I, and CRE lending. Increased risk layering is an additional concern.”

The report said of CRE that looser underwriting standards had been seen in 2015—with less-restrictive loan covenants, extended maturities, longer interest-only payment periods, and limited guarantor requirements. The latter were given as an example of increased risk layering. Comptroller Thomas Curry noted that at year end, 406 banks had CRE portfolios that had grown over 50% in the prior three years. Examinations by OCC also found “deficient stress testing practices.” OCC’s report noted that “apartments are at a more advanced stage of the vacancy rate cycle than other commercial property types and so could see rising vacancy rates sooner than other property types.” Although multifamily CRE lending is a small share of total bank credit,

according to OCC, it is a significant concentration and a fast-growing category for more than one in seven banks experiencing growth rates of 10% or more. Read the full story at tinyurl.com/ CREscrutiny

August/September 2016

BANKING EXCHANGE

11

/ THREADS /

INSURANCE HEADWINDS

Private-equity deals have inflated agency prices, but banks continue to show interest in insurance By Ashley Bray, contributing editor

T

he bank-insurance market is active, but banks face challenges to entry and continued success. “Banks are driving 5% to 10% of the annual agency acquisition activity, at least in terms of the announced deals every year,” says Jim Campbell, partner at Reagan Consulting. Acquisitions, however, have become challenging due to private-equity moving into the market. “The prices have been significantly higher than what we’ve been accustomed to over the years,” says Markham McKnight, president of BancorpSouth Insurance Services Inc., the insurance division of $13.9 billion-assets BancorpSouth, Tupelo, Miss. “Private

equity-backed buyers are now driving close to half of all the announced transactions every year,” adds Campbell. “They have experienced management teams that are very knowledgeable about insurance.” Still, ba nk s rema in interested in agency acquisitions. In previous years, renewable noninterest income was the primary driver, but other benefits include the strong economics of insurance, which provide a decent return on investment. Insurance’s complementar y produc t s a nd ser v ices a lso have appea l, notes Deanne Mariño, executive director of A mer ican Bankers Insurance Association. Banks want to offer insurance, she says, because “it deepens the

relationship with their customers.” The challenge of how to integrate and incorporate the insurance business model remains. “Cross selling into the bank customer base never materialized to the degree that I think many banks hoped for 15 years ago,” says Campbell. BancorpSouth Insurance Ser v ices has had some success through organic growth. “We’ve done a lot better making sure that we get quotes in front of our mortgage customers,” says McKnight. “We may f ind that in a year or two there’s an acquisition marketplace that’s a little more favorable for banks,” sums up Campbell. “The interest is there, but execution is just a little challenging.”

Imagine the Possibilities A modernized customer experience and limitless digital future. • • • • • •

Analytics & Reporting Channels Collection & Recovery Core Banking Financial Crime Funds & Securities

#1

temenos.com usainfo@temenos.com

12

BANKING EXCHANGE

August/September 2016

world leader in banking software

• • • • • •

1,500

Origination Payments Profitability Risk & Compliance Service Wealth Management

US financial institutions use Temenos products

2X

the industry average spent on R&D

/ Seven Questions /

UNDERSTANDING CFPB’S MINDSET Bureau’s Peggy Twohig takes aim at risks to consumers—even the risks they aren’t aware of By Steve Cocheo, executive editor

Shutterstock/kmlmtz66

P

eg g y Twoh ig l i ke s t o t a ke a hands-on approach to financial regulation. This attitude shows in two ways, one personal and the other professional. Twohig, initially hired in 2010 to head the Consumer Financia l Protection Bureau’s (CFPB’s) nonbank super v isory team, currently serves as assistant director for supervision policy, the head of an office in the bureau’s Supervision, Enforcement, and Fair Lending Division. Before a short stint at the Treasury Department, she spent 17 years at the Federal Trade Commission (FTC) working on

As a consumer, Twohig says even she is “befuddled” at times by the financial services she encounters.

enforcement and policy matters related to consumer financial services. “Because of my profession, I push myself to try things out as a consumer t hat I wou ld n’t nat u ra l ly do,” say s Twohig. “While I have a bit of a leg up considering the work I do, sometimes I am befuddled, puzzled, or even frustrated by some of what I encounter, like many consumers.” Back when she worked at the FTC,

for example, Twohig decided she would use the internet to comparison shop for a pending mortgage refinance, which is something that the FTC stressed in its consumer advisories. “Trying to compare and contrast all the options turned out to be incredibly difficult,” maintains Twohig. “One reason was that lenders used so many different names for the various fees.” In a related vein, Twohig, being an attorney in consumer finance, serves as a family financial “go-to” person. “I hear my relatives’ experiences and that helps inform me on some of the issues that consumers deal with.” For example, a niece recently experienced a medical billing issue—a charge she’d never learned of surfaced when it was handed over to a debt collection agency—and Twohig encouraged her to submit a complaint. On the professional front, Twohig also likes the direct approach. “I require my policy staff to go out at least once a year on exams to make sure they understand the exam process and the challenges that our examiners face—it’s a difficult job,” she points out. Some of her staff attorneys and analysts came from examination backgrounds, but for some of them, this is all new. She, too, will periodically join an exam team—not just observing, but putting herself at the disposal of the group’s top examiner for work. Digging into the daily exam tasks helps her understand the field, which is important because one of the roles of her CFPB section is advisory. “The way I look at it,” says Twohig, “the examiners are our clients, and we’re like an in-house expert consulting firm trying to make sure we support them so they can do the best job possible.” Twohig’s supervision policy section works directly w ith the super v ision field force. Typically, each CFPB team that v isit s a ba nk ha s a desig nated supervision policy person on call. “My office is organized by product market teams,” maintains Twohig. “These are attorneys and analysts who are experts in those markets, who know the issues August/September 2016

BANKING EXCHANGE

13

/ Seven Questions /

Q1. You were part of the team that set up CFPB from a nearly blank slate. How did you apply past experience to that? It was exciting to have a fresh start, to decide whether to do things the same way that other regulators had done them or to do some things differently. One decision from the get-go was to not have separate cadres of examiners looking at banks and nonbanks. Our examiners look at both. That helped to ensure that we could fulfill our mission of looking with the same lens across both marketplaces, to level the playing field. That was something new. State regulators typically separate those functions. I was told by one state regulator that what we were trying to do would never work. Well, we did it anyway. Five years later, I’m glad we did, because it’s helped us accomplish the mission and be f lexible with our workforce overall. Some of our staff who had come from other agencies had to get used to this difference. They were used to supervision on an entity basis, on a reg-by-reg basis. Likewise, it was different for them to work for an agency that prioritized and directed exams based on our ongoing assessment of risks to consumers. They’d come from agencies where, normally, exams were 14

BANKING EXCHANGE

August/September 2016

scheduled based on a calendar cycle. UDA A P is an example of why our approach is different. Early on, someone here from a prudential regulator background was suggesting one institution-wide UDAAP exam. I didn’t see how you could do that. Where would you start? The essence of Unfair, Deceptive, or Abusive Acts and Practices kind of depends on what exact practices you are talking about, product market by product market. The notion of constantly learning and improving is baked into our DNA. We’ve had the opportunity to be iterative, instead of being an agency that’s always done things a certain way and where it’s assumed that you’ll always do it that way.

are focusing on one particular product line—not the full range of products a company offers. It might be mortgage servicing or mortgage origination, for example. Sometimes, within the selected product area, we want to focus further. Take mortgage servicing: There, we may be looking at how defaulted loans are serviced and how the company handles loan modification. Those have been priorities for some time. Sometimes, we have strategic priorities where we are prioritizing, say, consumer reporting. Not just consumer reporting agencies, which CFPB is doing for the first time, but also the inputs to consumer reports by furnishers.

Q2. I’d like to better understand the prioritization process. How does it work?

Q3. How much would you have to see of a particular kind of complaint for bells to go off and for you to make it a priority?

F u nd a ment a l ly, ou r pr ior it i z at ion approach is based on our assessment of risks to consumers. Many factors go into which markets we prioritize. Then, within those markets, we look at which particular entities we want to focus on, for various reasons. Factors include inputs like complaints, and things our staff in the field has seen developing. Typically, in examinations, our teams

Complaints are important. They represent feedback from consumers in terms of what’s going on in the marketplace. They inform our process, but they are just one input. There are some areas where consumers don’t even know to complain, so complaints aren’t the be-all and end-all. For example, take adverse action notices that you have a right to receive, but which you may not know

Twohig, shown at an ABA meeting, says, “There is deep precedent on what a deceptive practice is.”

