Editor's note: This issue appears in the March 2021 issue of DS News, available here.
This past November, Bell Bank announced that Jesse Schwab had joined the organization as its new Chief Risk Officer. In that role, Schwab oversees all of Bell’s non-credit-related risk management.
Formerly a private practice attorney focusing on consumer protection and bankruptcy, Schwab joined Bell after spending six years with TCF Bank. There, he established TCF’s Regulatory Affairs Office and became the bank’s Chief Compliance Officer and Director of Regulatory Affairs. He focused on areas such as consumer compliance, fair lending practices, and Community Reinvestment Act concerns.
With a few months under his belt in this new position, Schwab spoke with DS News about his priorities and goals, the state of the regulatory landscape under a new presidential administration, and why he’s a firm believer in being proactive when it comes to risk management and compliance.
What were some of your top goals and priorities as you took over the Chief Risk Officer position?
When you look at top goals, you must be nimble and understand the organization’s needs. I look at risk management as a strategic enabler. A strong program will give the bank, board, management, and stakeholders the information they need about risks and opportunities to influence strategy, influence business processes, and manage risk—really, to drive better business performance.
So, when I look at the major goal that we have a lot over the next year, it's building a risk framework designed to support the bank’s strategic goals. Developing a risk framework and processes that support the bank’s strategic goals, protecting existing assets, enabling future growth objectives, and helping the company move forward by setting the guardrails in place to allow us to do it in a balanced and protected manner.
What sort of extra regulatory concerns do you have to consider as Bell Bank approaches the $10 billion asset threshold?
With $10 billion comes a lot of interesting challenges, many of which are attached to bank’s growth. The bigger you get, the more diverse you get geographically from a product set, which changes the risk profile of the bank operationally in terms of compliance and in what you need to be prepared to address. So, the risk program that we're putting into place is designed to make sure that we can counter and manage any additional risk that we encounter as we get bigger. From a regulatory perspective, the big thing that you have at that point is you come under CFPB supervision. This is a different world of bank regulation: what they're looking at, the depth in which they're going to look at how you're handling things, your compliance with these consumer protection regulations, how you're handling business processes, how you're interacting with your customers.
Bell Bank is a very customer-focused institution. We’re preparing by benchmarking ourselves against industry-best practices, against what the CFPB has published—in terms of what they're pushing out each quarter in terms of their supervisory highlights. We want to make sure that we're putting a program in place that is in line with those expectations. Not necessarily just to address that, because the CFPB is going to want it, but also because it's in our customers’ best interest.
When you joined Bell, you said you hoped that your “Midwestern roots” would inform some of the changes you wanted to bring to Bell's risk management program. Could you expand on that?
When I started having conversations with Bell, one of the big attractions was the culture. Everything that we do is in line with our bottom line, which is “happy employees, happy customers.” I look at risk management as a direct corollary in terms of supporting that mission. It's a tenet in everything that we do: treating each other as family, protecting our customers, serving the needs of our communities, and how we set up a program that can advance those goals as we continue to move forward. That starts with the tone at the top, with our board and our CEO and what they've pushed from a culture perspective. That will continue from a risk management culture as we support that going forward.
As we talk about the culture, that was the attraction of what brought me here. But then how does the program expand along with that? And I don't look at it necessarily from a program expansion standpoint, although it will do that. As we get more complex, you'll have more specialists and more disciplines just to manage that related risk, but it comes more to risk maturity, to having risk embedded as a strategic enabler with this seat at the table. Allowing us to have this real-time risk assessment, so we understand, we're preparing for, and we're controlling against these risks before we go to market with any new product or service—in the best interest of our customers, our employees, and our community.
From a risk and regulatory standpoint, can you discuss some of the top areas of focus in 2021?
When you're talking about the mortgage space, it's tough to focus on just a few risks because it permeates throughout the lifecycle of this business, from that first conversation that you have with the customer prior to origination, all the way through the end-of-life of servicing. But there are three big things that I would highlight from a risk perspective.
