The interest of technology firms in the banking sector is fueling a continuing debate over the Community Reinvestment Act. The key question is: How is a law that assesses bank activities within a specific geographic footprint applied to companies with an undefined footprint?
Contrary to the view of some observers, technology has not rendered the CRA obsolete or irrelevant. Similarly, policymakers should not give in to calls to create a “CRA-lite” for fintech firms and other nonbanks that desire a banking charter but lack physical branches. That would be just a way for them to avoid CRA requirements. We already have one large category of federally insured, CRA-exempt financial institutions (i.e., credit unions), and we do not need another.
And yet, everyone seems to agree that CRA should be reformed. But how?
A crucial element of CRA enforcement is the Assessment Area, meaning the geographic boundaries in which a bank’s CRA performance is evaluated. Updating CRA policy for the digital age, in which boundaries are defined by an internet connection instead of a physical office, means redefining the appropriate Assessment Area, or AA.
Policymakers should also, finally, provide specific guidelines on minimum thresholds for CRA activities for different ratings within the AA, answering the 40-year-old question: How much is enough? I will come back to recommended guidelines for different CRA ratings at a later date; for now, I would just like to focus on the assessment areas.
A bank’s AA, which regulators use for their CRA evaluation about every three years, is traditionally associated with deposit-taking facilities. Banks are in the best position to define their AA based on knowledge of their own market and customers, and they typically define it based on counties, metropolitan statistical areas (MSAs) or other geographies surrounding their offices.
This approach works well for traditional retail banks, but it is not appropriate for special-purpose credit card, wholesale, internet or other banks with a national footprint. Since most credit card and limited-purpose banks operate out of a single headquarters office in Utah, Delaware or South Dakota because of their favorable banking climates, those banks generally identify Salt Lake City, Wilmington or Sioux Falls as their AAs.
This is problematic for several reasons. First, these banks have a realistic national market rather than the unrealistic local area where they happen to have their headquarters. Second, 100% of the CRA benefits go to these three small areas that in their totality have less than 1% of the nation’s population. Third, the intense competition for CRA loans, investments and services in those three favored markets among huge nationwide banks puts these CRA products out of reach for local community banks, which cannot compete on price.
This AA disconnect has existed for decades. But the recent fintech-focused charter applications for Varo Bank and SoFi Bank have brought the issue to a head. In my public comments on both of these applications, I have supported charter approvals but only with some important conditions based on a modernized AA concept as described below.
We must first accept the obvious: “Deposit taking facilities” for fintech, internet or credit card banks are not defined by brick-and-mortar offices. A “branch” used to make deposits is any smartphone, tablet or computer with a browser or mobile banking app. They are in every pocket, home and business.
A single AA is not sufficient in these cases. I therefore propose that any bank with a national footprint effectively must delineate multiple areas in which its CRA performance is evaluated.
The first would be a “Primary AA,” consisting of the entire nation. Each bank with a national footprint would use published guidelines (the subject of a follow-up commentary) to calculate a total CRA “commitment” based on its total assets and the type of CRA rating it desires (ranging from Outstanding to Substantial Noncompliance). If no MSA captures more than 5% of the bank’s deposits, the CRA commitment can be spread out at the bank’s discretion within the Primary AA. In that case, a digital bank could locate all CRA activities based on its national footprint in, say, Salt Lake City, if that is where its headquarters are based (like many banks in Utah already do).
But, banks would also have to delineate “Secondary AAs” for MSAs where 5% or more of their deposits emanate. There are nearly 400 MSAs covering approximately 85% of the nation’s population.
In those secondary AAs, the proportion of a bank’s total CRA commitment should be equal to the proportion of its deposit base. For example, let’s say 5% of the deposits from the proposed SoFi Bank came from the Philadelphia MSA. For the bank to achieve an Outstanding rating there, 5% of the total CRA commitment should be reinvested in the Philadelphia area.
Digital-focused banks might argue that delineating their deposit centers — without maintaining brick-and-mortar locations — might be hard logistically. But almost every bank has internal records, usually by ZIP code, identifying the geographic source of its deposits. Thus, this proposal has no new burdensome requirement, and the use of MSAs instead of smaller geographies will limit the likelihood of any competitive harm. Also, the 5% threshold is reasonable and consistent with many other banking disclosures.
The final CRA rating for each bank would be based on its performance relative to its total CRA commitment in both its Primary and Secondary AAs.
Updated policy on CRA assessment areas would likely address and simplify a key issue for fintech bank charter applications, while ensuring that reinvestment principles remain a priority in a mobile banking environment. Existing banks live by these rules, and fintech banks, that now or in the future may accept FDIC-insured deposits, should not be exempt from them.