Photo courtesy ABA

and how laws and regulations apply.” Twohig and her staff set the priorities and strategic focus of CFPB’s entire supervision program, and her office also consults with the exam force regarding the direction of exams and the scope of individual exams. When an issue arises in an exam in one region, her team works to inform other regions’ examiners in order to bring it to their attention and to ensure consistency. When issues arise in an exam that are not clear-cut, members of the team analyze the matter, coordinate with other CFPB functions, and brief the exam team so they can cite the issue in their examination report. For Twohig, this is important not only for the sake of ensuring consistency in bank supervision, but among the many nonbanks that also fall under CFPB jurisdiction. CFPB regards exams from a f unctional reg ulation viewpoint—the type of services under review is the focal point, not the type of company providing the service. The following dialog has been edited for both flow and clarity.

you have a right to get. You wouldn’t know to complain. I was at the FTC in the run-up to the Great Recession. The FTC didn’t get many complaints about mortgages then. In some instances, consumers didn’t know that they were being deceived about the terms of the mortgages. We had some investigations where the first time the consumer learned they had received a balloon loan, instead of a regular amortizing loan, was when FTC’s investigator told them so. C ompla int s a re impor t a nt , e spe cially to the companies receiving them. In a good compliance management system, complaints are not only responded to—and we look for that at CFPB—but they should also be analyzed. For example, is there a root cause for multiple complaints, such as a marketing representation that consumers are being deceived by? Is there some system issue that needs to be looked at? Q4. I’ve been in conference sessions running as long as two hours where compliance officers have tried to parse what is and isn’t a UDAAP problem. Some bankers, on the other hand, apply the simple “would you sell it to Mom” test. How do you think bankers should be thinking about UDAAP now that the concept has had time to gestate out there in the industry and at CFPB? It’s interesting for me to hear expressions like, “Now that it’s out there,” given my career at FTC. The FTC has been enforcing unfair and deceptive acts and practices law for decades, as applied to different types of markets and situations. So one way to think about UDAAP is to consider the history. There’s deep precedent on what a deceptive practice is. No one should be surprised that those basic principles will be applied to financial services. In fact, with respect to nonbanks, at FTC, it was applied to financial services practices. Now, take unfairness. The law has elements regarding this that need to be applied. A factual basis must support each element. The nature of unfairness, and UDAAP in general, is that it can be applied to practices that may be new or evolving. People fail to understand the nature of unfairness—that problematic practices can arise that can be addressed with application of existing law to the facts.

We don’t necessarily have to devise a new regulation every time one entity or a few are doing something that’s a problem. Now, take the abusive part of UDAAP. Contrary to some assertions by opposing counsel who are trying to stir the pot, there are elements of an abusive standard under existing law. Banks must look at how the bureau has applied this under UDAAP. I think those facts speak for themselves. Q5. I’ve seen you on panels at conferences, and you have made the point more than once that CFPB has put a great deal of information out there. You’ve advised bankers to read the rule, read the regs, and read the consent decrees to get the picture.

us. As shown by Supervisory Highlights, it is important to us that industry knows what we are focusing on and finding as we supervise institutions. Companies can use this valuable information to review their own practices and make any adjustments needed to ensure compliance. Q6. Crossing the $10 billion threshold— where direct CFPB supervision and more begins—has come to be a major milestone for banks, especially as the industry continues to consolidate. Banks plan for it. What advice would you give institutions nearing that mark? Again, look at what we publish, especially in terms of our expectations for compliance management systems. That would go a long way to understanding what we are looking for. But I would also encourage those banks to reach out to our regional directors. If they believe they are about to cross the threshold, if they haven’t heard from us already, they can start a dialog. We definitely encourage that kind of conversation.

“The more we are convinced that a company has a robust compliance management system protecting consumers, the less it will see of us”

Q7. More and more of my reporting concerns innovation and services being offered on devices like iPhones. How is this changing the game? Is this only a challenge, or is it also a solution, in terms of compliance and consumer protection?

That’s right. Our publicly posted exam manuals, industry bulletins, and outreach provide guidance to companies about what to expect. And we also publish our Supervisory Highlights periodically throughout the year. I think it’s a novel communication tool, where a regulator, without breaking supervisory confidentiality, reports on the kinds of things we’re finding in our supervisory work. I think it’s a very valuable tool. And the other thing I say a lot is that the frequency with which we examine a particular financial institution will depend on our evaluation of the consumer risks they pose. The more we are convinced that a company has a robust compliance management system, the more they have things under control in terms of compliance and protecting consumers, the less they’re going to see of us. We want companies that we supervise to know they can reach out to us. If you have questions about our supervisory program or expectations, please contact

I think it’s both. Mobile services are an extension of the innovations and technology advancements over the last couple of decades. We here at CFPB are monitoring developments across the marketplace. As a consumer, I can see benefits, such as the ability to comparison shop. My work, however, is focused on supervision. But there’s more to technology than that, and something we are increasingly focusing on in our super v isor y work are the third-party compliance systems that both banks and nonbanks somet i me s rely on. I’m not t a l k i ng about mobile apps, but the behindthe-scenes technology that drives and supports compliance. Sometimes, those systems can be a problem in terms of compliance. In the future, we are going to be looking at those k i nd s of ser v ic e prov ider s d i rec t ly through our supervisory work. And one aspect of that will be to make sure we have the capability in-house to understand this technology.

August/September 2016

BANKING EXCHANGE

15

higher expectations Why the right digital strategy is critical to banking now By Lisa Valentine, senior contributing editor 16

BANKING EXCHANGE

August/September 2016

Shutterstock/Stokkete

A

sk Florida-based Seacoast Bank if it has a digital strategy, and the answer will be a resounding, “Yes!” “Digital is fundamental to our business and to the future of the entire financial services industry,” says Denny Hudson, CEO of the $4.3 billion-assets bank. He explains that the traditional bank model that was built upon the premise of face-to-face and paper transactions is crumbling. Strong word, “crumbling.” Hudson goes on, “We built banks and developed systems that dictated how customers should behave in order to do business with us. We now need to service customers in ways that are far more convenient for them.” At Fifth Third Bancorp, digital engagement also is a critical strategy. The company has experienced a 25% growth in mobile adoption from 2014 to 2015, notes Melissa Stevens, chief digital officer and head of omnichannel for the $140 billion-assets Cincinnati-based regional. The key to digital engagement, she says, is to understand the needs and behaviors of customers so you can be there for them the moment they need you. Going even further up the size scale, digital is a critical component of $1.7 trillion-assets Wells Fargo & Co.’s customer engagement strategy as well, says Brett Pitts, head of digital for Wells Fargo Virtual Channels. “Mobile has become the primary way in which millions of our customers interact with us daily. Customers have higher expectations of their interactions with us. They expect it to be easy for them to cross channels.” These three banks have embraced the digital disruption that is happening in the financial services industry. Even business leaders outside this industry anticipate the change. In the survey Digital Pulse 2015, which was conducted by Russell Reynolds Associates, 61% of executives said they believed that consumer financial services would be moderately or massively disrupted by digital in the next 12 months. The only industries that these executives thought would be more disrupted were media (72%) and telecom (64%). What is the role of traditional financial services institutions in a digital world? The good news is that while technology companies often offer greater transaction speed and convenience, traditional financial institutions often win out when it comes to more complex financial dealings, where experience and trust are important. According to the Nielsen Company’s Digital Enablement for Retail Banking, 84% of mass aff luent baby boomers and 81% of mass aff luent millennials—defined as consumers with between $250,000 and $1 million in liquid assets—believe it’s very important to use a highly reputable and well-known financial institution when choosing financial products, such as mortgages. Further, 84% of mass affluent boomers and 79% of mass affluent millennials value a knowledgeable financial broker or advisor to help them make financial decisions. Most sources agree financial institutions will need to retain their traditional value proposition while deploying digital. Key factors for success include mobile account opening, rethinking branches, partnering with fintech firms, retooling how banks set strategies, and increasing the use of analytics and predictive modeling. The remainder of this article explores each of these factors.

MOBILE ACCOUNT OPENING Online account opening has been around for some time, and quite a few financial institutions offer it as a customer convenience and to reduce operating expenses, although often it’s August/September 2016

BANKING EXCHANGE

17

/ DIGITAL ENGAGEMENT / “We are making massive changes in how we come to market, which is driving revenue growth and is better for our customers” ­ Dennis Hudson, — Seacoast Bank rolled out as a competitive response. Mobile account opening is the next logical step, and dozens of options exist. Says Shane Ferrell, vice-president of digital strategy for bank technology company CSI: “I feel sorry for those financial institutions that don’t have mobile account opening on their radar. Customers aren’t coming into the branch to open accounts. They want convenience.” A lthough customers are becoming increasingly comfortable trying mobile account opening, the process still has its kinks. Four out of ten customers abandon the account opening process, according to Signicat’s report The Battle to On-Board. More than one-third (39%) of these customers abandon the application because account opening takes too long, and 34% abandon the application because they are asked to supply too much personal information. Consider the typical mobile account opening process, and it’s clear that it’s clunky, frustrating, and time consuming. To meet know-your-customer requirements, banks must electronically identify a customer’s identity using primarily a credit bureau search and queries to electronic identity verification providers. If a customer can’t be verified, the bank asks him to come into the branch to present identity documents—an inconvenience. Says Pierre Naudé, CEO of nCino, a provider of bank operating systems: “Mobile account opening needs to be more streamlined and efficient. Customers don’t want any back and forth. They expect all documentation to be handled effectively through the app. Why can’t I 18

BANKING EXCHANGE

take a photo of my driver’s license and check? Why do I need to come into a branch to open an account?” If the mobile account opening process could be completed all digitally, 55% of respondents in Signicat’s survey would be more likely to apply. For those respondents who have had a negative experience applying for an account digitally, 64% indicated they would apply again if the application were completely digital. Solutions have emerged that of fer mobile interfaces that allow customers to submit electronic copies of identity documents, such as drivers licenses and passports, utility bills, and photo selfies. Mitek, for example, offers ID Checker for mobile verification of identity documents. The solution uses the camera on a mobile phone to scan the identify

“We are a fintech firm that happens to have a bank charter. We have cheap funding and customer acquisition. It’s the best of both worlds”

August/September 2016

­— Luvleen Sidhu BankMobile

information and verify authenticity. It also can prefill forms based on the scan, explains Sarah Clark, general manager of the Identity Business Unit. Mitek also is working on using biometrics as an identity tool. “We will support the ability for customers to take a selfie and allow the bank to cross-check that photo with the ID supplied. “Real-time authenticity verification solves the problem banks have of being assured they know who the customer at the end of the device is and removes any friction for customers,” explains Clark. She notes that a streamlined, simpl i f ie d a c c ou nt open i ng proc e s s i s important, particularly for banks that want to attract the unbanked, underbanked, and millennials.

