Orrick's RegFi Podcast | Fostering Innovation Through Responsible Regulation
Listen on Apple
Listen on Spotify

RegFi Episode 52: Fostering Innovation Through Responsible Regulation
 34 min listen

Brandon Milhorn, President and CEO of the Conference of State Bank Supervisors, joins RegFi co-hosts Sherry Safchuk and Jerry Buckley to share his perspective on the challenges facing community banks and the role of responsible regulation in fostering innovation and maintaining consumer confidence. The conversation explores the impact of AI on financial services, the benefits of standard-setting organizations to streamline third-party partnerships, and the need for accountability and deference in regulatory actions.

Links:

 

 

  • Jerry Buckley:

    Hello, this is Jerry Buckley, and I am here with my RegFi co-host, Sherry Safchuk. Today, we're honored to have Brandon Milhorn as our RegFi guest.

    Brandon is the President and CEO of the Conference of State Bank Supervisors, an association consisting of state banking regulators from across the United States and the territories that supports state regulators in advancing a system of financial supervision. Prior to assuming his role as president of CSBS, Brandon served as chief of staff for former FDIC Chair Jelena McWilliams. Before his service at the FDIC, he was a senior officer at Raytheon Company. He also had legislative experience serving as General Counsel of the Senate Select Committee on Intelligence and held several important positions in the office of the General Counsel of the CIA.

    I want to start by noting that today we are recording this podcast on December 4th, which is the one-year anniversary of Brandon joining the CSBS as President and CEO. So, Brandon, let's just start with: Do you have any other big picture observations after a year?
    Brandon Milhorn:  Well, you know, if it's possible, an even greater appreciation for the role that our state supervisors and their teams play in making our financial system in the United States the envy of the world. You know, they really care about their consumers, their chartered banks, their licensed financial institutions. They work so well together.

    You know, one of the first things I did, Jerry, was go to all our district meetings across the — we've got five districts. And I go to all these district meetings, and you heard people say before I took the job, "Oh, it's like, you know, it's very hard to get them to work together. They don't work together very well, or they have all different opinions.” What I found across all our districts, across really all our supervisors, they want to work together. They want a consistent framework for supervising and licensing financial institutions. They care about safety and soundness and consumer protection. Those are shared goals. And in many ways, it's like a family reunion when you go to these district meetings. And we had a tremendous relationship with the states when I worked with Chairman McWilliams. But after spending a year with them, working with them and their teams, understanding their budget, personnel, training challenges, thinking about how we can make state supervision more robust, more coordinated, more efficient. I mean, it's just really been an honor to be here in this role for the last year. 
    Jerry:  You know, I think that that's something they have usually benefited by having you there, too, I believe. And I had the honor of - I was a speaker one time at one of your national meetings and got a chance to spend time with a number of the regulators. And I had the same feeling you do. They are really a great group. In fact, one of them, who was the Kansas banking commissioner, Mickey Bowman, sat next to me at dinner. And lo and behold, we had a good conversation. And now she's on the Federal Reserve. And I think she's a great liaison to the community banks because she has been one herself.
    Brandon:  And a tremendous voice for state supervisors inside Washington. And that's really important. 
    Jerry:  Yes.
    Brandon:  You know, I spent a lot of time at the FDIC with Chairman McWilliams and then with Vice Chairman Hill. But I'm always struck by the importance of economic development to our state supervisors. They really serve on the front lines of finance, and they're really focused on the success of the financial services for their consumers.

    I mean, think of it this way. The ability to access credit, to make payments, to own a home. State supervision makes those transactions possible. And we take those transactions for granted. I mean, those are things that you do every day when you go out and buy gas or go out and buy groceries or you pay your mortgage. The reason we can take those for granted is because of the work of our state supervisors, the consumer confidence that that supervision, licensing, and chartering inspires. So, yeah, I'm honored every day to be part of this organization.
    Sherry Safchuk:  Brandon, we're so glad to have you join us. State regulators have a unique role in the financial services ecosystem, chartering and supervising 79% of all U.S. banks and licensing and supervising all consumer-facing non-banks, such as payment companies. How does that broader view influence state regulators' perspective and add value to the supervisory landscape?
    Brandon:  Thanks, Sherry. You know, a lot of the times in Washington, the debate gets framed as banks versus non-banks. You can hear it in, like, the FSOC's report on non-bank mortgage servicing. You can hear it in calls for a federal payments charter, how they frame the debate as one of banks versus non-banks.

