Banks and holding companies have three strategic alternatives for delivering new electronic products and services to customers: They can develop them through internal expansion; acquire, whole or in part, companies that provide them; or enter into joint ventures, networks, alliances, and partnerships.
Experts seem to believe the third approach provides banks with the optimal array of business opportunities. But successful technology ventures require a blend of business skills, savvy instincts, and an understanding of the legal pitfalls.
Venture partners must be compatible in strategic goals, competitive vigor, geography, cultural affinity, and social constitution. As the trend toward technology-driven ventures develops, so must regulators correspondingly expand their views of what constitutes permissible banking activities. As they do, and as Internet commerce and electronic money transform the nature of banking relationships and money, banks and bank holding companies should constantly evaluate how investments in subsidiary corporations, partnerships, joint ventures, and limited-liability companies may facilitate their strategies to remain technologically competitive.
In January 1996, the Office of the Comptroller of the Currency explained its current position regarding the ways in which the operating subsidiaries of national banks may co-venture with nonregulated entities in the development and delivery of new technological products and services. In that decision, the OCC approved the contribution of a merchant credit card business by a group of affiliated national banks to a technology company, in exchange for a collective 40% equity interest in that company. Other initial shareholders in the transaction included a venture capital fund, a telecommunications company, and management of the company.
The newly formed operating subsidiary planned to complete a public offering and further reduce the banks' ownership interests subsequent to this initial transaction.
Similarly, the OCC approved in March a national bank operating subsidiary's participation in a joint venture that was 50% owned by 31 depository institutions, including four national banks.
The venture was to provide automated teller machine and point of sale services to depository institutions in the northwest United States and western Canadian provinces. It also would operate a transaction switch, transmit information to other networks pursuant to gateway agreements, provide ATM and POS-related services to owners and members, and furnish net settlement information.
These authorizations reflected a flexible approach to two critical factors: the list of activities that national banks may legally engage in; and the manner in which they can be so engaged.
With respect to the latter point, the OCC will make exceptions to its traditional requirement that national banks control at least 80% of their operating subsidiaries and permit minority investments in subsidiaries if certain conditions regarding the activities and independence of the subsidiary are met. The OCC seems to recognize such subsidiaries will be a necessary vehicle for national banks to remain competitive in technologically driven markets.
The Board of Governors of the Federal Reserve System is similarly accommodating. On May 21, it authorized Cardinal Bancshares to acquire Five Paces Software Inc. through a wholly owned thrift subsidiary, Security First Network Bank, and thereby engage nationwide in data processing activities relating to financial services over the Internet. The Fed noted that all of Five Paces' data processing and transmission activities "are provided in connection with transactions in accounts maintained by a financial institution."
The agency had previously determined that "the development, production, and sale of software that allows a customer to conduct banking transactions using personal computers (is permissible because it) is closely related to banking."
On Feb. 6, the Fed approved the acquisition by Royal Bank of Canada of 20% of the voting shares of Meca Software LLC. The Fed relied on Section 225.25(b)(7) of Regulation Y, which permits bank holding companies to provide data processing and data transmission services, facilities (including software), data bases, or access to such services, facilities or data bases by any technological means, so long as the data to be processed or furnished are "financial, banking or economic in nature."
Interestingly , the central bank disregarded the fact that Meca conducted nonfinancial activities. It concluded that those software products - including games, computer security programs, a medical reference library, and a program providing basic legal forms - did not have dedicated employees or resources, produced only 7% of the company's revenues and would not be upgraded, enhanced or promoted. Therefore, they would not preclude approval.
Similar limitations on nonfinancial data processing and transmission services facilitated the Fed's approval of a de novo subsidiary of Compagnie Financiere de Paribas on Feb. 26 to produce integrated billing software programs for digital mobile telephone networks.
It remains to be seen how the Federal Reserve or the OCC will respond to requests to engage in technological activities that are not directly financial, banking, or economic in nature.
However, the agencies seem to be signalling a willingness to be expansion-minded.
The Fed issued an order July 1 allowing four banks in Ohio and Pennsylvania through their ATM affiliate, Electronic Payment Services Inc., to provide data processing and other services relating to the distribution of tickets, gift certificates, prepaid telephone cards, and other documents.