RETHINKING BRANCHES Someday, a discussion of digital banking will occur without any mention of physical branches. For now, the conversation continues, and, with good reason, there’s a lot at stake in getting it right. We’ ll star t w ith the v iews of nCino’s Naudé, notable because he is head of a bank technology company. Naudé believes that with the ongoing movement to digital engagement, the number of branches will continue to decrease. However, he warns bankers not to underestimate the importance of a physical location. “Branches will serve larger geographic areas,” he predicts, “but with a higher level of service and engagement due to user-friendly technology.” Not ever yone agrees that branches will remain relevant. Luvleen Sidhu,

cofounder and chief strategy officer at the completely digital BankMobile, a division of Customers Bancorp, Wyomissing, Pa., states that the average retail branch has only 1,400 to 1,500 checking accounts, and only opens about one new account per week. “Branches are an inefficient model that is being subsidized by banking fees,” says Sidhu. The BankMobile model, in contrast, is designed to reduce the burden of fees by helping underbanked, millennial, and middleincome Americans have an affordable, effortless, and f inancial empowering banking experience, she says. Branches do continue to play a role at Customers Bank, although the bank is not adding branches. Says Sidhu, “Customers Bank has grown from about $1 billion in assets to about $10 billion in assets without adding branches, and we expect to keep doing that.” Bank Mobile relies on a direct-toconsumer sales model plus distribution partnerships to attract and retain customers. One example: BankMobile offers software to 800 colleges and universities that enables them to distribute financial aid refunds to students. One option given to students is to deposit the refund into a BankMobile account. “We acquire between 400,000 and 500,000 new student accounts a year with zero branches,” says Sidhu. O nc e s t udent s op en a n a c c ou nt , BankMobile works to engage them by rewarding them for positive behaviors, such as good grades, paying bills on time, and saving. Since students often struggle to build a credit score, BankMobile has created what Sidhu calls a quasi-credit score based on their behaviors. This score helps students gain access to credit from BankMobile once they graduate. It also helps the bank better evaluate credit risk. Branches are becoming less relevant to Seacoast Bank, which has quietly closed about 13 of 40 legacy branches with zero impact on business, according to Jeff Lee, chief marketing officer. However, the bank also has expanded into new markets through acquisition and organic growth, using analytics to determine the value of acquired customers.

IMPACT OF FINTECHS In this world of digital disruption, banks face competition not only from other financial institutions, but from the host of so-called fintech firms as well.

Naudé with nCino calls the f intech revolution a “wake-up call” for banks. “If you are slow and inefficient,” he warns, “there are alternative providers offering banking services that are more friendly.” But banks do have an advantage over fintech firms, which have a higher cost of money and funding. “The cost of capital is about 6% for fintech firms,” notes Naudé, “while the cost for banks is about 1%.” Even though banks can lend money to customers at lower rates, however, customers have demonstrated they will pay more for the convenience and access a fintech firm can provide, says Naudé. Financial institutions and f intech firms can work together. Explains CSI’s Ferrell: “There are f intech f irms that are good partners, and their sales models suppor t bank par tnerships. Even direct-to-market fintech companies are changing their approach and seeking partnerships with financial institutions.” Martie Woods, lead strategist with consultancy Stone Mantel, agrees, saying that financial institutions, big and small, can benefit from fintech partnerships. “The biggest mistake banks make is following each other,” says Woods. “This contributes to commoditization. Use partnerships to differentiate yourself based on your own brand and your own customers. Don’t just follow the herd.” It can be tricky for institutions to identify what differentiates them in the market, acknowledges David Edmondson, senior ma nag ing d irec tor of Accenture’s Nor th A merica Banking practice. He suggests that banks determine what is a differentiator and what is a commodity, and then partner with fintech firms to offer that differentiator. Only a handful of financial institutions w ill be able to compete on scale and therefore price, notes Edmondson. The vast majority will need to compete on customer experience. At BankMobile, for example, fintech partnerships are critical, and in Sidhu’s mind, the lines between financial institution and fintech firms are blurry. “We view ourselves as a fintech company that happens to have a bank charter,” she says. “We have the cheap funding and customer acquisition that fintech firms struggle with. We have the best of both worlds.” Ba n k Mobile pla ns t o become the “A mazon of f inancial ser v ices,” says Sidhu, by leveraging strategic partnerships. “Fintech partners will be under

Digital wars: mobile vs. online

M

obile may be hot , but online is still a critical digital channel for co n s u m e r s , p a r t i c u l a r l y b a by boomers. While only 5% of mass affluent boomers prefer to check account balances on their mobile devices, 87% prefer using online banking, notes the Nielsen Company. Millennials prefer using mobile banking as opposed to online banking, and the younger members of the millennial generation skip the computer and use their mobile device for anything banking related. When asked why they didn’t use mobile banking, 20% of mass affluent boomers said it was because they didn’t know how to perform a transaction using the app. Interestingly, not one millennial gave not knowing how to use the app as a barrier to using mobile banking.

the BankMobile umbrella,” she explains. With these partnerships, BankMobile plans to expand into wealth advisory, student loans, personal lending, and more. (A mazon, meanwhile, is follow ing a similar path, though in reverse, as it partnered recently with Wells Fargo for wealth management services.)

NIMBLE STRATEGIC PLANNING

In traditional bank strategy planning, executives and board members attend an annual off-site retreat to set the strategic plan. But with new fintech market entrants and a rapidly changing digital August/September 2016 BANKING EXCHANGE

19

/ DIGITAL ENGAGEMENT / entrants and a rapidly changing digital environment, once-a-year planning is not enough. “Banks need to be able to adapt and have a f lexible model in how often they meet, says Ferrell. “While it’s important to have a long-term strategic plan, institutions need to be nimble and change their strategy more than once a year.” For many banks, an annual strategy planning session quickly turns into an annual operating planning session. “Executives and the board tend to set the budget rather than focus on strategy,” says Woods. Instead, she recommends focusing on the big picture, such as defining the role banks play in customer lives. “True strategic planning is a shift for bankers who tend to think about functions rather than how their customers think. Products are just a means to an end.” “We are continually planning,” says Seacoast’s Hudson. The bank recognized in 2011 that it needed to not only change its strategy, but make changes to its board to closely align with the bank’s

20

BANKING EXCHANGE

transformation to more digital delivery. One-half of the team is new to the bank w ithin the last four years. A lthough some have bank experience, others hail from outside the industr y. Says Lee, “Talent, both on the board and on the executive team, is a critical component of our strategy.” The executive team and board meet at least every six months, in addition to regular board meetings, and spend about 85% of that meeting time discussing strategy. “We have a constant and evolving focus on technolog y strateg y and the fundamental shift in our business model,” says Hudson. “We are making massive changes in how we come to market, which is driving revenue growth and profitability. These strategic changes are also better for our customers as well.” “This is a fascinating time for banks,” adds Hudson. “We are in an industry in which usage of our highest cost channels is declining and our lower cost channels are exploding. There’s got to be a way to

August/September 2016

turn that into real success.” Stevens of Fifth Third says that what works now is creating a strategic road map and then constantly tweaking it. “Be ready to pivot on the strategy based on customer needs, how the world is changing, and regulations. The model of setting the strategy and marching up the hill won’t work due to all the disruption going on in the digital world,” she advises.

ANALYTICS AND PREDICTIVE MODELING

Wells Fargo organizes data around the end-to-end customer experience to be more proactive on their behalf, notes Pitts. “We’re focused on not just big data, but smart data that allows us to use our data faster and more effectively.” At much sm a l ler S e a c oa s t Ba n k , technology plus analytics form the foundation for the bank’s digital offerings, says Lee. And that technology is no longer out of reach of smaller banks due to high costs. Seacoast uses 400 different

“Use partnerships to differentiate yourself based on your own brand and your own customers. Don’t just follow the herd” ­ Martie Woods, — Stone Mantel data elements to drive cross-sales across eight channels. “Ten years ago, the cost of this software would be unattainable for a smaller bank,” explains Lee. “Today, that software has become democratized.” IBM software powers the bank’s crosssell engine while SAS provides analytics. At any given time, Seacoast runs up to 40 different cross-sales campaigns. Campaigns can be designed in minutes and target customers based on behavior. In addition, the bank can easily measure the results of any outreach to refine campaigns on the fly. The results are impressive. Datadriven cross-sell fueled a consumer loan production increase of 57%, and crosssales of new deposit accounts to existing customers rose 47% in 2015. A recent campaign sought to increase debit card use. The bank identified customers with underutilized debit cards, and used outbound calling and emails to incent them to activate their cards with a reward. “We’ve had great growth in interchange revenue,” says Hudson. Fifth Third also is a big believer in the power of analytics and modeling. “The transformation being driven by data and analytics is huge,” says Stevens. “We must anticipate the needs of customers and derive insight from their behaviors.” Because analytics and modeling toolsets change quickly and the amount of data is overwhelming, focus on what is most important, build a model, learn from that model, and move on. “You can’t build a model and expect it to last for years in a world of disruption,” says Stevens. Stevens adds, “If we are not using data

and building models that help us help our customers get to where they want to be in their lives, then we, as banks, are not working hard enough. We need to earn customers’ business every day.”

