SARC- 2005-04 (February 1, 2006)
I. Background
This appeal arises from contested component and composite ratings assigned to X (“the Bank”) in the Safety and Soundness Examination Report and the composite rating assigned to the Bank in the Compliance Examination Report (“ROEs”), both dated October 4, 2004. Specifically, the Bank disputes the “2” Capital and Earnings component ratings, the “3” Management component rating, and the “3” Composite rating, all issued as part of the Safety and Soundness ROE. Also disputed is the “3” Compliance rating designated in the Compliance ROE. The Safety and Soundness ROE used financial information as of March 31, 2004; assets were reviewed as of June 30, 2004.
On June 8, 2005, the Bank filed its request for review with the Director (“Director”) of the Division of Supervision and Consumer Protection (“DSC”). On July 8, 2005, the Director affirmed the decision of the New York Regional Director and determined that the ratings were consistent with FDIC policy and existing examination guidance and appropriate, given the facts available at the time of the examinations. The Bank timely filed an appeal with the Supervision Appeals Review Committee (the “Committee”) by letter dated August 12, 2005.
The Bank does not dispute the specific criticisms and recommendations contained in the ROEs but questions the ratings as inappropriate, as they are based in large part on the Bank’s payday/Short-Term Loan Portfolio (“STLP,” or the “Loan Program”), which comprises a small portion of its assets. The Bank argues that it is well managed, well capitalized, and has an exceptional level of current and historical earnings. Further, the Bank states that it is in compliance with all applicable consumer protection or civil rights statutes and regulations.
DSC responds that the Safety and Soundness ROE details noteworthy weaknesses in board and management oversight of the STLP; that the Bank’s risk profile is significantly higher than the typical community bank; and that the Bank’s compliance program is weak.
In accordance with the Guidelines for Appeals of Material Supervisory Determinations1, the Committee reviews the appeal for consistency with the policies, practices, and mission of FDIC, as well as the reasonableness of and support for the respective positions of the parties. The Committee granted the Bank’s request to appear, and a hearing was held on October 31, 2005. Appearing on behalf of the Bank were Chairman and Chief Executive Officer A, Vice President B, and General Counsel C. The Committee has carefully considered the written submissions made by the Bank and DSC, as well as the oral presentations at the October 31 meeting. Under the Guidelines, the scope of the Committee’s review was limited to facts and circumstances as they existed at the time of the examination. No consideration was given to facts or circumstances that developed after the examinations.
II. Analysis.
A. The Bank’s Payday/Short-Term Loan
Program.
The Bank is a state-chartered institution with *** branch offices in
addition to the main office in ***. The majority of Bank earning assets
consist of traditional, though higher-risk, banking products. Acquisition,
development, and construction (“ADC”) loans and commercial real estate loans
account for 31 and 35 percent of gross loans, respectively. The Bank has no
brokered deposits or borrowings.
The Bank has been engaged in payday lending since 1997. As of September 2004, the Bank had formal written contracts to originate payday loans with 19 vendors operating in 14 states and the District of Columbia. The Bank participates 85 to 95 percent of all payday loans back to the originating vendor. For the first six months of 2004, the Bank funded $128 million in payday/short-term loans, including renewals. On June 30, 2004, $3.3 million in payday loans were on the Bank’s books. Although the STLP comprises a small portion of the Bank’s assets (about 1 percent), for the first six months of 2004, payday loans generated $5.4 million in revenue, representing 45 percent of the Bank’s gross interest income and 64 percent of net income during the period. Based on these revenues, the portfolio is the Bank’s most significant business product.
In addition to *** class action lawsuits, the Bank is currently defending itself against a complaint filed by *** Attorney General ***. The State of *** alleges that the Bank repeatedly engaged in illegal, fraudulent, and deceptive business practices in making payday/short-term loans to *** consumers. The complaint seeks restitution, damages, penalties, and costs. The Bank asserts that the class action lawsuits, as well as the State of ***’s complaint, are frivolous.
