Appeals of Material Supervisory Determinations: Guidelines and Determinations
SARC- 2005-04 (February 1, 2006)
This appeal arises from contested component and composite ratings
assigned to X (the Bank) in the Safety and Soundness Examination Report
and the composite rating assigned to the Bank in the Compliance Examination
Report (ROEs), both dated October 4, 2004. Specifically, the Bank disputes
the 2 Capital and Earnings component ratings, the 3 Management component
rating, and the 3 Composite rating, all issued as part of the Safety and
Soundness ROE. Also disputed is the 3 Compliance rating designated in the
Compliance ROE. The Safety and Soundness ROE used financial information as
of March 31, 2004; assets were reviewed as of June 30, 2004.
On June 8, 2005, the Bank filed its request for review with the Director
(Director) of the Division of Supervision and Consumer Protection (DSC).
On July 8, 2005, the Director affirmed the decision of the New York Regional
Director and determined that the ratings were consistent with FDIC policy
and existing examination guidance and appropriate, given the facts available
at the time of the examinations. The Bank timely filed an appeal with the
Supervision Appeals Review Committee (the Committee) by letter dated
August 12, 2005.
The Bank does not dispute the specific criticisms and recommendations
contained in the ROEs but questions the ratings as inappropriate, as they
are based in large part on the Banks payday/Short-Term Loan Portfolio (STLP,
or the Loan Program), which comprises a small portion of its assets. The
Bank argues that it is well managed, well capitalized, and has an
exceptional level of current and historical earnings. Further, the Bank
states that it is in compliance with all applicable consumer protection or
civil rights statutes and regulations.
DSC responds that the Safety and Soundness ROE details noteworthy
weaknesses in board and management oversight of the STLP; that the Banks
risk profile is significantly higher than the typical community bank; and
that the Banks compliance program is weak.
In accordance with the
Guidelines for Appeals of Material Supervisory Determinations1
, the Committee reviews the appeal for consistency with the
policies, practices, and mission of FDIC, as well as the reasonableness of
and support for the respective positions of the parties. The Committee
granted the Banks request to appear, and a hearing was held on October 31,
2005. Appearing on behalf of the Bank were Chairman and Chief Executive
Officer A, Vice President B, and General Counsel C. The Committee has
carefully considered the written submissions made by the Bank and DSC, as
well as the oral presentations at the October 31 meeting. Under the
Guidelines, the scope of the Committees review was limited to facts and
circumstances as they existed at the time of the examination. No
consideration was given to facts or circumstances that developed after the
A. The Banks Payday/Short-Term Loan
The Bank is a state-chartered institution with *** branch offices in
addition to the main office in ***. The majority of Bank earning assets
consist of traditional, though higher-risk, banking products. Acquisition,
development, and construction (ADC) loans and commercial real estate loans
account for 31 and 35 percent of gross loans, respectively. The Bank has no
brokered deposits or borrowings.
The Bank has been engaged in payday lending since 1997. As of September
2004, the Bank had formal written contracts to originate payday loans with
19 vendors operating in 14 states and the District of Columbia. The Bank
participates 85 to 95 percent of all payday loans back to the originating
vendor. For the first six months of 2004, the Bank funded $128 million in
payday/short-term loans, including renewals. On June 30, 2004, $3.3 million
in payday loans were on the Banks books. Although the STLP comprises a
small portion of the Banks assets (about 1 percent), for the first six
months of 2004, payday loans generated $5.4 million in revenue, representing
45 percent of the Banks gross interest income and 64 percent of net income
during the period. Based on these revenues, the portfolio is the Banks most
significant business product.
In addition to *** class action lawsuits, the Bank is currently defending
itself against a complaint filed by *** Attorney General ***. The State of
*** alleges that the Bank repeatedly engaged in illegal, fraudulent, and
deceptive business practices in making payday/short-term loans to ***
consumers. The complaint seeks restitution, damages, penalties, and costs.
