A Different Approach to Regulatory Relief

Community banks indeed need regulatory relief. Regulators generally agree, but their hands are tied as a decadelong enforcement environment drags on. Meanwhile, financial technology (fintech) firms assert they should not be subject to banking-type regulatory supervision as long as they are not banks or until they partner with banks. Both groups need to be more realistic about what regulatory relief is actually possible.

Sorry for this spoiler alert, but neither banks nor fintech firms will be relieved of the core priorities and concerns of financial industry regulators. There will be no relief from the obligation to comply with those laws and regulations deemed critical to preserving the safety and soundness of the U.S. banking and financial system, protecting it from abuse and providing consumer protection. These include fair lending and abuses of customers in products and practices, stress tests, enterprise risk management, BSA/AML and privacy and cybersecurity protection. The long-coming new “fifth pillar” rule from the Financial Crimes Enforcement Network reinforcing what banks have already been expected to do—to identify and monitor the beneficial ownership of their customers—is fresh evidence that broad relief from compliance is not at hand for banks or fintech. And as banks venture into new niches and assume/undertake new risks (such as marketplace lending, auto finance or investment advisory services), they will be closely scrutinized until compliance becomes standardized for each new trend.

Some relief is on the horizon. Heavily capitalized community banks will get relief from the provisions of Dodd-Frank that never applied to many anyway (Volcker trading and derivative activities) and will get some reporting, privacy notice and examination frequency relief. Meanwhile, compliance should receive more emphasis than license avoidance within the diverse collection of innovators and disruptors that is fintech. Another spoiler alert! Regulators and most politicians will still demand competency, transparency and decency at a minimum from all sectors of the expanding financial services industry.

Is there another approach that may accomplish the goals of regulators, politicians, banks and fintech alike? What if banks could operate with assurance that they were within the boundaries of publicly available compliance standards and could rely on vendors and consultants that had been publicly vetted by the regulators? What if mistakes and unintentional oversights could become agreed corrective actions instead of being disproportionately elevated to enforcement actions with public recrimination of banks and their boards of directors? A similar environment would be advantageous to fintech as well.

Might we build upon the evolving trend towards information sharing in the Cybersecurity Information Sharing Act and the open source concept from blockchain and make core compliance requirements a more “open architecture” and shared-expertise foundation for all firms in the financial services industry? Just as there is no crying in baseball, there should be no competition in compliance. Bankers, regulators, vendors and fintech innovators should be able to openly agree on what compliance is necessary at a minimum to meet the risks to their mutual industries and to customers and consumers, work together on implementation and move on. Acceptable approaches, minimum systems standards and resources could be shared and updated online and through webcasts and interactive blogs. This “Regtech” approach to compliance should include more real-time disclosure and access to most cybersecurity intelligence and the information in SARs filed with FinCEN that could be used by others to prevent more money laundering.

Bank trade association networks, online and on-call compliance firms, bank and technology partnerships and cooperative industry compliance efforts such as the Financial Services Information Sharing and Analysis Center (FS-ISAC) and new guidance from the Bank of International Settlements and regulatory agencies encouraging intraindustry cooperation are moves towards an open compliance culture. However, the regulators are the missing piece to the compliance puzzle. Critical to this new approach would be expanding regulators’ roles from supervisors to collegial participants in establishing compliance approaches in a format accessible to all. This would relieve banks from the uncertainty of not knowing whether their compliance efforts are sufficient until examination exit meetings. Compliance need not be pursued by banks in silos but should be based on consultation and cooperation among all interested parties, including the regulators.

Here are some benefits this new approach could spawn for banking:

• Bank board meetings could again concentrate on banking and growth instead of compliance and enforcement actions.
• Pressure on compliance officers to perform “or else” would be relaxed and the costs of establishing a compliance system could be reduced by making more expertise openly available.
• New compliance developments and new issues could be openly communicated to all, much the way no-action and advisory and interpretive letters have long served as guides for compliance and permissible activities and practices.
• The role and image of examiners could change from “gotcha” finders to validators and advisers on compliance improvements where shortcomings are identified.
• We could hopefully do away with the practice of placing all banks in the enforcement action “penalty box” unable to engage in M&A or any other expansionary activities for 2-3 examination cycles upon the finding of noncompliance in examinations.

Of course, good governance and a top-down culture of compliance would still be expected from banks and, yes, fintech firms as well. However, banks could focus on banking and fintech on innovations if there were a public open-forum and shared information database for all things compliance. Customer privacy would still be tightly protected. And bankers will still find ways to distinguish themselves from competitors by their products and services delivery, reputation and strategy.

This approach would likely be a game changer for vendors of compliance tools and systems, who usually target customers one by one with turnkey or tailored compliance and operations solutions. Instead, they would have to market themselves openly to the industry and to the regulators and compete as participants in establishing a menu of acceptable generic and less-customized compliance solutions that all could tap and share.

So who might be first to step forward and endorse a new cooperative and kinder, gentler open-forum approach to compliance? Comptroller Thomas Curry? FDIC Vice Chairman Thomas Hoenig? Or perhaps Senator Warren?

This article originally appeared on Law360.com on July 7, 2016. Click here to read the original article.