B. The Safety and Soundness Material Supervisory Determinations.
The Bank disputes the Composite rating of “3,” and the component ratings for
Management of “3,” Capital of “2,” and Earnings of “2.” The Bank seeks
ratings of “2” for Management, “1” for Capital, “1” for Earnings, and a
Composite rating of “2.”
1. Management.
Under the Federal Financial Institutions Examination Council’s Uniform
Financial Institutions Rating System (the “FFIEC Rating System”), sound
management is demonstrated by active oversight by the board and management;
competent personnel; adequate policies, processes, and controls; maintenance
of an appropriate audit program and internal control environment; and
effective risk monitoring and management information systems. A “3” rating
signals the need for improved management and board performance and possible
inadequate identification, measurement, monitoring, and control of risk.
The Bank asserts that the Management component rating fails to take into account the overall successful supervision of and management by the board of directors (the “Board”). The Bank argues that the ROE focuses solely on issues raised regarding the STLP, without considering the controls instituted by the Board to mitigate credit, legal, and reputation risks, as well as the Board’s willingness to address the deficiencies regarding the STLP. Further, the Bank disputes the ROE criticism that the Board is not adequately informed as it meets only once a quarter, countering that the Board’s Executive Committee, which includes 7 of the 12 Board members, meets every two weeks and “is well aware of the situation involving the STLP.” The Bank argues that the Executive Committee has kept the full Board informed, though conceding that any such education of the full Board “may not have been well documented in the minutes.”
DSC contends that the Bank’s point that the STLP comprises 1 percent of Bank assets fails to recognize that the Loan Program generates significant revenues and income for the Bank. Although the Program does not represent a concentration of assets, it does represent a concentration of income: the Bank’s payday loans represented 45 percent of the Bank’s gross interest income for the first six months of 2004. Because the payday/short-term loan program is the most significant business product for the Bank, weaknesses related to Management’s oversight of the program should be weighed heavily in assessing Management performance.
Given the high profile nature of payday lending and the fact that the Bank is dealing with 19 different payday vendors, the Bank’s ability to maintain an effective risk management program covering numerous vendors doing business in multiple offices in several states is open to question. The Safety and Soundness ROE cites numerous incidents in which the Board and Management failed to ensure that the Bank’s 19 vendors were complying with the Board-approved Short-Term Loan Policy. On-site inspections by FDIC staff at vendor stores revealed practices violating internal Bank policies. Three of the policy infractions had been identified as weaknesses in the 2002 ROE but were not adequately addressed by Management.
Violations of Part 323 and Part 353 of FDIC’s Rules and Regulations, which govern appraisals and the filing of Suspicious Activity Reports, respectively, were cited in the Safety and Soundness ROE. Moreover, the ROE cites two instances of nonconformance with FDIC guidelines relating to safety and soundness standards established by Appendix A of Part 364, as well as several instances in which the Bank failed to conform with FDIC’s Guidelines for Payday Lending.
Serious weaknesses in Management’s administration and oversight of the Bank’s most significant and highest-risk business line results in less than satisfactory overall Bank performance. The Bank’s risk profile is high, based on the concentration in ADC2 loans and the high-profile, non-traditional payday lending activities. The risk in the payday/short-term loan program is exacerbated by the Bank’s deficient oversight of its 19 payday vendors. As pointed out in the Guidelines for Payday Lending, “The existence of third-party arrangements may, when not properly managed, significantly increase institutions’ transaction, legal and reputation risk.” The Board and Management have not properly managed these third-party arrangements and have incurred significant transaction, legal, and reputation risks as a result.
