UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM
ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 | |
For the fiscal year ended | |
or | |
TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 | |
For the transition period from to | |
Commission file number:
(Exact Name of Registrant as Specified in its Charter)
|
|
| ( |
Securities Registered Pursuant to Section 12(g) of the Act:
Title of each class: |
| Trading Symbol |
| Name of each exchange on which registered: |
Indicate by check mark if the Registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.
Indicate by check mark if the Registrant is not required to file reports pursuant to Section 13 or 15(d) of the Securities Act. Yes ◻
Indicate by check mark whether the Registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (Section 232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files).
Indicate by check mark if the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “small reporting company,” and “emerging growth company,” in Rule 12b-2 of the Exchange Act.
Emerging Growth Company | Accelerated filer ◻ | Non-accelerated filer ◻ | Smaller reporting company |
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act.
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report.
If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements.
Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b).
Indicate by check mark whether the Registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes
The aggregate market value of the voting stock held by non-affiliates of the Registrant as of June 30, 2023 was $
As of February 20, 2024, there were
DOCUMENTS INCORPORATED BY REFERENCE
Portions of the following documents are incorporated by reference into the designated parts of this Form 10-K: (a) Annual Report to Shareholders for the fiscal year ended December 31, 2023 (in Parts I and II) and (b) Proxy Statement relating to the Company’s 2024 Annual Meeting of Shareholders (in Part III).
CONTENTS
2
Part I
As used in this report, the words “Company,” “we,” “us,” and “our” refer to International Bancshares Corporation, a Texas corporation, its five wholly-owned subsidiary banks, and its other subsidiaries. The information that follows may contain forward-looking statements, which involve various risks and uncertainties, including those identified in Item 1A (Risk Factors) of this Annual Report on Form 10-K, and are qualified as indicated under “Special Cautionary Notice Regarding Forward-Looking Information” in Item 7 (Management’s Discussion and Analysis of Financial Condition and Results of Operations) of our 2023 Annual Report to Shareholders, which is filed as Exhibit 13 hereto and incorporated herein by reference. Our website address is www.ibc.com.
Item 1. Business
General
We are a registered multibank financial holding company providing a diversified range of commercial and retail banking services in our main banking and branch facilities located in north, south, central, and southeast Texas and the State of Oklahoma. We were organized and we operate as a bank holding company within the meaning of the Bank Holding Company Act of 1956 (BHCA). As a bank holding company, we may own one or more banks and may engage in activities closely related to banking. In this regard, we are subject to supervision and regulation by the Board of Governors of the Federal Reserve System (FRB). In addition, all five of our wholly-owned banking subsidiaries are members of and subject to regulation by the Federal Deposit Insurance Corporation (FDIC). Our principal corporate offices are located in Laredo, Texas.
Our principal assets at December 31, 2023, consisted of all the outstanding capital stock of four Texas state banking associations and one Oklahoma state banking corporation as follows:
| ● | International Bank of Commerce, located in Laredo, Texas (IBC); |
| ● | Commerce Bank, located in Laredo, Texas (Commerce Bank); |
| ● | International Bank of Commerce, located in Brownsville, Texas (IBC Brownsville); |
| ● | International Bank of Commerce, located in Zapata, Texas (IBC Zapata); and |
| ● | International Bank of Commerce, located in Oklahoma City, Oklahoma (IBC-Oklahoma). |
These five subsidiary banks are collectively referred to in this report as our “Subsidiary Banks.”
Our philosophy focuses on customer service as represented by the motto, “We Do More.” Our Subsidiary Banks maintain a strong commitment to their local communities by, among other things, appointing selected community members to local advisory boards. These local advisory boards help to direct the operations of the branches of each Subsidiary Bank under the supervision of the Subsidiary Bank’s board of directors, assist in developing or modifying our products and services to meet local customer needs, and introduce prospective customers to our many products and services.
We also own five direct, non-banking subsidiaries:
| ● | IBC Trading Company, an export trading company that is currently inactive; |
| ● | IBC Charitable and Community Development Corporation, a nonprofit corporation formed under the laws of the State of Texas to conduct charitable and community development activities; |
| ● | IBC Capital Corporation, a company incorporated in the State of Delaware for the purpose of holding certain investments; |
| ● | Premier Tierra Holdings, Inc., a liquidating subsidiary formed under the laws of the State of Texas; and |
| ● | Diamond Beach Holdings, LLC, a merchant banking entity formed under the laws of the State of Texas. |
3
We also own fifty-percent interests in Gulfstar Group I, Ltd. and Gulfstar Group II, Ltd., together with their related entities, all of which are involved in investment banking activities; a controlling interest in four merchant banking entities; and a majority ownership interest in a real-estate development partnership.
Available Information
Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and amendments to those reports, as well as our Proxy Statements, are available free of charge on or through the Investors section of our website at www.ibc.com/investors and can be accessed via the “SEC Filings” hyperlink under the “Investors” heading as soon as reasonably practicable after being electronically filed with, or furnished to, the SEC. Those documents are also available on the SEC’s website at www.sec.gov. We have also posted on our website a Code of Ethics and Business Conduct, which applies to our directors, officers, and employees, and charters for our Audit Committee, Risk Committee, Compensation Committee, and Nominating Committee. Those documents can be accessed through the “Corporate Governance” hyperlink under the “Investors” heading of our website. The information found on our website is not incorporated by reference in this or any other report the Company files or furnishes to the SEC.
Services, Human Capital, and Diversity and Inclusion
Our Subsidiary Banks have historically focused on providing commercial banking services to small- and medium-sized businesses located in their trade areas and select international banking services. In recent years, however, our Subsidiary Banks have emphasized consumer and retail banking, including mortgage lending, as well as opening branches in retail locations and shopping malls. Today, we have 166 facilities and 256 ATMs serving 75 communities in Texas and Oklahoma.
Through the Subsidiary Banks, we are engaged in the business of accepting checking and savings deposits and the making of commercial, real estate, personal, home improvement, automobile and other installment and term loans. Some Subsidiary Banks are very active in facilitating international trade along the United States border with Mexico and elsewhere. Our international banking business includes providing letters of credit, making commercial and industrial loans and providing foreign-exchange services. Each Subsidiary Bank also offers other related services, such as credit cards, safety deposit boxes, collections, escrow services, drive-up and walk-up facilities, and other customary banking services.
Each Subsidiary Bank makes available certain securities products through third-party providers and provides banking services during traditional and nontraditional banking hours through their ATM network and retail locations in shopping malls and other convenient places. Additionally, we offer IBC Bank Online, an Internet banking product that provides customers with online access to banking information and services 24 hours a day, as well as IBC Mobile Banking, which provides users with banking access from their mobile devices 24 hours a day. No material portion of our business may be deemed seasonal.
As of December 31, 2023, we and our Subsidiary Banks employed approximately 2,062 persons full time and 230 persons part time. As of December 31, 2023, approximately 68% of our approximately 300-person officer management team have been with us for more than 15 years, and approximately 70% of those have been with us for more than 20 years.
Our mission is to develop a banking culture that builds genuine, personal relationships with our customers and the communities we serve. The most significant component of that mission is to attract, develop, and maintain employees and officers of the highest quality, who are committed to their job, conduct themselves with the highest level of professionalism, devote themselves to their community, and relentlessly pursue perfection in their performance.
While senior management is certainly expected to lead by example, our objective is to instill our mission and cultural values throughout our entire organization. We are as dedicated to each other as “one team” moving in the same direction as we are to the communities we serve. We teach and train our employees to understand the reality of our customers’ everyday business, and to provide practical solutions based on significant experience, ingenuity, continuity, balance, integrity, intelligence, and very strong work ethic and technical skills, including significant bilingual capabilities. Our team approach allows us to nurture excellence in our staff in order to develop superior valuation skills so that each of our staff members better understand the risks and returns of transactions better than our competitors. We provide extensive
4
training to our employees in an effort to ensure that our customers receive superior customer service. We seek to develop superior skills at the transaction level, using a bottom-up approach to management. The use of pods, roundtables, and team huddles are fundamental to our approach.
We use compensation plans coupled with a complete evaluation program to reward and direct the development of our employees. Our compensation systems reflect the need to retain and develop a superior workforce, recognizing that unique and innovative programs need to be developed and maintained to retain highly qualified employees. We strive to provide pay, benefits, and services that help meet the varying needs of our employees. Compensation and benefits include market-competitive pay, retirement programs, broad-based bonuses, stock options, stock appreciation rights, health and welfare benefits, financial counseling, paid time off, and family leave.
We are committed to attracting, hiring, and retaining a diverse workforce that is representative of the communities in which we live and serve. As of December 31, 2023, approximately 74% of our workforce self-identified as Latino or Hispanic, and over 66% self-identified as women. We are committed to providing equal opportunities for applicants and employees in all of our employment practices, including but not limited to, hiring, promoting, transferring, and compensating without regard to sex, race, color, national origin, genetic information, citizenship status, age, religion, veteran, disability, or any other characteristic protected by law. We also conduct training programs on equal employment opportunities and diversity and inclusion in the workplace as well as training sessions that coach and develop talent in order to promote and retain a diverse workforce. Our commitment to diversity and inclusion is further underscored by our efforts to reach out to and support minority and women’s organizations and educational institutions that serve significant minority or women student populations. We also participate in events to attract minorities and women and recruit them for available employment opportunities.
We are also committed to maintaining a safe and healthy work environment, free from work-related injuries and illnesses and where every team member is treated with dignity and respect, without the fear of the threat of discrimination or harassment. As stated in our Board-approved Code of Ethics and Business Conduct, we expect all of our officers, directors, and employees to practice fair dealing, honesty, and integrity in every aspect of our interactions with other IBC employees, our customers, vendors, shareholders, suppliers, competitors, and government authorities, and the communities we serve.
None of our employees are represented by any collective bargaining unit or are parties to a collective bargaining agreement. We believe that our relations with our employees are good.
Competition
We are one of the largest independent financial bank holding companies in the State of Texas. Our primary market area in Texas is bordered on the east by the Galveston area, the northwest by Dallas, the southwest by Del Rio and to the southeast by Brownsville. Our primary market area also includes the State of Oklahoma. We compete for deposits and loans with other commercial banks, savings and loan associations, and credit unions in our primary market area. We have increased our market share in our primary market area in the past through strategic acquisitions.
We also compete against non-bank entities, which serve as an alternative to traditional financial institutions. The percentage of bank related services being provided by non-bank entities has increased during the last several years.
We do a large amount of business for customers domiciled in Mexico, with an emphasis in Northern Mexico. Deposits from persons and entities domiciled in Mexico comprise a large and stable portion of the deposit base of the Subsidiary Banks. These deposits comprised approximately 29%, 28% and 25% of the Subsidiary Banks total deposits for the three years ended December 31, 2023, 2022 and 2021, respectively.
Under the Financial Services Modernization Act of 1999, which is otherwise known as the Gramm-Leach-Bliley Act (GLBA), banks, securities firms and insurance companies may affiliate under an entity known as a financial holding company, which may then serve its customers’ varied financial needs through a single corporate structure. The GLBA significantly changed the competitive environment in which we and our Subsidiary Banks conduct business. The financial services industry will likely become even more competitive as further technological advances enable more companies to
5
provide financial services. These technological advances may reduce the necessity of depository institutions and other financial intermediaries in the transfer of funds between parties.
Supervision and Regulation
Banking is a complex, highly regulated industry. In addition to the generally applicable state and federal laws governing businesses and employers, we and our Subsidiary Banks are further extensively regulated by special federal and state laws governing financial institutions. These laws comprehensively regulate the operations of our Subsidiary Banks and include, among other matters:
| ● | requirements to maintain reserves against deposits; |
| ● | restrictions on the nature and amount of loans that may be made and the interest that may be charged thereon; |
| ● | restrictions on the amounts, terms, and conditions of loans to directors, officers, large shareholders and their affiliates; |
| ● | restrictions related to investments in activities other than banking; and |
| ● | minimum capital requirements. |
Congress, state legislatures and applicable federal and state regulatory agencies are continually reviewing such statutes, regulations, and policies. Any change in such laws or policies applicable to us and our subsidiaries could have a material adverse effect on our business, financial condition or results of operations. Recent challenges to the scope of agencies’ regulatory authority have increased uncertainty with respect to the implementation, scope, and timing of regulatory reforms. With few exceptions, state and federal banking laws have as their principal objective either the maintenance of the safety and soundness of the federal deposit insurance system or the protection of consumers, rather than the specific protection of our shareholders or creditors.
Further, our earnings are affected by the fiscal and monetary policies of the FRB, which regulates the national money supply in order to mitigate recessionary and inflationary pressures. These monetary policies significantly influence the overall growth of bank loans, investments, and deposits, as well as the interest rates charged on loans or paid on time and savings deposits. The nature of future monetary policies and the effect of such policies on our future earnings and business cannot be predicted.
Interest Rate Reform Upon the Discontinuation of LIBOR
The discontinuation of the benchmark interest rate known as U.S.-dollar London Interbank Offered Rate (LIBOR) was completed on June 30, 2023. Prior to that date, we had various loans, derivative contracts, borrowings, and other financial instruments with attributes that were either directly or indirectly dependent on LIBOR. Our completion of the transition from LIBOR during the second quarter of 2023 did not have any adverse impacts on our business, financial condition, or results of operations, and each of the loan documents, financial instruments, and other agreements related to our LIBOR-based securities had fallback provisions that determined what reference rate would replace LIBOR upon its discontinuation. For example, on July 1, 2023, the interest-rate index on the capital and common securities issued by our four statutory business trusts transitioned from LIBOR to the Three-Month CME Term Secured Overnight Financing Rate with a spread adjustment of 26 basis points.
The Dodd-Frank Act
The “Dodd-Frank Wall Street Reform and Consumer Protection Act” (Dodd-Frank Act), which was enacted in 2010, represented a sweeping overhaul of many aspects of the regulation of the financial services industry. The Dodd-Frank Act created far-reaching changes across the financial regulatory landscape by addressing areas like systemic risk, capital adequacy, deposit insurance assessments, consumer financial protection, interchange fees, derivatives, lending
6
limits, mortgage-lending practices, investment-advisor registration, and changes among the bank regulatory agencies. Some of the most notable reforms under the Dodd-Frank Act have included:
| ● | Establishing the Consumer Financial Protection Bureau (CFPB) as the central regulator for consumer financial protection; |
| ● | Subjecting bank holding companies to the same leverage and risk-based capital requirements that apply to insured depository institutions; |
| ● | Changing the assessment base for federal deposit insurance from the amount of insured deposits to the amount of consolidated assets less tangible capital and eliminating the ceiling on the size of the Deposit Insurance Fund (DIF); |
| ● | Requiring certain financial institutions with consolidated assets of more than $10 billion, to undergo financial stress tests (which none of our Subsidiary Banks are subject to at this time due to not meeting the $10 billion asset threshold); |
| ● | Making permanent the $250,000 limit for federal deposit insurance while increasing the cash limit for Securities Investor Protection Corporation protection to $250,000; |
| ● | Repealing the federal prohibitions on the payment of interest on demand deposits; |
| ● | Amending the Electronic Fund Transfer Act to authorize the FRB to establish rules regarding interchange fees, which must be reasonable and proportional to the actual cost of a transaction to the issuer; |
| ● | Permitting interstate de novo branching without the need to acquire an existing bank; |
| ● | Imposing extensive restrictions relating to residential mortgage transactions; |
| ● | Implementing corporate-governance requirements aimed at risk management and shareholder protection; |
| ● | Establishing a whistleblower program for employees of public companies to report fraud; |
| ● | Requiring federal financial regulatory agencies to adopt rules that prohibit banks and their affiliates from engaging in short-term proprietary trading and from investing in and sponsoring certain unregistered investment companies; and |
| ● | Authorizing the FRB to examine bank holding companies and their subsidiaries and to adopt enhanced supervision and prudential standards for bank holding companies with total consolidated assets of $250 billion or more (often referred to as “systemically important financial institutions” or “SIFIs”), subject to certain modifications by the Economic Growth, Regulatory Relief and Consumer Protection Act of 2018. |
Many provisions of the Dodd-Frank Act became effective upon enactment, while others were subject to further study, SEC rulemaking and discretion afforded to federal regulators. Some provisions have only recently taken effect or will take effect in the future, making it difficult to anticipate the overall financial impact on us, our customers, or the financial industry in general. Provisions in the legislation that affect deposit insurance assessments, payment of interest on demand deposits and interchange fees are likely to increase the costs associated with deposits, as well as place limitations on certain revenues those deposits may generate. Provisions that require revisions to our capital requirements could require us to seek other sources of capital in the future.
