Appeals of Material Supervisory Determinations: Guidelines & Decisions
SARC- 2005-04 (February 1, 2006)
This appeal arises from contested component and composite ratings assigned to X (the Bank) in the Safety and Soundness Examination Report and the composite rating assigned to the Bank in the Compliance Examination Report (ROEs), both dated October 4, 2004. Specifically, the Bank disputes the 2 Capital and Earnings component ratings, the 3 Management component rating, and the 3 Composite rating, all issued as part of the Safety and Soundness ROE. Also disputed is the 3 Compliance rating designated in the Compliance ROE. The Safety and Soundness ROE used financial information as of March 31, 2004; assets were reviewed as of June 30, 2004.
On June 8, 2005, the Bank filed its request for review with the Director (Director) of the Division of Supervision and Consumer Protection (DSC). On July 8, 2005, the Director affirmed the decision of the New York Regional Director and determined that the ratings were consistent with FDIC policy and existing examination guidance and appropriate, given the facts available at the time of the examinations. The Bank timely filed an appeal with the Supervision Appeals Review Committee (the Committee) by letter dated August 12, 2005.
The Bank does not dispute the specific criticisms and recommendations contained in the ROEs but questions the ratings as inappropriate, as they are based in large part on the Banks payday/Short-Term Loan Portfolio (STLP, or the Loan Program), which comprises a small portion of its assets. The Bank argues that it is well managed, well capitalized, and has an exceptional level of current and historical earnings. Further, the Bank states that it is in compliance with all applicable consumer protection or civil rights statutes and regulations.
DSC responds that the Safety and Soundness ROE details noteworthy weaknesses in board and management oversight of the STLP; that the Banks risk profile is significantly higher than the typical community bank; and that the Banks compliance program is weak.
In accordance with the Guidelines for Appeals of Material Supervisory Determinations1, the Committee reviews the appeal for consistency with the policies, practices, and mission of FDIC, as well as the reasonableness of and support for the respective positions of the parties. The Committee granted the Banks request to appear, and a hearing was held on October 31, 2005. Appearing on behalf of the Bank were Chairman and Chief Executive Officer A, Vice President B, and General Counsel C. The Committee has carefully considered the written submissions made by the Bank and DSC, as well as the oral presentations at the October 31 meeting. Under the Guidelines, the scope of the Committees review was limited to facts and circumstances as they existed at the time of the examination. No consideration was given to facts or circumstances that developed after the examinations.
A. The Banks Payday/Short-Term Loan
The Bank is a state-chartered institution with *** branch offices in addition to the main office in ***. The majority of Bank earning assets consist of traditional, though higher-risk, banking products. Acquisition, development, and construction (ADC) loans and commercial real estate loans account for 31 and 35 percent of gross loans, respectively. The Bank has no brokered deposits or borrowings.
The Bank has been engaged in payday lending since 1997. As of September 2004, the Bank had formal written contracts to originate payday loans with 19 vendors operating in 14 states and the District of Columbia. The Bank participates 85 to 95 percent of all payday loans back to the originating vendor. For the first six months of 2004, the Bank funded $128 million in payday/short-term loans, including renewals. On June 30, 2004, $3.3 million in payday loans were on the Banks books. Although the STLP comprises a small portion of the Banks assets (about 1 percent), for the first six months of 2004, payday loans generated $5.4 million in revenue, representing 45 percent of the Banks gross interest income and 64 percent of net income during the period. Based on these revenues, the portfolio is the Banks most significant business product.
In addition to *** class action lawsuits, the Bank is currently defending itself against a complaint filed by *** Attorney General ***. The State of *** alleges that the Bank repeatedly engaged in illegal, fraudulent, and deceptive business practices in making payday/short-term loans to *** consumers. The complaint seeks restitution, damages, penalties, and costs. The Bank asserts that the class action lawsuits, as well as the State of ***s complaint, are frivolous.
B. The Safety and Soundness Material Supervisory Determinations.
The Bank disputes the Composite rating of 3, and the component ratings for Management of 3, Capital of 2, and Earnings of 2. The Bank seeks ratings of 2 for Management, 1 for Capital, 1 for Earnings, and a Composite rating of 2.
Under the Federal Financial Institutions Examination Councils Uniform Financial Institutions Rating System (the FFIEC Rating System), sound management is demonstrated by active oversight by the board and management; competent personnel; adequate policies, processes, and controls; maintenance of an appropriate audit program and internal control environment; and effective risk monitoring and management information systems. A 3 rating signals the need for improved management and board performance and possible inadequate identification, measurement, monitoring, and control of risk.