AT THE RIGHT TIME Mobile alerts drive increased banking frequency. According to Forrester’s June 2016 report What Drives Mobile Banking Usage, consumers who are set up to receive account alerts log into their banking app nearly two more days per month than customers who don’t use alerts. Banks can consider introducing new alert types and making it more convenient for customers to manage alerts within the mobile banking app. Sending the right message at the right time resonates with Woods. But that

right time has as much to do with the customers’ state of mind as it does with their location or what they are doing on the app or online. Woods subscribes to Clayton Christensen’s jobs-to-be-done framework that contends that customers organize their thinking around different modes. Here’s how it works. When a customer is depositing a check using their mobile phone, chances are good he or she is in productivity mode and focused on completing a task. This is not the time for the bank to interject with an offer for a home equity line of credit. Even if the customer has a need for a HELOC, they will be more likely to decline the offer. However, send a relevant message while the customer is in an exploring mo de—r e se a r c h i ng t r avel or home improvement—and they will be more likely to react positively. “Banks need to think about modes and catch people in the right frame of mind,” says Woods. We’ll close with two related thoughts reflecting different perspectives. Digital can be hugely effective as a transactional tool, notes Woods, and although it can play a role in such aspirational or emotional type functions as retirement planning or estate planning, customers almost always want a personto-person touch at some point. When def ining a dig ita l strateg y, remember what happened to video industry giant Blockbuster, cautions Seacoast’s Lee. “An industry can change quickly, and Blockbuster rode the old model too long. A high fixed-cost structure will kill you in a rapidly changing environment.”

“Mobile is the way millions of our customers interact with us daily. They have high expectations and expect it to be easy to cross channels” ­— Brett Pitts, Wells Fargo August/September 2016 BANKING EXCHANGE

21

ready for

What you need to know about this growing technology By Steve Cocheo, executive editor & digital content manager 22

BANKING EXCHANGE

August/September 2016

Bill Alatriste

blockchain?

L

ast May, the blockchain fraternity met in New York City at a c on fer enc e c a l le d C on sen su s 2016: Making Blockchain Real. Representatives from up and down the technology food chain participated— from the tiniest start-ups to megabanks and other huge corporations. Every possible per mutation and combination involving blockchain technology filled the agenda—from finance to law enforcement to the theoretical “Fedcoin.” The infectious enthusiasm peculiar to leading-edge high technology filled the air. And then Gari Singh, an IBM distinguished engineer, speaking on a panel about blockchain and the internet of things, looked out on the audience and said: “People here have been saying all day that ‘the answer is the blockchain.’ But what’s the question?” The attendees didn’t pelt Singh with airborne mobile devices—he spoke rhetorically, of course, and he is a leader in his company’s extensive blockchain activities. But asking such a question now about this potentially highly disruptive, f ledgling technology is not only necessary, but healthy.

Shutterstock/Marynchenko Oleksandr

A very different tech Flashback to February of this year. Five very smart community bankers gather to speak about the future of their business. An interviewer asks them what impact blockchain technology will have on the industry. Four of them have never heard the word. The banker who has at least a working knowledge of the technology more or less shrugs—not going to affect his bank much, he says. Yet in his 2016 book The Business Blockchain: Promise, Practice, and Application of the Next Internet Technology, technologist William Mougayar w r ites, provocatively, “Understanding blockchains is tricky. You need to understand their message before you can appreciate their potential. In addition to their technological capabilities, blockchains carry with them philosophical, cultural, and ideological underpinnings that must also be understood.” That is a pretty heady brew of concepts to imbibe. It’s hard to see the introduction of the EMV card as being a matter for a philosophical discussion. Online banking and mobile banking certainly have had cultural impact, but another Mougayar comment puts blockchain

at another level: “If blockchains are a new way to implement trusted transactions without trusted intermediaries, soon we’ll end up with intermediaryless trust. Policy makers who regulated ‘trusted’ institutions like banks will face a dilemma. How can you regulate something that is evaporating?” W het her t hat is a n ex ag gerat ion remains to be seen. Many, many blockchain-oriented pilots, consortia, and other efforts are out there now. You can’t go to a fintech “demo day” without a good many of the speakers referring to the blockchain as part of their plans. Large banks and investment banks are part of the movement through cooperative efforts, such as R3 CEV, a consortium of over 50 large international players. Another is the Linux Hyperledger project. But for all the industry involvement, there are others, in addition to Mougayar, who say that blockchain technology will replace traditional intermediaries. “Can we build a better mousetrap with blockchain to solve problems of the financial services industry?” asks Ron Mazursky, director of the Strategic Initiatives Group at Jack Henry & Associates. “We think so—and there is a ton of money being thrown at it out there.” Yet Mazursky says that bankers need to understand—to their relief—that “it’s still very early in the process” for blockchain. He suggests that to a great degree, in spite of all the activity, blockchain is still in the “hype” stage of its cycle overall, though some services, such as Ripple’s cross-border payments service, are well established. He uses real-time payments to illustrate the point. While the Federal Reserve is attempting to administrate a shift to real-time payments, multiple competing systems are already out there. “If real time is the wild west,” explains Mazursky, “blockchain is still at creation. We have no rules. Frankly, you don’t want to be in the garden with just Adam and Eve.”

Fruit’s still on the tree

Don’t take Mazursk y a s a naysayer, rather, a realist. “There is a good tool here, but it will take time to ramp up,” he says. Those who may think that large banks are co-opting blockchain technology don’t “get” the blockchain, he says. Other than adaptations being tried for

August/September 2016

BANKING EXCHANGE

23

/ BLOCKCHAIN / internal use, many potential applications of the technology require a community of users to make sense. “You want a network,” says Mazursky. “It’s not just about you and your customers. I don’t think big banks are going to own it exclusively.” In fact, there’s a school of thought that it is the consortia that will help open up practical application of blockchain. “A lot of the consortia’s work is standardizing the things that should have been standardized years ago,” says Angus Champion de Crespigny, financial services blockchain and distributed infrastructure strategy leader at Ernst & Young LLP. Harking back to Singh’s rhetorical question, there’s an interesting response in Mougayar’s book, where he poses the question: “What problem is the blockchain solving?” His response: “It is a good, but self-limiting question, because it assumes that the blockchain can only solve known problems. What if the blockchain could create new opportunities, instead of solving existing problems?” So understanding more about what’s going on with blockchain appears to be something the well-armed banker should want. We’ve distilled our conference coverage and expert-authored blockchain articles from BankingExchange.com; several recent books; vendor backgrounders; recent testimony in the House Energy and Commerce Committee; and interviews to construct the following Q&A. Please note that talk about blockchain technology is full of phraseology—fans love the word “ecosystem,” for instance. We’ve tried to minimize such. Also, bear in mind that this is an overview and not intended as a technical discussion. Q1. Where did blockchain come from? Blockchain technolog y’s basics don’t belong to anyone, being at its heart a form of open-source software. The concept was born as part of the invention of Bitcoin. Without getting too technical, the author of the founding paper behind it, Satoshi Nakamoto (a pseudonym), had the following in mind: “Commerce on the internet has come to rely almost exclusively on financial institutions serving as trusted third parties to process electronic payments. While the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust-based model. 24

BANKING EXCHANGE

Completely non-reversible transactions are not really possible, since financial institutions cannot avoid mediating disputes. . . . What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party. Transactions that are computationally impractical to reverse would protect sellers from fraud. . . . The system is secure as long as honest nodes [computing endpoints] collectively control more CPU power than any cooperating group of attacker nodes.” According to testimony by the Cham-

Understanding blockchains is tricky. You need to understand their message before you can appreciate their potential” – William Mougayar, author, The Business Blockchain ber of Digital Commerce, a blockchain trade organization: “The blockchain is a peer-to-peer digital asset transfer system that is independent of any third party intermediary, including financial institutions and governments. In short, it is open-source software that is available to the public. Anyone and everyone may have access to it and innovate with it.” That’s the philosophy—that word again—behind blockchain. It will likely evolve, however. Already, there are those who see the value of sovereign virtual currencies. At Consensus 2016, an entire session discussed this, including the (unofficial) idea of a “Fedcoin.” Q2. What does “blockchain” mean? And how does it work? This will get a little technical, but we’ll keep it simple. Some of the best nuggets come from congressional testimony. From Paul Snow, chief architect and cofounder of blockchain protocol developer Factom: “Blockchains utilize ‘Hash’

August/September 2016

functions to link together blocks of information. A Hash is a way of taking any digital artifact, a document, picture, video, transaction, etc., and producing a short digital fingerprint. A block is a collection of transactions, and can include these f ingerprints and other digital data. When a block is added to a blockchain, the hash of the previous block is also included in the new block. That’s the ‘Chain’ part of blockchains. Validating a blockchain includes checking the hashes or the fingerprints, and making sure they match. Any error or change in data would ‘break’ the chain; the hash of the changed block would no longer match the hash in the next block in the chain.” “Blockchains provide three things: accountability for the data entered, notif ication of ser vices of new data, and algorithms for ensuring all systems have the same data, i.e., consensus between systems,” continued Snow. We pa r ticula rly liked the following explanation from Gennaro “Jerry” Cuomo, an IBM fellow and part of the company’s blockchain practice. Cuomo’s words help explain the blockchain concept of “smart contracts” as well: “Here’s where blockchain fits well—managing a business agreement between two or more companies. They can record the terms of that agreement on a blockchain, knowing it will execute and be enforced autonomously (e.g., ‘If you pay me in under 15 days, then I will give you a discount.’) Nobody is in private control of the ledger and nobody can secretly change the terms of the agreement. It’s like every guest at a B&B writing in the guest book with an indelible Sharpie. So, with blockchain, facts and agreements are recorded certifiably and indelibly, increasing trust, reducing risk, and thus reducing friction in business.” [Emphasis added.] The blockchain also has been compared to a freight train. Each boxcar, or “block,” contains critical data that may be an asset or that may represent value. What’s in the car can only be seen by those entitled to look, though the train itself can be observed and tracked. A key element of blockchain technology is that it is intended to function in a decentralized environment. Using the rails of the internet, the intent is that blockchains will function both as processing software and as a mobile kind