Proposals regarding joint ventures in electronic money, smart card systems, and PC hard-drive currencies are pending. The regulators are becoming attuned to new types of regulatory issues and concerns.
For example, in its Cardinal Bancshares order, the Fed said it expects acquisitions such as Five Paces to "enhance consumer convenience by expanding the availability of electronic banking services and by making those services available in new ways." But it warned that defects in security policies or procedures would be considered unsafe and unsound banking practices because of the risks associated with the provision of services over the Internet.
Not since Jesse James was practicing his entrepreneurial skills has bank security become such a regulatory concern. Since no human can exist in cyberspace, and identification and verification of parties over the Internet may be subject to manipulation, the Fed is clearly telling banks to take prudent steps and utilize state-of-the-art cryptography to discourage and prevent computer break-ins, counterfeiting, theft of accounts and identities, systemic attacks and informational warfare.
A fair enough admonition - one that many banks can satisfy only by working with partners and unaffiliated entities.
But entrepreneurial business venturers do not mix easily with regulation. While a bank's joint-venture partner may be a high-quality technology company, it may not be accustomed to the kind of regulatory examination, intervention, and enforcement that banks know. This issue must be resolved at the inception of a joint venture to avoid subsequent disputes.
Given the way current laws work, nonbanks may want to join with a bank holding company affiliate rather than a bank subsidiary to avoid the liability that can attach to an "institution-affiliated party," such as a subsidiary of an insured bank.
Traditional concepts of due diligence will also have to be substantially augmented and modified to adequately evaluate businesses in cyberspace. No longer will physical reviews of corporate documents and officer interviews suffice. Bank acquirers and co-venturers will have to thoroughly consider the extent to which electronic breaches, theft, counterfeiting and manipulation of systems have occurred or can occur.
Given the ever-increasing technological capacity available to cyberspace pirates, security protocols will have to efficiently accommodate new generations of technological upgrades. Off-line, unaccountable smart cards may have to be upgraded by the originator or issuer through virus- like transmissions spread card-to-card and card-to-terminal.
Similarly, the encrypted identifying marks of electronic money may need to be regularly reformatted in order to limit the amounts that can be counterfeited or duplicated.
In the intellectual property area, an acquired or co-ventured technology business may only be worth what it costs if the products and services and their underlying software and programs are adequately protected or protectable under copyright, trademark, and patent laws.
Given the dizzying rate at which such filings are occurring in electronic banking and commerce, it is equally critical to determine that any technology, products, or services being acquired do not violate pending or issued licenses in any jurisdiction in the world. The Internet is a worldwide marketing mechanism, and users will have to consider the laws and customs of a multitude of jurisdictions - even those where they may never have done business or intended to do business.
In any joint venture, affiliation, or alliance, the contracting parties must determine who "owns" the customer. But in the world of cyberspace, where traditional identities and boundaries no longer apply, ownership and access issues will be even more important, particularly when a venture is unwound or dissolved.
Banks have traditionally sought to share information between and among affiliates for marketing purposes. Where the affiliate is not a controlled subsidiary, however, such sharing may be problematic and even illegal under state privacy laws.
As electronic commerce and smart card products begin to be introduced and gain acceptance, certain brands will naturally become more prominent and recognized. Unlike the branding issues that are important to companies in the consumer products area, these electronic products will have to fight for market share among consumers who put a premium on confidence and trust.
Banks will have to find ways to continue to accommodate the financial as well as emotional elements of the relationship that exists between an individual and his or her money. Brands and logos that evoke confidence and trust will be extremely valuable, and should be treated accordingly in the business ventures that develop.
Technology co-ventures must have workable and verifiable policies and procedures concerning disaster recovery. How an organization deals with traditional crashes, power losses, and breaches will indicate its capability in this area. No financial institution that relies on public trust and confidence can tolerate the loss of business information or customer data, particularly if it keeps customers from their money, electronic or otherwise, for some period of time.
Odds are that many banks will not be able - or prefer not - to "go it alone." The landscape is already filled with dozens of alliances and joint ventures, and the business is still in its infancy.
At the same time, banks should not be too quick to dilute or share their long-standing consumer trust and confidence. They have as much to give as they do to gain in technology joint ventures, and they should negotiate accordingly.