After carefully considering these facts, the Committee finds unpersuasive the Bank’s argument that Management’s overall performance is satisfactory, that “most of the Bank’s activities” are “appropriately overseen and supported,” and that, because “over $270 million in the Bank’s assets are not related to STLP,” the Bank’s overall condition remains “fundamentally sound.” Further, the Committee rejects the Bank’s defense that the Executive Committee is well aware of “the situation involving the STLP,” and has kept the full Board informed. These contentions are not well supported, and, as the Bank concedes, are not documented by the Board’s minutes. Since Management oversight of the Bank’s most significant and highest-risk business line has been deficient, its overall performance must be considered less than satisfactory. Given these shortcomings, the Committee finds the Management rating of “3” justified.
2. Capital.
Under the FFIEC Rating System, an institution is expected to maintain
capital commensurate with the nature and extent of risks to the institution
and the ability of Management to identify, monitor, and control such risks.
The types and quantity of risk inherent in an institution’s activities will
determine the extent to which it may be necessary to maintain capital at
levels above required regulatory minimums. A rating of “2” indicates a
“satisfactory,” as opposed to a “strong” capital level.
The Bank’s Board argues that the Bank’s capital remains “strong” relative to its risk profile, based on the “totality of the facts and circumstances,” and that its risk-based capital ratios are in excess of the minimum requirements for a well-capitalized bank. Moreover, the Bank argues, the legal and reputation risks associated with the STLP have been effectively identified, monitored, and controlled. The size of the STLP is limited; 100 percent reserves are established for the STLP; and the Bank remains well capitalized when the STLP is risk weighted at 300 percent. As to legal risk, Bank counsel opines that exposure is low, given the “nuisance” nature of the lawsuits. Additionally, the Bank’s policy is to require agreement of all merchants in the STLP to pay litigation costs should a lawsuit arise. Finally, the Bank argues that it has instituted appropriate reputation risk controls. According to the Board, the remoteness of the communities in which it conducts its STLP and the community in which it conducts traditional banking activities “insulates the Bank from negative publicity/reputation risk related to the payday/short-term loan program.”
DSC agrees that banks assuming greater risk should have capital ratios in excess of minimum requirements but specifically disputes the Bank’s contention that its risks have been effectively controlled. When such risks are not properly regulated as in the Bank’s payday program, higher capital ratios than those simply “in excess of minimum requirements,” are required. The Bank’s ratios drop precipitously after allocating dollar-for-dollar capital to the STLP, as suggested in FDIC’s Guidelines for Payday Lending3.
The Bank’s lower than peer risk-based ratios reflect concentrations in higher-risk assets, including ADC loans (291 percent of capital) and commercial real estate loans, and a generally higher-risk balance sheet structure. This structure comprises a risk profile that is significantly higher than the typical community bank.
The Committee finds that the Bank has not effectively controlled credit, legal, and reputation risks associated with the Loan Program. Management’s lax oversight of the payday program exacerbates the Bank’s overall risk profile. the Bank’s failure to monitor its 19 agent payday lenders appropriately through its Loan Management System (“LMS”) and audit program increases the risk that one of these lenders will violate state or federal laws. Although the Board argues that its agent lenders are obligated to absorb legal costs associated with payday-related lawsuits, the capacity of many of these companies to absorb costs associated with protracted and large scale legal defense is questionable. The Committee determines that these facts support a Capital rating of “2.”
3. Earnings.
The FFIEC Rating System provides that the quality and quantity of an
institution’s earnings are affected by inadequately managed credit risk or
by high levels of market risk that may unduly expose an institution’s
earnings to volatility in interest rates. To qualify for the highest
Earnings component rating, the System requires the maintenance of stable
trends in the level of earnings to support operations and maintain adequate
capital and allowance levels.
The Bank argues that the Earnings component does not properly reflect the “exceptional level of the Bank’s current and historical earnings,” nor does it recognize that the Board has implemented controls to address credit, legal and reputation risks. Among the controls that the Bank has put into effect: (1) full provision of short-term loans in the Allowance for Loan and Lease Losses (“ALLL”) and immediate charge-offs on 60 days delinquency, thus mitigating credit risk; (2) adequate capital coverage -- the Bank remains well capitalized when the STLP is risk weighted at 300 percent; and (3) minimal charge-offs in comparison to earnings, incurring $330,000 in net charge-offs from the STLP in relation to the nearly $3.7 million in realized earnings from that product line.