    Washington sometimes forgets that their policies, their regulatory policies, have forced many of the financial services into non-bank entities. But our state supervisors, we regulate and supervise both, both the banks and the non-banks. And it's sort of a unique opportunity. That holistic perspective gives us a unique opportunity to bridge the gap between banks and non-banks and to support broader competition in financial services, a more dynamic, innovative, and inclusive financial services space for consumers.
    Sherry:  And as a result, it seems like states have an advantage for being in the forefront of technological developments. And with most of the technological developments and innovation occurring outside of the traditional banking channels, how are the states approaching these innovations?
    Brandon:  Yeah, I would say, “Carefully, but optimistically.” You know, if you start with safety and soundness and consumer protection as non-negotiable, but then you manage risk to have a balanced approach. I mean, I think the states in particular have a willingness to allow innovations — in technology, in product delivery, in partnerships — to mature within their environment. One, I think because they're more closely tied to their financial institutions, and two, because they can see the impact that it has on consumers, the impact on the cost and availability of credit, the ability to access products and services more effectively.

    So, I think we're cautiously optimistic in the states about the impact that technology can have on the financial services ecosystem. I mean, honestly, if you look back at the history of financial services, many of the innovations, whether it's check cashing or ATMs, those were developed in the innovation lab that is the state system.
    Jerry:  Brandon, under the Biden administration, federal bank regulators have been very focused on bank/fintech partnerships.
    Brandon:  They've been focused on a lot of things, Jerry. 
    Jerry: I know. I know. And several of the regulations and guidance documents and new supervisory programs are focused on partnerships and multiple public enforcement actions. So, how has this focus impacted community banks? And what does the future look like for bank/fintech partnerships in your view?
    Brandon:  You know, maybe before I dive in on bank/fintech partnerships, I'll take a step back and talk about where we're at, particularly with community banking in the United States. In 2013, there were 4,940 state charter community banks across the United States. Today, there are only 3,321. That means we've lost over 1,600 state-chartered community banks in the United States. And they're facing increasing competition, not just from larger banks, but also from fintechs in this space. And when you step back even further, Jerry, and think about the costs that are imposed that these small institutions face, whether it's personnel, information technology, and then we get to the regulatory overlay from Washington. I mean, just last year, there were 30 proposed final rules that totaled 4,000 pages alone.

    That weighs down on these community banks. And if they can't scale, if they can't access new sources of funding, if they can't access new consumers, then they can't compete. And if they can't merge because of federal merger restrictions, they just go away. And I don't think that's healthy for the United States. A lot of people talk about the financial system in the United Kingdom or Canada and a small number of banks. I don't think that will ever work in the United States. These community banks are the backbone, the financial backbone of their communities, working with small businesses, working with consumers that they know, those relationships matter. And if we want them to succeed — from a United States competition, access to credit standpoint — we've got to support them as entities.

    And that's where I think my concern comes in, Jerry, on the third-party risk management side of the ledger. Those partnerships, those technology partnerships allow community banks to scale if it can be done in a safe and sound manner and in a manner that protects consumers. If community banks are trying to do sort of bolt-ons, if they think it's just an easy reach for some more deposits or to get some additional lending, that's going to be a mistake. It's always going to end badly.

    But if community banks think carefully about their business model, understand how a third-party vendor can be incorporated into their framework, then it's a tremendous opportunity to allow them to scale without going away or without having further consolidation in the market. So, I think we've got to think differently about how we regulate and supervise for third-party partnerships in the United States.

    And you ask about all the guidance documents and the supervisory framework and all the enforcement actions. I'm a little bit —  I'm concerned about it. You know, if I'm a community bank and I look out into this ecosystem and I see I think we've got three versions of guidance around third-party risk management that are all very high level. It's not sort of the nuts and bolts of the relationship — very high level. And then you look at all these enforcement actions out there, many of them related to BSA/AML. The instinct is to run away, right?

    I've always thought about innovation and cost and regulatory cost as sort of a speed bump, right? If I'm a community bank, and I want to innovate, there's a really high-speed bump, third-party risk management, regulatory cost, IT cost, personnel cost, all those costs. And my question as a regulator is how can I reduce those costs, allow community banks who are interested and committed to get across that speed bump, and then continue to compete and exist. And I think we've missed an opportunity over the last several years to really refine our guidance, to give community banks sort of operational support in how they engage with third parties.

