Ed Drentell and Tony Moch of the Winthrop & Weinstine law firm in Minneapolis teamed with Tom Danielson of the CliftonLarsonAllen accounting firm in Minneapolis to share insights into chartering a new bank. They addressed bankers during the day-long United Bankers’ Bank customer event on June 19 at the Minneapolis Golf Club in St. Louis Park, Minn.
In addition, UBB’s Barb Fugate, senior vice president, chief operations officer and chief security officer, teamed with Michael Johnson of the Technology Leadership Institute at the University of Minnesota to offer thoughts on how to approach cyber security. About 120 bankers attended the combination education/golf event.
Based on information they picked up from a recent outreach event hosted by federal bank regulators in Kansas City, Drentell and Moch told the group it is much harder to get a new charter application approved today than it was years 15 to 20 years ago, when as many as 150 per year were being approved. While regulators would not specify the amount of capital necessary to charter a new bank, regulators made it clear banks would need enough money to maintain minimum capital requirement even while absorbing predictable early stage losses and fully funding a loan loss reserve.
The attorneys estimated that depending on the proposed location of a new bank, an investment group needs to be prepared to put up $25 million to $30 million to start a bank. Five applications currently are pending; none are located in the Upper Midwest, they said. “While $8 million to $10 million may have been enough to start a bank in the go-go days of the early 2000s, you get the feeling that wouldn’t be enough today,” Moch said.
Moch explained that applicants would not be permitted to seek additional capital during the first three years after opening the bank. Furthermore, investors should not count on any dividends during the first three years. Moch said regulators require highly individualized business plans supported by market studies and other detailed research. Profitability projections need to be consistent with research findings. Drentell commented the business plans regulators want to see are far more detailed than those that accompanied new banks started two decades ago.
Drentell said the business plan needs to include specific people for the roles of president/CEO, chief operating officer, chief financial officer and chief lending officer. Because it can take several months for a bank application to work its way through the system, investor groups may need to plan to hire these individuals long before the bank opens in order to avoid a conflict situation these people might otherwise face with former employers.
Moch and Drentell said regulators stressed the importance of investor group leaders meeting with regulators before filing an application.
It is often assumed that it is less expensive to purchase an existing bank charter than to start a new bank. Danielson, however, showed that in some cases a new charter can be more economical.
A banker asked the speakers whether it makes sense for a buyer to purchase a bank in a rural area and then move the charter to a more populated area. The speakers said the buyers would need to inform regulators of their intent. Regulators, they said, would treat the purchase application “almost as a hybrid de novo” and would want information about what the operation would look like in its new location.
Johnson urged bankers to be vigilant with the security of their electronic systems. Most intrusions, he said, involve bank “insiders.” The most common approach is through “phishing,” a practice which he said is “exploding.” It is extremely important that banks implement training to help employees from falling victims to these scams, he said.
Many banks rely on third parties to manage their information technology, but Johnson said bankers cannot “outsource their risk.” He said, “Using an outside party does not give you the right to abdicate your responsibility for cyber security.”
Regulators, he said, want to see “cyber resilience,” which means the bank has multiple layers of protection in place to resist computer hacks. Regulators expect large banks to have these protections in place, and will soon be expecting smaller banks to have something similar, he said.
Fugate said United Bankers’ Bank has several protections in place to safeguard the operations. She noted that the bank uses “digital biometrics” as a security measure. This approach, which uses a digital copy of a user’s fingerprint, is more secure than a password, she said.
People, she said, are the most important component of any security process. Fugate encouraged bankers to work together on security, participate in user groups, and tap into some of the cyber industry newsletters and information sources.