Because blockchains typically will be self-validating, transactions thus would not have to go through a central place for settlement in the usual sense. Q3. I’ve heard the term “distributed ledger” in connection with blockchain technology. Where does that fit? Sometimes, this term and blockchain are used sy nony mously, but w ithout getting too technical, that is not correct. Mougayar writes: “Technically the blockchain is a back-end database that maintains a distributed ledger that can be inspected openly.” He also states that “The blockchain is also a distributed, public, time-stamped asset ledger that keeps track of every transaction ever processed on its network, allowing a user’s computer to verify the validity of each transaction such that there can never be any double-counting.” These ledgers can be replicated in order to permit sharing publicly, privately, or semi-privately. A staf f memo of the House Committee on Energy and Commerce adds some helpful insight: “There are several

versions of distributed ledgers that may be leveraged by a company working on developing business or consumer applications on top of a blockchain. The main differences between blockchain systems are how many copies of the ledger are created, who controls the copies of the ledger, and how is the authenticity of the ledger verified. The Bitcoin blockchain is a public blockchain because records of the ledger are shared with the entire network w ithout any centralized control over who can enter the network or verify transactions through the [Bitcoin] mining process. Other blockcha ins may be developed that limit ... a user’s ability to interact with the system, otherwise referred to as permissioned blockchains.” Q4. The issue of trust seems to come up a great deal in regard to blockchain. What’s behind that? Ultimately, if Earth was peopled by completely honest folks who always paid what they owed and who always abided by their side of ever y contract, then other than unintentional mistakes or

shortfalls, we wouldn’t have to worry about settlement, in the sense of enforcement through an independent authority. We don’t live in that world. Mougayar sums this up: “All blockchains commonly hold trust as an atomic unit of service. In essence, it is a function and a service that is delivered. But trust does not apply only to transactions. It is extended to data, services, processes, identity, business logic, terms of an agreement, or physical objects.” Mougayar elaborates that once a business person accepts that the algorithms securing the trust layer of a blockchain work, the “old paradigm of centralized consensus, that is, when one central database used to rule transaction validity,” goes by the boards. In fact, there are multiple forms of blockchain, and a point of debate at Consensus 2016 was whether, in homage to Tolkien’s Lord of the Rings, there would be “one blockchain to rule them all.” Q5. What does this mean for banks? One school of thought sees banks and their regulators becoming less relevant

August/September 2016

BANKING EXCHANGE

25

/ BLOCKCHAIN /

as blockchain technology becomes less a concept and more a working reality. In our research, that reasoning appears to arise chiefly from the payments world. In his new book Augmented: Life in the Smart Lane, for example, Brett King, writing about the blockchain, states: “The banking system of 2025 will need to work more like an IP, or peer-to-peer, network than the current centralized banking networks that we have today; and the blockchain is a better, futureproof example of that.” K ing predicts that restricting payments to approved channels, such as banks and licensed money transmitters, in the name of trust, will go by the boards. One caveat is that the concept of identification will have to change in such a world. (King sees banks still holding big deposits and savings, but current account funds will, he believes, be held and transferred outside of banking.) Author Mougayar generally paints banks as behind the times and trying to hold onto a monopoly that is doomed by blockchain. Unless banks grasp innovation, he sees them serving as little more than the on-ramps and of f-ramps of the blockchain highway. Mougayar recognizes that some banks have tried to adapt the new technology, but he sees much of this happening within the walls of existing regulation. Federal regulators have had little specifically to say about blockchain publicly, beyond a speech given in mid-April by Federal Reserve Board Governor Lael Brainard. She made it clear that while 26

BANKING EXCHANGE

the Fed sees some benefits to the blockchain, it intends to be very involved in where this technology goes in the U.S. banking system. (To diehard blockchainers, this is something like an oxymoron. We’ll see.) While acknowledging the efforts by bank consortia to develop blockchain applications, Mougayar states that: “Banks will be required to get their hands dirty and learn the new technologies directly. They will also need to get their minds dirty and try ideas even if they risk failing. The more basic experience they acquire early on, the faster they will be able to progress. . . . On the bad news side, some of the blockchain startups will be going after their business, FinTech style. But the good news is that blockchain technology is perfect for streamlining much of banking operations.” Mougayar of fers, as well, that the industry may use the blockchain as an opportunity to completely reinvent itself. Chamber of Digital Commerce Chair Matthew Roszak, cofounder of blockchain sof t ware f ir m Bloq, stated in congressional testimony: “On the horizon we are going to combine the Internet of Information with the Internet of Money. These two things compound each other. The internet as we know it is great for collaboration and communication, but deeply flawed when it comes to commerce and privacy. Blockchain technology fixes that, which means loans without banks, contracts without lawyers, and stocks without brokers, executed and recorded over hundreds of

August/September 2016

servers at all corners of the earth.” Whether the time is ripe to declare winners or even to take odds is debatable—consider the recent tribulations faced by marketplace lenders. “There’s always a period when ever yone gets excited, and then the hard stuff has to happen,” says Jack Henry’s Ron Mazursky. “Blockchain is not a product—it’s a process. ... The products mostly haven’t been figured out yet.” Mazursky points out that while much has been suggested outside of the payments elements of blockchain, such as aspects of lending, a good deal hasn’t reached any kind of fruition yet. Testified IBM’s Cuomo: “Most blockchain implementations, and the tools surrounding them, aren’t yet ready for many serious business uses. The concept and architecture are taking form, but some key capabilities and standards are missing or only now emerging.” Indeed, while trust is a major factor in the blockchain, it isn’t airtight, according to even some big backers. Said Cuomo: “We’re ... taking steps to ensure that participants cannot commit fraud or collude in ways that jeopardize the integrity of the blockchain. Fraud and collusion resistance is achieved by ensuring that every transaction is validated by all the members of the blockchain networks, which might include regulatory and clearinghouse institutions.” You could be forgiven if “not ready for prime time” comes to mind. A nd yet another cliché also applies: “It’s later than you think.”

/ compliance watch /

FAIR LENDING KEEPS MORPHING

When banks with “satisfactory” CRA ratings wind up in fair-lending trouble, what makes sense? By Steve Cocheo, executive editor

Shutterstock/Jirsak

W

hen Jim Bedsole compares fair-lending laws and the Community Reinvestment Ac t (CR A) t o Dr. S euss’ “Thing 1” and “Thing 2,” it’s not because the veteran compliance officer wants to lighten the mood. He’s portraying the confusing and uncomfortable—and at times surreal—position that banks increasingly appear to find themselves in when examined for both types of compliance. In Seuss’ The Cat In The Hat, the two Things are impish twin creatures who create pandemonium in the course of helping the uninvited Cat “entertain” two kids. In compliance, the two bodies of law, although connected, are supposed to be distinct. Simultaneously, the enforcement of both has grown further apart and yet closer. In some ways, Bed sole a nd ot her speakers at a panel on the interplay of the two laws at the recent American Bankers

Association Regulatory Compliance Conference portrayed a situation where these two “things” wreak their own havoc. Bedsole, senior vice-president, chief compliance and risk off icer, at BankSouth, pointed out that CRA’s intent is to be sure banks are meeting the credit needs of their assessment areas. And most institutions obtain either a “satisfactory” or “outstanding” rating. He noted that fair-lending performance is one of the components of a CRA exam. And there is evidence that fair-lending concerns can lower preliminary CRA ratings.

Something odd going on? Yet in the six most recent redlining cases announced by the federal government at the time of the June conference, each bank had obtained a “satisfactory” rating, noted fellow panelist Brian McCormally, partner specializing in fair-lending cases at Arnold & Porter LLP. McCormally said

that all federal regulatory definitions of redlining define it as a form of disparate treatment, implying discriminatory behavior, rather than a form of disparate impact, where the end result of behavior is perceived as discriminatory even if there was no overt act of discrimination. The situation grows stranger. Increasingly, purchased loans do not bring a bank any credit toward fair-lending performance, leaving only loans originated and held by that institution as qualifying, for example. This is so, McCormally said, even though for some organizations, loan purchase is the only effective means of penetrating a market in order to bring credit to a neighborhood. McCormally reviewed several recent set tlements, and pointed out where things did not appear to line up. For example, he represented $35 billionassets Hudson City Savings Bank, which settled with the Department of Justice

August/September 2016

BANKING EXCHANGE

27

/ Compliance Watch /

Ground zero for confusion: a bank’s analysis of its HMDA data versus the government’s analysis

(DOJ) and the Consumer Financial Protection Bureau (CFPB) for $32.8 million in September 2015. The attorney, who held senior legal and compliance posts at banking agencies prior to entering private practice, said the government presented no evidence of actual disparate treatment. Instead, the government case hinged on factors such as alleged redlining through loan officer placement and branching decisions. McCormally said his client actually maintained 14 branches in majorit y minority neighborhoods, but received no recognition of that. However, the core of the case rested on statistica l ana lysis of the bank’s application data in affected areas compared to its peers. “We no longer rely on traditional treatment analysis,” said McCormally. “The agencies no longer feel the need to show that someone was done actual harm.” He maintained that now simply being below the peer average in a minority census tract creates risk that the bank will be accused of redlining.

