SDBA eNews

July 19, 2018

 Average Cost of Data Breaches Increased Year-Over-Year, Study Finds

The average cost of a data breach globally — including a number of breach-related factors such as investigations and recovery, notifications and cost of lost business — was $3.86 million in 2018, according to a new study from Ponemon Institute and IBM Security. That figure was up 6.4 percent from the 2017 report. Companies in the U.S. experienced the highest average data breach cost, at $7.91 million.

In examining the factors that affect the cost of data breaches, the study found that the time needed to detect and contain a breach was significant; companies that contained a breach in less than 30 days saved more than $1 million compared to those who took longer to do so. It also noted that having an incident response team reduced the breach cost by $14 per compromised record, while the use of an AI platform for cybersecurity reduced costs by $8 per record.

The study also found that the “mega breaches” — those involving the compromise of more than 1 million records — have nearly doubled in the last five years. The cost of a mega breach involving 1 million to 50 million compromised records averaged $40 million, and at 50 million records, estimated costs totaled $350 million. Mega breaches also took a longer time on average to detect and contain: 365 days, compared to 266 days for smaller scale breaches.

Quarles Outlines Fed's Next Steps for Recalibrating Large Bank Supervisory Framework

In remarks at the American Bankers Association’s Summer Leadership Meeting in Salt Lake City today, Federal Reserve Vice Chairman for Supervision Randal Quarles signaled that the Fed would act sooner than required by S. 2155 to tailor prudential standards for banks between $100 billion and $250 billion in assets.

Quarles addresses bankers at ABA’s 2018 Summer Leadership Meeting

While the new regulatory reform law gave regulators 18 months to develop an approach to applying enhanced prudential standards to these banks, Quarles indicated that the Fed “can and will move much more rapidly than this.” He noted that the size of an institution should be just one factor among many that regulators should consider, including complexity and interconnectedness. Examining an institution’s cross-border activity, use of short-term wholesale funding and nonbank activities are several ways the Fed could gauge the complexity and interconnectedness of these firms, he said.

Going forward, Quarles said that risk-based and leverage capital requirements, liquidity requirements and stress testing should continue to play an important role in supervision for these banks, though he supported adjustments to these requirements for less complex and less interconnected firms. Additionally, because most banks within this asset range do not pose a high resolvability risk, the Fed should “consider scaling back or removing entirely resolution planning requirements for most of the firms in that asset range.”

The Fed should also review the requirements for larger firms, he said, adding that “at the moment, many aspects of our regulatory regime treat any bank with more than $250 billion in assets with the same stringency as a G-SIB. I believe there should be a clear differentiation.”

ABA President and CEO Rob Nichols welcomed Quarles’ remarks. “ABA strongly supports a tailored approach to regulation because it ensures that risk practices and business models — rather than arbitrary asset thresholds — will determine appropriate levels of supervision. We firmly believe regulatory tailoring is the most effective and efficient way to maintain safety and soundness while allowing banks to better serve their customers and the broader economy,” Nichols said. “The urgency Vice Chairman Quarles conveyed and his commitment to determining how regulators could apply tailoring on a broader scale represent a very positive step forward.”

Rising Rates Increase Uncertainty in Deposit Management

Today, bankers face a situation that they have not seen for more than 10 years: rising interest rates.

Rising rates present risks that warrant monitoring. Rising rates are potentially problematic for banks because they tend to compress net interest margins, the main source of earnings for most banks. Rising rates typically trigger outflows of low-cost deposits, increase deposit betas and flatten the yield curve. The higher rates go, experience suggests, the more likely it is that customers will move deposits to secure higher yields. It is important for bank management to re-examine and fully understand the sensitivity of deposit assumptions embedded in asset liability models and the potential impact to earnings and liquidity they present across a wide range of market scenarios.

Banks experienced significant growth in deposits after the financial crisis as customers sought safety in insured deposits. Deposits have increased steadily as a share of bank balance sheets since 2008, when the economy was mired in the Great Recession.

At present, deposits fund a larger portion of bank balance sheets when compared with levels prior to 2008, and the deposit mix has shifted toward a higher percentage of non-maturity deposits that offer little or no interest to customers on the one hand, but are highly mobile on the other. As broad market interest rates have begun to slowly rise, banks have not yet exhibited pressure to increase rates offered on deposits, unlike previous periods of rising interest rates. While deposit levels have continued to grow and deposit rates have remained relatively stable, it is uncertain whether that condition will continue in an environment of continued rising interest rates.