    And what concerns me the most, Jerry, sorry to talk a little late. This is a little Sherlock Holmes, right? I don't know if you are familiar with, you know, the story of Silver Blaze, the horse that got stolen. Well, Sherlock Holmes cracked that case because there was a dog that didn't bark, right?
    Jerry:  Yeah.
    Brandon:  And I'm afraid that in this space, the community banks that aren't innovating are the dog that didn't bark. You know, they're afraid to take the step to innovate. They're afraid to try because of all the enforcement actions. And they're not getting support from federal regulators in how to do that effectively. And that's something that we've got to confront. If we believe in community banks, I'm sorry, I'm passionate about this. I'm probably going way over my time. 
    Jerry:  Not at all. Not at all.
    Brandon:  I believe so deeply in the importance of community banks to our financial system, the financial health of our communities, that we've got to find a way to allow these partnerships to go forward. And I don't think we've done that over the last several years.
    Jerry:  We actually, when I think about it and listen to you, rather than encouraging this as necessary and desirable and pointing the path. Instead of putting in speed bumps, we have barriers with flashing yellow lights on them, you know? And I think we've got, yes, we absolutely have to be careful that people who do it know what they're doing. But, actually encouraging them and giving them the tools to know how to do it is very important. And so, you know, when a bank is considering forming such a relationship, what should they be thinking about, Brandon?
    Brandon:  Well, I think the first thing that they need to think about is how the relationship and the product or services that are going to be offered relates to their business model. These relationships have to be managed properly. You have to understand the technology. You have to understand how consumers are going to be engaged with both you and with your third-party partner. I mean, ultimately, the bank is responsible for all the compliance requirements, all the safety and soundness, all the consumer protection. The bank will be held accountable for those. So, you have to have a commitment. You have to understand your business model and have a commitment to making compliance work in this space. The challenge I think that I feel when I look at some of the enforcement actions, Jerry, is: A lot of times the guidance is you've got to have more BSA/AML; you have to have all the data, all the transaction monitoring has to occur within the institution. Well, you're losing some of the benefits of scale when that happens.

    One of the areas I think the regulators can be much more helpful is in explaining how a partnership can work. A lot of the technological expertise, a lot of the scale ought to be able to come from that fintech partner. But how you're able to rely on that third party, what controls you need to have in place to share some of the burden, I think that's important context that's missing right now from our guidance. Right now, it's all on the institution and there's no guidance on how to make the relationship work well. And so, if you want to do it right, if you're a bank and you want to do it right, you need to have that sort of guidance and that sort of understanding and commitment to making the relationship work.
    Jerry: And the feeling that you're encouraged to take reasonable steps, and we'll help you out by some guidance as you go, and you have a place you can go if you need guidance.
    Brandon:  You know, Jerry, one of the things that I always said when I was at the FDIC and I've said it here at CSBS as well, we're not enemies of the financial services system. You know, we're institution-level supervisors. If you're not meeting your mandates around safety and soundness and consumer protection, we're gonna hold you accountable for those failures on an institution level. But we can support and want to foster a dynamic and competitive and inclusive financial system, right? When the system's working effectively, when it's dynamic, when it's competitive, when everyone benefits, supervisors benefit. It makes a more safe and sound system. You know, I would much rather have institutions that are competing and offering new products and not failing. Right? Dynamism, that competition helps the system. And a lot of times I feel like we're arm's length with our financial institutions. And I don't think we need to be enemies. I think we can have a shared interest in a successful, vibrant financial services sector. And we miss that as an opportunity sometimes.

    So, I always talk about fostering innovation. How can we foster innovation? I feel like that's a unique role that regulators can play. And because of their focus on economic development, a really important role that the states can play in this space.
    Sherry:  That's so interesting. I want to switch gears a bit and ask you about artificial intelligence. How do you see AI being used in financial services? How do you see it impacting examinations in the future? And have you used generative AI yourself?
    Brandon:  Well, you know, I tend to be the chef, Sherry, on Thanksgiving and Christmas. And, you know, we just came through Thanksgiving. I think I used AI to search the length of time and temperature you're supposed to fry a turkey at. So, I have dipped my toe in the AI waters. So, shout out to the generative AI that made my turkey taste so good this Thanksgiving. 
    But I think AI has a lot of opportunities in the financial services space: one, to make credit more available for consumers, how we market to consumers, how you reach new consumers, how you think about credit underwriting and credit availability, how you price credit in those contexts. I think there are a lot of bank office opportunities for financial institutions with respect to AI. And from an examination standpoint, one of the things that I always thought about when I was at the FDIC, we spent 400,000 hours every year doing loan review at the FDIC. And we only do a sample of those loans. And so, you know, natural language processing, generative AI gives tremendous opportunities for us to look beyond sampling, to really get more regular data on a more granular basis and to change the way we think about supervision.