DSC responds that it has significant concerns with the quality and sustainability of Bank earnings. The STLP makes a crucial contribution to the Bank’s profitable operations. Although the Portfolio comprised only 1.09 percent of total assets at June 30, 2004, it contributed 45 percent of interest income for the period. The Bank’s Return on Assets (“ROA”) and Net Interest Margin (“NIM”) are high due to the STLP. The five-year strategic plan for the Bank assumes an average annual growth rate of 12 percent and a ROA of 2.40 percent, with continued heavy reliance on payday lending needed to meet projected earnings levels.
Although earnings have been high and the trend stable, DSC argues that that stability may be jeopardized. Increased media, political, and legislative attention has been directed at the payday industry, and bills that severely restrict or effectively prohibit payday cash advance services have been introduced in several states, including states in which the Bank does business. Although with the STLP, the Bank’s ROA has been healthy, without it, the Bank’s ROA would be 0.85 percent, which is significantly below the 1.22 percent peer group median.
Earnings strength is measured not only by the quantity and trend of earnings but also by factors affecting the sustainability or quality of those earnings. The income stream derived from the Bank’s payday lending, which is significant, is tenuous, and its sustainability is beyond Management’s control. Due to reliance on the STLP income, any depletion would affect the Bank’s operations. In view of these facts, the Committee finds that the stability and quality of earnings are not strong, but satisfactory, and thus a “2” Earnings rating is warranted.
4. The Composite Rating.
Composite ratings are based on a careful evaluation of an institution’s
managerial, operational, financial, and compliance performance. Institutions
with a “3” rating are less capable of withstanding business fluctuations and
are more vulnerable to outside influences than those rated “1” or “2.” Risk
management practices may be less than satisfactory relative to the
institution’s size, complexity, and risk profile.
The Bank contends that the overall condition of the Bank is “fundamentally sound,” and the weaknesses relating to internal controls and information systems, internal audit systems and adherence to the Short-Term Loan Policy, “well within the Board of Directors’ and Management’s capabilities to correct.” The Board further insists that the Bank is “stable,” “capable of withstanding business fluctuations,” and “in substantial compliance with laws and regulations,” and therefore merits a Composite rating of “2.”
The Safety and Soundness ROE details weaknesses in Board and Management oversight of the STLP requiring attention, including lax oversight of participating payday lenders, ineffective enforcement of the Bank’s Short-Term Loan Policy, the incomplete implementation of the LMS, and the inadequate auditing policies and procedures for the Loan Program and its participating vendors. These weaknesses are particularly significant in view of the magnitude of the Loan Program to the Bank’s overall operations. The Committee finds that these facts fully support a Composite rating of “3.”
C. The Compliance Material Supervisory Determination.
The Bank argues that its Compliance rating should be upgraded from a “3”
to a “2.”
Under the FFIEC Uniform Interagency Consumer Compliance Rating System, each institution is assigned a consumer compliance rating predicated on an evaluation of the nature and extent of its present compliance with consumer protection and civil rights statutes and regulations and the adequacy of its operating systems designed to ensure compliance on a continuing basis. A “3” Compliance rating signifies and institution with a less than satisfactory compliance position that is cause for supervisory concern and requires more than normal supervision to remedy deficiencies.
The Bank argues that it is in a “generally strong compliance position,” and that the Compliance ROE reported “no violations of law.” However, the Bank’s failure to administer properly its payday lending business resulted in its failure to adhere to FDIC’s Guidelines for Payday Lending in many important respects. Further, the absence of violations of federal and state consumer protection laws is insufficient to raise the Bank’s Compliance rating. The deficiency of operating controls is demonstrated by the fact that, despite Board approval of a compliance policy (the “Compliance Policy”) in January 2003 mandating an annual assessment of the compliance program, the Policy still had not been implemented nearly two years later in October 2004.