FRB Approvals
As a registered bank holding company we are subject to supervision by, among others, the FRB. As such, we are required to file with the FRB annual reports and other information regarding our business operations and those of our Subsidiary Banks. We are also subject to periodic examination by the FRB. Under the BHCA, a bank holding company is prohibited from acquiring direct or indirect control of any company that is not a bank or bank holding company, and must engage only in the business of banking, managing, or controlling banks and furnishing services to or performing services for its subsidiary banks, except where the FRB has determined the ownership to be so closely related to banking, managing, or controlling banks as to be a proper incident thereto.
7
The BHCA and the Change in Bank Control Act of 1978 require that either FRB approval must be obtained or notice must be furnished to the FRB and not disapproved prior to any person or company acquiring “control” of a bank holding company, subject to exception for certain transactions. Control is conclusively presumed to exist if any person acquires 25% or more of the voting securities of a bank holding company; control is a rebuttable presumption between 10% and 25% ownership. Ownership by affiliated persons, or persons acting in concert, is typically aggregated for these purposes. The FRB revised its control rules under the BHCA by expanding the number of presumptions used to determine whether control exists. Effective April 1, 2020, the FRB’s rule amended Regulation Y, the implementing regulation for the BHCA, to provide additional transparency regarding control determinations by implementing a tiered framework establishing factors and thresholds that are indicative of control. To date, the rule has not, as we do not anticipate that it will, have a significant detrimental effect on us given that it is generally consistent with the FRB’s historical practices in making control determinations.
As a bank holding company, we are required to obtain approval prior to merging or consolidating with any other bank holding company, acquiring all or substantially all of the assets of any bank, or acquiring ownership or control of shares of a bank or bank holding company if, after the acquisition, we would directly or indirectly own or control 5% or more of the voting shares of such bank or bank holding company. In approving acquisitions or the addition of activities, one of the issues the FRB considers is whether the acquisition or the additional activities can reasonably be expected to produce benefits to the public, such as greater convenience, increased competition, or gains in efficiency, that outweigh such possible adverse effects as undue concentration of resources, decreased or unfair competition, conflicts of interest, or unsound banking practices.
Anti-Money Laundering
Combating money laundering and terrorist financing is a major focus of financial institution regulatory policy. The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (PATRIOT Act), substantially expanded the responsibilities of U.S. financial institutions with respect to countering money laundering and terrorist activities. The implementing regulations impose obligations on financial institutions to maintain a risk-based anti-money laundering program that includes appropriate policies, procedures and controls to detect, prevent and report money laundering and terrorist financing and to verify the identity of their customers. The PATRIOT Act also requires the bank regulatory agencies to consider the record of a bank or bank holding company in combating money laundering activities in their evaluation of bank and bank holding company merger or acquisition transactions. Anti-money laundering regulations are continually evolving. In May 2018, regulatory updates were imposed that require U.S. financial institutions to ascertain and document the beneficial owners of legal entity customers opening new accounts. Those 2018 requirements were supplemented by the Anti-Money Laundering Act of 2020 (AMLA) and, as part of the AMLA, the Corporate Transparency Act (CTA).
The AMLA streamlines and modernizes certain provisions of the Currency and Foreign Transactions Reporting Act of 1970, as amended (Bank Secrecy Act), by, for example, requiring most legal entities to register their beneficial-ownership information into a national registry maintained by the Financial Crimes Enforcement Network (FinCEN); modernizing and expanding the statutory definition of “financial institution” to include antiquities dealers and entities whose services involve cryptocurrency and other non-cash currency substitutes; enhancing the type and severity of fines and penalties that violators of the AMLA, the Bank Secrecy Act, and the PATRIOT Act may face; and enhancing whistleblower protections and awards. Certain implementing regulations that FinCEN has proposed in connection with the AMLA are still being finalized.
In September 2022, FinCEN finalized its regime for beneficial-ownership reporting under the CTA, which took effect on January 1, 2024. To comply with the CTA’s reporting rule, corporations, limited liability companies, and similar entities must identify and report certain information concerning their beneficial owners, meaning the individuals who ultimately own or control them. The CTA aims to combat money laundering, securities and tax fraud, terrorism financing, human and drug trafficking, counterfeiting, and other corrupt, nefarious activities by preventing bad actors from concealing their ownership of U.S. entities to advance their illicit operations. On February 20, 2024, FinCEN’s rule for implementing the access and safeguard provisions of the CTA took effect. Under the CTA’s access rule, a reporting company’s beneficial-ownership information is deemed confidential but can be disclosed by FinCEN to six categories of recipients,
8
including financial institutions that are subject to customer due diligence obligations and have received the reporting company’s consent to access its beneficial-ownership information.
We have a program in place to monitor and enforce our policies on money laundering, corruption, and bribery, as well as policies that prohibit the use of Company assets to finance or otherwise aid alleged terrorist groups. Failure of a financial institution to maintain and implement adequate programs to combat money laundering and terrorist financing, or to comply with all the relevant laws or regulations, could have serious legal and reputational consequences for the institution.
Nonresident Alien Deposits
In 2013, the IRS published a rule requiring U.S. banks to report on the interest they pay to nonresident alien individuals. The IRS shares that information with tax authorities in other countries with whom the United States has an agreement regarding the exchange of tax information.
Foreign Account Tax Compliance Act
On July 1, 2014, the Foreign Account Tax Compliance Act (FATCA) became effective. FATCA aims to curb offshore tax evasion by foreign financial institutions by requiring such institutions to identify any U.S. account holders. Moreover, FATCA requires U.S. withholding agents, including U.S. banks, to withhold a tax (30%) on U.S.-sourced income payable to foreign financial institutions that do not agree to report certain information to the IRS regarding their U.S. accounts, as well as on payments to nonfinancial foreign entities that do not provide information on their U.S. account owners to withholding agents.
Office of Foreign Assets Control Regulation
The United States has imposed economic sanctions that affect transactions with designated foreign countries, nationals, and others. The Office of Foreign Assets Control of the U.S. Department of the Treasury (OFAC) publishes lists of specially designated countries and enforces economic and trade sanctions based on U.S. foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States. The OFAC-administered sanctions take many forms, including restrictions on trade or investment and the blocking of certain assets related to the designated foreign countries and nationals. Blocked assets, which may include bank deposits, cannot be paid out, withdrawn, set off or transferred in any manner without a license from OFAC. Failure to comply with the OFAC sanctions could have serious legal and reputational consequences.
Gramm-Leach-Bliley Act
The GLBA eliminates the barriers to affiliations among banks, securities firms, insurance companies and other financial service providers. The GLBA provides for a new type of financial holding company structure under which affiliations among these entities may occur. Under the GLBA, a financial holding company may engage in a broad list of financial activities and any non-financial activity that the FRB determines is complementary to a financial activity and poses no substantial risk to the safety and soundness of depository institutions or the financial system. In addition, the GLBA permits certain non-banking financial and financially related activities to be conducted by financial subsidiaries of banks.
Under the GLBA, a bank holding company may become certified as a financial holding company by filing a declaration with the FRB, together with a certification that each of its subsidiary banks is well capitalized, is well managed, and has at least a satisfactory rating under the Community Reinvestment Act of 1977 (CRA). We elected and were approved by the FRB to become a financial holding company under the GLBA in 2000 and the election was made effective by the FRB as of March 13, 2000. During the second quarter of 2000, IBC established an insurance agency subsidiary and acquired two insurance agencies.
9
The investments that may be made under the GLBA are substantially broader in scope than the investment activities otherwise permissible for bank holding companies and are referred to as “merchant banking investments” in “portfolio companies.” The FRB and the Secretary of the Treasury have regulations governing the scope of permissible merchant banking investments. Before making a merchant banking investment, a financial holding company must either be or have a registered securities firm or a qualified insurance affiliate. The merchant banking investments may be made by the financial holding company or any of its subsidiaries, other than a depository institution or a subsidiary of a depository institution. The regulations place restrictions on the ability of a financial holding company to become involved in the routine management or operation of any portfolio company. The regulation also generally limits the ownership period of merchant banking investments to no more than ten years.
The FRB, the Office of the Comptroller of the Currency (OCC), and the FDIC have rules governing the regulatory capital treatment of equity investments in non-financial companies held by banks, bank holding companies and financial holding companies. The rules apply a graduated capital charge on covered equity investments, which would increase as the proportion of such investments to Tier 1 capital increases.
On September 8, 2016, the FRB published a report to Congress in which it recommended the repeal of the merchant banking authority granted to financial holding companies under the GLBA. Specifically, the FRB recommended that Congress repeal the statutory merchant banking authority and the grandfathering exemption for certain companies that became financial holding companies after 1999. The FRB also noted in its report that it is considering regulatory measures that would limit what it termed “safety and soundness risks of merchant banking investments.” Following this report, on September 30, 2016, the FRB published a Notice of Proposed Rulemaking (NPR) proposing to, among other things, amend the risk-based capital requirements to increase the requirements associated with a subset of merchant banking investments; specifically, merchant banking investments in companies engaged in physical commodities activities. The changes proposed in the NPR were significantly narrower than the FRB’s recommendations regarding merchant banking investments in its report to Congress. To date, a final rule implementing the changes put forth in the NPR has not been issued and it is uncertain what action, if any, will be taken regarding the FRB’s report.
Financial Privacy and Data Protection
In accordance with the GLBA, the federal banking regulators adopted rules that limit the ability of banks and other financial institutions to disclose nonpublic information about consumers to nonaffiliated third parties. Pursuant to these rules, financial institutions must provide disclosure of privacy policies to consumers and allow consumers to prevent disclosure of certain personal information to a nonaffiliated third party in some instances.
Additional regulations were adopted to implement the provisions of the Fair Access to Credit Transactions Act (FACTA), which requires certain disclosures and consents to share certain information among bank affiliates. These privacy provisions affect how customer information is transmitted through diversified financial companies and conveyed to outside vendors. These privacy provisions also have the effect of increasing the length of the waiting period, after privacy disclosures are provided to new customers before information can be shared among different affiliated companies for the purpose of cross-selling products and services between those affiliated companies. On December 4, 2015, the Fixing America’s Surface Transportation Act (FAST Act) was signed into law. Part of the FAST Act amended the GLBA by providing financial institutions with an exception to the general requirement that those institutions deliver annual privacy notices.
In late 2022, the CFPB issued an outline of proposed rules related to Section 1033 of Dodd-Frank, which requires the CFPB to implement regulations providing for the sharing of consumer financial information between financial institutions and consumer-authorized data recipients. In October 2023, the CFPB proposed a “Personal Financial Data Rights” rule, which aims to promote open, decentralized banking, protect consumers’ financial data from misuse, and foster competition in the banking industry. If enacted as proposed, the rule would require financial institutions to make financial data regarding consumers’ transactions and accounts more accessible for consumers and authorized third parties acting on their behalf; implement authorization procedures for third parties seeking to access consumer data, including requiring third parties to commit to data limitations and compliance with the GLBA Safeguards Framework; establish operational, performance, and security standards related to data access; and advance fair, open, and inclusive industry standards to facilitate an open banking system. It is not clear when a final rule will be issued.
10
Nasdaq Listing Standards
Shares of our common stock are listed and trade on The Nasdaq Stock Market (Nasdaq) under the symbol “IBOC.” As such, we must comply with the quantitative and qualitative listing standards of Nasdaq. In addition to other matters, the Nasdaq listing standards address disclosure requirements and establish standards relating to board independence and other corporate governance matters.
Interstate Banking and Branching
The Riegle-Neal Interstate Banking and Branching Efficiency Act of 1994 (Interstate Banking Act) rewrote federal law governing the interstate expansion of banks in the United States. Under the Interstate Banking Act, adequately capitalized, well-managed bank holding companies with FRB approval may acquire banks located in any other state in the United States, provided that the target bank meets the minimum age established by the state in which the target bank is located (five years in Texas). The Interstate Banking Act imposes an anti-concentration limit, which prohibits interstate acquisitions that would give a bank holding company control of more than 10% of all deposits nationwide or 30% of any one state’s deposits, or such higher or lower percentage established by the host state. The anti-concentration limit applicable in each of Texas and Oklahoma is 20% of all federally insured deposits in the state. The Interstate Banking Act further expanded interstate banking by allowing banks to establish de novo branches in any state that opted-in to the Interstate Banking Act’s branching provisions. However, the opt-in concept was eliminated by the Dodd-Frank Act, which permits de novo interstate branching if, under the laws of the state where the new branch is to be established, a state bank chartered in that state would be permitted to establish a branch.
FRB Enforcement Powers
The FRB has certain divestiture and other powers over bank holding companies and non-banking subsidiaries where their actions would constitute a serious threat to the safety, soundness, or stability of a subsidiary bank. These powers may be exercised through the issuance of cease and desist orders or other actions. In the event a Subsidiary Bank experiences either a significant loan loss or rapid growth of loans or deposits, we may be compelled by the FRB to invest additional capital in the Subsidiary Bank. Further, we would be required to guarantee performance of the capital restoration plan of any undercapitalized Subsidiary Bank.
The FRB is also empowered to assess civil money penalties against companies or individuals who violate the BHCA in amounts up to $25,000 per day, order termination of non-banking activities of non-banking subsidiaries and order termination of ownership and control of a non-banking subsidiary. Under certain circumstances the Texas Banking Commissioner may bring enforcement proceedings against a bank holding company in Texas.
Company Dividends
Our holding company is regarded as a legal entity separate and distinct from our Subsidiary Banks and is subject to regulatory policies and requirements relating to the payment of dividends, including requirements to maintain adequate capital above regulatory minimums. The ability of our holding company to pay dividends is largely dependent on the amount of cash derived from dividends declared by our Subsidiary Banks. The payment of dividends by any bank or bank holding company is affected by the requirement to maintain adequate capital. Under FRB policy, bank holding companies should pay cash dividends on common stock only out of income available over the past year and only if the prospective rate of earnings retention is consistent with the organization’s expected capital needs and financial condition. The policy provides that bank holding companies should not maintain a level of cash dividends that undermines the bank holding company’s ability to serve as a source of strength to its banking subsidiaries. The FRB has historically discouraged dividend payment ratios that are at the maximum allowable levels unless both asset quality and capital are very strong.
The ability of the Subsidiary Banks to pay dividends is also restricted under Texas and Oklahoma law. A Texas bank generally may not pay a dividend reducing its capital and surplus without the prior approval of the Texas Banking Commissioner. An Oklahoma bank generally may not pay a dividend reducing its capital and surplus without the prior approval of the Oklahoma Department of Banking. The FDIC has the right to prohibit the payment of dividends by a bank where the payment is deemed to be an unsafe and unsound banking practice.
11
At December 31, 2023, there was an aggregate of approximately $1,229,500,000 available for the payment of dividends to our holding company by our Subsidiary Banks under the capital rules applicable as of December 31, 2023, assuming that each of such banks continues to be classified as “well capitalized.” Further, we could expend the entire $1,229,500,000 and continue to be classified as “well capitalized” under the capital rules applicable as of December 31, 2023.
Source of Strength Doctrine
FRB policy has historically required bank holding companies to act as a source of financial and managerial strength to their subsidiary banks. The Dodd-Frank Act codified this policy as a statutory requirement. Under this requirement, we are expected to commit resources to support our Subsidiary Banks, including at times when we may not be in a financial position to provide such resources. Any capital loans by a bank holding company to any of its subsidiary banks are subordinate in right of payment to deposits and to certain other indebtedness of such subsidiary banks. In the event of a bank holding company’s bankruptcy, any commitment by the bank holding company to a federal bank regulatory agency to maintain the capital of a subsidiary bank will be assumed by the bankruptcy trustee and entitled to priority of payment. In addition to the foregoing requirements, the Dodd-Frank Act’s provisions authorize the FRB and other federal banking regulators to require a company that directly or indirectly controls a bank to submit reports that are designed both to assess the ability of such company to comply with its “source of strength” obligations and to enforce the company’s compliance with these obligations.