The Bank asserts that the Management component rating fails to take into account the overall successful supervision of and management by the board of directors (the Board). The Bank argues that the ROE focuses solely on issues raised regarding the STLP, without considering the controls instituted by the Board to mitigate credit, legal, and reputation risks, as well as the Boards willingness to address the deficiencies regarding the STLP. Further, the Bank disputes the ROE criticism that the Board is not adequately informed as it meets only once a quarter, countering that the Boards Executive Committee, which includes 7 of the 12 Board members, meets every two weeks and is well aware of the situation involving the STLP. The Bank argues that the Executive Committee has kept the full Board informed, though conceding that any such education of the full Board may not have been well documented in the minutes.
DSC contends that the Banks point that the STLP comprises 1 percent of Bank assets fails to recognize that the Loan Program generates significant revenues and income for the Bank. Although the Program does not represent a concentration of assets, it does represent a concentration of income: the Banks payday loans represented 45 percent of the Banks gross interest income for the first six months of 2004. Because the payday/short-term loan program is the most significant business product for the Bank, weaknesses related to Managements oversight of the program should be weighed heavily in assessing Management performance.
Given the high profile nature of payday lending and the fact that the Bank is dealing with 19 different payday vendors, the Banks ability to maintain an effective risk management program covering numerous vendors doing business in multiple offices in several states is open to question. The Safety and Soundness ROE cites numerous incidents in which the Board and Management failed to ensure that the Banks 19 vendors were complying with the Board-approved Short-Term Loan Policy. On-site inspections by FDIC staff at vendor stores revealed practices violating internal Bank policies. Three of the policy infractions had been identified as weaknesses in the 2002 ROE but were not adequately addressed by Management.
Violations of Part 323 and Part 353 of FDICs Rules and Regulations, which govern appraisals and the filing of Suspicious Activity Reports, respectively, were cited in the Safety and Soundness ROE. Moreover, the ROE cites two instances of nonconformance with FDIC guidelines relating to safety and soundness standards established by Appendix A of Part 364, as well as several instances in which the Bank failed to conform with FDICs Guidelines for Payday Lending.
Serious weaknesses in Managements administration and oversight of the Banks most significant and highest-risk business line results in less than satisfactory overall Bank performance. The Banks risk profile is high, based on the concentration in ADC2 loans and the high-profile, non-traditional payday lending activities. The risk in the payday/short-term loan program is exacerbated by the Banks deficient oversight of its 19 payday vendors. As pointed out in the Guidelines for Payday Lending, The existence of third-party arrangements may, when not properly managed, significantly increase institutions transaction, legal and reputation risk. The Board and Management have not properly managed these third-party arrangements and have incurred significant transaction, legal, and reputation risks as a result.
After carefully considering these facts, the Committee finds unpersuasive the Banks argument that Managements overall performance is satisfactory, that most of the Banks activities are appropriately overseen and supported, and that, because over $270 million in the Banks assets are not related to STLP, the Banks overall condition remains fundamentally sound. Further, the Committee rejects the Banks defense that the Executive Committee is well aware of the situation involving the STLP, and has kept the full Board informed. These contentions are not well supported, and, as the Bank concedes, are not documented by the Boards minutes. Since Management oversight of the Banks most significant and highest-risk business line has been deficient, its overall performance must be considered less than satisfactory. Given these shortcomings, the Committee finds the Management rating of 3 justified.
Under the FFIEC Rating System, an institution is expected to maintain capital commensurate with the nature and extent of risks to the institution and the ability of Management to identify, monitor, and control such risks. The types and quantity of risk inherent in an institutions activities will determine the extent to which it may be necessary to maintain capital at levels above required regulatory minimums. A rating of 2 indicates a satisfactory, as opposed to a strong capital level.
The Banks Board argues that the Banks capital remains strong relative to its risk profile, based on the totality of the facts and circumstances, and that its risk-based capital ratios are in excess of the minimum requirements for a well-capitalized bank. Moreover, the Bank argues, the legal and reputation risks associated with the STLP have been effectively identified, monitored, and controlled. The size of the STLP is limited; 100 percent reserves are established for the STLP; and the Bank remains well capitalized when the STLP is risk weighted at 300 percent. As to legal risk, Bank counsel opines that exposure is low, given the nuisance nature of the lawsuits. Additionally, the Banks policy is to require agreement of all merchants in the STLP to pay litigation costs should a lawsuit arise. Finally, the Bank argues that it has instituted appropriate reputation risk controls. According to the Board, the remoteness of the communities in which it conducts its STLP and the community in which it conducts traditional banking activities insulates the Bank from negative publicity/reputation risk related to the payday/short-term loan program.
