Interview: Jorge Gonzalez

Next Article

Interview: Brian Kornfeld

Jorge Gonzalez President & CEO City National Bank of Florida

How do you combine banking technology with the need to maintain a connection to people?

At the end of the day, we recognize that clients want multiple channels of connectivity, and some want multiple channels at dišerent times. We have to provide that. At some point, they want to speak to a human being. At another, they want to engage with us through their smartphones. Our business model is peoplecentric; we are not a mass retail bank but a private and commercial bank. Our clientele values the relationship provided by people, but we have to provide the best technology to support our people in delivering the best possible experience. We have invested heavily in all the right applications and platforms to support our people and clients. The market has reacted well to our business model. We would not have otherwise grown as we have in the last five to 10 years. You have to make sure you hire the right people. You need to have people who have the right values and understanding of what is important to clients. .

What challenges is the industry facing regarding data security and cyber threats?

The whole industry is facing cybersecurity issues, but the good news is that one of our main investment priorities is cybersecurity and privacy of information. This is not going away. Having the right size is important because you have to have the capital, the resources and the talent to properly invest in this area. There is not much margin for error.

What risk-mitigation strategies is the bank implementing to address a potential downturn?

In working to address that, we have tried to stay true to a disciplined approach to business, whether at the peaks or valleys of the economic cycles. We don’t get overly excited when things are too good, nor overly conservative when things are bad. At the end of the day, it’s about picking the right clients and the right transactions.

The banking and financial services sector invests billions of dollars into technology each year.

banks and community banks. Perhaps one of the most significant stories of the year was the $66 billion merger of BB&T Corp. and SunTrust Banks Inc. to form the sixth-largest banking entity in the United States with more than $425 billion in combined assets. The merger closed in mid-December with approvals from Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corp. The new bank, rebranding as Truist Financial Corp, will be headquartered in Charlotte, North Carolina, but it will have a considerable regional footprint throughout the Southeast. It is part of a consolidation trend seen across the nation’s banking industry, although the trend isn’t all positive. “M&A can be good for our business because as the transactions are happening, we are usually involved in the diligence side or the valuation side. The flipside to that is when these acquisitions happen, it’s another bank we can’t

work with, which doesn’t help us in the long term,” said Adam Thomas, managing partner - Tampa Bay at Dixon Hughes Goodman.

Another key development is the continued ascendance of credit unions throughout the Tampa Bay region. To a certain extent, credit unions are becoming so successful throughout the region that they appear to be replacing community banks, often through merging with or acquiring the banks. Take MIDFLORIDA Credit Union, as an example. MIDFLORIDA is the fourth-largest credit union in the state of Florida in terms of total assets, and operates more than 60 branches across state, with a particularly significant presence in Tampa, Lakeland, and the I-4 corridor. Now, through the acquisition of two community banks, MIDFLORIDA will become even bigger: the credit union plans to merge with Ocala’s Community Bank & Trust of Florida, thereby adding $730 million in assets to its portfolio, and will also acquire the Florida assets of First American Bank of Iowa, including a $240 million commercial and residential mortgage portfolio. Assuming the deals are approved by regulatory authorities and completed, the combined entity will control over $4 billion in assets, $3 billion in loans, and employ 1,100 people. These deals signify a trend of community bank acquisition across Florida, with credit unions seeming to achieve dominance, but some industry insiders note that the trend is not likely to continue, due to the simple fact that there is a rapidly diminishing number of community banks to acquire.

Other credit union news includes Forbes naming three Tampa Bay credit unions to its list of Top 10 credit unions in Florida: USF Federal Credit Union (at #5), Grow Financial Credit Union (at #7), and Achieva Credit Union (at #9). Only 3.1% of financial institutions in the entire United States qualify for best-in-state status, so three institutions in Tampa making the cut is huge news for the region’s banking and finance sector. In keeping with the general trend of credit unions providing stiff competition for banks, while banks scored an average 4.2 out of 5 in the survey used by Forbes to compile the list, credit unions scored an average of 4.5.

Regulations The overarching regulatory framework for the banking sector is The Dodd-Frank Wall Street Reform and Consumer Protection Act (DoddFrank), originally passed in 2010 to reign in the behavior of banks and other financial institutions that contributed to the Great Recession of 2008. In 2018, 10 years after the financial meltdown, DoddFrank was subject to a series of rollbacks that eased some of the burden on banks while leaving the core regulatory pillars of the act standing, including tough regulation of the biggest banks, aggressive oversight of financial institutions by the Federal Reserve, and the continued authority of the Consumer Financial Protection Bureau. However, the increase to the “Bank SIFI (systemically important financial institution)” threshold was put into effect, increasing the size at which a bank falls under mandatory increased Federal Reserve regulation from $50 billion to $250 billion. However, although this seems like a considerable weakening of the act, $250 billion is only the mandatory regulatory threshold. The Fed retains full discretion to strictly scrutinize financial institutions of any size. Therefore, the increase was mostly a technicality, and the Fed arguably came out

New rules in the EU targeting individuals’ banking data will impact how banks, including those in the United States, operate online.

with even greater authority as a result of the changes.

In 2019, there were moves to simplify regulations further, with the Fed taking into consideration bank size when it voted in October to lower the requisite level of cash and government bonds for most banks. The Fed also voted to lower the frequency for submitting so-called “living wills,” which are the detailed plans banks draft for winding down in the case of a failure.

Banks also were impacted by EU regulations, as new laws came into effect in 2019. These new regulations target individuals’ personal banking data. The first such law is the Payment Service Directive 2 (PSD2). PSD2 is designed to harmonize and simplify crossborder cash transactions between EU member states in order to make freer trade and more permeable borders within the EU a reality. However, customers should be aware that the new framework will allow certain third-party providers of payment and account information services to access individuals’ bank account information directly and view information such as account balances and spending habits in extraordinary detail. Beyond the obvious data privacy risks, this could also lead to customers having to endure even more targeted advertisements and transfer of their personal data to third parties.

Fortunately, there are aspects of the law that are designed to curb potential data privacy abuses. First, these third-party providers must apply to become Account Information Service Providers (AISPs) and be approved before they can access private account data. To apply, these providers must be registered in their home country, but they are then free to operate as AISPs anywhere in the EU. The problem is that each country establishes its own standards for accepting AISP applications. This means that some AISPs may be able to access account information in any EU member country in perfect compliance with the law by cherry picking a country with lower standards under which to form and apply. Still, the registration process is a better protection of consumer data than no check at all. A better check is that even a fully registered AISP still requires consumers’ consent to access their data, and this consent must be explicitly requested and provided. PSD2 went into effect on Sept. 14, 2019.

Another EU regulation that affects individuals’ data is the General Data Protection Regulation (GDPR). The GDPR has been in effect since 2018, but the first enforcement actions began to hit in 2019. One notable example occurred in the U.K., where the Information Commissioner’s Office (ICO) fined British Airways and Marriott International for allowing breaches of confidential customer data. British Airways had to pay $228 million in penalties after a breach that affected 500,000 customers, while Marriott got hit ( )