The Dodd-Frank Act requires the federal banking agencies to jointly issue rules implementing the “source of strength” doctrine, but as of December 31, 2023, the FRB and other federal banking regulators have not yet issued such rules.
Deposit Insurance
All of the Subsidiary Banks are examined by the FDIC, which currently insures the deposits of each Subsidiary Bank up to the applicable limits provided by law. The FDIC may terminate deposit insurance upon a finding that an institution has engaged in unsafe and unsound practices, is in an unsafe or uninsured condition to continue operations, or has violated any applicable law, regulation, rule, or order of condition imposed by the FDIC.
The FDIC uses a risk-based assessment system that imposes premiums based upon a matrix that takes into account a bank’s capital level and supervisory rating.
Our FDIC deposit insurance expense totaled $6,285,000, $6,987,000, and $4,389,000 in 2023, 2022 and 2021, respectively.
The FDIC requires insured depository institutions with at least two million deposit accounts to comply with specific recordkeeping standards and deposit insurance calculation requirements. The institutions also are required to ensure that their information technology (IT) systems are capable of calculating the amount of insured money for most depositors within 24 hours of a failure.
In October 2022, the FDIC adopted a final rule to increase the initial base deposit insurance assessment rate schedules uniformly by two basis points beginning with the first quarterly assessment period of 2023. The increased assessment is intended to improve the likelihood that the DIF ratio reaches the statutory minimum of 1.35% by September 30, 2028, the statutory deadline prescribed under the FDIC’s amended restoration plan, and to support the DIF’s growth to a reserve ratio of 2%, the minimum reserve ratio that the FDIC determined would be necessary to withstand a future banking crisis comparable to past crises.
In November 2023, the FDIC issued a final rule to impose a special assessment meant to recover the losses to the DIF of roughly $16.3 billion that resulted from the FDIC invoking the systemic-risk exception in order to cover all of the uninsured deposits of two banks that failed in March 2023. The assessment base for the special assessment is equal to an insured depository institution’s estimated uninsured deposits reported for the quarter ended December 31, 2022, minus the first $5 billion in estimated insured deposits. The special assessment will be collected by the FDIC at an
12
annual rate of approximately 13.4 basis points for an anticipated total of eight quarterly assessment periods, beginning with the first quarterly assessment period of 2024. Banks with total assets under $5 billion will not be subject to the special assessment. Under the final rule, the estimated loss pursuant to the systemic-risk determination will be periodically adjusted, and the FDIC may cease collection early, extend the collection period, and impose a final shortfall special assessment on a one-time basis. None of our Subsidiary Banks were subject to the special assessment.
Capital Adequacy
Our holding company and our Subsidiary Banks are required to meet certain minimum regulatory capital guidelines. The FRB has historically utilized a system based upon risk-based capital guidelines under a two-tier capital framework to evaluate the capital adequacy of bank holding companies. Tier 1 capital generally consists of common stockholders’ equity, retained earnings, a limited amount of qualifying perpetual preferred stock, qualifying trust preferred securities and non-controlling interests in the equity accounts of consolidated subsidiaries, less goodwill and certain intangibles. Tier 2 capital generally consists of certain hybrid capital instruments and perpetual debt, mandatory convertible debt securities and a limited amount of subordinated debt, qualifying preferred stock, loan loss allowance, and unrealized holding gains on certain equity securities.
The federal authorities’ risk-based capital guidelines utilize total capital to risk-weighted assets and Tier 1 capital elements. In this way, the guidelines make regulatory capital requirements more sensitive to differences in risk profiles among banking organizations, consider off-balance-sheet exposure in assessing capital adequacy and encourage the holding of liquid, low-risk assets. At least one half of the minimum total capital is required to be comprised of Core Capital or Tier 1 capital elements. Our Tier 1 capital is comprised of common shareholders’ equity and permissible amounts related to the trust preferred securities. The deductible core deposit intangibles and goodwill booked in connection with all our financial institution acquisitions are deducted from the sum of core capital elements when determining our capital ratios.
In addition, the FRB has established minimum leverage ratio guidelines for bank holding companies. These guidelines provide for a minimum leverage ratio of Tier 1 capital to adjusted average quarterly assets (leverage ratio) equal to 3% for bank holding companies that meet certain specified criteria, including having the highest regulatory rating. All other bank holding companies will generally be required to maintain a leverage ratio of at least 4% - 5%. Our leverage ratio at December 31, 2023 was 17.46%.
The guidelines also provide that bank holding companies experiencing internal growth or making acquisitions will be expected to maintain strong capital positions substantially above the minimum supervisory levels without significant reliance on intangible assets. Each of our Subsidiary Banks is subject to similar capital requirements adopted by the FDIC and had a leverage ratio in excess of 5% as of December 31, 2023.
The federal bank regulatory agencies adopted regulations that mandate a five-tier scheme of capital requirements and corresponding supervisory actions to implement the prompt corrective action provisions of the Federal Deposit Insurance Act, as amended (FDIA). The regulations include requirements for the capital categories that will serve as benchmarks for mandatory supervisory actions. Under the regulations, the highest of the five categories would be a well-capitalized institution with a total risk-based capital ratio of 10%, a Tier 1 risk-based capital ratio of 6% and a Tier 1 leverage ratio of 5%. An institution would be prohibited from declaring any dividends, making any other capital distribution, or paying a management fee if the capital ratios drop below the levels for an adequately capitalized institution, which are 8%, 4%, and 4%, respectively. The corresponding provisions of the Federal Deposit Insurance Corporation Improvement Act (FDICIA) mandate corrective actions be taken if a bank is undercapitalized. Based on our capital ratios as of December 31, 2023, our holding company and each of the Subsidiary Banks were classified as “well capitalized” under the applicable regulations.
The risk-based standards that apply to bank holding companies and banks incorporate market and interest rate risk components. Applicable banking institutions are required to adjust their risk-based capital ratio to reflect market risk. Under the market risk capital guidelines, capital is allocated to support the amount of market risk related to a financial institution’s ongoing trading activities. Financial institutions are allowed to issue qualifying unsecured subordinated debt (Tier 3 capital) to meet a part of their market risks. We do not have any Tier 3 capital and did not need Tier 3 capital to
13
offset market risks. The Dodd-Frank Act directs the banking agencies to issue capital requirements for banking institutions that are countercyclical. These require a higher level of capital to be maintained in times of economic expansion and a lower level of capital during times of economic contraction.
Basel III
In July 2013, the FRB and the FDIC published the Basel III capital rules, which implemented a comprehensive capital framework for U.S. banking organizations known as “Basel III” along with certain provisions of the Dodd-Frank Act. The Basel III framework was developed by the Basel Committee on Banking Supervision, a college of central bankers and other financial regulators from the United States and other advanced economies, to strengthen international capital standards. Basel III requires bank holding companies and their subsidiary banks to maintain substantially more capital, with a greater emphasis on common equity.
The Basel III final capital framework, among other things, (i) a minimum ratio for “Common Equity Tier 1” capital (CET1), (ii) specifies that Tier 1 capital consists of CET1 and “Additional Tier 1 capital” instruments meeting specified requirements, (iii) defines CET1 narrowly by requiring that most adjustments to regulatory capital measures be made to CET1 and not to the other components of capital and (iv) expands the scope of the adjustments as compared to pre-Basel III regulations.
Basel III also provides for a “countercyclical capital buffer,” generally to be imposed when national regulators determine that excess aggregate credit growth becomes associated with a buildup of systemic risk. The capital conservation buffer is designed to absorb losses during periods of economic stress. Banking institutions with a ratio of CET1 to risk-weighted assets above the minimum requirement, but below the conservation buffer, will face constraints on dividends, equity repurchases and compensation based on the amount of the shortfall and the institution’s “eligible retained income” (meaning, four quarter trailing income, net of distributions and tax effects not reflected in net income).
In August 2022, the Inflation Reduction Act of 2022 (IRA) was enacted. Among other things, the IRA imposes a new 1% tax on the fair market value of stock repurchased after December 31, 2022 by publicly traded U.S. corporations. With certain exceptions, the value of stock repurchased is determined net of stock issued in the year, including shares issued pursuant to compensatory arrangements.
The Basel III capital rules require most components of “Accumulated Other Comprehensive Income (Loss)” (AOCI) to be recognized in CET1, factoring in to the calculation of CET1 all net unrealized gains (losses) on available for sale securities. The Basel III definition of CET1 also establishes the expectation that the majority of CET1 should be voting shares. Basel III strengthens the risk sensitivity of the regulatory capital treatment for various risk exposures, including a category of exposure created by Basel III known as “High Volatility Commercial Real Estate,” which has a risk weight of 150% and generally includes nonresidential real estate acquisition development or construction financing.
Further, the Basel III capital rules establish calculations for risk-weighted assets using alternatives to credit ratings that are based on either the weighted average of the underlying collateral or a formula based on subordination position and delinquencies or the use of a 1,250% risk rating, which is be the default rating that a banking organization must apply to a securitization exposure if it does not meet certain requisite due diligence standards and does not demonstrate a comprehensive understanding of the exposure. Securitized structures, such as private label mortgage-backed securities, may be risk weighted based on a gross-up approach considering underlying assets, or they default to the 1,250% risk weight.
On the quality of capital side, the Basel III capital rules emphasize CET1 capital, the most loss absorbing form of capital, and implement strict eligibility criteria for regulatory capital instruments. The rules also improve the methodologies for calculating risk-weighted assets to enhance risk sensitivity. At the time that Basel III was implemented, the banking agencies made a number of changes in the final capital rules, in particular, to address concerns about regulatory burden on community banks. For example, the final rules are significantly different from the proposed rules in terms of risk weighting for residential mortgages and the regulatory capital treatment of certain unrealized gains and losses on trust preferred securities for common banking organizations.
14
A key provision of the Basel III capital rules permitted banks to make a one-time irrevocable election to opt out of the Basel III requirement to recognize most items of AOCI in regulatory capital. For institutions like ours that chose to make the AOCI opt-out election, most AOCI items are not included in the calculation of CET1; institutions that do not opt out must include most AOCI items included in CET1 calculation, which affects the institution’s legal lending limit calculation. If a top-tier banking organization makes the AOCI opt-out election, all consolidated banking subsidiary organizations under it must make the same election.
The Basel III capital rules require the following minimum capital ratios to be met:
| ● | 4.5% CET1 to risk-weighted assets, plus a capital conservation buffer of at least 2.5% (resulting in a minimum ratio of CET1 to risk-weighted assets of at least 7.0%); |
| ● | 6.0% Tier 1 capital to risk-weighted assets, plus a capital conservation buffer (resulting in a Tier 1 capital to risk-weighted assets ratio of at least 8.5%); |
| ● | 8.0% Total capital (Tier 1 capital plus Tier 2 capital) to risk-weighted assets, plus the capital conservation buffer (resulting in a minimum total capital ratio of 10.5%); and |
| ● | 4.0% minimum leverage ratio, calculated as the ratio of Tier 1 capital to average assets. |
The Basel III capital rules prescribe a standardized approach for risk weightings that expand the risk-weighting categories from four categories (0%, 20%, 50% and 100%), to a much larger and more risk-sensitive number of categories, depending on the nature of the assets, generally ranging from 0% for U.S. government and agency securities to 600% for certain equity exposures, resulting in higher risk weights for a variety of asset categories. Specific changes to the rules impacting our determination of risk-weighted assets include, among other things:
| ● | Applying a 150% risk weight instead of a 100% risk weight for certain high volatility commercial real estate acquisition, development, and construction loans; |
| ● | Assigning a 150% risk weight to exposures (other than residential mortgage exposures) that are 90 days past due; |
| ● | Providing for a 20% credit conversion factor for the unused portion of a commitment with an original maturity of one year or less that is not unconditionally cancellable (currently set at 0%); |
| ● | Providing for a risk weight, generally not less than 20% with certain exceptions, for securities lending transactions based on the risk weight category of the underlying collateral securing the transaction; |
| ● | Providing for a 100% risk weight for claims on securities firms; and |
| ● | Eliminating the current 50% cap on the risk weight for OTC derivatives. |
In addition, the Basel III capital rules provide more advantageous risk weights for derivatives and repurchase-style transactions cleared through a qualifying central counterparty and increase the scope of eligible guarantors and eligible collateral for purposes of credit risk mitigation.
In December 2017, the Basel Committee on Banking Supervision unveiled its final set of standards and reforms to the Basel III regulatory capital framework, commonly called “Basel III endgame” or “Basel IV.” The Basel IV standards make changes to the capital framework first introduced as “Basel III” in 2010and aim to reduce excessive variability in banks’ calculations of risk-weighted assets and risk-weighted capital ratios. Implementation of Basel IV began on January 1, 2023 and will continue over a five-year transition period by regulators in individual countries, including the U.S. federal bank regulatory agencies (after notice and comment).
Basel III Prompt Corrective Action
The FDIA requires the federal banking agencies to take “prompt corrective action” in respect of depository institutions that do not meet minimum capital requirements. The FDIA establishes the following five capital tiers: (i) “well capitalized;” (ii) “adequately capitalized;” (iii) “undercapitalized;” (iv) “significantly undercapitalized;” and (v) “critically
15
undercapitalized.” A depository institution’s capital tier depends upon how its capital levels compare to various relevant capital measures and certain other factors, as established by regulation. The relevant capital measures, which reflect the standards for assessing capital adequacy under the Basel III capital rules that became effective on January 1, 2015, are the total capital ratio, the CET1 capital ratio, the Tier 1 capital ratio, and the leverage ratio. A bank will be considered:
| ● | “well capitalized” if the institution has a total risk-based capital ratio of 10.0% or greater, a CET1 capital ratio of 6.5% or greater, a Tier 1 risk-based capital ratio of 8.0% or greater, and a leverage ratio of 5.0% or greater, and is not subject to any order or written directive by any regulatory authority to meet and maintain a specific capital level for any capital measure; |
| ● | “adequately capitalized” if the institution has a total risk-based capital ratio of 8.0% or greater, a CET1 capital ratio of 4.5% or greater, a Tier 1 risk-based capital ratio of 6.0% or greater, and a leverage ratio of 4.0% or greater and is not “well capitalized”; |
| ● | “undercapitalized” if the institution has a total risk-based capital ratio that is less than 8.0%, a CET1 capital ratio less than 4.5%, a Tier 1 risk-based capital ratio of less than 6.0% or a leverage ratio of less than 4.0%; |
| ● | “significantly undercapitalized” if the institution has a total risk-based capital ratio of less than 6.0%, a CET1 capital ratio less than 3%, a Tier 1 risk-based capital ratio of less than 4.0% or a leverage ratio of less than 3.0%; and |
| ● | “critically undercapitalized” if the institution’s tangible equity is equal to or less than 2.0% of average quarterly tangible assets. |
An institution may be downgraded to, or deemed to be in, a capital category that is lower than indicated by its capital ratios if it is determined to be in an unsafe or unsound condition or if it receives an unsatisfactory examination rating with respect to certain matters. A bank’s capital category is determined solely for the purpose of applying prompt corrective action regulations, and the capital category may not constitute an accurate representation of the bank’s overall financial condition or prospects for other purposes.
The FDIA generally prohibits a depository institution from making any capital distributions (including payment of a dividend) or paying any management fee to its parent holding company if the depository institution would thereafter be “undercapitalized.” “Undercapitalized” institutions are subject to growth limitations and are required to submit a capital restoration plan. The agencies may not accept such a plan without determining, among other things, that the plan is based on realistic assumptions and is likely to succeed in restoring the depository institution’s capital. In addition, for a capital restoration plan to be acceptable, the depository institution’s parent holding company must guarantee that the institution will comply with such capital restoration plan. The bank holding company must also provide appropriate assurances of performance. The aggregate liability of the parent holding company is limited to the lesser of (i) an amount equal to 5.0% of the depository institution’s total assets at the time it became undercapitalized, and (ii) the amount which is necessary (or would have been necessary) to bring the institution into compliance with all capital standards applicable with respect to such institution as of the time it fails to comply with the plan. If a depository institution fails to submit an acceptable plan, it is treated as if it is “significantly undercapitalized.”