The Bank asserts that the class action lawsuits, as well as the State of
***s complaint, are frivolous.
B. The Safety and Soundness Material Supervisory Determinations.
The Bank disputes the Composite rating of 3, and the component ratings for
Management of 3, Capital of 2, and Earnings of 2. The Bank seeks
ratings of 2 for Management, 1 for Capital, 1 for Earnings, and a
Composite rating of 2.
Under the Federal Financial Institutions Examination Councils Uniform
Financial Institutions Rating System (the FFIEC Rating System), sound
management is demonstrated by active oversight by the board and management;
competent personnel; adequate policies, processes, and controls; maintenance
of an appropriate audit program and internal control environment; and
effective risk monitoring and management information systems. A 3 rating
signals the need for improved management and board performance and possible
inadequate identification, measurement, monitoring, and control of risk.
The Bank asserts that the Management component rating fails to take into
account the overall successful supervision of and management by the board of
directors (the Board). The Bank argues that the ROE focuses solely on
issues raised regarding the STLP, without considering the controls
instituted by the Board to mitigate credit, legal, and reputation risks, as
well as the Boards willingness to address the deficiencies regarding the
STLP. Further, the Bank disputes the ROE criticism that the Board is not
adequately informed as it meets only once a quarter, countering that the
Boards Executive Committee, which includes 7 of the 12 Board members, meets
every two weeks and is well aware of the situation involving the STLP. The
Bank argues that the Executive Committee has kept the full Board informed,
though conceding that any such education of the full Board may not have
been well documented in the minutes.
DSC contends that the Banks point that the STLP comprises 1 percent of
Bank assets fails to recognize that the Loan Program generates significant
revenues and income for the Bank. Although the Program does not represent a
concentration of assets, it does represent a concentration of income: the
Banks payday loans represented 45 percent of the Banks gross interest
income for the first six months of 2004. Because the payday/short-term loan
program is the most significant business product for the Bank, weaknesses
related to Managements oversight of the program should be weighed heavily
in assessing Management performance.
Given the high profile nature of payday lending and the fact that the
Bank is dealing with 19 different payday vendors, the Banks ability to
maintain an effective risk management program covering numerous vendors
doing business in multiple offices in several states is open to question.
The Safety and Soundness ROE cites numerous incidents in which the Board and
Management failed to ensure that the Banks 19 vendors were complying with
the Board-approved Short-Term Loan Policy. On-site inspections by FDIC staff
at vendor stores revealed practices violating internal Bank policies. Three
of the policy infractions had been identified as weaknesses in the 2002 ROE
but were not adequately addressed by Management.
Violations of Part 323 and Part 353 of FDICs Rules and Regulations,
which govern appraisals and the filing of Suspicious Activity Reports,
respectively, were cited in the Safety and Soundness ROE. Moreover, the ROE
cites two instances of nonconformance with FDIC guidelines relating to
safety and soundness standards established by Appendix A of Part 364, as
well as several instances in which the Bank failed to conform with FDICs
Guidelines for Payday Lending.
Serious weaknesses in Managements administration and oversight of the
Banks most significant and highest-risk business line results in less than
satisfactory overall Bank performance. The Banks risk profile is high,
based on the concentration in ADC2
loans and the high-profile, non-traditional payday lending activities. The
risk in the payday/short-term loan program is exacerbated by the Banks
deficient oversight of its 19 payday vendors. As pointed out in the
Guidelines for Payday Lending, The existence of third-party arrangements
may, when not properly managed, significantly increase institutions
transaction, legal and reputation risk. The Board and Management have not
properly managed these third-party arrangements and have incurred
significant transaction, legal, and reputation risks as a result.