During this period of deposit growth and stable-to-moderately rising rates, bank net interest margins have increased largely because of their ability to manage deposit costs effectively. Growth was centered in low-cost, non-maturity deposits as customers moved money to non-maturity accounts for safety and because of the relatively low yields for term products available in the broader market. The shift in deposit mix at this point in the cycle has been more favorable to banks than in the past.

Deposit beta measures the responsiveness of bank deposit rates to changes in market rates. Lower betas since 2015 indicate banks have not increased deposit rates as much as in prior cycles. Since the Federal Reserve began increasing short-term interest rates in December 2015, OCC-supervised banks have increased deposit yields by only 12 percent of the increase in the federal funds rate. In the previous cycle of increasing interest rates, from 2004 to 2006, interest-bearing demand account rates increased 32 percent of the federal funds target rate, but have only increased 1 percent of the fed funds target rate in the current rising rate period.

It is uncertain how much longer this condition can continue. But experience suggests customers become more interested in higher yields as interest rates increase. At some point, banks will have to raise deposit rates to compete with rates customers can get from competitor banks—or from nonbank investment products. Higher deposit costs may erode banks’ profitability.

Given that rates have been low and stable for such a protracted period, bank managers should take time to re-evaluate, fully understand and potentially recalibrate the sensitivity of deposit assumptions embedded in their asset liability models.

Kevin Walsh is deputy comptroller for market risk at the Office of the Comptroller of the Currency.

Real-Time Banking: The Risk of Doing Nothing

“Iam not a technology person,” Steve Antonakes tells the audience at a national bank technology conference. “I am a risk person. The biggest risk for community banks is to do nothing in this space.”

After a career as a bank regulator, first at the Massachusetts Division and eventually as deputy director of the Consumer Financial Protection Bureau, Antonakes is now firmly embedded in bank innovation/risk nexus as EVP for enterprise risk management at Eastern Bank in Boston.

Eastern became famous for its Eastern Labs unit, launched in 2014 to “disrupt the bank from within,” says Antonakes. Investing 1 percent of annual revenue in the labs, Eastern Bank created an Express Business Loan with a streamlined application—required items in the application dropped from 55 to 8—and “real-time” loan decisions. The goal: balancing “speed and prudence” while charging competitive rates.

Express Business Loans took off like, well, an express train. In 2016, Eastern Bank originated 606 EBLs with an average amount of $42,600 and an average rate of 8.2 percent. The following year, it issued 1,330 loans, with a 9.2 percent average rate and a $37,000 average loan total. The next step: spinning out the Labs unit as a fintech company called Numerated that is bringing the technology to other banks. Meanwhile, Antonakes says, Eastern rebooted its lab unit with a goal to “inform, excite and accelerate the future of Eastern Bank.”

On the consumer side, the real-time friction point has to date often been in person-to-person payments. “Customers could not send money to friends unless they used Venmo,” says Jon Prendergast, SVP for payments strategy at TD Bank—so TD was first to market with Zelle.

“Most of these financial institutions today are losing P2P volume to third parties,” remarks Ravi Loganathan, head of digital strategy and operations at Early Warning, the company that operates the Zelle P2P network, a virtually real-time payment solution. Those losses “take away frontline experience of your customers. What Zelle offers today is… the ability to retain that customer experience inside your environment”—namely, each participating bank’s own mobile app.

Since Zelle launched in 2017, it has processed 330 million transactions totaling $100 billion, and in the first quarter of 2018 alone, it has processed 85 million transactions amounting to $25 billion in volume. Banks in the Zelle network see a 50 percent average increase in P2P enrollment, Loganathan says.

The pace of change in banking mirrors the pace of change in business as a whole. Businesses demand express underwriting; consumers want rocket-fast mortgages and payments; and banks have to upgrade their bank end to meet this demand. “Gone are the days when you can take three to six months to hardcode a new product into your core banking system,” says David Arnott, CEO of Temenos, a global digital core banking provider that emphasizes speed and integration.

Real-time banking is where the market has moved. “Twenty-four/seven banking is no longer viewed as a convenience by banking customers,” Antonakes explains. “It’s a non-negotiable necessity. You have to get beyond the mindset of just improving your existing products.”

ABA Urges Lawmakers to Include Military Banking Provision in Final NDAA Bill

As House and Senate lawmakers work to reconcile their versions of the FY 2019 National Defense Authorization Act, the American Bankers Association — along with the Independent Community Bankers of America and the Association of Military Banks of America — today wrote to conference committee members urging them to include in the final bill a House provision that would level the playing field between credit unions and banks serving military bases.

Banks are currently required pay rent for the use of facilities on military bases according to a “fair market value” determined on a facility-by-facility basis, “often times with ineffective and unfair outcomes, forcing many banks to leave military bases in recent years,” ABA pointed out. The amendment would require the Department of Defense to accept the value of services provided by military banks as full payment on any lease, service and utility costs for the space they occupy on military installations.

