While banks' business models are different, government's regulation of them is similar. At the same time, compliance has become ever more central to the business of banking.

When the Dodd-Frank Act was written, the principle that size correlates to riskiness was not outlandish. After all, it was the failure (or potential failure) of the largest institutions that threatened the financial system and the economy at large. Size makes for a simple, perhaps too convenient barometer — a bank either has over $50 billion in assets or it doesn't. The complexity and systemic importance of an institution, on the other hand, is far more difficult to ascertain.

To avoid subjective debates about which regulations should apply to which institutions, using size as a primary determinant was, perhaps, a practical starting point. However, it is now time to review the objectives of the enhanced prudential standards and allow for the varying supervision needs of organizations with differing levels of complexity. After all, the goal of legislation and regulation is to protect consumers and the economy while facilitating commerce, not hampering it.

Indeed, further adaptation of the regulations may be in store based on recent comments made by a member of the Federal Reserve Board. In suggesting the possibility of a "tiered approach to regulation and supervision of community banks," Governor Daniel Tarullo noted, "[such banks] have a smaller balance sheet across which to amortize compliance costs."

Adoption of a "tiered approach," based on complexity as opposed to simply size, would be a welcome change while preserving the core intent of the Dodd-Frank regulations to minimize risks to U.S. financial stability. Banks over $50 billion in size are required to go through semiannual stress tests, as well as to annually create so-called living wills — instructions on how to effectively wind down an institution if the capital and liquidity rules are insufficient to prevent its demise. Many Comprehensive Capital Analysis and Review standards are better suited to assess, monitor and estimate complex exposures and activities such as trading, derivatives and counterparty risk, which carry a higher level of volatility in stressed environments.

Using a standardized approach across the entire banking industry in these areas creates a risk that banks with simpler business models are not rewarded with lower infrastructure cost. As an alternative to the current approach, the annual CCAR exercise could be replaced with a review of the capital-planning program through the normal supervisory teams dedicated to institutions with lower risk operations. This would allow for a more customized approach to determining capital planning and adequacy, commensurate with the complexity of the bank.

For the most part, regional and community banks do not exhibit the maze of interconnectedness through derivative transactions that characterize the largest banks, and have much simpler legal structures, which make them much easier to deal with in case of failure through the traditional and time-tested FDIC process. As Capital One executive vice president Stephen Linehan noted in a publication from The Clearing House Association, "If you were to add up the legal entities of all of America's regional banks, the total would still be less than the number of legal entities under America's single largest bank holding company." Simple regional banks could be required to update their plan for disposition only if a significant acquisition or other change meaningfully altered their legal structure.

Banks with assets greater than $50 billion are required to hold large stocks of liquid securities under the liquidity coverage ratio rule to satisfy hypothetical funding needs calculated using standardized assumptions provided by the regulators. Unlike large trading banks with volatile balance sheets that rely upon short-term wholesale funding, the balance sheets of regional and community banks are predominantly funded with stable core customer deposits.

Given the lower liquidity risk presented by regional banks, it would seem appropriate for the LCR to substantially differentiate them from trading banks with respect to the amount of securities required to be held, and the granularity, frequency and amount of data to be provided to the regulators. Such a tailored approach would satisfy the objective of improving the banking system's ability to withstand increased liquidity needs during stressful economic environments without placing an outsized burden on Main Street banks.

At the heart of the last crisis were incentive compensation systems that encouraged traders to take on undue risk, to earn large sums of money, without having to forfeit any previously earned compensation on trades that subsequently turned out to be excessively risky. In 2014, the average salary and benefits per employee at the five large trading banks was $212,665. At the rest of the domestic banks with total assets of over $50 billion, it was $101,724, or 52% less. One large institution's personnel earned $379,402 per person, or nearly four times more than the rest of the banks that did not specialize in Wall Street activities.

Given compensation systems with huge payouts at trading banks, regulators have rightly enacted a series of rules to ensure that incentive programs do not tempt employees into actions that expose banks to undue risk. However, while these policies are essential to preventing excessive risk-taking by traders, the rules are burdensome for regional bank employees who have little ability to take risk positions that could bring down the bank.

By way of example, last year, 2,461 individuals, or 16% of M&T's employee base, fell within the purview of these provisions, requiring that their compensation packages be subject to heightened review. Allowing regional banks to restrict the applicability of these provisions to their executive management team and a handful of other employees would reduce the burden of compliance and focus more scrutiny on those individuals within the company who actually have the ability to subject the organization to material risk.

While these are a few examples of what could be done, it is time to review all the impediments to community lending and economic growth that regulations predicated on size, rather than complexity, have created for the banking industry.

Complexity, not size, is the defining contributor of significant risk to the financial system and taxpayers.

The enhanced prudential standards adopted by the Federal Reserve in February 2014 are not only a logical consequence of the recent financial crisis — they were necessary. Now, regulators and industry together should assess what we have learned since the crisis in an effort to hone the effectiveness of regulating complexity, without burdening simpler business models with disproportionately higher costs of compliance. After all, our economic recovery is still very uneven, and people and communities are still suffering; regional banks need to be supported in their efforts to encourage the type of activity that fosters local economic growth.

Robert Wilmers is the chairman and chief executive of M&T Bank in Buffalo, N.Y. This article was adapted from his 2015 letter to shareholders.

Corrected March 12, 2015 at 9:20AM: This is the second of three excerpts from Robert Wilmers' annual letter to M&T shareholders. Part one is here.