Thursday, August 5th, 2010
CEO to CEO – The Compliance Tipping Point
Grow, Merge or Die
A recent article in American Banker[i] conveyed that financial industry experts discussing the regulatory system are telling community banks that their only options are to grow, merge, or die.
“Julie Stackhouse, SVP of Supervision at the Federal Reserve Bank of St. Louis, told a gathering of bankers … that small banks ought to consider merging… to gain the scale needed to… handle the burden of regulatory compliance.”
The reasoning behind this logic is that there are only two real alternatives for smaller banks and credit unions. While it appears to be three in, “grow, merge, or die” this is really two. The first is to grow, via organic or strategic means with market share growth or a merger. The latter, death, needs no real explanation.
The only choice in management’s control is organic growth. However, the cost of organic growth is capital that smaller organizations simply don’t have. The probability that everyone is betting on is the demise of independent community financial institutions due to their lack of scale and resources.
Both primary alternatives hold a common assumption, and it is one that this paper aims to challenge. That assumption is that the costs of regulatory compliance are not elastic and there exists no way to scale these costs down.
Faced with this grow or die tipping point, further accelerated with the inevitable passage of additional financial regulatory reforms, community financial institution management teams face a very daunting decision. It is critical for these community bank and credit union CEOs to determine if the core assumption about the cost of compliance is true. If this assumption were to prove false, a third and dramatically more attractive alternative would emerge. That alternative would be to continue with the mission of serving their communities as they’ve done for generations with a renewed vitality from better financial health.
Challenging the Assumption
The assumption that the cost of compliance is not elastic and cannot be scaled down for smaller institutions holds the “merge or die” argument together. The reason for this assumption is that the market is assuming smaller financial organizations must organize their compliance operations similarly to larger banks. This translates into running everything in-house. Compliance Officer, analyzing new regulations, efficiently implementing and tracking tasks associated with regulations, the works. Which means that the assumption of the inability to control and lower the cost of compliance hinges on the ability to scale staffing, training and materials down.
While compliance covers every area of an institution, we’ve seen this same dynamic ensue in other areas of community banking operations. What we’ve seen in areas such as core, items processing and information security, to name a few, is that community financials and the vendors that serve them, have found new models for various forms of shared sourcing to change cost structures. So the question is, can a shared sourcing model exist for compliance? If it can, then the cost assumptions that are forcing the “merge or die” dichotomy can be proved false.
Case Study of GLBA
Back in 2000 the passage of GLBA dramatically changed the industry’s requirements in the area of information security. Prior to this point the level of rigor that organizations were required to demonstrate in their examinations was fairly limited. While there was a requirement for operating a ‘safe’ environment, the examinations and findings weren’t focused on this issue. As GLBA came into force, the examiner training and scrutiny increased. Where a simple security device, such as a computer network firewall, had been seen as adequate, the examiners now delved deeper into how it was configured and the 24/7 management of it. The implications of these ‘new requirements’ would prove dramatic. What had been an adjacent IT task, now required dedicated information security staff, and material additional investments in current technologies. The impact on costs would likely be 5-10 times the current spend and have a huge negative impact on other IT projects. Many in the banking industry felt that this was a huge and unneeded ‘compliance tax’ for the industry to bear.
In the wake of GLBA regulation, a new type of company was born to rise up to this challenge. Just as established providers like Fiserv, FIS and Jack Henry offer outsourced core banking software and services, these new companies would perform similar functions for information security. These companies were brand new and had names like Perimeter eSecurity, SecureWorks, SecurePipe, MessageSecure and others. These firms used shared sourcing of expensive resources and technology to drive the cost of GLBA down by 70% or more of what it would have cost to address the requirements in-house. Through consolidation, Perimeter eSecurity and SecureWorks emerged as market leaders in the industry and today serve thousands of banks with a fraction of the resources that would have been spread across all of the individual institutions.
We saw in GLBA the same dynamic that we are seeing unfold today. A material risk existed in the market regarding the secure handling of personal information. The government responded with new regulations that created large increases in requirements for the banks and credit unions. Pundits made assumptions about how the costs would impact the industry and the community of banking technology vendors responded with new offerings that rendered the purported costs out of the equation. Leaving the industry dramatically safer, in compliance and not ‘driven out of business.’
A New Way to Manage It All
With a long history of solving challenges such as the specific example of GLBA we have to imagine that a solution to this problem is possible. And with a possible solution, a third, and more desirable, alternative to the touted “merge or die” scenario emerges. The alternative that can help secure your future within the industry.
So with the preceding provided as background, I’ll simply say, ”Yes, there is an answer!”
We would like to introduce you to Continuity Control, an entirely new way of addressing compliance through the automation of the back-office chores that are impacted with every new requirement and regulation. Much like the innovations that have come before, Continuity Control uses shared sourcing and technology to deliver on your requirements, while lowering your costs dramatically. As a company we have no lesser mission then to lower the cost of compliance to a point of parity with the mega-banks and provide you with an immediate and sustainable advantage in your operations.
To accomplish these objectives, a new way of doing this work was needed and it shares our name, Continuity Control (I’ll call it Control for short). Below is a comparison of the traditional ways of handling compliance that have resulted in the ‘merge or die’ mantra and those of Control. You can see that Control transfers the responsibility of certain activities via our Control Command Center to our experts, and automates the activities of your personnel to change the effort required to accomplish given tasks. This comparison uses a sampling of functions and tasks that are impacted by Continuity Control.
You can see that by transferring responsibilities but still retaining management oversight in some areas dramatic scale advantage can be brought to bear. The collective impact of scale and automation are dramatic with clients reporting up to 70% reductions in cost & effort.
With so many industry insiders and outsiders chanting “merge or die”, it is clear that the time to act is now. Current profitability levels brought about by government reaction to the financial crisis, rendering the cost of funds to an all time low, are masking the dramatic growth in compliance costs and their negative impact on your efficiency. This gift must be used to make the critical strategic move to change the costs of your compliance efforts. As Steve Williams of Gonzo Banker declared “Mandate #1: Don’t whine about risk management and compliance, reinvent it.”[ii] In a very insightful comment Steve said, “One of the biggest threats to our organizations at present is the defeatism some are experiencing at the notion that we will be regulated out of business.” It is this defeatism that led to the false dichotomy of “merge or die”. This defeatism is an illness that must be cured if our industry is to survive. Between merge and die there are no good choices but through innovation there is a third, dramatically more attractive choice.
[i] Survival Tactics: Fix Asset Quality, Gain Scale (http://www.americanbanker.com/issues/175_93/survival-tactics-1019184-1.html)