2020 Annual Report

documentation, credit underwriting, interest rate exposure, asset growth, compensation, fees and benefits, asset quality and earnings.

In general, the safety and soundness standards prescribe the goals to be achieved in each area, and each institution is responsible for establishing its own procedures to achieve those goals. If an institution fails to operate in a safe and sound manner, the FDIC-insured institution’s primary federal regulator may require the institution to submit a plan for achieving and maintaining compliance. If an FDIC-insured institution fails to submit an acceptable compliance plan, or fails in any material respect to implement a compliance plan that has been accepted by its primary federal regulator, the regulator is required to issue an order directing the institution to cure the deficiency. Until the deficiency cited in the regulator’s order is cured, the regulator may restrict the FDIC-insured institution’s rate of growth, require the FDIC-insured institution to increase its capital, restrict the rates the institution pays on deposits or require the institution to take any action the regulator deems appropriate under the circumstances. Operating in an unsafe or unsound manner will also constitute grounds for other enforcement action by the federal bank regulatory agencies, including cease and desist orders and civil money penalty assessments. During the past decade, the bank regulatory agencies have increasingly emphasized the importance of sound risk management processes and strong internal controls when evaluating the activities of the FDIC-insured institutions they supervise. Properly managing risks has been identified as critical to the conduct of safe and sound banking activities and has become even more important as new technologies, product innovation, and the size and speed of financial transactions have changed the nature of banking markets. The agencies have identified a spectrum of risks facing a banking institution including, but not limited to, credit, market, liquidity, operational, legal and reputational risk. Bank regulators have identified key risk themes for 2021, which include: (i) credit risk management given projected weaker economic conditions and commercial and residential real estate concentration risk management; (ii) the transition away from LIBOR (London Interbank Offered Rate) as a reference rate; (iii) compliance risk management related to COVID-19 pandemic-related activities; (iv) Bank Secrecy Act/anti-money laundering (“AML”) compliance; (v) cybersecurity and operational resilience; (vi), planning for and implementation of the current-expected-credit-losses (“CECL”) accounting standard; and (vii) CRA performance. Privacy and Cybersecurity . The Bank is subject to many U.S. federal and state laws and regulations governing requirements for maintaining policies and procedures to protect non-public confidential information of their customers. These laws require the Bank to periodically disclose its privacy policies and practices relating to sharing such information and permit consumers to opt out of their ability to share information with unaffiliated third parties under certain circumstances. They also impact the Bank’s ability to share certain information with affiliates and non-affiliates for marketing and/or non-marketing purposes, or to contact customers with marketing offers. In addition, as a part of its operational risk mitigation, the Bank is required to implement a comprehensive information security program that includes administrative, technical, and physical safeguards to ensure the security and confidentiality of customer records and information and to require the same of its service providers. These security and privacy policies and procedures are in effect across all business lines and geographic locations. Branching Authority . Minnesota banks, such as the Bank, have the authority under Minnesota law to establish branches anywhere in the State of Minnesota, subject to receipt of all required regulatory approvals. The Dodd-Frank Act permits well-capitalized and well-managed banks to establish new interstate branches or acquire individual branches of a bank in another state (rather than the acquisition of an out-of-state bank in its entirety) without impediments. Federal law permits state and national banks to merge with banks in other states subject to: (i) regulatory approval; (ii) federal and state deposit concentration limits; and (iii) state law limitations requiring the merging bank to have been in existence for a minimum period of time (not to exceed five years) prior to the merger. Transaction Account Reserves. Federal law requires FDIC-insured institutions to maintain reserves against their transaction accounts (primarily NOW and regular checking accounts) to provide liquidity. Reserves are maintained on deposit at the Federal Reserve Banks. The reserve requirements are subject to an annual adjustment by the Federal Reserve, and, for 2020, the Federal Reserve had determined that the first $16.9 million of otherwise reservable balances had a zero percent reserve requirement; for transaction accounts aggregating between $16.9 million to $127.5 million, the reserve requirement was 3% of those transaction account balances; and for net transaction accounts in excess of $127.5 million, the reserve requirement was 10% of the aggregate amount of total transaction account balances in excess of $127.5 million. However, in March 2020, in an unprecedented move, the Federal Reserve announced that the banking system had ample reserves, and, as reserve requirements no longer played a significant role in this regime, it reduced all reserve tranches to zero percent, thereby freeing banks from the reserve maintenance requirement. The action permits the

17