The appropriate federal banking agency may, under certain circumstances, reclassify a well-capitalized insured depository institution as adequately capitalized. The FDIA provides that an institution may be reclassified if the appropriate federal banking agency determines (after notice and opportunity for hearing) that the institution is in an unsafe or unsound condition or deems the institution to be engaging in an unsafe or unsound practice.
As of December 31, 2023, each of our Subsidiary Banks are “well capitalized” based on the aforementioned ratios pursuant to the Basel III capital rules.
Liquidity Requirements
Historically, regulation and monitoring of bank and bank holding company liquidity has been addressed as a supervisory matter, without required formulaic measures. The Basel III final framework requires banks and bank holding companies to measure their liquidity against specific liquidity tests that, although similar in some respects to liquidity
16
measures historically applied by banks and regulators for management and supervisory purposes, going forward will be required by regulation.
The Basel III liquidity coverage ratio uses international liquidity standards that serve to reconcile the differences of the liquidity standards of countries. The Basel Committee is expected to address the net stable funding ratio in the future. These new standards are subject to further rulemaking and their terms may well change before implementation. The federal bank regulatory agencies also issued a proposed rule that would implement qualitative liquidity requirements, including a liquidity coverage ratio (LCR), consistent with liquidity standards adopted by the Basel Committee, for certain banking organizations with more than $250 billion in total assets or subsidiary depository institutions of internationally active banking organizations with $10 billion or more in total consolidated assets. The FRB issued a separate proposed rule at the same time to apply a modified version of the LCR to certain depository institution holding companies with assets greater than $50 billion. The final version of the rule defines banks with between $50 billion and $250 billion in assets as “modified LCR companies,” which will be subjected to less rigorous requirements regarding the high-quality liquid assets calculations.
In July 2018, following the enactment of the Economic Growth, Regulatory Relief and Consumer Protection Act of 2018, the FRB stated that it would no longer require bank holding companies with less than $100 billion in total consolidated assets to comply with the modified version of the LCR. In October 2018, the federal banking regulators further proposed to revise their liquidity requirements so that banking organizations that are not globally systemic important banks, have less than $250 billion in total consolidated assets and have less than $75 billion in each of off-balance sheet exposures, nonbank assets, cross-jurisdictional activity and short-term wholesale funding would not be subject to any LCR or net stable funding ratio requirements.
FASB CECL Accounting Standard
In June 2016, the Financial Accounting Standards Board (FASB) issued Accounting Standards Update No. 2016-13, Financial Instruments – Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments, which amended the credit-loss accounting standards for financial assets and implemented the Current Expected Credit Losses (CECL) methodology. Among other things, the update required that the expected credit losses on financial instruments held as of the end of the period being reported be measured based on historical experience, current conditions, and reasonable and supportable forecasts. Pursuant to rules issued by the federal bank regulatory agencies in February 2019 and March 2020, banking organizations were given the option to phase in the adoption of CECL over a three-year transition period through December 31, 2022 or over a five-year transition period through December 31, 2024. The impact of the adoption of the updated accounting standards was to be recorded as a cumulative-effect adjustment to retained earnings as of the beginning of the first reporting period in which the guidance was adopted. Rather than electing a phase-in option, we immediately recognized the capital impact upon adopting the CECL accounting standards on January 1, 2020, which resulted in an increase in our allowance for probable loan losses and a one-time cumulative-effect adjustment to retained earnings upon adoption.
State Enforcement Powers
The Banking Commissioners of Texas and Oklahoma may determine to close a Texas or Oklahoma state bank, respectively, if such Commissioner finds that the interests of depositors and creditors of the state bank are jeopardized through its current or imminent insolvency and that it is in the best interest of such depositors and creditors that the bank be closed. The Texas Department of Banking and Oklahoma State Banking Department have broad enforcement powers over our Subsidiary Banks, as applicable, including the power to impose orders, remove officers and directors, impose fines and appoint supervisors and conservators.
Depositor Preference
Because our holding company is a legal entity separate and distinct from our Subsidiary Banks, our holding company has the right to participate in the distribution of assets of any Subsidiary Bank upon the subsidiary’s liquidation or reorganization, but it will be subject to the prior claims of the subsidiary’s creditors. In the event of a liquidation or other resolution of an insured depository institution like any of our Subsidiary Banks, the claims of depositors and other
17
general or subordinated creditors of the bank are entitled to a priority of payment over the claims of holders of any obligation of the bank to its shareholders, including any depository institution holding company (like us) or any shareholder or creditor thereof.
Community Reinvestment Act
Under the CRA, the FDIC is required to assess the record of each Subsidiary Bank to determine if the bank meets the credit needs of its entire community, including low- and moderate-income neighborhoods served by the bank, and to take that record into account in its evaluation of any application made by the bank for, among other things, approval of the acquisition or establishment of a branch or other deposit facility, an office relocation, a merger, or the acquisition of shares of capital stock of another financial institution. In May 2022, the federal bank regulators, including the FDIC, issued a notice of proposed rulemaking intended to revise the CRA’s implementing regulations in order to advance the CRA’s core purpose and adapt the CRA’s regulatory framework to reflect the modern banking industry. The focus of the revised rules, according to the regulators, is to (i) expand access to credit, investment, and basic banking services in low- and moderate-income communities, (ii) adapt to increased provision and use of Internet and mobile banking products and services, (iii) provide greater clarity, consistency, and transparency, (iv) tailor CRA evaluations and data collection to bank size and type, and (v) maintain a unified approach.
In October 2023, the federal regulators adopted a joint final rule to strengthen and modernize the CRA regulations, which was consistent with the 2022 proposed rule. Under the final rule, most of the CRA changes will only affect “large” banks with assets of more than $2 billion while allowing small and mid-sized banks to elect to be evaluated based on certain of the new rules. Although updates to the CRA’s implementing regulations were necessary to address the changes in the banking industry and the increase in online and mobile banking, the changes under the final rule include significant increases in data collection, testing, and evaluation metrics related to geography and assessment areas. The final rule takes effect on April 1, 2024, with staggered compliance dates of January 1, 2026 and January 1, 2027. The asset-size thresholds defined in the joint final rule will apply on January 1, 2026.
Proposed legislation was introduced in September 2022 would further revise the CRA by adding several new substantive and procedural requirements. If enacted, the legislation would broaden the types of legal violations that affect CRA scores, require banks to form community advisory committees in each market they serve (based on metropolitan statistical areas), require proof of impact for community service and charity efforts to receive CRA credit, and require large banks to collect and report even more information related to borrower demographics. The proposed legislation would also require regulators to consider a bank’s partnerships with non-depository lenders and “small-dollar” first-lien mortgages as part of CRA examinations. Like the October 2023 final regulatory revisions, the legislation focuses on applying fair-lending concepts to CRA obligations and examinations. We will continue to monitor this legislation and its potential effect on the revised CRA regulations.
The FDIC prepares a written evaluation of an institution’s record of meeting the credit needs of its entire community and assigns a rating. Federal banking agencies make public a rating of a bank’s performance under the CRA. The Subsidiary Banks conduct an award-winning financial literacy program in their communities as part of their community outreach.
Three of our Subsidiary Banks received an “Outstanding” CRA rating, and two received a “Satisfactory” CRA rating in their most recently completed examinations. Financial institutions are evaluated under different CRA examinations procedures based upon their asset size classification, which asset thresholds are updated annually and were updated as of January 1, 2024. “Large bank” now means a bank with total assets equal to or greater than $1.564 billion for December 31 of both of the prior two calendar years, “small bank” means a bank with assets of less than $1.564 billion as of December 31 of either of the prior two calendar years, and “intermediate small bank” means a bank with assets of at least $391 million as of December 31 of both of the prior two calendar years and less than $1.564 billion as of December 31 of either of the prior two calendar years. Two of our Subsidiary Banks are considered “intermediate small banks” and IBC, IBC Brownsville and IBC Oklahoma are considered “large banks” under the new asset thresholds.
18
Consumer Laws
In addition to the laws and regulations discussed herein, the Subsidiary Banks are also subject to numerous consumer laws and regulations that are designed to protect consumers in transactions with banks. These laws and regulations mandate certain disclosure requirements and regulate the manner in which financial institutions must deal with customers when taking deposits or making loans to such customers. The Subsidiary Banks must comply with the applicable provisions of these consumer finance protection laws and regulations as part of their ongoing customer relations. The Dodd-Frank Act established comprehensive new rules regulating mortgage activities and created the CFPB with direct supervisory authority to enforce certain consumer finance protection laws over banks with assets of $10 billion or more and certain nonbank entities.
The CFPB’s broad authority to issue, interpret, and enforce almost all federal consumer protection laws, and its issuance of applicable disclosure forms, may impact each of the Subsidiary Banks’ consumer compliance programs. The applicable consumer financial protection laws include, in part, the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Procedures Act, the Truth in Lending Act, the Home Mortgage Disclosure Act, the Real Estate Settlement Practices Act, various state law counterparts, and the Consumer Financial Protection Act of 2010, which is part of the Dodd-Frank-Act. The CFPB also has broad authority, among other matters, to declare acts or practices to be “unfair, deceptive, or abusive,” and to develop and require new consumer disclosures. The CFPB has issued and continues to issue numerous regulations under which IBC and the Subsidiary Banks will continue to incur additional expense in connection with ongoing compliance obligations. Significant recent CFPB developments that may affect operations and compliance costs include:
| ● | positions taken by the CFPB on fair lending, including applying the disparate impact theory which could make it more difficult for lenders to charge different rates or to apply different terms to loans to different customers; |
| ● | the CFPB’s final rule amending Regulation C, which implements the Home Mortgage Disclosure Act, requiring most lenders to report expanded information in order for the CFPB to more effectively monitor fair lending concerns and other information shortcomings identified by the CFPB; |
| ● | positions taken by the CFPB regarding the Electronic Fund Transfer Act and Regulation E, which require companies to obtain consumer authorizations before automatically debiting a consumer’s account for pre-authorized electronic funds transfers; |
| ● | focused efforts on enforcing certain compliance obligations the CFPB deems a priority, such as automobile loan servicing, debt collection, mortgage origination and servicing, remittances, and fair lending, among others. |
| ● | the CFPB’s proposed Dodd-Frank Section 1033 consumer financial data sharing rule, which will require financial institutions to provide consumers and their authorized parties access to certain consumer financial data obtained and maintained by the financial institution; and |
| ● | the CFPB’s continued focus on bank fees and charges, including supervision and enforcement actions and bulletins related to overdraft and non-sufficient funds fees. |
In light of the current political climate in Washington, DC and changes in CFPB leadership in recent years, we cannot predict what additional actions may be taken by the CFPB with respect to its previous regulations, rulings, and decisions and any impact on our operations. In October 2022, the United States Court of Appeals for the Fifth Circuit held that the mechanism for funding the CFPB is an unconstitutional violation of the Appropriations Clause. The CFPB petitioned the United States Supreme Court to hear its challenge to that holding, and the Supreme Court heard oral arguments in the case in October 2023. The Supreme Court’s decision is expected to be delivered in spring 2024. Since the Fifth Circuit’s decision, numerous legal challenges to CFPB oversight, enforcement, and action have been filed across the country, and several federal courts have stayed CFPB enforcement proceedings pending the Supreme Court’s decision. The Supreme Court’s decision is expected to have a profound impact on the future and scope of regulatory
19
authority of the CFPB and potentially other agencies and programs that are not funded through the ordinary annual appropriations process.
Military Lending Act
In 2015, the Department of Defense issued final amendments to the rule that implements the federal Military Lending Act. Under the amended rule, the Department of Defense expanded the definition of “consumer credit” to include a much broader range of credit products, including some credit products offered by depository institutions. The rule requires lenders to provide certain protections to borrowers who are covered under the rule. For instance, lenders must cap the Military Annual Percentage Rule for covered credit products provided to covered borrowers at 36%. Lenders must also provide certain disclosures and other protections to covered borrowers. Although a lender can use any method to determine a borrower’s military status, the lender can obtain a safe harbor by verifying the borrower’s military status either through the Department of Defense Manpower Data Center or by using a consumer credit report that contains military status.
Electronic Banking and Cybersecurity
The Federal Financial Institutions Examination Council (FFIEC) issued guidance in 2005 entitled “Authentication in an Internet Banking Environment” (2005 Guidance), followed by a 2011 supplement thereto (2011 Supplement). Together, the 2005 Guidance and the 2011 Supplement provided a risk-management framework for financial institutions offering Internet-based products and services to their customers and established the FDIC’s supervisory expectations regarding customer authentication, layered security, and other controls in an increasingly hostile online environment. In 2021, the FFIEC issued new guidance entitled “Authentication and Access to Financial Institution Services and Systems” (the 2021 Guidance), which replaced the 2005 Guidance and the 2011 Supplement. The 2021 Guidance addresses changes in the types and accessibility of online and mobile banking products and services, the increased use of new and emerging payment services, and the resulting risks associated with the cybersecurity-threat landscape. The primary objective of the 2021 Guidance is to provide effective risk management principles and practices related to identification, authentication, and access for consumer and business customers, employees, third parties, applications and devices that access and utilize digital banking services and information systems. The 2021 Guidance supports the use of multi-factor authentication in nearly every facet of banking services and highlights the importance of banks’ Internet and cybersecurity risk assessment in addressing and preventing unauthorized access to accounts, services and information and other cyber-crime. In late 2022, the FFIEC published an update to its 2018 Cybersecurity Resource Guide for Financial Institutions, which includes cyber-attack and ransomware resources and guidance, and focuses on responding to cyber incidents and monitoring vendors and service providers.
In 2011, the Texas Banking Commissioner and the U.S. Secret Service formed the Bankers Electronic Crimes Task Force and issued guidance entitled “Best Practices for Banks: Reducing the Risks of Corporate Account Takeovers.” This guidance sets forth nineteen best practices to reduce the risk of corporate account takeover thefts. Our Subsidiary Banks are required to comply with these guidelines and best practices.
The National Institute of Standards and Technology (NIST) released a preliminary Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework) in 2014, and an update to that framework in 2018. Our Subsidiary Banks are expected to incorporate the NIST Cybersecurity Framework into their infrastructures and risk-management systems, which are also governed by FFIEC guidelines. In 2016, the federal banking agencies proposed enhanced cyber-risk management standards for large interconnected entities and their service providers. The proposal established enhanced standards to increase the operational resilience of those entities and reduce the impact on the financial system in case of a cyber event experienced by any of them. The standards address cyber-risk governance, cyber-risk management, internal dependency management, external dependency management, incident response, cyber resilience, and situational awareness. The enhanced standards would be implemented in a tiered manner, imposing more stringent standards on the systems of those entities that are critical to the functioning of the financial sector. In 2021, the federal banking agencies adopted a rule governing computer security incidents and, in part, the rule requires notification by a regulated institution to its primary federal regulator in the event of certain cybersecurity-related incidents.
20
In February 2018, the SEC published interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents. The SEC guidelines, and any other regulatory guidance, are in addition to notification and disclosure requirements under state and federal banking laws and regulations. In July 2023, the SEC issued a final rule that, consistent with its rule proposal from March 2022, requires disclosure of material cybersecurity incidents and annual disclosure of material information concerning cybersecurity risk management, strategy, and governance. Under the final rule, registrants are required to disclose the occurrence of and key details about a material cybersecurity incident within four business days of determining that the incident is material and must provide periodic updates as to the status of the incident in subsequent filings.