After carefully considering these facts, the Committee finds unpersuasive
the Banks argument that Managements overall performance is satisfactory,
that most of the Banks activities are appropriately overseen and
supported, and that, because over $270 million in the Banks assets are
not related to STLP, the Banks overall condition remains fundamentally
sound. Further, the Committee rejects the Banks defense that the Executive
Committee is well aware of the situation involving the STLP, and has kept
the full Board informed. These contentions are not well supported, and, as
the Bank concedes, are not documented by the Boards minutes. Since
Management oversight of the Banks most significant and highest-risk
business line has been deficient, its overall performance must be considered
less than satisfactory. Given these shortcomings, the Committee finds the
Management rating of 3 justified.
Under the FFIEC Rating System, an institution is expected to maintain
capital commensurate with the nature and extent of risks to the institution
and the ability of Management to identify, monitor, and control such risks.
The types and quantity of risk inherent in an institutions activities will
determine the extent to which it may be necessary to maintain capital at
levels above required regulatory minimums. A rating of 2 indicates a
satisfactory, as opposed to a strong capital level.
The Banks Board argues that the Banks capital remains strong relative
to its risk profile, based on the totality of the facts and circumstances,
and that its risk-based capital ratios are in excess of the minimum
requirements for a well-capitalized bank. Moreover, the Bank argues, the
legal and reputation risks associated with the STLP have been effectively
identified, monitored, and controlled. The size of the STLP is limited; 100
percent reserves are established for the STLP; and the Bank remains well
capitalized when the STLP is risk weighted at 300 percent. As to legal risk,
Bank counsel opines that exposure is low, given the nuisance nature of the
lawsuits. Additionally, the Banks policy is to require agreement of all
merchants in the STLP to pay litigation costs should a lawsuit arise.
Finally, the Bank argues that it has instituted appropriate reputation risk
controls. According to the Board, the remoteness of the communities in which
it conducts its STLP and the community in which it conducts traditional
banking activities insulates the Bank from negative publicity/reputation
risk related to the payday/short-term loan program.
DSC agrees that banks assuming greater risk should have capital ratios in
excess of minimum requirements but specifically disputes the Banks
contention that its risks have been effectively controlled. When such risks
are not properly regulated as in the Banks payday program, higher capital
ratios than those simply in excess of minimum requirements, are required.
The Banks ratios drop precipitously after allocating dollar-for-dollar
capital to the STLP, as suggested in FDICs Guidelines for Payday Lending3.
The Banks lower than peer risk-based ratios reflect concentrations in
higher-risk assets, including ADC loans (291 percent of capital) and
commercial real estate loans, and a generally higher-risk balance sheet
structure. This structure comprises a risk profile that is significantly
higher than the typical community bank.
The Committee finds that the Bank has not effectively controlled credit,
legal, and reputation risks associated with the Loan Program. Managements
lax oversight of the payday program exacerbates the Banks overall risk
profile. the Banks failure to monitor its 19 agent payday lenders
appropriately through its Loan Management System (LMS) and audit program
increases the risk that one of these lenders will violate state or federal
laws. Although the Board argues that its agent lenders are obligated to
absorb legal costs associated with payday-related lawsuits, the capacity of
many of these companies to absorb costs associated with protracted and large
scale legal defense is questionable. The Committee determines that these
facts support a Capital rating of 2.
The FFIEC Rating System provides that the quality and quantity of an
institutions earnings are affected by inadequately managed credit risk or
by high levels of market risk that may unduly expose an institutions
earnings to volatility in interest rates. To qualify for the highest
Earnings component rating, the System requires the maintenance of stable
trends in the level of earnings to support operations and maintain adequate
capital and allowance levels.
The Bank argues that the Earnings component does not properly reflect the
exceptional level of the Banks current and historical earnings, nor does
it recognize that the Board has implemented controls to address credit,
legal and reputation risks. Among the controls that the Bank has put into
effect: (1) full provision of short-term loans in the Allowance for Loan and
Lease Losses (ALLL) and immediate charge-offs on 60 days delinquency, thus
mitigating credit risk; (2) adequate capital coverage -- the Bank remains
well capitalized when the STLP is risk weighted at 300 percent; and (3)
minimal charge-offs in comparison to earnings, incurring $330,000 in net
charge-offs from the STLP in relation to the nearly $3.7 million in realized
earnings from that product line.