The Bank’s compliance program, as a whole, is weak. Operating procedures and controls within the Bank are deficient and have not proven effective. Both the Bank’s Compliance Policy and its Short-Term Loan Policy are incomplete, as revealed by the fact that monitoring by short-term loan merchants is not addressed, specific training by short-term loan merchants is not prescribed, and consumer complaint resolution procedures are flawed. Compliance examiners evaluated the adequacy of the Bank’s retail banking and STLP operating systems, and found significant deficiencies in its compliance management system. Because the STLP is the Bank’s primary business product, examiners appropriately gave it serious consideration when assigning the compliance rating.
A compliance audit is an independent review of an institution’s compliance with consumer protection laws and regulations and adherence to internal policies and procedures. The audit should help Management ensure ongoing compliance and identify compliance risk conditions. The audit function should complement the internal monitoring system. The Board should determine the scope of an audit and the frequency with which audits are conducted based on factors including volume of business, size of the institution, and history of violations or training issues.
In this case, the Board and Senior Management have not appropriately set the scope or procedures for adequate audits of the Bank or the STLP. As a result, the Bank’s internal audit program failed to identify numerous instances in which vendors failed to follow the Bank’s Short-Term Loan Policy. Moreover, the Bank’s internal audits do not cover all necessary areas and do not require Management response. For example, flood insurance audits do not review for appropriate coverage. Additionally, once audits are completed, management of the audited area is not required to respond on how exceptions occurred or what correction action will be initiated. Although audits are presented to the Audit Committee, no follow-up is performed.
Education of the Bank’s Board, management and staff is essential to maintaining an effective compliance program. Functional management and staff should receive specific, comprehensive training in laws and regulations and internal policies and procedures. The Board should receive compliance-related training periodically to maintain an adequate level of knowledge. Training at the Bank is marginally adequate. The Bank’s Compliance Policy notes as an objective, “To ensure a training program for all employees so that they have, at a minimum, a working knowledge of the laws and regulations associated with their duties and responsibilities.” However, the Compliance Policy does not contain ways in which this objective is to be met or how to measure the completion of the objective. The Board receives no training on compliance issues. For example, new regulations, such as Check 21, which affect overall Bank functions and systems, were not discussed by the Board.
The Board is not adequately informed about the compliance posture of the Bank, and neither the Board nor Senior Management has devoted sufficient attention to consumer compliance. For example, a review of Board minutes from January 2003 through September 2004 revealed no discussion of compliance issues, despite concerns about training and auditing identified at the prior examination. After carefully considering these facts, the Committee finds that the Bank’s compliance management system is less than satisfactory, and that the Consumer Compliance rating of “3” is warranted.
III. Conclusion.
For the reasons set forth above, the Bank’s appeal is denied. This decision is considered a final supervisory decision by FDIC.
By direction of the Supervision Appeals Review Committee of FDIC, dated
February 1, 2006.
__________________________________________
1 The Guidelines are set out at 69 Fed. Reg. 41479 (July 9, 2004) and in FDIC Financial Institution Letter (“FIL”) 113-2004 (Oct. 13, 2004).
2 ADC loans comprise 31 percent of the loan portfolio, compared to a peer median of 5 percent.
3 See
also FIL, “Expanded Guidance for Subprime Lending Programs,” (January 2001) (“institutions should hold capital against subprime loans in an amount
that is one and a half to three times greater than what is appropriate for
non-subprime assets of a similar type. . . . institutions that
underwrite higher-risk subprime pools . . . may need significantly
higher levels of capital, perhaps as high as 100 percent of the loans
outstanding.”). FDIC has determined that payday portfolios are “higher-risk
subprime pools: and assesses capital levels at payday lenders using a
dollar-for-dollar allocation.”