In October 2023, President Joe Biden issued an Executive Order (EO) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI), which sets new standards for AI safety and security, establishes guidelines and processes for the equitable use of AI, calls on Congress to pass bipartisan data-privacy legislation, and directs federal agencies to take various actions to advance the safety, security, and trustworthiness of AI systems and to mitigate AI risks. Several of the directives in the EO involve the financial-services industry. For example, the EO directs the Secretary of the Treasury to prepare a public report advising financial institutions on best practices for managing AI-specific cybersecurity risks, encourages the CFPB director to address how AI tools and automated systems, depending on their use, have the potential to enable unlawful discrimination and biases in the housing and consumer-finance markets or to facilitate compliance with the federal laws that prohibit those discriminatory practices, and encourages regulatory agencies to consider rulemaking to address the risks to financial stability and other risks that may result from using AI.
Increasingly, state regulators are implementing additional privacy and cybersecurity standards and regulations. Recently, several states adopted regulations requiring certain financial institutions to implement cybersecurity programs and provide detailed requirements for such programs, including data encryption requirements. Many states have also recently implemented or modified their data breach notification and data privacy requirements. Effective January 1, 2020, Texas amended its data breach notification law, limiting the time frame for notifying individuals whose data has been compromised and requiring notice to the Texas Attorney General in certain circumstances. We expect state-level activity to continue in this area and will continue monitoring legislative developments in Texas and Oklahoma.
Affiliate Transactions
Our holding company and Subsidiary Banks are “affiliates” within the meaning of Section 23A of the Federal Reserve Act (FRA), which sets forth certain restrictions on (i) loans and extensions of credit between a bank subsidiary and affiliates, (ii) investments in an affiliate’s stock or other securities, and (iii) acceptance of such stock or other securities as collateral for loans. These restrictions prevent a bank holding company from borrowing from any of its bank subsidiaries unless the loans are secured by specific obligations. Further, such secured loans and investments by a bank subsidiary are limited in amount, as to a bank holding company or any other affiliate, to 10% of such bank subsidiary’s capital and surplus and, as to the bank holding company and its affiliates, to an aggregate of 20% of such bank subsidiary’s capital and surplus. Certain restrictions do not apply to 80% or more owned sister banks of bank holding companies. Each Subsidiary Bank is wholly-owned by our holding company.
Section 23B of the FRA requires that the terms of affiliate transactions be comparable to terms of similar non-affiliate transactions. Among other things, the Dodd-Frank Act expands the limitations on affiliate transactions by expanding the definitions of “affiliate” and of “covered transactions,” which include debt obligations of an affiliate utilized as collateral. The Dodd-Frank Act also requires that the 10% of capital limit on covered transactions begin to apply to non-bank financial subsidiaries. “Covered transactions” are defined to include a loan or extension of credit, as well as a purchase of securities issued by an affiliate, a purchase of assets (unless otherwise exempted by the FRB) from the affiliate, the acceptance of securities issued by the affiliate as collateral for a loan, and the issuance of a guarantee, acceptance or letter of credit on behalf of an affiliate. While the Dodd-Frank Act’s changes to Sections 23A and 23B of the FRA became effective in 2012, the FRB has not amended Regulation W to reflect those changes. However, in March 2021, the FRB staff provided guidance (in the form of a memorandum and answers to frequently asked questions developed by the staff) indicating that Sections 23A and 23B of the FRA should be interpreted as having been amended by the Dodd-Frank Act and that the FRB is in the process of revising Regulation W to reflect the Dodd-Frank Act’s changes.
Insider Loans
21
The restrictions on loans to directors, executive officers, principal shareholders, and their related interests contained in the FRA and Regulation O apply to all insured institutions and their subsidiaries and holding companies. In general, any such extensions of credit must (i) not exceed certain dollar limitations, (ii) be made on substantially the same terms, including interest rates and collateral, as those prevailing at the time for comparable transactions with third parties, and (iii) not involve more than the normal risk of repayment or present other unfavorable features. Additional restrictions are imposed on extensions of credit to executive officers. Certain extensions of credit also require the approval of a bank’s board of directors. There is also an aggregate limitation on all loans to insiders and their related interests. These loans cannot exceed the institution’s total unimpaired capital and surplus, and the FDIC may determine that a lesser amount is appropriate. Insiders are subject to enforcement actions for knowingly accepting loans in violation of applicable restrictions.
Mortgage Lending
In 2016, the CFPB amended certain mortgage rules issued in 2013. The final rule clarifies, revises, or amends provisions regarding force-placed insurance notices, policies, and procedures, early intervention, and loss-mitigation requirements under Regulation X’s servicing provisions, and imposes prompt crediting and periodic statement requirements under Regulation Z’s servicing provisions. The final rule also addresses compliance when a consumer is in bankruptcy and makes technical corrections to several other provisions.
Also in October 2016, the CFPB issued a final interpretive rule amending the mortgage servicing rules, most of which became effective in October 2017, and the remainder of which became effective in April 2018. The CFPB issued the interpretive rule under the Fair Debt Collection Practices Act (FDCPA) to clarify the interaction of the FDCPA and mortgage servicing rules. The interpretive rule constitutes an advisory opinion under FDCPA Section 813(e) and provides a safe harbor from liability for actions done or omitted in good faith in conformity with the opinion. The CFPB’s final rules also addresses insufficiency of hazard insurance which may lead to new requirements for lender-placed insurance, and early intervention with delinquent buyers, which will be governed by new contract obligations.
On November 30, 2016, the CFPB, FRB, and OCC finalized amendments to the official interpretations that implement special appraisal requirements for “higher-risk mortgages” or “higher-priced mortgages.” Under the interpretations when there is no annual percentage increase in the Consumer Price Index, the OCC, FRB and CFPB will not adjust the exemption threshold from the prior year.
On July 7, 2017, the CFPB modified the TILA-RESPA Integrated Disclosure Rule implemented in Regulations X and Z. The amendments created tolerances for the total of payments and provided guidance on sharing the integrated disclosures with various parties involved in the mortgage origination process. The TILA-RESPA Rule was amended again in 2018 to revise when a creditor may use a Closing Disclosure to reset tolerances.
On October 4, 2017, the CFPB issued an interim final rule and a proposed rule to provide mortgage servicers more flexibility and certainty around requirements to communicate with certain borrowers under the CFPB’s 2016 mortgage servicing amendments. The interim final rule gives servicers more flexibility regarding when to communicate about foreclosure prevention options with borrowers who have requested a cease in communication under federal debt collection law. The interim final rule became effective on October 19, 2017, the same date that the related 2016 rule provisions become effective. The proposed rule was finalized and became effective on April 19, 2018. It imposes mortgage servicing requirements which are complex. All servicers must ensure they have comprehensive practices for responding to potential successors in interest and for confirming and communicating with them. Additionally, servicers need to determine which of the CFPB’s three options to adopt for communicating with confirmed successors in interest, in a manner that ensures clarity and does not indicate an obligation to repay a mortgage. The CFPB also removed the blanket exemption from the periodic statement requirement for borrowers in bankruptcy, making it necessary to provide modified periodic statements – which will require significant system configurations and testing to ensure the new requirements are met.
The CFPB and other federal regulators, including the Federal Housing Administration, have issued several updated guidelines and proposed regulatory revisions that signal an ongoing focus on redlining and discrimination in
22
mortgage lending, including revisions to the CRA and greater oversight of property appraisals, including related algorithms and machine learning tools that can be used in the appraisal process.
Powers
As a result of the FDICIA, the authority of the FDIC over state-chartered banks was expanded. The FDICIA limits state chartered banks to only those principal activities permissible for national banks, except for other activities specifically approved by the FDIC. The Texas Banking Act includes a parity provision which establishes procedures for state banks to notify the Texas Banking Commissioner if the bank intends to conduct any activity permitted for a national bank that is otherwise denied to a state bank. The Texas Banking Commissioner has 30 days to prohibit the activity. Also, the Texas Finance Code includes a “super parity” provision with procedures for state banks to notify the Texas Banking Commissioner if the bank intends to conduct any activity permitted for any depository institution in the United States. Texas Banking Commissioner has 30 days after receiving such notice to prohibit the activity. Similarly, under the Oklahoma Banking Code, Oklahoma state banks have the authority to exercise such incidental powers as may be necessary or desirable to carry on the banking business including, but not limited to, powers conferred upon national banks, unless otherwise prohibited or limited by the Oklahoma Banking Commissioner or the Oklahoma State Banking Board. Additionally, upon approval of the Oklahoma Banking Commissioner, and subject to all applicable federal and state laws, the operating subsidiaries or financial subsidiaries of an Oklahoma state bank may exercise any power and engage in any activity that is permitted for an operating subsidiary or financial subsidiary of a national bank, unless otherwise prohibited or limited by the Oklahoma Banking Commissioner or Oklahoma State Banking Board.
Incentive Compensation
In June 2010, the FRB, OCC, and FDIC issued the Interagency Guidance on Sound Incentive Compensation Policies, a comprehensive final guidance on incentive compensation policies intended to ensure that the incentive compensation policies of banking organizations do not undermine the safety and soundness of such organizations by encouraging excessive risk taking. The guidance, which covers all employees that have the ability to materially affect the risk profile of an organization, either individually or as part of a group, is based upon the key principles that a banking organization’s incentive compensation arrangements should (i) provide incentives that do not encourage risk-taking beyond the organization’s ability to effectively identify and manage risks, (ii) be compatible with effective internal controls and risk management, and (iii) be supported by strong corporate governance, including active and effective oversight by the organization’s board of directors.
As part of its regular, risk-focused examination process, the FRB reviews the incentive compensation arrangements of banking organizations. These reviews are tailored to each organization based on the scope and complexity of the organization’s activities and the prevalence of incentive compensation arrangements. The findings of the supervisory initiatives are included in reports of examination. Deficiencies are incorporated into the organization’s supervisory ratings, which can affect the organization’s ability to make acquisitions and take other actions. Enforcement actions may be taken against a banking organization if its incentive compensation arrangements, or related risk-management control or governance processes, pose a risk to the organization’s safety and soundness and the organization is not taking prompt and effective measures to correct the deficiencies.
The Dodd-Frank Act requires the federal banking agencies and the SEC to jointly prescribe regulations or guidelines that require financial institutions with $1 billion or more in assets to disclose to the appropriate federal regulator, the structure of all incentive-based compensation arrangements sufficient to determine whether the compensation structure provides an executive officer, employee, director, or principal shareholder (collectively, “covered persons”) with excessive compensation, fees, or benefits, or could lead to material financial loss to the financial institutions. In April 2011 and June 2016, the SEC and the federal banking agencies issued joint notices of proposed rulemaking that would prohibit a covered financial institution from establishing or maintaining any incentive-based compensation arrangements for covered persons that expose the financial institution to inappropriate risks by providing the covered person with excessive compensation that could lead to a material financial loss. A compensation arrangement would be considered too risky unless it appropriately balanced risk and reward, was compatible with effective risk management and controls, and was supported by effective governance. Compensation, fees, and benefits would be deemed excessive if the amounts paid were unreasonable or disproportionate to the value of the services performed by a covered person, taking into account an array
23
of factors. The proposal would apply to financial institutions with more than $1 billion in assets. The rule also included heightened standards for financial institutions with $50 billion or more in total consolidated assets, requiring at least 50% of incentive-based payments for designated executives to be deferred for a minimum of three years. In addition to the provisions of the 2011 proposed rule, the 2016 proposed rule specified that an incentive-based compensation arrangement would only be deemed to have appropriately balanced risk and reward if it included financial and non-financial measures of performance, was designed to allow non-financial measures of performance to override financial measures of performance, and was subject to adjustment to reflect actual losses, inappropriate risks taken, compliance deficiencies, or other measures or aspects of financial and non-financial performance. As with the 2011 proposed rule, no final rule was adopted in connection with the 2016 rule proposal.
In June 2023, the SEC included incentive-based compensation arrangements on its spring 2024 rulemaking agenda. Accordingly, a third round of proposed rulemaking on incentive-based compensation arrangements is expected to occur in the upcoming months. Once the final rule is developed, the interagency rule must be approved by all of the five federal members of the FFIEC, the SEC, and the Federal Housing Finance Agency before comments on the rule are sought.
Regulation Z was amended in 2011 to restrict incentive compensation programs with regard to residential mortgage programs. Such limitations affect mortgage brokers as well as loan officers in the subsidiary banks. Compensation may be tied to volume, but not to terms or conditions of the transaction other than the amount of credit extended. Further amendments to Regulation Z relating to mortgage loan originator compensation were adopted on January 20, 2013, by the CFPB in accordance with the Dodd-Frank Act.
In October 2022, the SEC adopted a final rule directing national securities exchanges and associations, including Nasdaq, to implement listing standards that required listed companies to adopt policies mandating the recovery or “clawback” of excess incentive-based compensation earned by a current or former executive officer during the three fiscal years preceding the date the listed company is required to prepare an accounting restatement, including to correct an error that would result in a material misstatement if the error were corrected in the current period or left uncorrected in the current period. Nasdaq implemented the required listing standards under Rule 5608 of its listing rules, which became effective on October 2, 2023. Nasdaq-listed companies were required to adopt a compliant policy no later than December 1, 2023. Prior to that date, we amended and restated our Compensation Clawback Policy to meet the standards set forth in Rule 5608 and to be effective as of October 2, 2023. A copy of our clawback policy is attached as Exhibit 97 hereto.
The scope and content of the U.S. regulators’ policies on executive compensation are continuing to develop and are likely to continue evolving. It cannot be determined at this time whether compliance with such policies will adversely affect our ability to hire, retain, and motivate our key employees.
Legislative and Regulatory Initiatives
From time to time, various legislative and regulatory initiatives are introduced in Congress and state legislatures, as well as by regulatory agencies. Such initiatives may include proposals to expand or contract the powers of bank holding companies and depository institutions or proposals to substantially change the financial institution regulatory system. Such legislation could change banking statutes and our operating environment in substantial and unpredictable ways. Such changes could have a material effect on our business, including increasing our cost of doing business, affecting our compensation structure, or limiting or expanding permissible activities. We cannot predict whether any such changes will be adopted and we cannot determine the ultimate effect that potential legislation, if enacted, or implementing regulations with respect thereto, would have upon our financial condition or results of our operations. The same uncertainty exists with respect to regulations authorized or required under the Dodd-Frank Act, but that have not yet been proposed or finalized. There is also the possibility that the Dodd-Frank Act or other federal laws may be revised by Congress in the future because certain bills have been introduced into Congress from time to time that would amend certain provisions of the Dodd-Frank Act, or other federal legislation relating to financial institutions. Similarly, it is possible that the legislatures of the State of Texas or the State of Oklahoma would amend applicable state laws relating to us or our Subsidiary Banks.
24
Item 1A. Risk Factors
Risk Factors
An investment in the Company’s common stock involves risks. The following is a description of the material risks and uncertainties that the Company believes affect its business and an investment in its common stock. If any of the risks described below were to occur, our financial condition, results of operations and cash flows could be materially and adversely affected. If this were to happen, the value of the common stock could decline significantly and all or part of an investment could be lost.
Risks Related to Our Business
Our allowance for probable loan losses may be insufficient.
The determination of an appropriate level of loan loss allowance is an inherently difficult process and is based on numerous assumptions. This allowance represents management’s best estimate of probable losses that may exist within our existing loan portfolio. The determination of the appropriate level of the allowance for probable loan losses inherently involves a high degree of subjectivity and requires management to make significant estimates and assumptions regarding current credit risks and future trends, all of which may undergo material changes. In addition, if future charge-offs exceed the allowance for probable loan losses, we may need to increase the allowance for probable loan losses. Any increases in the allowance for probable loan losses will result in a decrease in net income and capital and may have a material adverse effect on our financial condition and results of operations.
Our adoption of ASU 2016-13, as amended, on January 1, 2020 impacted our methodology for estimating the allowance for credit losses. Adopting the CECL methodology pursuant to ASU 2016-03 increased our allowance for probable loan losses and resulted in a one-time cumulative-effect adjustment to retained earnings upon adoption. For additional information on the CECL methodology, see “Notes to Consolidated Financial Statements – (4) Allowance for Credit Losses” in our 2023 Annual Report to Shareholders, which is filed as Exhibit 13 hereto.
If real estate values in our target markets decline, the loan portfolio would be impaired.
A significant portion of our loan portfolio consists of loans secured by real estate located in the markets we serve. An adverse change in the economy affecting real estate values generally or in our target markets could significantly impair the value of collateral underlying certain of our loans and our ability to sell the collateral at a profit or at all upon foreclosure.