Firstly, operational risk in a macro sense. The volume and cyclical nature of the business can strain the capacity of operating systems, processes, and personnel. That's something that we've seen over the last year, as we've seen record volumes coming out of this lower-rate environment. And we're in the midst of what we assume will be another six to eight months of continued high volumes. How are we controlling to meet that demand from a process, operating, and system perspective to serve our customers across the industry?
Secondly, there’s cybersecurity. It's just a completely different world from a cybersecurity perspective. We've seen bad actors shift their tactics as we've gone to a work-from-home environment. So, the need to protect against those cyber-related risks is very important. And I think it's going to shift again, as we see changing employment practices and where employees are working. How do you stay in front of that, and how do you balance the cyber-risk associated with meeting the demands and the needs of employees working in a more remote environment?
The last big one comes back to the compliance space. I could talk about compliance risk that permeates throughout the lifecycle, but one of the key things, as we talk about the CFPB, is to understand where they might be looking. The acting director, the last week in January, pushed out a blog post that directed where we think the CFPB is going to look.
First, they did some dedicated reviews coming out of the CARES Act, which they called priority assessments. Based on what they saw as lagging practices, they're going to start digging in within that space. So, from a servicing standpoint, that means incomplete and inaccurate information related to forbearances, as well as applying payments when forbearances and deferment should have applied.
Finally, another big focus will be on racial equity and the changing nature that we'll see from a fair lending enforcement standpoint.
Before joining Bell, you spent several years at TCF. What are some key lessons you took away from that time and brought to your current role at Bell?
There are two big ones that are pressing, especially with where I'm sitting right now at Bell. When I joined TCF, I had the opportunity to work under somebody who was one of the more brilliant risk managers I've ever met. Jim Costa was his name, the former CRO at TCF. I came in shortly after Jim. It was at the onset of building a risk program coming out of the demand to more proactively manage risk amid the increased regulatory expectations coming out of the Great Recession. I spent three years running our Regulatory Affairs division, which included a significant component of rebuilding a risk program from scratch. That went all the way from implementing change management processes, changing the risk governance framework, designing a risk governance framework, and building a risk data infrastructure from a key risk indicator/key performance indicator standpoint. [The goal was] to make sure that we had a better informed and more strategically proactive and value-add risk function at TCF.
Seeing that—the necessary steps, the hurdles that we had to accomplish to build that, both externally, internally—is something where you can't buy that kind of lesson learned, especially as you're coming into a similar situation seven years later. After I moved on from that initial role, serving in the Chief Compliance Officer role, I learned the value of proactive compliance: the value of having a structured program in place to identify the risks, understand where that risk applies to your bank, and make sure that you have systems and processes in place to detect and mitigate those before somebody else does it on your behalf.
That early identification, that early remediation, that commitment to proactive compliance and the benefit that it can have, it comes back to the “pay me now or pay me later.” And I know, oftentimes, when you're looking at that risk framework, you're not always getting kind of the value-add from a monetary perspective on the balance sheet. But it's much better to build those early systems as opposed to what you could confront on the backend, whether it's reputationally or from a regulatory civil money penalty or anything else.
You also spent some years as a private practice attorney. What did you learn from that role that you’ve carried on through your larger career?
As a private practice attorney, I spent a lot of time focused on consumer protection and bankruptcy work. So, it was dealing on the other side of the spectrum often. It goes hand-in-hand with what I talked about with the mission, vision, and value that we have from a Bell perspective. “Happy employees, happy customers,” and the need to do what's best for our customers.
But on a more micro level, the value of personal service. I look every day at what our employees are doing across Bell, from our tellers in the branches to our mortgage loan officers across the country. It's unequaled personal service that they're providing each and every day. That's the value, so how do we support those individuals from a risk management perspective, making sure that they have the appropriate processes, training, testing to make sure that we're doing everything that's right and making sure that we have a sound system as a bank to protect our customers?