How does CRA fit today? “I’m currently dealing with a bank that has an ‘outstanding’ CR A rating,” said McCormally, “where the government says there may be a redlining issue.” McCormally added that in addition to CRA becoming irrelevant in recent fairlending discussions, the bureau, DOJ, and HUD have at times forced changes to banks’ ostensibly self-established assessment areas. Also, the government has 28

BANKING EXCHANGE

moved from a focus on low-to-moderate income census tracts to a newer focus on “high-black and Hispanic” census tracts, which he defined as containing 80% or more of those minorities. Actual discrimination has always been difficult to prove, McCormally said, so he thinks the government has moved from a focus on disparate treatment and disparate impact toward more of a focus on redlining as a policy tool to address a perceived shortfall in credit availability. He said that of 25 open fair-lending investigations at year-end 2014, only one-third have been resolved. The remainder are somewhere in the legal pipeline, and many of those cases involve redlining. “The sands have shifted, and the government is evaluating these cases from a different perspective,” said McCormally. He said he has repeatedly asked about the apparent shift and has been told nothing has changed. Given his experience in the field, he does not believe this, he said. “It’s not to say that the government is wrong,” explained McCormally. “It’s to say that we have to understand how it has shifted, why it has shifted, and to be able to be prepared to address the issues going forward.” Ultimately, without more clarity, banks have less than ever to go on. Fur thermore, speaking w ith what appeared to be irony, McCormally said he didn’t want to “accuse the government of backing into a conclusion.” However, he said that the issue of what will constitute a bank’s peers for the sake of fair-lending

August/September 2016

analysis has come to be the central negotiating point of every fair-lending case in which he participates. [After the conference, in late June, a $10.6 million settlement involv ing $13.9 billion-assets BancorpSouth Bank was announced. The bank was accused of redlining, and two years earlier had received a “satisfactory” rating. Among the additional allegations in the case was that the bank maintained “an explicitly discriminatory denial policy” and that it engaged in both discriminatory underwriting and discriminatory pricing. A recording of a 2012 internal meeting at the bank demonstrated discriminatory attitude, according to the CFPB, and “clearly articulates the Bank’s policy or practice to reject minority applicants more quickly than White applicants, as well the Bank’s perception of African Americans. The meeting participants were all White. . . .” As recounted in the complaint, the recorded conversation included a racial epithet. CFPB also conducted a matched-pair test that put the bank in a bad light. This was the bureau’s f irst use of the testing technique in a discrimination investigation.]

By which numbers? “We’re in an environment where there don’t appear to be any written rules,” observed McCormally. Or, if there are written rules, the government is changing when it wants to apply them and when it doesn’t. “It is increasingly difficult for institutions to know how to address this,” McCormally added. But if there is a ground zero for conf usion, it would appear to be in the analysis that banks do voluntarily from their Home Mortgage Disclosure Act (HMDA) data versus the analysis that the government does in screening institutions for potential investigation and then for potential enforcement or settlement. “Flabberga sted” is one word t hat speaker Marsha Courchane used when describing her reactions to the statistical cases that federal agencies have been bringing against lenders in recent enforcement actions. Courchane is vicepresident and practice leader, financial economics, for Charles River Associates, which assists banks with issues such as fair-lending data analysis. A key element in federal cases now is how an institution’s lending record compares to peers. Courchane explained that

while firms like hers could assist a bank in performing peer analysis of its record, there is no assurance that the peer organizations selected by the bank will be the same group that the government selects for its case. In the post-conference BancorpSouth Bank complaint, the government frequently compares the bank’s behavior unfavorably to that of peer institutions. For example, the complaint states that the bank drew only 3.2% of its applications from high-minority neighborhoods from 2011-2013, versus 17.6% by peers. No mention is made in the complaint or in any associated maps or links regarding the makeup of the peer group. The complaint also notes that the bank’s own internal analysis indicated that black applicants were denied for firstmortgages in 2011-2013 at a rate 9.5 percentage points higher than whites. (At the time of the settlement, the bank st ated that it ha d been work ing on improvements to its fair-lending and other compliance systems since 2012, and that it had settled to conserve resources.) As integral as statistical analysis has become in fair lending, Courchane portrayed the landscape as fraught with uncertainty. “I can’t predict who they are going to compare you to,” she said. “And you probably can’t either. So don’t waste time doing that. Figure out who you consider your peers to be.” Courchane recommended writing up the analysis into a document that can be presented to examiners and investigators defending the bank’s fair-lending record. Peer selection may var y ba sed on whether an analysis is being performed for CR A or fair-lending review. Courchane said it is unclear what the CFPB’s standard is for selecting peers for redlining analysis—it may vary from case to case, apropos of McCormally’s remark. The Federal Reserve’s rule used to be pretty clear to people in her business, she pointed out. Picking up on McCormally’s point about a ssessment area s, Courchane warned that federal authorities increasingly seem to resist banks’ desire to set up assessment areas based on portions of counties or metropolitan statistical areas. They tend to prefer whole counties, for example. This may not correlate well with a bank’s historical markets. Post-recession, a wrinkle is seen in the authorities’ concept that originations in

a majority minority market represent an equal penetration of that area compared to the penetration by the bank of predominately white markets. As lenders have tightened up in recent years on credit standards, this has become harder for lenders to do, and therefore more of them could potentially be accused of redlining as the term is currently used. Courchane said that none of the recent investigations take differences in credit quality in different tracts into account. This can leave lenders exposed. Courchane said banks could begin asking regulators for some clarity on peer selection. If enough bankers pushed the issue, some guidance may come back, but Courchane was skeptical. She said she didn’t think it was clear that regulators had firm answers to give. Thus, when a n aud ience member asked what prepackaged software her bank may purchase to help per form analysis, Courchane doubted that much automated help was even out there that was equal to the task. “I don’t know how you would select canned software,” maintained Courchane, “because the rules are different in every case.”

Dealing with the “things” Looking at data, banker Jim Bedsole indicated that lenders must work hard on HMDA number integrity. He said this was critical so banks could “say with confidence that their data is accurate.” “If you can count on your data, then the only bad thing that can happen to you is having someone reach bad conclusions from your data,” said Bedsole. More proactively, he said, once a bank knows that its data is sound, it can tap outside expertise to demonstrate that it has a good story to tell on access to credit. “We’ve got to understand our own data as well as or better than our examiners,” said Bedsole. “We have to understand what the data means, and then how to tell that story.” Given t hat a d i sc on ne c t appe a r s t o e x i s t b e t w e en f a i r lend i ng a nd CR A, Bed sole sug ge st ed st eps t hat bank s can ta ke to reconnect the related compliance tasks internally: • Bring staff responsibilities closer. O f t en , f a i r lend i ng a nd C R A h ave been seen as separate roles with differing focuses and priorities. Bedsole sug ge s t e d bu i ld i ng s t ronger l i n k s. • Bring in M arketing. Even today,

Marketing and Compliance can have a variable relationship. However, Bedsole said Marketing’s understanding of demographics and its experience in crafting advertising and other promotional campaigns are critical to success in CR A. “CRA, at its core, is a marketing regulation,” he said. Bedsole said Marketing can be of assistance, equally, in helping a bank achieve the market penetration necessar y to demonstrate fair-lending compliance. • Make sure systems can talk to each other. According to Bedsole, in some institutions, the tracking systems for the two areas may not even be compatible. If the bank’s own analysis is to be performed consistently, he pointed out, this is essential. • Create a linkage in oversight. At his own bank, Bedsole said, historically, board-level review of CRA and fair-lending issues and performance have not been conducted at the same time. Bedsole said he has been working to sync the reporting and oversight regimes for the two disciplines. For community banks, the fair-lending challenge, like many others, comes down to resources, according to Bedsole. “How many of you have all the resources you want, all the resources you have to have to earn a ‘satisfactory’?” asked Bedsole. “None of us do.” The solution lies in using risk assessment techniques to determine where to apply the scarce resources, Bedsole explained. From there, a community bank can tap external resources for many tasks, saving internal resources for what can’t be obtained through public sources, trade associations, networking, and even the local university.

ONLINE

reSOURCES • Minor facelift for interagency Q&A on CRA http://tinyurl.com/ CRAquestion-answer • Interview with fair-lending defense expert http://tinyurl.com/ fair-lending-expert

August/September 2016

BANKING EXCHANGE

29

/ Risk Adjusted /

PAY UP OR YOUR DATA iS TOAST

Ransomware, the cyber threat banks rarely talk about, is on the rise. Here’s what you can do By John Ginovsky, contributing editor in tracking malware of all types and consults with businesses about how to prepare for and respond to attacks, found that in the first quarter of 2016, the number of attempted ransomware attacks increased by 30% from the previous quarter. About 2,900 new ransomware modifications were detected during the quarter, which is an increase of 14% from the previous quarter. However, other reports about the frequency of ransomware attacks are even more fr ightening. In Apr il, the FBI office in Cleveland reported that in 2014, more than 1,800 complaints were filed regarding ransomware, rising to more than 2,400 complaints in 2015, with a reported loss of more than $24 million. In 2016, t he Depa r tment of Justice says that on average, more than 4,000 ransomware attacks per day have occurred since Jan. 1. A KnowBe4 survey of businesses of various sizes found that two thirds knew someone who was hit by ransomware in 2015, compared with 43% in 2014.

