Financial Institutions I JUNE 25, 2020

Top 10 Considerations for Financial Institutions in 2020

Financial institutions will continue to face challenges in a number of corporate and compliance areas, especially given new challenges from uncontrollable events in 2020. However, many of these challenges can be mitigated with early strategy considerations and planning by senior leadership. In 2020, prospects for growth through M&A may be muted, but responsible, organic growth opportunities through new products, services, or partnerships may be attractive. Through this series of short articles, we will be reviewing what we consider to be the top 10 considerations for financial institutions in 2020. In brief, here’s our top 10 for 2020:

  1. Consolidation & Merger Activity

Robust merger activity continued in the first quarter of 2020 and was poised to continue throughout 2020, but significant merger activity has slowed to a crawl or been put on hold during the novel coronavirus shutdown and it is uncertain if or when this activity will return to pre-COVID-19 levels.  Until recently, valuations were healthy and banks and other financial institutions of all sizes were considering mergers or acquisitions both from the buy-side and sell-side. No matter how well the economy weathers the coronavirus outbreak, 2020 will clearly be a year of sharp decline in deal activity. Despite the M&A slowdown, financial institutions should be on the lookout for strategic M&A opportunities as the underlying factors for buying or selling branches or whole institutions may become even more pronounced in a negative economic cycle.

  1. Coronavirus and Business Continuity

As the coronavirus threatens normal operations of businesses large and small, financial institutions must nimbly address the disruption while continuing to comply with regulatory obligations and providing critical products and services to customers. Given this focus on continuing operations, banks and other financial institutions need to consider the obligations imposed on them by federal agency guidance, including the Federal Financial Institutions Examination Council (FFIEC) related to business continuity plans and pandemic planning (FFIEC Guidance). Based on the unforeseen events of 2020, this area of planning could likely use a thorough review and update for many financial institutions. As the old consulting adage goes, failing to plan is planning to fail.

  1. Capital

Like the swallows returning to Mission San Juan Capistrano, in uncertain and challenging economic times the focus of regulators—and accordingly the focus of bank management —returns to bank capital and liquidity. The good news is that since the economic crisis of 2008, capital planning by banks has been robust and capital ratios have generally been well above regulatory minimums. This has provided a healthy cushion for banks to absorb a slowdown in economic activity while remaining well capitalized, including during the coronavirus pandemic. In fact, as some economic activity slows, many banks are looking to the markets to attract low-cost funding—whether through subordinated debt offerings or other traditional capital raise efforts—as they see potential growth opportunities.

  1. Cybersecurity

Financial institutions remain on high alert for a cybersecurity incident. Risks associated with cyber events continue to be a focus area for financial institution regulators as well. In fact, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation released a Joint Statement on Heightened Cybersecurity Risk on January 16, 2020. Among other things, the Joint Statement indicates that sound risk management for cybersecurity, especially in times of heightened risk, includes response and resilience capabilities, authentication, and system configuration. Robust cybersecurity is obvious in theory but can be difficult to implement in practice. So, take the first step—review the 10,000-foot picture of the financial institution and its systems, controls, and capacity—and see where that leads.

  1. Vendor Management

Third party risk management is critical for financial institutions. The risk management approach of today focuses on the most critical vendors providing lending platforms and core data processing systems but should also account for the less-critical vendors. Both the financial institutions and their service providers need to be aware of the expectations of the regulatory community with respect to these relationships. Since the financial crisis, regulators have issued robust guidance on this topic and continue to release updates and FAQs related thereto based on issues presented and examination experiences of bank and non-bank financial institutions. Regardless of specific challenges, a constant theme is that financial institutions are free to outsource their activities, but they cannot outsource liability with respect to the performance of those activities, especially when dealing directly with individual consumers.

  1. Fintech

The use of technology in the provision of financial services, commonly referred to as financial technology, or fintech, has been used to describe various businesses, activities, and delivery systems. As more financial services are offered and provided in a digital environment, banks and other traditional financial services firms continue to seek partnerships with, or even acquire, various fintech companies. But before they do, traditional financial institutions should conduct robust due diligence and understanding of the products and services offered by the fintech company, as well as the relevant limitations or restrictions on activities and investments. Working with fintech companies will likely require a review of the financial institution’s strategy and culture, relevant state licensing regimes that may apply to the fintech company, consumer protection laws and regulations, and third-party vendor risk management enhancements, among other considerations.

  1. CRA Modernization

On January 9, 2020, the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) jointly published a proposed rule in the Federal Register (“Proposed Rule”) to modernize regulations implementing the Community Reinvestment Act (CRA). Conspicuously absent from the Proposed Rule release was the Board of Governors of the Federal Reserve System (FRB), who has traditionally joined the OCC and FDIC with respect to rulemaking under the CRA. Then, in another unusual development just days before former Comptroller of the Currency Joseph Otting’s departure from the agency at the end of May 2020, the OCC finalized its Proposed Rule, without the FDIC joining in the final rule. The OCC’s final rule clarifies which activities qualify for CRA credit, update where activities count for CRA credit, create a more transparent and objective method for measuring CRA performance, and provide for more transparent, consistent, and timely CRA-related data collection, recordkeeping, and reporting. We expect the FDIC to finalize its rule later this year for state-chartered banks.

  1. Digital Currencies

Even in 2020, there seems to be more curiosity than action with respect to the potential intersection of digital currencies and financial institutions. However, there a number of emerging institutions that are seeking money transmitter or money services business licenses at the state level in order to engage in the transfer of money, which includes digital currencies, or value from one person to another. However, digital currencies and digital assets can be considered as money, securities, commodities, or property, which only complicates issues for financial institutions thinking of engaging with digital currencies or related businesses.

  1. Compliance with Consumer Protection Laws

The advent of online banking and online lending has been a strong reminder for many financial institutions of the robust nature of many consumer protection laws. Increased speed and variation in the online products are just one reason for financial institutions to place an increased focus on compliance obligations with consumer protection laws. In addition, while the Consumer Financial Protection Bureau (CFPB) may not have primary jurisdiction over certain community bank lenders, prudential bank regulators look to the interpretive guidance of the CFPB when supervising and advising on bank products and service offerings to consumers. In the area of consumer protection, as the Trump administration has stepped back from aggressive consumer protection activity, the state regulatory and law enforcement authorities are playing an increasingly active role.

  1. Governance and Culture

One final, overarching consideration for financial institutions in 2020 should be a continued focus on governance and culture. Financial institutions have been reminded over the last few years that the “tone at the top” is critical in developing a culture of compliance within an organization. This focus on corporate governance and culture is less prescriptive than other areas of compliance. However, the flexibility with governance and culture allows financial institutions to develop practices and tools that are unique for their specific institution and its set of products and services.

Howard & Howard has a dedicated team of financial services attorneys with deep experience handling complex transactional, regulatory, and litigation matters. Our attorneys regularly advise clients on M&A, strategic transactions, third-party engagement, enforcement matters, and regulatory compliance. For more information, or for questions related to this Financial Institutions Advisory, please contact the author(s), your Howard & Howard attorney, or visit us at