DSC responds that it has significant concerns with the quality and
sustainability of Bank earnings. The STLP makes a crucial contribution to
the Banks profitable operations. Although the Portfolio comprised only 1.09
percent of total assets at June 30, 2004, it contributed 45 percent of
interest income for the period. The Banks Return on Assets (ROA) and Net
Interest Margin (NIM) are high due to the STLP. The five-year strategic
plan for the Bank assumes an average annual growth rate of 12 percent and a
ROA of 2.40 percent, with continued heavy reliance on payday lending needed
to meet projected earnings levels.
Although earnings have been high and the trend stable, DSC argues that
that stability may be jeopardized. Increased media, political, and
legislative attention has been directed at the payday industry, and bills
that severely restrict or effectively prohibit payday cash advance services
have been introduced in several states, including states in which the Bank
does business. Although with the STLP, the Banks ROA has been healthy,
without it, the Banks ROA would be 0.85 percent, which is significantly
below the 1.22 percent peer group median.
Earnings strength is measured not only by the quantity and trend of
earnings but also by factors affecting the sustainability or quality of
those earnings. The income stream derived from the Banks payday lending,
which is significant, is tenuous, and its sustainability is beyond
Managements control. Due to reliance on the STLP income, any depletion
would affect the Banks operations. In view of these facts, the Committee
finds that the stability and quality of earnings are not strong, but
satisfactory, and thus a 2 Earnings rating is warranted.
4. The Composite Rating.
Composite ratings are based on a careful evaluation of an institutions
managerial, operational, financial, and compliance performance. Institutions
with a 3 rating are less capable of withstanding business fluctuations and
are more vulnerable to outside influences than those rated 1 or 2. Risk
management practices may be less than satisfactory relative to the
institutions size, complexity, and risk profile.
The Bank contends that the overall condition of the Bank is
fundamentally sound, and the weaknesses relating to internal controls and
information systems, internal audit systems and adherence to the Short-Term
Loan Policy, well within the Board of Directors and Managements
capabilities to correct. The Board further insists that the Bank is
stable, capable of withstanding business fluctuations, and in
substantial compliance with laws and regulations, and therefore merits a
Composite rating of 2.
The Safety and Soundness ROE details weaknesses in Board and Management
oversight of the STLP requiring attention, including lax oversight of
participating payday lenders, ineffective enforcement of the Banks
Short-Term Loan Policy, the incomplete implementation of the LMS, and the
inadequate auditing policies and procedures for the Loan Program and its
participating vendors. These weaknesses are particularly significant in view
of the magnitude of the Loan Program to the Banks overall operations. The
Committee finds that these facts fully support a Composite rating of 3.
C. The Compliance Material Supervisory Determination.
The Bank argues that its Compliance rating should be upgraded from a 3
to a 2.
Under the FFIEC Uniform Interagency Consumer Compliance Rating System,
each institution is assigned a consumer compliance rating predicated on an
evaluation of the nature and extent of its present compliance with consumer
protection and civil rights statutes and regulations and the adequacy of its
operating systems designed to ensure compliance on a continuing basis. A 3
Compliance rating signifies and institution with a less than satisfactory
compliance position that is cause for supervisory concern and requires more
than normal supervision to remedy deficiencies.
The Bank argues that it is in a generally strong compliance position,
and that the Compliance ROE reported no violations of law. However, the
Banks failure to administer properly its payday lending business resulted
in its failure to adhere to FDICs Guidelines for Payday Lending in many
important respects. Further, the absence of violations of federal and state
consumer protection laws is insufficient to raise the Banks Compliance
rating. The deficiency of operating controls is demonstrated by the fact
that, despite Board approval of a compliance policy (the Compliance
Policy) in January 2003 mandating an annual assessment of the compliance
program, the Policy still had not been implemented nearly two years later in
The Banks compliance program, as a whole, is weak. Operating procedures
and controls within the Bank are deficient and have not proven effective.