We operate in a highly competitive industry and market area.
We face substantial competition from a variety of different competitors in our market areas, many of which are larger and may have more financial resources. These competitors include national, regional, and community banks within the various markets we serve. We also face competition from many other types of financial institutions, including credit unions, finance companies, brokerage firms, insurance companies, factoring companies, and other financial intermediaries. Many of our competitors have fewer regulatory constraints and lower cost structures, which may allow them to offer better pricing on a broader range of products and services. Also, technology and other changes are allowing parties to complete financial transactions that historically have involved banks through alternative methods. The process of eliminating banks as intermediaries could result in the loss of fee income, as well as the loss of customer deposits and related income. Technology and other changes have lowered barriers to entry and made it possible for non-banks to offer products and traditionally offered by banks. In particular, the activity of financial technology companies (fintechs) has grown significantly over recent years and is expected to continue to grow. Fintechs have and may continue to offer bank or bank-like products and a number of fintechs have applied to bank or industrial loan charters. In addition, other fintechs have partnered with existing banks to allow them to offer deposit products to their customers. The loss of revenue streams and the reduction of lower cost deposits as a source of funds could have a material adverse effect on our financial condition and results of operations.
25
External funding which we rely on, in part, to provide liquidity may not be available to us on favorable terms or at all.
Liquidity is the ability to meet cash flow needs on a timely basis at a reasonable cost. We rely on deposits, repurchase agreements, advances from the Federal Home Loan Bank (FHLB) of Dallas, the FHLB of Topeka and other borrowings to meet our liquidity demands. If we were unable to access any of these funding sources when needed, we might be unable to meet customers’ needs, which could adversely impact our financial condition, results of operations, cash flows and liquidity, and level of regulatory-qualifying capital. Our ability to borrow could also be impaired by factors that are not specific to us, such as a disruption in the financial markets or negative views and expectations about the prospects for the financial services industry.
Our earnings are subject to interest rate risk.
Interest rates are highly sensitive to many factors that are beyond our control, including general economic conditions such as inflation and unemployment rates, market forces like geopolitical tensions and investor sentiment, and policy decisions made by the Federal Reserve and other governmental and regulatory agencies. Changes in monetary policy, interest rates, the yield curve, or market-risk spreads, a prolonged inverted yield curve or instability in domestic or foreign financial markets could negatively influence the interest we receive on loans and securities, as well as the amount of interest we pay on deposits and borrowings. Since March 2022, the Federal Reserve has increased interest rates a total of eleven times, with the last hike occurring in July 2023 when target interest rates reached their current range of 5.25% to 5.50%, with a benchmark rate at about 5.4%, the highest level in more than two decades. Although the Federal Reserve has held rates steady since then and indicated that rate reductions would occur sometime in 2024, the timing and extent of those rate cuts are uncertain. Volatility in interest rates may impact our net interest income and the valuation of our assets and liabilities. If the interest rates paid on deposits and other borrowings increase at a faster rate than the interest rates received on loans and other investments, our net interest income, and therefore earnings, could be adversely affected. Earnings could also be adversely affected if the interest rates received on loans and other investments fall more quickly than the interest rates paid on deposits and other borrowings. Any substantial, unexpected, or prolonged change in market interest rates could have a material adverse effect on our financial condition and results of operations.
We are subject to or may become subject to extensive government regulation and supervision.
Our operations are subject to extensive regulation by federal, state, and local governmental authorities and are subject to various laws and judicial and administrative decisions imposing requirements and restrictions on part or all of our operations. These regulations affect our lending practices, capital structure, investment practices, dividend policy, data and privacy protection policies, and growth, among other things. The statutory and regulatory framework under which we operate has changed substantially over the years, and will likely continue to do so. These changes and other changes to statutes and regulations, including changes in the interpretation or implementation of statutes, regulations, or policies, could affect our operations in substantial and unpredictable ways. Such changes could subject us to additional costs, limit the types of financial services and products we may offer and/or increase the ability of non-banks to offer competing financial services and products. Failure to comply with laws, regulations, or policies could result in sanctions by regulatory agencies, civil money penalties and/or reputation damage, which could have a material adverse effect on our business, financial condition, and results of operations.
Our potential future acquisitions and branch expansion could be adversely affected by a number of factors.
Acquisitions of other financial institutions and branch expansion have been a key element of our growth in the past. There are a number of factors that may impact our ability to continue to grow through acquisition transactions, including strong competition from other financial institutions who are active or potential acquirers of financial institutions in our existing or future markets. Acquisitions of other financial institutions and new branches must be approved by bank regulators and such approvals are dependent on many factors, including the results of regulatory examinations and CRA ratings.
26
We rely heavily on our chief executive officer.
We have experienced substantial growth in assets and deposits, particularly since Dennis E. Nixon became our President in 1979. We do not have an employment agreement with Mr. Nixon and the loss of his services could have a material adverse effect on our business and prospects.
Our information systems may experience an interruption or breach in security.
We rely heavily on communications and information systems to conduct our business. Our products and services involve the gathering, storage, and transition of sensitive information regarding our customers and their accounts. While we conduct our own data processing, we are reliant on certain external vendors to provide products and services necessary to maintain our day-to-day operations. As a financial institution we are also subject to and examined for compliance with an array of data protection laws, regulations, and guidance, as well as our own internal privacy and information security policies and programs. If our information systems or infrastructure experience a significant disruption or breach, it could lead to unauthorized access to personal or confidential information of our customers in our possession and unauthorized access to our proprietary information, methodologies, and business secrets. Any failure, interruption, or breach in security of these systems could result in failures or disruptions in our customer relationship management, general ledger, deposit, loan, and other systems. In addition, if our partners, vendors, or other market participants experience a disruption or breach, it could lead to unauthorized transactions on our or our customer accounts, or unauthorized access to personal or confidential information maintained by those entities. The occurrence of any failures, interruptions, or security breaches of these information systems could damage our reputation, result in a loss of customer business, subject us to additional regulatory scrutiny, or expose us to civil litigation and possible financial liability, any of which could have a material adverse effect on our financial condition and results of operations.
Additional capital or funding to increase liquidity levels may not be available when needed or at all.
Our ability to raise additional capital, if needed, will depend on, among other things, conditions in the capital markets at that time, which are outside our control, and our financial performance. We have historically had access to a number of alternative sources of liquidity, but if there is an increase in volatility in the credit and liquidity markets, there is no assurance that we will be able to obtain such liquidity on terms that are favorable to us, or at all. If we were unable to access any of these funding sources when needed, we might be unable to meet customers’ needs, which could adversely impact our financial condition, results of operations, cash flows and liquidity, and level of regulatory-qualifying capital.
Our holding company relies on dividends from our Subsidiary Banks for most of our revenue.
Our holding company receives substantially all of our revenue from dividends from our Subsidiary Banks. These dividends are the principal source of funds to pay dividends on our common stock to shareholders of our holding company, as well as interest and principal on our holding company’s debt. Various federal and/or state laws and regulations limit the amount of dividends that our Subsidiary Banks may pay to our holding company. Our Subsidiary Banks’ ability to pay dividends to us is subject to, among other thing, their earnings, financial condition and need for funds, as well as federal and state governmental policies and regulations applicable to our holding company and Subsidiary Banks which limit the amount that may be paid as dividends without prior regulatory approval, including a statutory requirement that our holding company serve as a source of financial strength for our Subsidiary Banks. Although our holding company has historically declared semi-annual cash dividends on our common stock, we are not required to do so and may reduce or cease to pay common stock dividends in the future. If we reduce or cease to pay common stock dividends, the market price of our common stock could be adversely affected.
Severe weather, natural disasters, pandemics, acts of war or terrorism and other external events could significantly impact our business.
Severe weather, natural disasters, pandemics, acts of war or terrorism and other adverse external events could have a significant impact on our ability to conduct business. These events could affect the stability of our deposit base, impair the ability of borrowers to repay outstanding loans, impair the value of collateral securing loans, cause significant property damage, result in loss of revenue and cause us to incur additional expenses. Although we have established disaster
27
recovery policies and procedures, any such event(s) in, near, or affecting the markets we serve could have a material adverse effect on our business.
An impairment in the carrying value of our goodwill could negatively impact our earnings and capital.
Goodwill is initially recorded at fair value and is not amortized, but is reviewed for impairment at least annually or more frequently if events or changes in circumstances indicate that the carrying value may not be recoverable. If we experience disruption in our business, unexpected significant declines in our operating results, or sustained market capitalization declines, it could result in goodwill impairment charges in the future, which would be recorded as charges against earnings. We performed an annual goodwill impairment assessment as of October 1, 2023. Based on our analyses, we concluded that the fair value of our reporting units exceeded the carrying value of our assets and liabilities and, therefore, goodwill was not considered impaired. Depending on the response of the financial industry to the legal, regulatory, and competitive changes related to interchange fees, overdraft services and interest on demand deposit accounts, financial institutions may need to change their policies, procedures, and operating plans in the future to compete more effectively. Such changes may require certain financial institutions to take a goodwill impairment charge to account for anticipated reduction in revenue related to such changes, which could have a material adverse effect on our financial condition and results of operation.
We are subject to environmental liability risks as a result of certain lending activities.
A significant portion of our loan portfolio is secured by real property. During the ordinary course of business, we may foreclose on and take title to properties securing certain loans. There is a risk that hazardous or toxic substances could be found on these properties. If hazardous or toxic substances are found, we may be liable for remediation costs, as well as for personal injury and property damage. Environmental remediation may require us to incur substantial expenses and may materially reduce the affected property’s value or limit our ability to use or sell the affected property. In addition, future laws or more stringent interpretations or enforcement policies with respect to existing laws may increase our exposure to environmental liability. The remediation costs and any other financial liabilities associated with an environmental hazard could have a material adverse effect on our financial condition and results of operations.
Our controls and procedures may fail or be circumvented.
Our management is responsible for establishing and maintaining adequate internal control over financial reporting and for evaluating and reporting on its system of internal controls. While management regularly reviews and updates our internal controls, disclosure controls and procedures, and corporate governance policies and procedures, any failure or circumvention of our controls and procedures or failure to comply with regulations related to controls and procedures could have a material adverse effect on our business, results of operations and financial condition.
New lines of business or new products and services may subject us to additional risks.
From time to time, we may implement new lines of business or offer new products and services within existing lines of business. In developing and marketing new lines of business and/or new products and services, we may invest significant time and resources. Initial timetables for the introduction and development of new lines of business and/or new products may not be achieved and price and profitability targets may not prove feasible. Compliance with regulations, competitive alternatives, and shifting market preferences, may also impact the successful implementation of a new line of business or a new product or service. Failure to successfully manage these risks in the development and implementation of new lines of business or new products or services could have a material adverse effect on our business, results of operations and financial condition.
Our accounting estimates and risk management processes rely on analytical and forecasting tools and models.
The processes we use to estimate probable loan losses and to measure the fair value of financial instruments, as well as the processes used to estimate the effects of changing interest rates and other market measures on our financial condition and results of operations, depends upon the use of analytical tools and forecasting models. These tools and models reflect assumptions that may not be accurate, particularly in times of market stress or other unforeseen
28
circumstances. Even if these assumptions are adequate, the tools or models may prove to be inadequate or inaccurate because of other flaws in their design or their implementation. Any such failure in our analytical or forecasting tools or models could have a material adverse effect on our business, financial condition, and results of operations.
We may be adversely affected by declining crude oil prices.
Decreased market oil prices compress margins for many U.S., Texas, and Oklahoma-based oil producers, particularly those that utilize higher-cost production technologies such as hydraulic fracking and horizontal drilling, as well as oilfield service providers, energy equipment manufacturers and transportation suppliers, among others. Energy production and related industries represent a large part of the economies in some of our primary markets. Furthermore, a prolonged period of low oil prices could also have a negative impact on the U.S. economy and, in particular, the economies of energy dominant states such as Texas and Oklahoma. Accordingly, a prolonged period of low oil prices could have a material adverse effect on our business, financial condition, and results of operation.
Risks Related to the Company’s Industry
Our success depends significantly on economic conditions in the local markets in which we operate.
Our success depends, to a certain extent, on local, national, and international economic and political conditions and local, as well as governmental monetary policies. We are particularly affected by conditions in our primary market areas of south, central, and southeast Texas, including Austin, Dallas and Houston, the State of Oklahoma and Mexico. If economic conditions in these market areas weaken or worsen due to a decline in oil prices or other factors, or fail to improve or to continue to improve, we could experience an increase in loan delinquencies and non-performing assets, decreases in loan collateral values and a decrease in demand for our products and services, any of which could have a material adverse impact on our financial condition and results of operations.
We depend on the accuracy and completeness of information about customers and counterparties as well as the soundness of other financial institutions.
In deciding whether to extend credit or enter into other transactions, we may rely on information furnished by or on behalf of customers and counterparties, including financial statements, credit reports and other financial information. We also rely on representations of those customers, counterparties, financial institutions or other third parties, such as independent auditors, as to the accuracy and completeness of that information. Reliance on inaccurate or misleading financial statements, credit reports or other financial information or problems with the soundness of other financial institutions with which we interact could have a material adverse impact on our business and our financial condition and results of operations.
If we do not adjust to rapid changes in the financial services industry, our financial performance may suffer.
Our ability to deliver strong financial performance and returns on investment to shareholders will depend in part on our ability to expand the scope of available financial services to meet the needs and demands of our customers and our ability to stay abreast of technological innovations and evaluate those technologies that will enable us to compete on a cost-effective basis. In addition to traditional banks, our competitors also include securities dealers, brokers, mortgage bankers, investment advisors, specialty finance and insurance companies who seek to offer one-stop financial services that may include services that banks have not been able or allowed to offer to their customers in the past. The continued competitive environment in our industry is primarily a result of changes in regulation, technology, and product delivery systems, and the accelerating pace of consolidation among financial service providers. Changes in the financial industry may result in the loss of fee income, as well as the loss of customer deposits and the related income generated from those deposits. The loss of these revenue streams and the lower cost deposits as a source of funds could have a material adverse effect on our financial condition and results of operations. Further, the costs of new technology, including personnel, can be high in both absolute and relative terms. There can be no assurance, given the fast pace of change and innovation, that our technology will meet or continue to meet our operational needs and the needs of our customers.
29
We are subject to claims and litigation pertaining to intellectual property.
Banking and other financial services companies, including us and our Subsidiary Banks, rely on technology companies to provide information technology products and services necessary to support our day-to-day operations. Technology companies frequently enter into litigation based on allegations of patent infringement or other violations of intellectual property rights. Such claims may increase in the future as the financial services sector becomes more reliant on information technology vendors. The plaintiffs in these actions frequently seek injunctions and substantial damages.
Regardless of the scope or validity of such patents or other intellectual property rights, or the merits of any claims by potential or actual litigants, we may have to engage in protracted litigation. Such litigation is often expensive, time-consuming, disruptive to our operations, and distracting to management. If legal matters related to intellectual property claims were resolved against us, we could be required to make payments in amounts that could have a material adverse effect on its business, financial condition, and results of operations.
Our financial condition, results of operation and stock price may be negatively impacted by negative publicity risk, diminished depositor confidence in depository institutions, and the increased threat of bank-run contagion.
A total of five FDIC-insured banks failed between March to November 2023, three of which occurred during a less than two-month period from March to May 2023. The collapse of those banks, coupled with lingering fears of an economic downturn and market instability, have eroded customer confidence in the banking system and caused widespread market volatility among publicly traded bank holding companies. The collapse of those banks, the resulting coverage by media organizations, and the rapid spread through social media of negative sentiments concerning the banking industry have caused customers to doubt the safety and soundness of financial institutions, especially regional and community banks, and created a threat of bank-run contagion. Our reputation and the confidence our customers have in our business may be damaged by adverse publicity and negative information regarding the wider financial-services industry generally. As a result, customers may choose to maintain deposits with larger financial institutions, to remove their deposits from the banking system altogether, or to invest in higher yielding, short-term fixed-income securities, which could adversely impact our liquidity, loan funding capacity, net interest margin, and results of operations. Although we have amplified our efforts to promote deposit insurance coverage with our customers, to proactively communicate with our customers in order to address any depository fears they may be experiencing as a result of the unrelated bank failures, and to implement policies for effectively managing our liquidity, deposit portfolio retention and other related matters, our financial condition, results of operation and stock price may be adversely affected by future negative events within the banking industry and negative customer or investor responses to such events.