Credit unions have enjoyed this benefit for more than 10 years, and in that time, 50 military bases have lost their only banks, ABA noted. “This exodus has left many military communities with the options of only being served by non-regulated establishments off base or a credit union on base, depriving them of a choice in secure financial institutions.”

ABA Calls on Lawmakers to Prohibit Post Office Banking

In a letter today to members of the House of Representatives, the American Bankers Association and three other financial trade groups urged support for Congressman Patrick McHenry’s (R-N.C.) amendment to the Financial Services and General Government appropriations bill that would prohibit the U.S. Postal Service from providing banking services. The bill — along with its amendments — is scheduled to be considered on the House floor later this week.

While stressing financial institutions’ longstanding support for the U.S. Postal Service — and acknowledging the need for postal reform — the letter outlined the risks of turning the Postal Service into the world’s largest shadow banking system. Providing banking services, the letter warned, “will be beyond the Postal Service’s core competencies, will raise a number of serious regulatory and consumer protection questions, and will present significant competitive issues for private sector entities.”

The U.S. Postal Service itself has agreed with this position, arguing that postal banking would not address its financial challenges, and would almost certainly cause it to lose money.

IRS Clarifies Deductibility of Trustee Fees from Trust Income

In a recent notice, the Internal Revenue Service released guidance clarifying that trustee and executor fees may continue to be deducted from a trust or estate’s income after the new tax reform law suspended the deduction of miscellaneous itemized deductions for by individual, trust and estate taxpayers. ABA had requested such clarification on behalf of banks offering fiduciary services to trusts and estates in a letter to the IRS in June. The IRS also requested comments on the effect of the suspension on the ability of a trust beneficiary to deduct amounts comprising an excess deduction upon the termination of a trust or estate.

ABA Recommends Changes to CFPB's Complaint Handling Process

In a comment letter to the Consumer Financial Protection Bureau today — the twelfth and final one that the association will submit as part of the bureau’s ongoing feedback initiative — the American Bankers Association urged the bureau to encourage consumers to contact their bank directly to express a concern with a product or service prior to filing a formal complaint with the CFPB.  ABA noted, however, that it is the responsibility of the bureau to respond to consumer inquiries as part of its statutory mission to promote consumer financial education.

“Most concerns can be resolved quickly by the institution, resulting in a faster resolution for the customer than through the process of a submission of a formal complaint to the Bureau,” ABA said.  “Unfortunately, the Bureau’s former leadership directed consumers to use the [Consumer Complaint] Portal to register a concern, without suggesting that customers first contact their institution directly.”

ABA also encouraged the CFPB to establish a process for institutions to notify the bureau that a complaint concerns another institution’s product or service, and clarify for consumers that the CFPB’s role in the complaint resolution process is to facilitate an institution’s response to the consumer’s complaint, not to require the institution to provide a particular form of relief.

Powell: Fed to Implement S. 2155 As Soon As Possible

The Federal Reserve will move to implement the provisions of S. 2155 — the new regulatory reform law — as quickly as possible, Federal Reserve Chairman Jerome Powell said in testimony before the Senate Banking Committee today. “Our intention and our practice is going to be to implement the bill as soon as we possibly can,” he said, adding that the Fed had already taken steps to lay out its plans for action in a statement it issued earlier this month.

Powell noted that the Fed’s approach to regulatory reform is centered on making regulation more efficient so that banks can devote more of their efforts to making loans and supporting economic activities in their communities. “We want regulation to be as efficient [and] effective as it can possibly be. Good regulation has very positive benefit . . . but nobody benefits when regulation is inefficient.”

Powell also indicated the Fed intends to publish soon for public comment “the range of factors we can consider” in applying prudential standards. The American Bankers Association has long argued that regulation should be tailored based on business model and risk profile rather than asset size, and the new reform law requires regulators to follow this principle in implementation and beyond. The association continues to engage with its members to provide feedback to the Fed on how it can best achieve efficient regulation through tailoring.

Compliance Alliance

Compliance rules and regulations change quickly. For timely compliance updates, subscribe to Compliance Alliance’s email newsletters.

Compliance Alliance offers a comprehensive suite of compliance management solutions. To learn how to put them to work for your bank, call 888.353.3933 or email.

Northern Plains Appraisal 

 SDBA eNews Archive

View past issues of the SDBA enews

Advertising Opportunity
Learn more about sponsoring the SDBA eNews.

Contact Alisa DeMers, SDBA, at 800.726.7322 or via email.