Next ICBA Chair Wants Broad Cyber Regs — for Other Industries

Jack Hartings, a vocal advocate for easing regulation on smaller banks, believes other industries need a bit more oversight.

Hartings, president of Peoples Bank in Coldwater, Ohio, will spend much of the next year urging lawmakers to enact regulatory relief for bankers while serving as chairman of the Independent Community Bankers of America.

Community banks have scored a number of key regulatory victories in areas such as Basel III and qualified mortgages, leaving Hartings to largely focus on a short game that includes eliminating unnecessary paperwork, an expanded exemption for smaller mortgage servicers and securing longer gaps between examinations for many well-run institutions.

Cybersecurity is another matter altogether, as Hartings plans to push Washington to do more to force retailers and others to take on added responsibility for breaches.

Hartings, who will succeed John Buhrmaster as ICBA chairman on Wednesday, discussed these issues as part of a wide-ranging interview. Here is an edited transcript.

As ICBA chairman, what would you like to see change?
JACK HARTINGS: Some of it is really simple things. For instance, you get a privacy notice from any institution you do business with — we have to send them out. If we aren't changing our policies, why do we need to send it out annually? It might seem like a small thing, but it would save us time and money and wouldn't inconvenience the customer.

Another would be expanding the qualified-mortgage rules for rural banks with balloon payment mortgages. They are allowed to make those loans now, but that will sunset next summer. We are looking for a permanent fix.

There is also the exam cycle. My bank, for instance, has $450 million in assets and we're examined on an 18-month cycle. We think it should be expanded to every two years for the best-rated banks with less than $2 billion in assets.

Why is 18 months too frequent to you?
With most community banks, we don't really change the type of business we do that often. There are 2,500 community banks that are over 100 years old, so that tells you we have a stable business model. But also, we file a call report, which has about 80 pages of information, every quarter, so the regulators have a good feeling on the heartbeat. If we're growing too rapidly they're going to see that and could come in more often then.

It seems like some banks are learning to just deal with regulatory changes rather than complain about them. Do you agree with that?
It is much easier when the volume of regulatory changes slows down and you have the ability to catch up with what is out there. With Dodd-Frank, we've had a lot of changes that we had to comply with. It took a lot of personnel to work it through the system. Now, I don't know if we're complaining less, but we are getting more used to the expectations.

Your bank consistently has an efficiently ratio at or below 50% and a return on assets of more than 1%. What can other community banks learn from you?
We don't do anything special. We just do what others strive to do. We look at a process and see how it works and then try to make our procedures as efficient as possible. I think all 79 of our employees buy into that, too.

What frustrates me is that we're an efficient shop and we take care of our customers, but new regulations tend to layer on and slow that process. It makes it harder to be as efficient as I was last year, and the only result is to charge my customers a higher rate. That just doesn't seem right.

Is the beat of the regulatory relief drum getting louder?
We've seen some victories. For instance, we have an asset-based assessment on Deposit Insurance premiums. There have been some carve-outs in Basel III for community banks and an expansion of the QM rules.

I think you're seeing movement in the right direction. We've taken a foot forward, but a much larger one could be taken. That's what's in our plan — there are 20 things that could help us but not harm a customer. For example, the small servicer exemption is currently for banks that service less than 5,000 mortgages; we think that could be raised to 20,000 mortgages.

We think there could be an abbreviated call report for the first and third quarter.

Could those things be handled by the regulators or would it require an act of Congress?
Many may require congressional action, but there could be regulatory solutions that could be carved out. But it is really wherever we can get some traction. Look at last year's Congress. We saw 20-plus regulatory relief pieces of legislation produced and there have already been a number of those this year. So we're already seeing some real traction in Congress.

How are community banks doing with technology, in terms of products and security?
From a products standpoint, technology has the ability to even the playing field, and we've embraced that with internet banking, business banking and mobile banking. Many of my community bank colleagues have done the same.

Cybersecurity, on the other hand, is a very, very big issue and comes with a cost like having to pay to reissue cards when there is a retail breach. We think somewhere along the line there should be legislation similar to what we have with the Gramm-Leach-Bliley Act. Everyone who touches the personal information needs to be protecting it.

Managing vendor risk is an increasing area of focus for regulators. Is that a challenge?
It is always difficult using a national vendor when you're one of maybe 600 community banking clients. If my regulator wants me to call my vendor on an issue, how much leverage do I have to make sure they're complying? I understand why it is important, but I'm not sure if we can push the needle forward. I go back to my point about the need for a national cybersecurity protection. We have that requirement as banks, and it should be pushed across the spectrum to whoever touches the information.

What's your take on bank M&A?
Primarily, we are seeing community banks merge with community banks and maybe that is a good thing because they still see the value of being a community bank. The other piece though is the lack of de novos or startups. In the past, we saw well over 100 banks start in some years, but in the last three years we haven't seen many. That has a bearing on the numbers.

Many say a lack of de novos is more market-driven than regulator-driven.
It might be, and that tells you what community bankers are facing today. We have to make sure we find a way to keep the model viable going forward.

What must community banks do to compete with a growing group of competitors that aim to be the Uber of banking?
I'm an optimist. I say if you're a community bank, you can compete. The millennials are certainly tech-dependent, but they also like to be able to call someone and we're in a perfect spot for that. Community banks know their customers and there are not too many layers to even talking to the CEO. To me, that is a big advantage.

There are lot of competitors already, those with unfair subsidies and the larger banks. But if you look at community banks, 2,500 out of 6,000 of us are over 100 years old. We're good at adjusting to whatever the next Uber is, but just don't overburden us with taxes and regulation. 

For reprint and licensing requests for this article, click here.
Community banking Cyber security Bank technology M&A Mobile banking
MORE FROM AMERICAN BANKER