Recent volatility in the banking industry could prompt new legislation, regulations, and policy changes that could cause us to be subjected to additional regulatory oversight and supervision.
Negative developments in the banking industry during the past year, culminating in the failures of five banks, have prompted responses by the FDIC, the Federal Reserve, and the U.S. Treasury Secretary to protect the depositors of those failed institutions and to attempt to reinstate diminished public confidence in depository institutions. Congress and federal banking regulators have also intervened by initiating investigations into the root causes of the failures in an attempt to both understand and hold accountable the parties and policies responsible for the rapid banking crisis. Ultimately, congressional and regulatory oversight and supervision may result in the imposition of new legislation, regulations, and policy changes aimed at tightening risk-management practices, heightening standards for managing interest rate and liquidity risks, and minimizing financial contagion. While we cannot predict with certainty what interventions and initiatives legislators and regulatory agencies may pursue, any of the changes described above could affect our operations in substantial and unpredictable ways. Such changes could be subject to additional costs, limit the types of financial services and products we may offer, and/or increase the ability of non-banks to offer competing financial services and products. Failure to comply with laws, regulations, or policies could result in sanctions by regulatory agencies, civil money penalties and/or reputation damage, which could have a material adverse effect on our business, financial condition, and results of operations.
30
The Dodd-Frank Act, the powers of the CFPB, and the FDIC Overdraft Payment Supervisory Guidance may increase the likelihood of lawsuits against financial institutions.
The Dodd-Frank Act provides that courts must make preemption determinations on a case-by-case basis with the respect to particular state laws and can no longer rely on blanket preemption determinations. Also, the CFPB is authorized to protect consumers from “unfair,” “deceptive” and “abusive” acts and practices. Depending on the future actions of the CFPB, the likelihood of lawsuits against financial institutions related to allegedly “unfair,” “deceptive” and “abusive” acts and practices could increase. Moreover, the costs related to such lawsuits would be significantly increased if the CFPB restricts the use of arbitration and/or class action waivers in consumer banking contracts.
Risks Related to the Company’s Stock
The trading price of our common stock may be volatile.
The trading price of our common stock has fluctuated over time due in part to actual or anticipated variations in our earnings, changes in government regulations, policies and guidance, news reports of trends, concerns and other issues related to the financial services industry, operating and stock performance of our peer companies, new technology used or services offered by traditional and non-traditional competitors, continued low trading volume in our common stock and the impact of short-selling activity in our common stock. Moreover, general market price declines or market volatility in the future could adversely affect the trading price of our common stock.
The holders of our junior subordinated debentures have rights that are senior to those of our shareholders.
As of December 31, 2023, we had approximately $108 million in junior subordinated debentures outstanding that were purchased by our statutory trusts using the proceeds from the sale of trust preferred securities to third party investors. The junior subordinated debentures are senior to our shares of common stock. Payments of the principal and interest on the trust preferred securities are conditionally guaranteed by us to the extent not paid or made by each trust. We must make payments on the junior subordinated debentures (and the related trust preferred securities) before any dividends can be paid on our common stock. While we have the right to defer interest payments on the junior subordinated debentures at any time no dividends may be paid to holders of our common stock during any such deferral, which could cause the trading price of our stock to decline.
Item 1B. Unresolved Staff Comments
N/A
Item 1C. Cybersecurity
Risk Management and Strategy
As a financial institution in today’s digital landscape, we understand that cybersecurity and data protection are of paramount importance to our business, our customers, and our reputation. With the proliferation of online banking and the digitalization of financial services, we recognize that our policies and procedures for safeguarding sensitive customer data must be as sophisticated as the cyber threats we are defending against. Accordingly, cybersecurity is a high-priority component of our overall risk-management system and risk-control infrastructure. We have implemented robust, multi-layer security procedures and defense strategies that aim to proactively mitigate cyber risks, enable our early detection and prevention of security incidents, minimize our vulnerability to attacks, and protect us from both internal and external cybersecurity threats.
Commensurate with the risks we face and the sensitivity of the data and systems we are protecting, our Information Systems Security Program (ISSP) includes layers of administrative and technical safeguards designed to protect the confidentiality and integrity of sensitive information belonging to us and our employees, partners, and
31
customers, to guard against the unauthorized access, alteration, disclosure, or destruction of that information, and to defend that information from potential, known, emerging, and evolving security risks. We have established multiple control points within our security infrastructure to reduce the risks associated with embedded technologies that could fail or be manipulated by nefarious actors, to prevent the intentional and unintentional infiltration of cybersecurity threats, and to maximize their separation from our sensitive information systems and assets. In developing our ISSP, our policies, standards, and procedures were heavily informed by and incorporated provisions from various sources of statutory and regulatory guidance as well as numerous leading industry frameworks, including the NIST Cybersecurity Framework, various NIST special publications, the Fair Information Practice Principles established by the Federal Privacy Council, the Privacy Management Framework developed by the American Institute of Certified Public Accountants, and the Center for Internet Security’s Critical Security Controls.
As part of our ISSP and strategy for managing cybersecurity risks, we have adopted the following cybersecurity policies:
· | Enterprise Information Systems Security Policy, which, among other objectives, prescribes a comprehensive framework for creating a practice-based Information Security Management System; protecting the confidentiality, integrity, and availability of our data and systems; providing for the development, review, maintenance, and ability to ensure the effectiveness of minimum security controls required to protect our data and systems; and recognizing the highly-networked nature of the current computing environment to provide effective company-wide management and oversight of related cybersecurity risks; |
· | Corporate Account Takeover Policy, which serves to mitigate the risks of corporate account takeover crimes and to document our compliance with the Texas Department of Banking’s Supervisory Memorandum 1029 on “Risk Management of Account Takeovers,” dated September 30, 2019, and the FFIEC’s guidance on “Authentication and Access to Financial Institution Services and Systems,” dated August 11, 2021; |
· | Vendor Management Policy, which provides a risk-based process for identifying, measuring, monitoring, and managing third-party relationships with new and existing vendors by requiring an assessment, categorization, and ranking of the risks associated with each third-party vendor and implements a third-party risk-management process that focuses on risk assessment, due diligence in selecting third-party vendors, contract structuring and review, and ongoing oversight of the operational and financial performance of the third-party vendor’s products and services; |
· | Service Center Physical Security for Data and Computing Equipment Policy, which provides directives for implementing appropriate physical security controls to protect the hardware, infrastructure, and systems that store and transmit our sensitive information and data from damage, unauthorized access, and loss of availability; to monitor, analyze, and properly disclose security alerts and information; and to administer other administrative and technical operational security procedures; and |
· | Security Incident Response Policy, which establishes the steps necessary to ensure a timely and adequate response to security incidents impacting our security systems or infrastructure. |
Some of the steps we have taken and processes we have implemented to assess, identify, and manage material risks from cybersecurity threats include the following:
· | Forming an IT Cybersecurity Committee (ITCC), which consists primarily of members of our management team and IT department, to develop and oversee our cybersecurity policies and infrastructure and establishing a multi-tiered reporting and governance system pursuant to which our ITCC reports to our Service Center Board, which reports to our Risk Committee, which reports to our Board; |
· | Implementing heightened safety measures, physical-security controls, and controlled-access requirements to protect the Service Center that houses the hardware and infrastructure used to store and transmit sensitive and confidential bank, customer, and employee information in accordance with the FFIEC IT Examination Handbook on Information Security and designating a specialized Service Center Board within the Service Center Department to oversee the protection of the Service Center’s physical integrity; |
32
· | Maintaining a clearly defined ISSP, which prescribes measures to establish and enforce our security program, addresses each component of our information security (IS) position, and advances our objectives of protecting and managing risks to our data and security systems by establishing policies, standards, controls, procedures, and guidelines that address topics such as security and privacy governance, statutory, regulatory, and contractual compliance, business and disaster recovery, change management, identification and authentication processes, expectations for continuous monitoring, asset management, third-party provider management, endpoint security, and incident responses, among others; |
| ● | Conducting an annual self-assessment using the Cyber Risk Institute (based on the NIST Cybersecurity Framework) to review our cyber risk-management strategy and framework, assess the effectiveness and legal and regulatory compliance of our organizational cybersecurity policy, and evaluate our policies and procedures for identifying risks, protecting information, detecting security threats, responding to cyber incidents, executing recovery plans, and managing levels of external dependence and resiliency; |
· | Conducting regular cybersecurity training for our employees regarding security awareness, the proper use and handling of sensitive information, and the protocols in place to identify, assess, and manage any cybersecurity threats and periodically testing employees’ cybersecurity knowledge, policy compliance, and response rates by engaging with third-party providers to conduct internal social engineering campaigns; |
· | Engaging in security-incident preparedness simulations and completing disaster recovery and resilience tests designed to test and strengthen any vulnerabilities in our cybersecurity infrastructure; |
· | Employing robust encryption and anonymization technologies and other cybersecurity monitoring and auditing systems to fortify our cybersecurity framework, including through our Online Banking Enhanced Security Program, which requires the authorized users on a customer’s account to be validated and employs multi-factor authentication (MFA), which requires each of our retail and commercial customers to authenticate their identities by entering a secure access code that our MFA system automatically generates and sends to the customer each time there is an attempted login to the customer’s online banking account; |
· | Implementing MFA protections for our treasury customers by prohibiting their initiation of ACH transactions or wire transfers until they authenticate their identities using a security token that is generated and sent by our online-banking MFA system; |
| ● | Monitoring electronic mail and other network intrusion attempts with various tools to identify and stop intrusion and malware threats; |
| ● | Scanning and assessing vulnerabilities arising from software and hardware on our network infrastructure, ATMs, software applications, computers, copiers and other electronic assets to ensure that vulnerabilities are identified and resolved timely; |
· | Establishing a risk-appetite profile, which we review at least annually to regularly assess our cybersecurity infrastructure and software systems in a manner that ensures we capture their current state and identify emerging risks that would require changes in our cyber environment; |
· | Leveraging internal and external auditors as well as security consultants to review the procedures, systems, and controls that comprise our ISSP to evaluate their design and operational effectiveness and to address any operational deficiencies or security weaknesses; and |
· | Maintaining an Incident Response Plan that establishes our procedures and standards for responding to actual or potential cybersecurity threats or incidents, which we review at least annually. |
33
Furthermore, our IT security infrastructure and cybersecurity policies are designed to monitor and manage security risks associated with any third-party service providers, suppliers, software and hardware vendors, contractors, and consultants we collaborate with (hereinafter, collectively, Vendors) who might store, process, collect, share, create, transmit, destroy, or access any of our sensitive data. Our Vendor Management Policy establishes clearly defined requirements of engagements with Vendors and requires them to uphold similar security standards to those we internally require. Depending on their risk level, we may subject certain Vendors to heightened security requirements, such as enhanced risk assessments, ongoing monitoring, or additional contractual controls to restrict their levels of information access.
Governance
IT Cybersecurity Committee. As part of our cybersecurity governance framework and for purposes of establishing and maintaining our ISSP, we have established an IT Cybersecurity Committee (ITCC), which consists predominantly of members of our management team and IT department. The ITCC is subject to oversight by the Service Center Board, the Risk Committee, and the Board. The Risk Committee of the Board works directly with the ITCC to develop and implement our policies and procedures concerning cybersecurity and data protection. As stated in the Risk Committee Charter, our Risk Committee reviews management reports on the adequacy of our data-governance activities and IT security program; evaluates risks related to customer information, significant outsourcing with third parties or Vendors, and operational outsourcing arrangements; reviews, evaluates, and updates our data-governance framework, processes, and systems for identifying, assessing, and managing data risks that impact critical business operations; and reviews and evaluates our overall risk-management framework.
The ITCC meets at least quarterly to discuss its oversight of our cybersecurity policies and procedures, risk-management practices and controls, and efforts to mitigate and prevent cybersecurity risks. The ITCC may meet more frequently if required by our Incident Response Plan to facilitate timely response, monitoring, risk-management, and recovery efforts. The ITCC is also charged with periodically reporting to management, the Board, and the Risk Committee, the status and results of our compliance with our security program, results of security assessments, and effectiveness of remediation activities.
Other Committees. In addition to the ITCC and Risk Committees, we have established a Technology Committee, a Senior Management Committee, and a Business Continuity and Disaster Recovery (BC/DR) Committee. Each oversees aspects of our ISSP and coordinates with the ITCC to implement various cybersecurity procedures.
Chief Information Security Officer. In addition to establishing the ITCC and other committees, we designated a Chief Information Security Officer (CISO) to oversee all aspects of our IS policies, procedures, and controls. Our CISO reports to our Senior Management Committee, the ITCC, the Risk Committee, and the Chairman of the Board. At least annually, the CISO presents all of our IS policies to the Board. The CISO is also tasked with maintaining an effective Security Awareness Program and providing training to our management, Board, and employees on an annual basis. Additionally, the CISO meets with our Audit Committee on a quarterly basis to inform them of material cybersecurity-related regulatory updates and with our full Board on a monthly basis to discuss and provide pertinent regulatory information.
Procedures Governing our Cybersecurity Incident Responses. Our multi-layered, cross-functional approach to cybersecurity governance provides adequate checks and balances on the implementation of our cybersecurity protocols, enables us to effectively monitor both internal and external cyber risks, and allows for the swift escalation of any potential cybersecurity incidents to the appropriate levels of management so that assessments concerning materiality, potential disclosure, and possible responsive actions can be timely made. Our approach to cybersecurity governance is modeled in the Incident Response Team (IRT) that we have established to timely address cybersecurity incidents and minimize any disruptions to our business operations and customer activities caused by cyber threats or attacks. Designated IRT personnel are available 24 hours per day, seven days per week to respond to potential incidents. Having an integrated team for incident response facilitates information sharing, which allows organizational personnel, including developers, implementers, and operators, to leverage the team knowledge of the threat in order to implement defensive measures that
34
will deter intrusions more effectively. In the event of a potential cybersecurity incident, our IRT is responsible for implementing our Security Incident Response Policy, in accordance with which the following steps occur:
· | After becoming aware of a potential cybersecurity incident, our IT Service Desk reports the incident and any pertinent information to our CISO. Our IT Service Desk is the central point of contact for reporting computer incidents or intrusions. |
· | The CISO then conducts a preliminary analysis of the incident and determines whether activating the full IRT is warranted. Types of incidents that would generally require the activation of our IRT include but are not limited to a breach of personal information, a denial-of-service (DoS) or distributed DoS attack, excessive port scans, a firewall breach, or a virus or malware outbreak. |
· | If the type of incident or the threat created by the incident necessitates a full-scale response by the IRT, the CISO notifies a team of network and security engineers, security analysts, and Windows / Unix / Linux systems administrators (collectively, the IT Security and Engineering Teams). |
· | At the CISO’s direction, the IT Security and Engineering Teams gather intel regarding the incident and take pre-planned steps to mitigate harm, address system weaknesses, and block ongoing threats. For example, our network engineers analyze network traffic for external attacks, search for signs of a firewall breach, and take action to block a suspected intruder’s network traffic; our security analysts and engineers look for indications of an attack or suspicious activity by monitoring and reviewing the network activity of our business applications and the audit logs of our mission-critical servers; and our systems administrators examine system logs of our critical systems for any abnormal activity, confirm our mission-critical computers are up to date on all service packs and patches, and ensure backups have been created for our critical systems. |
· | The CISO reports the incident to our executive management team, Service Center Board, and ITCC. |
· | Our CISO, executive management team, Service Center Board, and ITCC evaluate the type and severity of the incident, review applicable legal and regulatory requirements for disclosing cybersecurity incidents, and determine whether, when, and to whom the incident must be reported. |
Procedures Governing our Third-Party Vendor Relationships. Similar to our governance approach with respect to responding to cybersecurity incidents, we have implemented a layered, collaborative governance system to manage our third-party Vendor relationships and to implement our Vendor Management Policy. Prior to working with any Vendor, we conduct a comprehensive security screening to evaluate the Vendor’s security protocols and identify any potential vulnerabilities that could compromise our sensitive data. At least annually, we also perform a security assessment of the Vendor to identify any change in the Vendor’s security posture that may negatively impact the security of our information systems. Our CISO or other designated IS personnel oversees and makes a final recommendation regarding the Vendor security assessments, determines the necessity of Vendor site visits, and coordinates and provides a final report on any site visit that occurs. Our Vendor relationships are monitored by our Vendor Management Department, the day-to-day operations of which are led by our Vendor Manager. In coordination with the applicable Business Unit Manager, the Vendor Manager categorizes and ranks the risks presented by our Vendors, performs Vendor due diligence, and provides periodic reports to our Board and Risk Committee concerning Vendor risk management. Before entering into any Vendor contract, the Business Unit Manager that will be contracting for the Vendor’s service or product must perform a thorough risk evaluation. In addition to working alongside the Vendor Manager to categorize and rank Vendor risks, the Business Unit Manager participates in contract review and negotiations, establishes performance-monitoring controls, and completes Vendor reviews. The CISO or other designated IS personnel may participate with the Business Unit Manager in contract negotiations as needed.