B

anks face an increasingly prevalent and damaging cyber threat; yet, for very good reasons, no bank will speak openly about being victimized by it. It is ransomware. Ransomware is a particularly insidious form of malware that a cyber criminal can install in a corporate system and then lock down or encrypt whatever is on it. The victim not only faces extortion, in the form of having to pay ransom, but also the loss of operations, emotional drain (to the point of panic among employees), and catastrophic brand damage. Recent reports from government agencies and private security firms document the growing incidence of ransomware attacks. Most notably for banks, the Federal Financial Institutions Examination Council (FFIEC) issued a statement last

30

BANKING EXCHANGE

November, which says in part: “Cyber attacks against financial institutions to extort payment in return for the release of sensitive information are increasing.” The U.S. Computer Emergency Readiness Team (U.S.-CERT) issued an alert in March, which was updated in May, that reported about the spread of ransomware in general: “In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses.” An FBI advisory issued in late April noted: “Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware.” Kaspersky Laboratory, which specializes

August/September 2016

Attacks on specific banks, however, are rarely, if ever, reported. “You’re almost certainly not going to hear about successful ransomware attacks on banks,” says Ross Hogan, global head, Fraud Prevention Division, at Kaspersky Laboratory. “It is probably one of the most catastrophic events that a bank could suffer.” That’s not only because of the actual money that the criminals demand and the potential for data loss. “If anyone who was working [or doing business] with that bank were to find that they were susceptible and maybe gave in to these types of attacks, that brand damage would be nearly irreconcilable,” Hogan says. As the FFIEC notice indicates, this doesn’t mean that banks are not targeted. It means that it is not something banks will likely admit. Still, says Hogan, who consults mainly with financial institutions: “Anecdotally, yes, our evidence from what we can pull from our systems

Shutterstock/Nicescene

Banks mum, but targeted

and from what I’ve been able to glean in speaking with bankers, the attacks are there. They are focusing on banks.” Doug Johnson, senior vice-president, payments and cybersecurity policy, for ABA, advises banks to exercise their ability to withstand a ransomware attack. “Test the speed and efficiency with which the bank can go to backup files,” he says. “A lso, reevaluate the extent that f ile directories are shared, as the more such files are shared, the more vulnerable they will be to ransomware encryption. Strike the right balance between sharing files and restricting access rights to shared directories to minimize their potential of being encrypted.” Banks should provide advice to customers as well. “We have seen many instances where customers have contacted their bank after they have been successfully attacked by ransomware, looking for assistance,” Johnson says. “While the bank obviously cannot be expected to function as their customers’ information security consultant, any basic guidance that can be provided to victimized customers will be greatly appreciated.”

Prevention first Ransomware can be inserted into victims’ systems in many ways. In one of the few widely reported attacks involving banks, three Indian financial institutions were infected when a fake email containing malware was disguised as correspondence from senior management. An IT administrator opened it, compromising that computer. It spread quickly throughout the network. Also, it doesn’t take a computer genius to inf lict ransomware. Malwarebytes Labs reports the existence of “ransomware as a service,” in which criminals sell the programs to other criminals. All sources agree that the most effective means of dealing with ransomware is prevention. “It is largely a preventable problem,” says Hogan. The FBI alert lists these precautions: • Make sure employees are aware of ransomware and of their critical roles in

different media, and one alternate location. For assessment—done in advance of any attack—he recommends consulting with a security-specific provider “to look at systems and to understand all of the different areas of vulnerability, depending on what systems are running and who has access to them.” A lso high on the list of preventive measures is training and awareness. “So much of this involves the human factor,” Hogan says. “Don’t open emails from odd sources. Don’t open spam. Never click on attachments that look suspicious. Don’t go to nefarious sites.” But things can happen. “Training is never foolproof,” he acknowledges. “People make mistakes. People get lazy. People work long hours, and they simply let down their guard.”

protecting the organization’s data. • Patch operating systems, software, and firmware on digital devices. • Ensure antivirus and antimalware solutions are set to automatically update, and conduct regular scans. • Manage privileged account use. • Configure access controls appropriately, including file, directory, and network share permissions. • Disable macro scripts from office files transmitted over email.

Prioritize training, back up data, and balance file sharing with restricted access to minimize vulnerability

You’ve been hit; now what?

• Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations like temporary folders supporting popular internet browsers, or compression/decompression programs. To this list, the U.S.-CERT alert adds: “Use application whitelisting to help prevent malicious software and unapproved programs from running. . . . Application whitelisting allows only specified programs to run, while blocking all others, including malicious software.” Hogan emphasizes the need to place the strongest possible end point security systems on off ice computers and mobile devices used for work. “You might want to consider restricting access to corporate systems and data only to corporate-provided devices,” he says. Other things to do, says Hogan, involve strong data backup procedures, and assessing vulnerabilities. For backup, he recommends having three copies, in two

What happens when a bank is victimized? It isn’t pretty, Hogan says. The best suggestion: Have a documented plan in place that’s easily accessible to the people who need to take action. Plan aspects will vary, but should be constructed with the help of security firms that know the latest threat avenues and trends; how ransomware morphs; and what can be done given the latest circumstances. More specifically, the U.S. government issued an advisory to all agencies should they be attacked with ransomware: • Isolate the infected computer immediately; isolate or power-off the affected dev ices that have not yet been completely corrupted. • Immediately secure backup data or systems by taking them offline. • Contact law enforcement immediately. • If available, collect and secure partial portions of ransomed data that may exist. • If possible, change all online account passwords and network passwords after removing the system from the network. • Delete registry values and files to stop the program from loading. The takeaway message is clear. As Hogan stresses, “Prevention really should be the priority strategy that banks should be seeking.”

August/September 2016

BANKING EXCHANGE

31

/ BANK TECH /

“Alexa, pay my mortgage”

Several banks are using voice assistants, including Ally Bank (Ally Assist) and Capital One (Alexa) By Ashley Bray, contributing editor asking for voice-enabled technology,” says Chris Nichols, chief strategy officer of $5 billion-assets CenterState Bank of Winter Haven, Fla. Nevertheless, the bank continues to investigate voice technology. A handful of other banks have taken the leap to actually roll out voice assistants. “A lot of what we do is really to anticipate our clients’ needs—sometimes before they even realize the needs themselves,” notes Vinay Venugopal, vicepresident of IT strategy, research, and development at almost $38 billion-assets Tangerine Bank, a direct bank in Toronto, Ontario, in an email. “As new devices with limited or no visual interfaces come into play—like smartphones, wearables, and automobiles—it’s increasingly important to think differently about how to enable efficient interactions with those devices.” Un like integ rated voice response systems—some of which use voice recognition—virtual assistants are much more sophisticated and don’t rely on pre-set menu paths, observes David Albertazzi, senior analyst at Aite Group.

Ally Assist lets customers use voice or touch to make queries

P

icture a world where voice allows you to control your thermostat, lights, or fridge temperature, and to pay that bill you almost forgot. This may seem far-off, but it’s closer than you think as technology advances each year. Virtual assistants, like Apple’s Siri, Microsoft’s Cortana, and Amazon’s Alexa, are the first steps toward a future where we interact conversationally with our internet-connected devices—otherwise known as the internet of things. A ma zon a nd Capita l One Ba nk announced in March that Capital One customers could check balances using Amazon’s Alexa. In July, the bank added 32

BANKING EXCHANGE

access to auto, mor tgage, and home equity loan account information. Beyond that—and the fact that Apple will open up its Siri platform to developers this fall, which could lead to similar developments—banking applications of these high-prof ile v ir tual assistants remain mostly in the future. Yet financial institutions and financial technology companies continue to investigate the uses of voice, and some already offer voice assistants of their own to customers. But is this something customers are demanding? Not necessarily. “Customers have demanded a better experience. I wouldn’t say we have customers coming in

August/September 2016

Voice assistants are being used in a variety of ways, but four categories stick out: search and retrieval, education, problem resolution, and revenue generation. Search and retrieval. Users are turning to voice assistants for basic information. By simply asking a question, they have their answer without having to toggle through multiple screens or the interface of a bank’s mobile app. This is especially useful for people on the go. Both Ally Bank’s Ally Assist and Tangerine Bank’s Voice Banking allow users to ask everything from simple questions about account balances to complex inquiries on detailed account and transaction information or even spending patterns. The assistants also can be used to trigger an action like bill pay or money transfers. Ally Assist, which works with both touch and voice, offers customers a predictions feature that can provide useful solutions and information. Predictions are presented to users when they access

Photo courtesy Ally Bank

Four categories of use

Ally Assist, and they may also pop up when they click on certain transactions. Predictions can assist in identifying a charge, draw attention to out-of-theordinary transactions, and give users a low-balance warning. “[Predictions] is actually the most used function in the tool,” says Carrie Sumlin, digital consumer executive at $110.6 billion-assets Ally Bank in Midvale, Utah. “There’s more insight that a consumer can get around their spending and savings as they use the tool that’s different than what they would experience in the other channels or other tools that we offer.” Education. Many questions users ask voice assistants pertain to a bank’s products and services. This educational component even influences the user base. While Tangerine and Ally say a broad cross-section of their client bases use voice assistants, Ally has observed that there are a greater number of new customers using the tool—the group most likely to seek out information about Ally’s offerings. That first interaction with a financial institution—opening a checking account, for example—is still done 73% of the time inside a branch, notes Albertazzi, but the percentage is falling. “We’ve seen the transactions migrating out of the branches, migrating out of the call center for more automated, selfservice channels,” he says. “Today, digital represents about 23%; 4% would be using the call center.” Problem resolution. The expectation is that simple problems, like a card activation or a missed payment, will be taken care of via a voice assistant versus calling in or visiting a branch—leading to time and cost savings for the bank. But voice isn’t likely to take the lead on more complex problems, like a lost or stolen card. “I don’t think we’ll ever be in a position where voice assistants will replace face-to-face interactions or even other customer service interactions, like secure chat or [someday] chat bot interactions,” says Venugopal. “At the end of the day, people want to know that they’re being taken care of by a human being.”

Revenue generation. Voice assistants accumulate data on customer transactions and interactions with a bank. Whether or not a bank can leverage this data to offer customers better products and services could determine if a voice assistant generates revenue. However, banks need to offer value up front. “There has to be a clear offer from the financial institution to say, ‘If you allow us to access all this personal, intimate data about you, then we will make sure that you save thousands of dollars and that you can spend more therefore

Leveraged properly, voice assistants can not only help educate customers and resolve problems, but generate bank revenue or invest more in things that will make you live your life better,’” points out Chris Skinner, consultant, speaker, and author of ValueWeb (his most recent book).