DSC agrees that banks assuming greater risk should have capital ratios in excess of minimum requirements but specifically disputes the Banks contention that its risks have been effectively controlled. When such risks are not properly regulated as in the Banks payday program, higher capital ratios than those simply in excess of minimum requirements, are required. The Banks ratios drop precipitously after allocating dollar-for-dollar capital to the STLP, as suggested in FDICs Guidelines for Payday Lending3.
The Banks lower than peer risk-based ratios reflect concentrations in higher-risk assets, including ADC loans (291 percent of capital) and commercial real estate loans, and a generally higher-risk balance sheet structure. This structure comprises a risk profile that is significantly higher than the typical community bank.
The Committee finds that the Bank has not effectively controlled credit, legal, and reputation risks associated with the Loan Program. Managements lax oversight of the payday program exacerbates the Banks overall risk profile. the Banks failure to monitor its 19 agent payday lenders appropriately through its Loan Management System (LMS) and audit program increases the risk that one of these lenders will violate state or federal laws. Although the Board argues that its agent lenders are obligated to absorb legal costs associated with payday-related lawsuits, the capacity of many of these companies to absorb costs associated with protracted and large scale legal defense is questionable. The Committee determines that these facts support a Capital rating of 2.
The FFIEC Rating System provides that the quality and quantity of an institutions earnings are affected by inadequately managed credit risk or by high levels of market risk that may unduly expose an institutions earnings to volatility in interest rates. To qualify for the highest Earnings component rating, the System requires the maintenance of stable trends in the level of earnings to support operations and maintain adequate capital and allowance levels.
The Bank argues that the Earnings component does not properly reflect the exceptional level of the Banks current and historical earnings, nor does it recognize that the Board has implemented controls to address credit, legal and reputation risks. Among the controls that the Bank has put into effect: (1) full provision of short-term loans in the Allowance for Loan and Lease Losses (ALLL) and immediate charge-offs on 60 days delinquency, thus mitigating credit risk; (2) adequate capital coverage -- the Bank remains well capitalized when the STLP is risk weighted at 300 percent; and (3) minimal charge-offs in comparison to earnings, incurring $330,000 in net charge-offs from the STLP in relation to the nearly $3.7 million in realized earnings from that product line.
DSC responds that it has significant concerns with the quality and sustainability of Bank earnings. The STLP makes a crucial contribution to the Banks profitable operations. Although the Portfolio comprised only 1.09 percent of total assets at June 30, 2004, it contributed 45 percent of interest income for the period. The Banks Return on Assets (ROA) and Net Interest Margin (NIM) are high due to the STLP. The five-year strategic plan for the Bank assumes an average annual growth rate of 12 percent and a ROA of 2.40 percent, with continued heavy reliance on payday lending needed to meet projected earnings levels.
Although earnings have been high and the trend stable, DSC argues that that stability may be jeopardized. Increased media, political, and legislative attention has been directed at the payday industry, and bills that severely restrict or effectively prohibit payday cash advance services have been introduced in several states, including states in which the Bank does business. Although with the STLP, the Banks ROA has been healthy, without it, the Banks ROA would be 0.85 percent, which is significantly below the 1.22 percent peer group median.
Earnings strength is measured not only by the quantity and trend of earnings but also by factors affecting the sustainability or quality of those earnings. The income stream derived from the Banks payday lending, which is significant, is tenuous, and its sustainability is beyond Managements control. Due to reliance on the STLP income, any depletion would affect the Banks operations. In view of these facts, the Committee finds that the stability and quality of earnings are not strong, but satisfactory, and thus a 2 Earnings rating is warranted.
4. The Composite Rating.
Composite ratings are based on a careful evaluation of an institutions managerial, operational, financial, and compliance performance. Institutions with a 3 rating are less capable of withstanding business fluctuations and are more vulnerable to outside influences than those rated 1 or 2. Risk management practices may be less than satisfactory relative to the institutions size, complexity, and risk profile.
The Bank contends that the overall condition of the Bank is fundamentally sound, and the weaknesses relating to internal controls and information systems, internal audit systems and adherence to the Short-Term Loan Policy, well within the Board of Directors and Managements capabilities to correct. The Board further insists that the Bank is stable, capable of withstanding business fluctuations, and in substantial compliance with laws and regulations, and therefore merits a Composite rating of 2.
The Safety and Soundness ROE details weaknesses in Board and Management oversight of the STLP requiring attention, including lax oversight of participating payday lenders, ineffective enforcement of the Banks Short-Term Loan Policy, the incomplete implementation of the LMS, and the inadequate auditing policies and procedures for the Loan Program and its participating vendors. These weaknesses are particularly significant in view of the magnitude of the Loan Program to the Banks overall operations. The Committee finds that these facts fully support a Composite rating of 3.