Both the Banks Compliance Policy and its Short-Term Loan Policy are
incomplete, as revealed by the fact that monitoring by short-term loan
merchants is not addressed, specific training by short-term loan merchants
is not prescribed, and consumer complaint resolution procedures are flawed.
Compliance examiners evaluated the adequacy of the Banks retail banking and
STLP operating systems, and found significant deficiencies in its compliance
management system. Because the STLP is the Banks primary business product,
examiners appropriately gave it serious consideration when assigning the
A compliance audit is an independent review of an institutions
compliance with consumer protection laws and regulations and adherence to
internal policies and procedures. The audit should help Management ensure
ongoing compliance and identify compliance risk conditions. The audit
function should complement the internal monitoring system. The Board should
determine the scope of an audit and the frequency with which audits are
conducted based on factors including volume of business, size of the
institution, and history of violations or training issues.
In this case, the Board and Senior Management have not appropriately set
the scope or procedures for adequate audits of the Bank or the STLP. As a
result, the Banks internal audit program failed to identify numerous
instances in which vendors failed to follow the Banks Short-Term Loan
Policy. Moreover, the Banks internal audits do not cover all necessary
areas and do not require Management response. For example, flood insurance
audits do not review for appropriate coverage. Additionally, once audits are
completed, management of the audited area is not required to respond on how
exceptions occurred or what correction action will be initiated. Although
audits are presented to the Audit Committee, no follow-up is performed.
Education of the Banks Board, management and staff is essential to
maintaining an effective compliance program. Functional management and staff
should receive specific, comprehensive training in laws and regulations and
internal policies and procedures. The Board should receive
compliance-related training periodically to maintain an adequate level of
knowledge. Training at the Bank is marginally adequate. The Banks
Compliance Policy notes as an objective, To ensure a training program for
all employees so that they have, at a minimum, a working knowledge of the
laws and regulations associated with their duties and responsibilities.
However, the Compliance Policy does not contain ways in which this objective
is to be met or how to measure the completion of the objective. The Board
receives no training on compliance issues. For example, new regulations,
such as Check 21, which affect overall Bank functions and systems, were not
discussed by the Board.
The Board is not adequately informed about the compliance posture of the
Bank, and neither the Board nor Senior Management has devoted sufficient
attention to consumer compliance. For example, a review of Board minutes
from January 2003 through September 2004 revealed no discussion of
compliance issues, despite concerns about training and auditing identified
at the prior examination. After carefully considering these facts, the
Committee finds that the Banks compliance management system is less than
satisfactory, and that the Consumer Compliance rating of 3 is warranted.
For the reasons set forth above, the Banks appeal is denied. This decision
is considered a final supervisory decision by FDIC.
By direction of the Supervision Appeals Review Committee of FDIC, dated
February 1, 2006.
Guidelines are set out at 69 Fed. Reg. 41479 (July 9, 2004) and in
FDIC Financial Institution Letter (FIL) 113-2004 (Oct. 13, 2004). 2ADC
loans comprise 31 percent of the loan portfolio, compared to a peer median
of 5 percent.
also FIL, Expanded Guidance for Subprime Lending Programs, (January
2001) (institutions should hold capital against subprime loans in an amount
that is one and a half to three times greater than what is appropriate for
non-subprime assets of a similar type. . . . institutions that
underwrite higher-risk subprime pools . . . may need significantly
higher levels of capital, perhaps as high as 100 percent of the loans
outstanding.). FDIC has determined that payday portfolios are higher-risk
subprime pools: and assesses capital levels at payday lenders using a