The changing landscape of the de novo approval process
The regulatory responsibility for granting community bank charters is vested in either the respective state banking department ("state") or its federal counterpart the Office of the Comptroller of Currency ("OCC"). Historically speaking, state agencies are somewhat more sensitive to the needs of the local market and therefore are generally more flexible with respect to the format in which the application is presented. That is to say, that while they expect all critical issues to be addressed in detail, the exact format and methodology are to some degree left to the good judgement of the applicant.
In both cases, deposit insurance is underwritten by the FDIC, which requires its own proprietary application. The FDIC does however, work closely with both the state agencies and the OCC during the charter approval process and accepts much of the same data, albeit in a slightly different format.
With the advent of the Internet and the complexities it entails, the de novo application landscape has changed dramatically. Many state agencies (particularly California) have taken the position that they have neither the staff nor the expertise to process an application in which the proposed bank plans to have an Internet service/product delivery module. Therefore, currently they are respectfully declining to process any de novo application containing a predominant Internet component. The OCC on the other hand has processed a reasonable number of Internet applications and has developed a comprehensive checklist of issues and policies that the proposed bank must adhere to in order to warrant a complete and favorable review of its application.
Listed below is a sampling of the major areas that must currently be addressed and of which the OCC expects full, extensive and written documentation in addition to the basic, long-standing requirements:
- Compliance with the Gramm-Leach-Bliley Act privacy provisions
- Web site security issues (both internal and external controls and testing mechanisms)
- Authentication for account access (Encryption)
- A detailed marketing plan capable of supporting the business plan
- Compliance with the Gramm-Leach-Bliley Act privacy provisions
- A full review and the qualification of all outsource vendors and third party alliances, including submission of all contracts and agreements
- A complete disaster recovery operating plan
- Alternative business plan showing details of different rate and growth scenarios (in addition to the basic plan) all with full quarter by quarter, three year operating proformas
- Complete written policies and procedures for all web-enabled delivery systems, products and services
- Detailed written analysis of the nine defined areas of risk: credit, interest rate, liquidity, price, foreign currency transaction, compliance, transactional, strategic, and reputation
Understand that we are not discussing a "pure" or "total" Internet bank here. The OCC and the FDIC both have determined that the issues listed above will be addressed in any charter application in which the proponents plan to conduct customer transactions via the Internet.
The agency's concern regarding these critical issues is certainly understandable. Because of the impact the internet has had, and will continue to have on the financial service industry it is only fitting that the process for approving charters and monitoring the activities of banks be continually expanded. This raising of the bar is in the best interest of the public, the bank's shareholders and its officers directors.
The new regulatory oversight does however add a measure of complexity to what has always been a basic, though detailed application. The level of complexity translates directly into additional demands on the time and resources of those submitting the application. Therefore, it is imperative that the client is willing to commit the resources necessary to prepare an application, which has the best chance of being approved.
Note: It is safe to say that most of those banks currently operating with an Internet component and which received approval two or more years ago, would not be granted a charter today based upon the application they originally submitted.