Procedures Governing our Corporate Account Takeover Responses. Like our approaches to responding to cybersecurity incidents and managing our Vendor relationships, our strategy for managing corporate account takeover (CATO) threats integrates organizational operations at multiple governance levels involving our Board, executive management team, members of our Senior Management of Electronic Banking Services (EBS Management Team), an Electronic Banking Services Manager (EBS Manager), and our CISO. Our Board reviews our CATO Policy for
35
compliance with the Texas Department of Banking standards for the risk management of CATOs and charges our EBS Management Team with the responsibility of determining necessary courses of action to ensure adherence to applicable guidance and regulations. Our EBS Management Team also ensures that our CATO Policy is understood and complied with across all of our operational divisions. Some of the responsibilities of our EBS Manager include developing, implementing, and maintaining policies and procedures to comply with our CATO Policy, coordinating the performance of period risk assessments of IBC Link, our online banking product, establishing trainings for IBC Link customers regarding security controls that mitigate CATO risks, reporting CATO incidents to executive management, and coordinating with our management team and IBC Link customers if an actual or threatened CATO attack is identified. Our CISO is responsible for ensuring appropriate security controls are implemented to prevent, detect, and respond to CATOs, establishing incident-response procedures to be employed if a CATO threat is in progress, and timely notifying our primary federal regulator of any CATO incidents that are required to be disclosed to comply with applicable laws, regulations, and CATO Policy procedures.
Notwithstanding the robust nature of our defensive measures and security processes and the multi-layered governance system that we have established to mitigate, monitor, analyze, and respond to incidents, cybersecurity threats are increasingly difficult to detect, and the risk of a data breach or cyber-attack is pervasive and severe. While we do not believe our business strategy, results of operations, or financial condition have been materially adversely affected by any cybersecurity threats or incidents, there is no assurance that we will not be materially affected by such threats or incidents in the future. We will continue to monitor cybersecurity risks, stay apprised of changes in the cyber environment, and invest in strengthening our cybersecurity infrastructure. For additional information on our risks related to cybersecurity, please see “Risk Factors—Risks Related to Our Business—Our information systems may experience an interruption or breach in security.”
Item 2. Properties
Our principal offices are located at 1200 San Bernardo Avenue, Laredo, Texas and 2418 Jacaman Road, Laredo, Texas in buildings we own and completely occupy and containing approximately 147,000 square feet. The Subsidiary Banks have main banking and branch facilities. All the facilities are customary to the banking industry. The Subsidiary Banks own most of their banking facilities and the remainder are leased. The facilities are located in the regions of Laredo, San Antonio, Austin, Dallas, Houston, Zapata, Eagle Pass, the Rio Grande Valley of Texas, the Coastal Bend area of Texas, and throughout the State of Oklahoma.
None of our Texas state chartered Subsidiary Banks, without the prior written consent of the Texas Banking Commissioner, may invest in an amount in excess of its Tier 1 capital in bank facilities, furniture, fixtures and equipment. Our Oklahoma state chartered Subsidiary Bank, without the prior written consent of the Oklahoma Banking Commissioner, may not invest in an amount in excess of its Tier 1 and Tier 2 capital in bank facilities, furniture, fixtures and equipment. None of the Subsidiary Banks exceeds such applicable limitation.
Item 3. Legal Proceedings
We and our subsidiaries are involved in various legal proceedings that are in various stages of litigation. We and our subsidiaries have determined, based on discussions with our counsel that any material loss in such actions, individually or in the aggregate, is remote or the damages sought, even if fully recovered, would not be considered material to our consolidated financial position or results of operations. Many of these matters are in various stages of proceedings and further developments could cause management to revise our assessment of these matters. Further information regarding legal proceedings has been provided in Note 16 of the Notes to Consolidated Financial Statements located on page 65 of the 2023 Annual Report to Shareholders, which is filed as Exhibit 13 hereto and incorporated herein by reference.
Item 4. Mine Safety Disclosures
None
36
Item 4A. Executive Officers of the Registrant
Certain information is set forth in the following table concerning the executive officers of the Company, each of whom has been elected to serve until the 2023 Annual Meeting of Shareholders and until his or her successor is duly elected and qualified.
Name |
| Age |
| Position of Office |
| Officer of |
|
Dennis E. Nixon | 81 | Chairman of the Board of the Company since 1992, President of the Company since 1979, Chief Executive Officer and Director of IBC | 1979 | ||||
Dalia F. Martinez | 63 | Vice President of the Company since 2021, Executive Vice President of IBC | 2021 | ||||
Judith I. Wawroski | 49 | Treasurer of the Company since 2017, Principal Financial Officer of the Company since 2017, Executive Vice President of IBC | 2017 | ||||
There are no family relationships among any of the named persons. Each executive officer has held the same position or another executive position with our holding company, or our lead Subsidiary Bank IBC Laredo during the past five years.
Part II
Item 5. Market for the Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities
The information set forth under the caption “Common Stock and Dividends,” “Stock Repurchase Program,” and “Equity Compensation Plan Information” located on pages 22 and 23 of our 2023 Annual Report is incorporated herein by reference.
Item 6. Selected Financial Data
The information set forth under the caption “Selected Financial Data” located on page 1 of our 2023 Annual Report is incorporated herein by reference.
Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations
The information set forth under the caption “Management’s Discussion and Analysis of Financial Condition and Results of Operations” located on pages 2 through 24 of our 2023 Annual Report is incorporated herein by reference.
Item 7A. Quantitative and Qualitative Disclosures about Market Risk
The information set forth under the caption “Liquidity and Capital Resources” located on pages 15 through 19 of our 2023 Annual Report is incorporated herein by reference.
Item 8. Financial Statements and Supplementary Data
The consolidated financial statements located on pages 25 through 78 of our 2023 Annual Report are incorporated herein by reference.
37
The condensed quarterly income statements located on pages 79 and 80 of our 2023 Annual Report are incorporated herein by reference.
Item 9. Changes In and Disagreements with Accountants on Accounting and Financial Disclosure
None.
Item 9A. Controls and Procedures
As of the end of the period covered by this Annual Report on Form 10-K, an evaluation was carried out by our management with the participation of our Chief Executive Officer and Chief Accounting Officer, of the effectiveness of our disclosure controls and procedures (as defined in Rule 13a-15(e) under the Securities Exchange Act of 1934). Based upon that evaluation, the Chief Executive Officer and Chief Accounting Officer concluded that the disclosure controls and procedures were effective as of the end of the period covered by this report. Additionally, there were no changes in our internal control over financial reporting (as defined in Rule 13a15(f) under the Securities Exchange Act of 1934) that occurred during the quarter ended December 31, 2023 that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.
Management’s Report on Internal Control Over Financial Reporting
Our management is responsible for establishing and maintaining adequate internal controls over financial reporting, as defined under Rules 13a-15(f) and 15d-15(f) of the Securities Exchange Act of 1934. Our internal control over financial reporting is a process designed under the supervision of our Chief Executive Officer and Chief Accounting Officer to provide reasonable assurance regarding the reliability of financial reporting and the preparation of our financial statements for external purposes in accordance with generally accepted accounting principles.
As of December 31, 2023, management assessed the effectiveness of the design and operation of our internal controls over financial reporting based on the criteria for effective internal control over financial reporting established in “Internal Control—Integrated Framework,” issued by the Committee of Sponsoring Organizations of the Treadway Commission in 2013. Based on the assessment, management determined that we maintained effective internal control over financial reporting as of December 31, 2023, based on those criteria.
RSM US LLP, the independent registered public accounting firm that audited our 2023 consolidated financial statements included in this Annual Report on Form 10-K, has audited the effectiveness of our internal controls over financial reporting as of December 31, 2023. Their report, which expresses an unqualified opinion, on the effectiveness of our internal controls over financial reporting as of December 31, 2023 is included in this Item under the heading “Report of Independent Registered Public Accounting Firm.”
38
Report of Independent Registered Public Accounting Firm
Shareholders and the Board of Directors
International Bancshares Corporation
Opinion on the Internal Control Over Financial Reporting
We have audited International Bancshares Corporation and its subsidiaries' (the Company) internal control over financial reporting as of December 31, 2023, based on criteria established in Internal Control — Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission in 2013. In our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 2023, based on criteria established in Internal Control — Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission in 2013.
We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated statements of condition as of December 31, 2023 and 2022, the related consolidated statements of income, comprehensive income, shareholders' equity and cash flows for each of the three years in the period ended December 31, 2023, and the related notes to the consolidated financial statements of the Company and our report dated February 26, 2024 expressed an unqualified opinion.
Basis for Opinion
The Company’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting in the accompanying Management’s Report on Internal Control over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our audit also included performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.
Definition and Limitations of Internal Control Over Financial Reporting
A company's internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the company's assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
/s/
February 26, 2024
39
Item 9B. Other Information
Item 9C. Disclosure Regarding Foreign Jurisdictions that Prevent Inspections
None.
Part III
Item 10. Directors, Executive Officers, and Corporate Governance
There is incorporated in this Item 10 by reference to our definitive proxy statement relating to our 2024 Annual Meeting of Shareholders (i) that portion entitled “ELECTION OF DIRECTORS,” (ii) that portion entitled “Audit Committee” in the portion entitled “MEETINGS AND COMMITTEES OF THE BOARD OF DIRECTORS,” (iii) that portion entitled “Code of Ethics,” in the portion entitled “CORPORATE GOVERNANCE,” and (iv) that portion entitled “DELINQUENT SECTION 16(a) REPORTS.” There is also incorporated in this Item 10 by reference Item 4A of this report entitled “Executive Officers of the Registrant.”
Item 11. Executive Compensation
There is incorporated in this Item 11 by reference to our definitive proxy statement relating to our 2024 Annual Meeting of Shareholders (i) that portion entitled “EXECUTIVE COMPENSATION,” and (ii) that portion entitled “Compensation Committee and Stock Option Plan Committee Interlocks and Insider Participation” in the portion entitled “MEETINGS AND COMMITTEES OF THE BOARD OF DIRECTORS.”
Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters
There are incorporated in this Item 12 by reference those portions of our definitive proxy statement relating to the Company’s 2024 Annual Meeting of Shareholders entitled “PRINCIPAL SHAREHOLDERS,” “SECURITY OWNERSHIP OF MANAGEMENT,” and “Equity Compensation Plan Information” in the portion entitled “EXECUTIVE COMPENSATION.”
Item 13. Certain Relationships and Related Transactions, and Director Independence
There is incorporated in this Item 13 by reference to our definitive proxy statement relating to our 2024 Annual Meeting of Shareholders (i) that portion entitled “INTEREST OF MANAGEMENT IN CERTAIN TRANSACTIONS” and (ii) that portion entitled “Director Independence” in the portion entitled “CORPORATE GOVERNANCE.”
Item 14. Principal Accountant Fees and Services
There is incorporated in this Item 14 by reference that portion of our definitive proxy statement relating to our 2024 Annual Meeting of Shareholders entitled “PRINCIPAL ACCOUNTANT FEES AND SERVICES.”
40
Part IV
Item 15. Exhibits, Financial Statement Schedules
(a) | Documents |
1. | Our consolidated financial statements are incorporated into Item 8 of this report by reference from the 2023 Annual Report to Shareholders filed as Exhibit 13 hereto and they include: |
Reports of Independent Registered Public Accounting Firm (PCAOB ID:
Consolidated: Statements of Income for the years ended December 31, 2023, 2022 and 2021 Statements of Comprehensive Income for the years ended December 31, 2023, 2022 and 2021 |
2. | All Financial Statement Schedules are omitted as the required information is inapplicable or the information is presented in the consolidated financial statements or related notes. |
3. | The following exhibits have previously been filed or are included in this report following the Index to Exhibits: |
41
(32a) | —Certification of Chief Executive Officer pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002 |
(32b) | —Certification of Chief Financial Officer pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002 |
(97) | —International Bancshares Corporation Compensation Clawback Policy |
101++ | —Interactive Data File |
104++ | —Cover Page Interactive Data File |
* | Previously filed |
+ | Executive Compensation Plans and Arrangements |
** | Deemed filed only with respect to those portions thereof incorporated herein by reference |
++ | Attached as Exhibit 101 to this report are the following documents formatted in Inline XBRL (Extensible Business Reporting Language): (i) the Condensed Consolidated Statement of Earnings for the years ended December 31, 2023, 2022 and 2021 (ii) the Condensed Consolidated Balance Sheet as of December 31, 2023 and 2022, (iii) the Condensed Consolidated Statement of Cash Flows for the years ended December 31, 2023, 2022 and 2021, and (iv) Cover Page interactive data. |
Item 16. Form 10-K Summary
None
Exhibit Index
Exhibit 4— | |
Exhibit 13— | International Bancshares Corporation 2023 Annual Report, Exhibit 13, page 1 |
Exhibit 21— | List of Subsidiaries of International Bancshares Corporation as of February 20, 2024 |
Exhibit 23— | |
Exhibit 31a— | Certification of Chief Executive Officer pursuant to Section 302 of the Sarbanes-Oxley Act of 2002 |
Exhibit 31b— | Certification of Chief Financial Officer pursuant to Section 302 of the Sarbanes-Oxley Act of 2002 |
Exhibit 32a— | |
Exhibit 32b— | |
Exhibit 97— | International Bancshares Corporation Compensation Clawback Policy |
Exhibit 101— | Interactive Inline Data File |
Exhibit 104— | Cover Page Inline Interactive Data File |
42
SIGNATURES
Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the Registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.
INTERNATIONAL BANCSHARES CORPORATION | ||
By: | /s/ Dennis E. Nixon Dennis E. Nixon | |
Date: February 26, 2024 | ||
Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed by the following persons on behalf of the Registrant and in the capacities and on the date indicated.
Signatures | Title | Date | ||||||||||||||
/s/ Dennis E. Nixon Dennis E. Nixon | President and Director (Principal Executive Officer) | February 26, 2024 | ||||||||||||||
/s/ Judith I. Wawroski Judith I. Wawroski | Treasurer (Principal Financial Officer) | February 26, 2024 | ||||||||||||||
/s/ Javier de anda Javier de Anda | Director | February 26, 2024 | ||||||||||||||
/s/ Doug Howland Doug Howland | Director | February 26, 2024 | ||||||||||||||
/s/ Rudolph M. Miles Rudolph M. Miles | Director | February 26, 2024 | ||||||||||||||
/s/ Larry Norton Larry Norton | Director | February 26, 2024 | ||||||||||||||
/s/ Roberto resendez Roberto Resendez | Director | February 26, 2024 | ||||||||||||||
/s/ Antonio R. Sanchez, Jr. Antonio R. Sanchez, Jr. | Director | February 26, 2024 | ||||||||||||||
/s/ Diana G. Zuniga Diana G. Zuniga | Director | February 26, 2024 | ||||||||||||||
43