Hurdles to clear The benefits of voice assistants are many, but so are the hurdles to adoption. For one, the technology is sophisticated and not something many banks can produce in-house. As a result, they partner with third parties, as Tangerine did with Nuance, and Ally did with Personetics. Implementation also can be difficult. Many banks struggle with how to ensure an update made via a voice assistant is reflected across all other channels. “Traditionally, banks have been working in silos, dif ferent channels—the branch, the ATM, digital banking,” says Albertazzi. “Now, they’re really focusing on trying to bridge that gap. The whole concept of omnichannel banking is starting to become more important,” he adds, “but more and more, the systems are becoming real time, or there is a way to

update the information across all of those different systems.” As a direct bank, Ally built its system with integration in mind. “We have, really, one system of record that is our core deposits system, and all of the channels access and update that same core deposit system,” explains Sumlin.

Biometrics help Securing customer data is important with voice assistants. “Banks tend to start at low-risk transactions,” Albertazzi points out. “Once they get comfortable with the system and all of the implications, then they can move to the next step.” Banks are making sure things like biometrics are in place to safeguard data. Tangerine uses passive voice recognition, voice authentication, and fingerprint recognition. Plus, Voice Banking can’t be accessed unless a user is logged into the bank’s mobile app. Ally Assist can be accessed only from the Ally mobile app. The app uses multifactor authentication, and customers have to register their devices and use a one-time pass code, if prompted. Customers also can choose to authenticate using touch identification. Most voice assistants offer the option to type out information rather than speak it to avoid saying aloud account numbers or other sensitive information.

Divining the future The crossroads between how talk and text will fit into the internet of things is what banks are moving toward. Sumlin sees room for both and believes customers will want a choice. Skinner believes voice will be the long-term objective. “The keyboard is not a natural user interface,” he says. “But it’d be far better if you could use voice, visual, oral, and audio contact with technology to have natural human interfaces.” Either way, it’s clear that this connected future offers opportunities for banks. “I’m pretty sure that one day soon, our clients will be able to talk to their refrigerator to order more milk and pay direc tly f rom their Ta nger ine ba nk account,” says Venugopal.

August/September 2016

BANKING EXCHANGE

33

Competitive Intelligence for Bankers Magazine: Banking Exchange is an indispensable resource for the management of today’s bank, conveying fresh ideas, solutions, and insight from award-winning journalists. Website: BankingExchange.com offers continuous banking news coverage, analysis, and blogs.

editors exchange: Our e-newsletter Editors Exchange covers business and regulatory issues from a management perspective. tech exchange: Our e-newsletter Tech Exchange focuses on bank technology trends, innovations, and product news.

White Papers: Explore extensive information online from industry thought leaders on banking solutions, issues, and trends.

roundtables: Five to seven bankers and other industry experts delve into critical banking issues in special 10-page sections in our magazine.

Webinars: Our webinars cover a range of pressing banking issues and feature interactive Q&As.

twitter: Join 10,000 bankers and industry experts on Twitter as they follow @bankingexchange for the latest banking news.

to find out how your company can partner with Banking exchange, please contact: Director - NatioNal SaleS Robert D. Vitriol • bvitriol@sbpub.com • 212-620-7242

/ Ad index /

INTERACTIVE index of advertisers Welcome to Banking Exchange’s Interactive Service Center. This section has been created to allow you to interact with the advertisers who appear in this issue and to gain information on the products and services offered in the following pages of the magazine. Company Phone

Fax 312-335-4400

Appraisal Institute

888-7JOINAI

BAI Retail Delivery

800-224-9889

Comcast Business

888-317-9627

e-mail address web site address

page

aiservice@appraisalinstitute.org

www.appraisalinstitute.org

C2

info@bai.org

www.bairetaildelivery.com

7

business.comcast.com/financial-services 3

CPI Card Group

307-248-0255

klawton@cpicardgroup.com

www.cpicardgroup.com

5

DCI (Data Center Inc)

620-694-6800

620-694-1150

info@datacenterinc.com

www.datacenterinc.com

C4

Temenos

610-232-2800

610-232-2801

usainfo@temenos.com

www.temenos.com

12

The Advertisers Index is an editorial feature maintained for the convenience of readers. It is not part of the advertiser contract and Banking Exchange assumes no responsibility for the correctness.

Advertising Sales

55 Broad Street, 26th Flr., New York, NY 10004

Classified Advertising Jeanine Acquart (212) 620-7211 Fax (212) 633-1165 jacquart@sbpub.com

Display Advertising Robert D. Vitriol (212) 620-7242 Fax (212) 633-1165 bvitriol@sbpub.com

COMPLIMENTARY EBOOK

A BRANCH TRANSFORMATION SURVIVAL GUIDE

HOW TO CREATE A MORE CUSTOMER-CENTRIC BRANCH EXPERIENCE To meet client needs, branches must provide a more customerA B R A N C H T R A N S F O R M AT I O N S U R V I V A L G U I D E

How to create a more customercentric branch experience

centric experience, while taking the organization’s needs into account – allowing for cost reductions to support new initiatives, continued growth and profitability. Download Cummins Allison’s eBook to learn how to make the branch experience as immersive, meaningful and efficient as possible.

Download the eBook: bit.ly/branchguide

August/Septemeber 2016

BANKING EXCHANGE

35

/ CounterIntuitive /

EMAIL, THE TIME THIEF Three rules can reduce the tyranny of your electronic inbox By Steve Cocheo, executive editor

E

v e r y do g ow ne r k now s how canines can be distracted by squirrels. Incoming email is the human version of seeing a squirrel. Pings on your desktop computer or vibrations on your smartphone can be terribly distracting. And in the responding, emails will often take you right off your task. Who has not found himself working three layers away from his original to-do list item? The myth of multitasking is that constantly juggling email and other streams leads to efficiency. Beyond interrupting thought, email can be a terrible time drain that every banker experiences. Used well, email can still be a productivity tool. But how? In his latest book, Deep Work: Rules For Focused Success in a Distracted World (Grand Central Publishing), Cal Newport presents three rules for taking back control of your office life from the email beast. “Just because you cannot avoid this tool altogether doesn’t mean you have to cede all authority over its role in your mental landscape,” w rites New por t. “Resistance is not futile: You have more control over your electronic communication than you might at first assume.” If you dispute how email distracts you and chews up time, here’s a dare: Finish reading this one-page article without checking any device. • Tip 1: Make people who send you email do more work. Email has grown increasingly casual, feeding inefficiency and distraction. Newport can only be reached by the public through a special-purpose email address, and he writes on his website: “If you have an offer, opportunity, or introduction that might make my life more interesting, email me at interesting [at] calnewport.com. . . . I’ll only respond to those proposals that are a good match for my schedule and interests.” This goes against the grain, but after that feeling passes, it seems liberating. According to Newport: “Most people easily accept the idea that you have a

36

BANKING EXCHANGE August/September 2016

Get liberated: Write more productive emails, and don’t respond to all incoming messages.

right to control your own incoming communication, as they would like to enjoy this same right.” • Tip 2: Do more work when you send or reply to emails. Too often, email becomes electronic Ping-Pong, an effort to quickly put the ball back on the other party’s side. Newport turns the tables on the reader. He demands putting more thought and time into messages. The payoff: Time is saved via avoiding the often-unending email chains just to set up a telephone appointment, for instance. The author’s solution is simple. He calls this the process-centric email. Take a few extra moments and write a more productive message. Don’t, for example, propose a coffee meeting next week. Propose it and include a few days and times that work for you. If your recipient can make one, then the process ends. If not, mention in the message that you can be telephoned to nail down a better time. • Tip 3: Don’t respond. Early in his academic career, Newport, a university computer science professor, found that some of the highest-ranking academics at MIT, his graduate school, did not routinely respond to email. “ W he n i t c ome s t o e -m a i l , t he y

believed, it’s the sender’s responsibility to convince the receiver that a reply is worthwhile. If you didn’t make a convincing case and sufficiently minimize the effort required by the professor to respond, you didn’t get a response.” Many bankers w ill bridle at reading that, especially given the regulatory emphasis on handling complaints. And Newport agrees that many people who send you emails will initially be thrown by the lack of any response, which is not standard email etiquette. They may even be upset. In response, he quotes another author, Tim Ferriss, who wrote: “Develop the habit of letting small bad things happen. If you don’t, you’ll never find time for the life-changing big things.” Newport also says that people will get used to your new policy: “The fact you didn’t respond to their hastily scribed messages is probably not a central event in their lives.”

Newport’s Deep Work has many more helpful suggestions for regaining your ability to concentrate on what’s important. Read a review of the book at tinyurl.com/BEDeepWorkreview

Competitive intelligence for bankers

March 2015 bankingexchange.com

DON’T OPERATE LIKE A BANK

NEVER MISS AN ISSUE of

The key to dealing with disruption, says TS Bank’s Josh Guttau: Do some disrupting yourself

INSIDE EASTERN BANK’S “SKUNKWORKS” CLOUD MORE SECURE?

SUBSCRIBE NOW

bankingexchange.com/subscribe

Subscribe to continue to receive the latest banking news, trends and analysis.

Trust needs more than words to be genuine. We’re a core partner founded and still privately owned by bankers, with bankers as board members, user group leaders and employees. So you can trust that we really do have your interests at heart.

Put your trust in a unique community of people who listen and have a personal interest in you. Fifty-three years of innovation and stability proves DCI is a relationship you can genuinely trust.

You’re never ignored or alone at DCI. Direct access to DCI executives, engineers and user groups makes sure we deliver advanced technologies that are meaningful for you. Not to mention live support 24/7 and regular face-to-face visits.

Winner 2015 BankNews Innovative Solutions Award

•

2015 FinTech Forward Top 100 Technology provider