    It's not all AI. A lot of it is just modeling and more regular access to data. But I think there's a tremendous opportunity. You know, when I, as Jerry said earlier, my background is all national security. And when I first got to the FDIC and they explained to me how they did bank exams, you know, with quarterly call reports, and then every 12 or 18 months we go in and do an exam, it sort of reminded me of cybersecurity around the turn of the century, around the 2000s, when we did an annual cybersecurity report. Well, by the time you wrote that report, it was dated. Your systems had changed; the threat had changed; the nature of the threat had evolved. But we're still examining banks in much the same way we examined them in the 1860s, right? Quarterly call reports and an annual exam.

    Now, that's obviously over the top. We've evolved, certainly on our larger institutions, we use technology effectively. But how would it change? If we want our banks to be innovative, if we want them to put out new products, new services, to think about changes in the financial environment, and if we were able to work with them over time, to see changes in their institution over time. Think how that would change that final exam, that 12-or 18-month exam. The burdens associated with that would come down. It would allow you to identify risk at a much earlier stage in the process. I want to fix small risks, Jerry, right? I don't want to fix big risks. I want to fix small risks, so they don't get big. And I think that's where technology has the opportunity to help us change the way we supervise, reduce the burden of regulatory compliance at our financial institutions while improving safety and soundness.

    One of the things that always struck me, again, at the FDIC: If I wanted to know which institutions had concentrations in CRE, well, they could tell me quite easily which institutions and where those institutions were. But if I ask the follow-up question: Where are there concentrations in CRE? Well, they'd have to go back and pull data. What institutions are in retail CRE in Houston, right? What institutions are in multifamily housing in South Florida? And those are the questions we really need to get to because that allows you to micro-target challenges and risks in the system in a way that we're doing right now with spreadsheets and pencils and pads.
    Jerry:  Brandon, very insightful. And, you know, how we get from here to there is going to be the challenge, but we really do have to do it. And I know you have the vision to try to bring that about.

    You know, Brandon, standard-setting organizations seem to be an effective model for supporting innovation in financial services. Financial Data Exchange, for example, has played an important role and a needed role in creating a common standard for sharing financial data. What role could standard-setting organizations play in increasing the clarity and safety of bank/fintech partnerships? And how would that be helpful to regulators?
    Brandon:  Oh, Jerry, you've done your homework.
    Jerry:  Well, I've talked to you a little bit before, so I thought you might want to answer that question.
    Brandon:  When I was at the FDIC with Chairman McWilliams, we put out a proposal to develop a standard-setting organization, primarily to help with due diligence issues. We went out and talked to fintechs and they said, we'd love to partner with banks. We'd love to partner with more banks, but every single bank has a different way of onboarding. Every single bank has a little bit of the cost of doing that that is very high. And then also on the fintech side, the challenges associated with integrating with the institution, the technology, making the technology talk, working with core providers.

    And I sort of thought back to my days in Homeland Security and port security when it was implemented, was done with a public-private partnership. And there are many examples of public-private partnerships in the ecosystem. I mean, when the states wrote the Money Transmission Modernization Act, we worked with industry to help create those regulatory standards. And I just think standard-setting organizations are a really interesting opportunity in this space.

    One, because the private sector is always going to be able to react more quickly and to think about risk more proactively than regulators who are gonna instinctively be more cautious and take more time to regulate. So, if you wait for regulation, to fill the gap, it actually creates a risk. I think you're seeing some of that right now in the ecosystem, whereas if the private sector pushes forward with standards, so a private sector organization helps set the standards, regulators engaged with them, just like regulators did with FDX, just like they've done with X9 as another financial services regulator, a standard-setting organization, in the space. So, regulators work with the standard-setting organizations to create those standards. And if the regulators are at the table with that standard-setting organization, and they recognize the standards for purposes of supervision, that can help address due diligence. It can help address things like model risk management. It can make integration and data security more effective.