From a risk management perspective, what do you believe other mortgage lenders and servicers should be prioritizing and anticipating right now?
It's new presidential administration, new regulators, and a new focus. We have a new Treasury Secretary; we have open appointments at both the OCC and the CFPB. I think we're going to get a different kind of regulatory posture, and we've already seen that. What comes through there, I think, is an open question, but I would expect enhanced fair lending scrutiny and enforcement across the regulatory front. I think you will see a lot more attention given to that ain both the House and Senate Financial Committees. I think you're going to see an increased level of focus on rulemaking, whether that means rewriting some of the rules that were done under the Trump administration or just taking a fresh look at some of these existing rules on consumer matters.
Another piece that you may see impact the mortgage space is what's going to happen with CRA reform. We saw the OCC go at it. We saw the Fed have their Notice of Proposed Rulemaking. So what happens there? Do we see the regulators come together and have a singular, standalone mechanism where we're just going to have one new CRA rule? Or do we see three distinct and divergent methods across these different institutions?
The big one is still the CFPB. I think we're going to see a ramp-up back towards what we saw under the Obama administration. Just look at consumer relief. It was just over $2 billion under President Trump, compared to $10 billion under President Obama. The focus was on different types of institutions. It wasn't as much on banks as on smaller companies and nonfinancial institutions. So, I think the signaling is that we're going to see a shift back in terms of the priorities of the CFPB.
The best kind of compliance is proactive compliance. That's going to be determinative based on the size and complexity, the risk profile of the institution. But I look at a few basic tenets, strong policies and procedures to have in place and widely communicated across the institution.
Have a strong employee training program. Everybody is responsible for compliance, regardless of where they sit. We need to make sure that everybody is understanding and aware of their compliance requirements. Then you need a specialized to monitor and test, identify potential issues, and make sure that we have the correct feedback loop to get in front of those issues and change processes and policies as necessary to make sure that they're not occurring again.
Do you think you’ll see more state-level regulatory agencies similar to California's Department of Financial Protection Innovation?
That's a great question. It comes down to, do you think the rise in state regulatory agencies was the result of the deregulation that we saw from the federal government? Or were the states filling a gap that they felt was necessary apart from that? Dodd-Frank and a lot of consumer protection rights do give a lot of power to state attorneys general and state financial agencies. We've seen California, we've seen New York, Pennsylvania, Maryland, New Jersey, all take steps. It may not be to the extent that we saw in California, but we may have these mini-CFPBs or mini agencies with the same focus as the Bureau start popping up.
I would expect that we probably will, whether or not you see a ton of enforcement from these groups or whether it's the foundational element to be prepared to see if we see another shift back. Then I think the other question is, where did these state agencies arise? Does this become another red state versus blue state divide? That's just another kind of separation, and it impacts where companies are setting up to do business.
Looking back over your career, who were your mentors, and what were the most important lessons they instilled?
I would highlight the one person I already talked about it: Jim Costa, former CRO at TCF. From that perspective, he taught me the strategic value of risk. Risk management is often seen as a roadblock, and that was never the goal. One of the things that I tell my team all the time, it's our job to support the know, K-N-O-W, and not just to say no. It's our job to partner with everybody across the bank for the better good of our customers and the better good of the bank. If we identify a potential issue, whether it's from a compliance or other risk perspective, it's our job to get in the foxhole and work and determine how we're going to address that and make sure that we're continuing to meet the needs of our customer base.
That was something that I learned from Jim early on, the need to have a balance as we're looking at risk. We need to understand risk, but we also need to be aware that it's our job to support and enable the growth of the institution. But we must make sure that we're doing it in a safe and sound manner, controlling against all the risks that we can encounter as we go to market with any product, any new service, in any new geography. The risks that we encounter in banking are never-ending. It's our job to understand them. It's our job to control them. But more than anything, it's our job to enable the growth of the bank and enable the success of the bank.