C. The Compliance Material Supervisory Determination.
The Bank argues that its Compliance rating should be upgraded from a 3 to a 2.
Under the FFIEC Uniform Interagency Consumer Compliance Rating System, each institution is assigned a consumer compliance rating predicated on an evaluation of the nature and extent of its present compliance with consumer protection and civil rights statutes and regulations and the adequacy of its operating systems designed to ensure compliance on a continuing basis. A 3 Compliance rating signifies and institution with a less than satisfactory compliance position that is cause for supervisory concern and requires more than normal supervision to remedy deficiencies.
The Bank argues that it is in a generally strong compliance position, and that the Compliance ROE reported no violations of law. However, the Banks failure to administer properly its payday lending business resulted in its failure to adhere to FDICs Guidelines for Payday Lending in many important respects. Further, the absence of violations of federal and state consumer protection laws is insufficient to raise the Banks Compliance rating. The deficiency of operating controls is demonstrated by the fact that, despite Board approval of a compliance policy (the Compliance Policy) in January 2003 mandating an annual assessment of the compliance program, the Policy still had not been implemented nearly two years later in October 2004.
The Banks compliance program, as a whole, is weak. Operating procedures and controls within the Bank are deficient and have not proven effective. Both the Banks Compliance Policy and its Short-Term Loan Policy are incomplete, as revealed by the fact that monitoring by short-term loan merchants is not addressed, specific training by short-term loan merchants is not prescribed, and consumer complaint resolution procedures are flawed. Compliance examiners evaluated the adequacy of the Banks retail banking and STLP operating systems, and found significant deficiencies in its compliance management system. Because the STLP is the Banks primary business product, examiners appropriately gave it serious consideration when assigning the compliance rating.
A compliance audit is an independent review of an institutions compliance with consumer protection laws and regulations and adherence to internal policies and procedures. The audit should help Management ensure ongoing compliance and identify compliance risk conditions. The audit function should complement the internal monitoring system. The Board should determine the scope of an audit and the frequency with which audits are conducted based on factors including volume of business, size of the institution, and history of violations or training issues.
In this case, the Board and Senior Management have not appropriately set the scope or procedures for adequate audits of the Bank or the STLP. As a result, the Banks internal audit program failed to identify numerous instances in which vendors failed to follow the Banks Short-Term Loan Policy. Moreover, the Banks internal audits do not cover all necessary areas and do not require Management response. For example, flood insurance audits do not review for appropriate coverage. Additionally, once audits are completed, management of the audited area is not required to respond on how exceptions occurred or what correction action will be initiated. Although audits are presented to the Audit Committee, no follow-up is performed.
Education of the Banks Board, management and staff is essential to maintaining an effective compliance program. Functional management and staff should receive specific, comprehensive training in laws and regulations and internal policies and procedures. The Board should receive compliance-related training periodically to maintain an adequate level of knowledge. Training at the Bank is marginally adequate. The Banks Compliance Policy notes as an objective, To ensure a training program for all employees so that they have, at a minimum, a working knowledge of the laws and regulations associated with their duties and responsibilities. However, the Compliance Policy does not contain ways in which this objective is to be met or how to measure the completion of the objective. The Board receives no training on compliance issues. For example, new regulations, such as Check 21, which affect overall Bank functions and systems, were not discussed by the Board.
The Board is not adequately informed about the compliance posture of the Bank, and neither the Board nor Senior Management has devoted sufficient attention to consumer compliance. For example, a review of Board minutes from January 2003 through September 2004 revealed no discussion of compliance issues, despite concerns about training and auditing identified at the prior examination. After carefully considering these facts, the Committee finds that the Banks compliance management system is less than satisfactory, and that the Consumer Compliance rating of 3 is warranted.
For the reasons set forth above, the Banks appeal is denied. This decision is considered a final supervisory decision by FDIC.
By direction of the Supervision Appeals Review Committee of FDIC, dated
February 1, 2006.
1 The Guidelines are set out at 69 Fed. Reg. 41479 (July 9, 2004) and in FDIC Financial Institution Letter (FIL) 113-2004 (Oct. 13, 2004).
2 ADC loans comprise 31 percent of the loan portfolio, compared to a peer median of 5 percent.
3 See also FIL, Expanded Guidance for Subprime Lending Programs, (January 2001) (institutions should hold capital against subprime loans in an amount that is one and a half to three times greater than what is appropriate for non-subprime assets of a similar type. . . . institutions that underwrite higher-risk subprime pools . . . may need significantly higher levels of capital, perhaps as high as 100 percent of the loans outstanding.). FDIC has determined that payday portfolios are higher-risk subprime pools: and assesses capital levels at payday lenders using a dollar-for-dollar allocation.