    I mean, there are just a lot of tremendous opportunities, I think, that a standard-setting organization can play. And I know Vice Chairman Hill in a recent speech even mentioned exploring standard setting again. So, I think it's a unique opportunity. I know there are a couple of private sector entities that are working on ideas in this space. I love to see the private sector leading, but having the regulators work hand in hand with the private sector is, I think, a unique opportunity. And in an area where, whether you're talking, think about things like all the enforcement actions, you think about all the pain that's come from the Synapse bankruptcy and the challenges that people have had to face because of that, the inability to access funds for so long. I think a standard-setting organization is something that maybe we'll see explored more holistically over the next several years.
    Jerry:  We've talked about that a little bit, and I hope that that is something that can happen because I think you're on to something. We have a little time left. We may be a little over, but I'd like to — Sherry had one question she wanted to ask, so let's throw that out there if we can.
    Sherry:  Absolutely. Thanks so much, Jerry. Brandon, as you know, the Supreme Court has been very active in the financial services space. And I want to focus on two big cases, the Cantero case and the Chevron decision. Can you share a high level of what these cases were about and then how you think it impacts your work at CSBS? And then with respect to Chevron, how may it impact the federal government broadly?
    Brandon:  Yeah, I'll start with Cantero. You know, we filed an amicus brief in the Cantero. It was actually one of the first things I did when I got to CSBS was we filed our amicus brief in Cantero. And we were very pleased that the court reaffirmed the high bar for the federal government to preempt state consumer protection laws and really reinforce the need for a case-by-case analysis before the OCC can engage in these preemptive actions. We were very appreciative that Comptroller Hsu came out soon after the Cantero decision and indicated that the OCC was going to re-examine — well, maybe I should say examine for the first time as required by the Dodd-Frank Act, some of its preemptive decisions with respect to the states. And I think that's a good opportunity. We look forward to working with the OCC. Hopefully that will continue under the new administration. I've always said, “If Congress gives preemptive authority to the federal government, it should be tightly controlled, strictly construed, and narrowly tailored to reach its specific goal.”

    I think that's what Cantero reaffirmed on behalf of the states, and we're pleased with that decision. We're going to watch some of the cases come through the court on remand, but we're cautiously optimistic that since the court reaffirmed the standard there. So that's Cantero.

    Now, Chevron is about deference to regulators when a statute isn't clear. So, the Chevron doctrine basically said: If I'm a regulator and I'm looking at a statute that may have some ambiguity and I say, this is how I interpret it, the courts were deferential to the standard based on the expertise of the regulators. Now, the recent decision on Chevron basically said that deference goes away. So basically, every regulatory action of a federal regulator now has to go through the same — they have to meet the same statutory requirements as anyone else. They have the burden of proving that they've complied with the statute. They don't get deference.

    Well, I mean, first, I have many, many reactions to that, Sherry. I mean, the first is: I think Chevron and the court's decision in Chevron is a reaction to sort of regulatory overreach at the federal level. I think as regulation on both sides got more and more politicized, as there was more and more overreach, industry started pushing back on that. And I think the cases that led to Chevron are sort of a reaction to the politicization. And so, if we can get rid of some of that politicization in the regulatory track, I think that's a good thing. If we get more policy-based regulation, I think that's a good thing on behalf of industry. I know that's where our state regulators are. It also provides for additional accountability, as I noted with respect to preemption. Our regulatory agencies need to be held to the limits of the law. They don't create the law. Congress creates the law. They should be held to the limits of that law. And if they're allowed to go beyond that, if they're given extra deference, then it means we have a less accountable democracy, right?

    Regulatory agencies aren't elected. They need to be accountable to the President and they need to be accountable and controlled by Congress through the law. And so, I'm sort of excited about the increase in accountability, increase in policy-based decision-making and sort of demise of politicization in regulatory action. Those are all good things. And it makes our regulatory agencies more accountable.

    I am concerned on the banking side that we may see some of that deference move into supervision where there's less accountability. You know, you can challenge a regulation in court. It's hard to challenge a supervisory decision. So, if we see that deference move into the supervisory shadows, that would be a little bit of concern. So, we're going to have to watch that carefully over the next few years and see how that develops. So, we don't go from a — you know, we want more accountability at our agencies that Chevron theoretically will provide, not less accountability because now it's in the supervisory shadows.
    Jerry:  We could go on talking about this, Brandon. I have some thoughts I'd like to share with you too, but we are out of time. And we really want to thank you for joining us. It's been an interesting discussion. And I'm sure our listeners will be grateful for having a chance to hear your thoughts.
    Brandon:  Thank you both for having me. You’re great partners and I look forward to hopefully coming back if people can understand me.
    Jerry:  We perfectly understand you and it’s been great having you with us. 
    Sherry: Thank you so much, Brandon, for joining us.