IT, Compliance, Security and Personnel Challenges That De Novos Face
While the economy is making way for startups, there are still significant challenges to starting a bank from scratch. In addition to the overall challenging environment for community banks and the need to raise significant capital and funding, De Novos face additional obstacles such as complex regulatory and compliance expectations, strict information security requirements, and the stress of finding qualified staff in continuously evolving IT landscape.
Attracting and retaining the right people is one of the most daunting steps in launching a De Novo, particularly because early on, everyone needs to be very hands-on and wear multiple hats. Hiring the right personnel takes time and resources and can force executives who are trying to secure funding and capital for opening the bank to redirect their attention. All of this makes staffing and the development of in-house expertise significant pain points for De Novos to manage.
The advancement of information technology, security, compliance, and regulatory expectations and online banking services—plus the growing demand from customers to have 24/7 access to their financial lives—have changed the business of banking. Today, bankers have expanded their focus to include management of data, IT networks, compliance requirements, and security, in addition to their traditional roles of managing money and providing loans for their customers. Because technology has become central to the operations of banks, De Novos must quickly establish a proven technology program and framework to ensure that their operations run smoothly both at launch and ongoing. Even with the latest technology, however, the challenge often lies in trying to keep pace with the rapid rate of change that continues to impact their institution.
From day one, De Novos must establish a strong information security posture to counter the increasing frequency of cyberattacks in today’s business environment. While falling victim to security breaches and associated attacks is costly for any community bank, both from a financial and reputational standpoint, it is especially harmful to new banks that are working hard to establish trust among its new customers and the community. Furthermore, successfully recovering from the damage and destruction of data, theft of personal and financial data, and disruption to the normal business operations can exceed a De Novo’s financial resources.
Regulators have historically been more stringent in ensuring that De Novos are in compliance with, and adhering to, expectations. As an example, the FDIC’s InTREx program (Information Technology Risk Examination) is designed to provide a more uniform and less subjective examination experience—one that requires a deeper analysis by the examiner and in turn puts a greater compliance burden on the bank. Proper documentation will often make the difference between a “satisfactory” and a “less than satisfactory” assessment. This means that institutions must be adequately prepared to meet examiner expectations. In addition to proving that the bank has enough capital to operate, they must also prove they, with all applicable laws, regulations, and supervisory policies. De Novos have found managing regulatory compliance efforts to be a resource-consuming and expensive task.
Today’s complex regulations, increased use of technology, personnel restraints, and security expectations, are forcing De Novos to find new ways to manage risk, remain compliant, and be competitive in today’s environment. Under these mounting pressures, De Novos are increasingly turning to managed service providers to help bear the burden and establish a framework to meet these challenges. Such partners bring knowledge, additional resources and expertise to help financial institutions better control and more successfully manage their complex IT environments – positioning them to operate in today’s financial services arena with a greater degree of confidence and success.