STI 2018 Annual Report

9 subsidiaries to the Company and other Company subsidiaries and limit purchases of assets by the Bank and its subsidiaries from the Company and other Company subsidiaries. The Dodd- Frank Act significantly enhanced and expanded the scope and coverage of the limitations imposed by Sections 23A and 23B, specifically, by including derivative transactions as credit extensions subject to Sections 23A and 23B. Furthermore, the Dodd-Frank Act requires that conforming collateral be maintained for the duration of covered transactions, rather than only at the time of the transaction. The FRB has increased its scrutiny of Regulation W transactions and has supported its supervision over Regulation W compliance with information received through the resolution planning process. The FRB has yet to amend Regulation W or provide guidance in light of the Dodd-Frank Act's changes to Sections 23A and 23B of the Federal Reserve Act. Incentive Compensation In 2010, the FRB and other regulators jointly published final guidance for structuring incentive compensation arrangements at financial organizations. The guidance does not set forth any formulas or pay caps but contains certain principles that companies are required to follow with respect to employees and groups of employees that may expose the company to material amounts of risk. The three primary principles are (i) balanced risk-taking incentives, (ii) compatibility with effective controls and riskmanagement, and (iii) strong corporate governance. The FRBmonitors compliance with this guidance as part of its safety and soundness oversight. In 2016, the FRB, SEC, and other regulators jointly published proposed rules on incentive compensation under Section 956 of the Dodd-Frank Act. The proposed rules would impose several substantive requirements on the form of our incentive compensation, including (i) requiring that incentive compensation payable to a “senior executive officer” or “significant-risk taker” be subject to a 7-year clawback requirement; (ii) requiring a substantial portion of incentive compensation payable to a “senior executive officer” or “significant-risk taker” to be deferred and subject to the risks of downward adjustment and forfeiture; (iii) prohibiting the acceleration of incentive compensation that is required to be deferred, other than in the event of death or disability; (iv) limiting the amount of incentive compensation payable to “senior executive officers” and “significant risk-takers” for the attainment of performancemeasures in excess of target measures (to 125% and 150% of the target amount for “senior executive officers” and “significant risk-takers,” respectively); and (v) requiring the implementation of an independent risk management framework. Most of the federal regulatory agencies charged with jointly implementing Section 956 of the Dodd- Frank Act have not included a reference to these proposed rules in their most recent regulatory agendas. As a result, it is not certain if or when the final rules will be issued. Privacy and Cybersecurity We are subject to many U.S. federal, state, and other laws and regulations governing requirements for maintaining policies and procedures to protect non-public confidential information of our customers. The GLBA requires us to periodically disclose our privacy policies and practices relating to sharing such information and permits consumers to opt out of our ability to share information with unaffiliated third parties under certain circumstances. Other laws and regulations, at both the federal and state level, impact our ability to share certain information with affiliates and non-affiliates for marketing or non-marketing purposes, or both, or to contact customers with marketing offers. The GLBA also requires banking institutions to implement a comprehensive information security program that includes administrative, technical, and physical safeguards to ensure the security and confidentiality of customer records and information. These security and privacy policies and procedures, for the protection of personal and confidential information, are in effect across all businesses and geographic locations. Refer to the “Enterprise Risk Management” section in Item 7 of this Form 10-K for additional information regarding privacy and cybersecurity risk management and oversight. Acquisitions Our ability to grow through acquisitions is limited by various regulatory approval requirements. The FRB's prior approval is required if we wish to (i) acquire all, or substantially all, of the assets of any bank, (ii) acquire direct or indirect ownership or control of more than 5% of any class of voting securities of any bank or thrift, or (iii) merge or consolidate with any other BHC. Pursuant to the Riegle-Neal Interstate Banking and Branching Efficiency Act of 1994, as amended by the Dodd- Frank Act, bank holding companies from any state may acquire banks located in any other state, subject to certain conditions, including concentration limits. Additionally, the BHC Act enumerates the factors the FRB must consider when reviewing the merger of BHCs, the acquisition of banks, or the acquisition of voting securities of a bank or BHC. These factors include the competitive effects of the proposal in the relevant geographic markets, the financial and managerial resources and future prospects of the companies and banks involved in the transaction, the effect of the transaction on the financial stability of the U.S., the organizations’ compliance with anti-money laundering laws and regulations, the convenience and needs of the communities to be served, and the records of performance, under the CRA, of the insured depository institutions involved in the transaction. In addition, in cases involving interstate bank acquisitions, the FRBmust consider the concentration of deposits nationwide and in certain individual states. Under the Dodd-Frank Act, a BHC is generally prohibited from merging, consolidating with, or acquiring another company if the resulting company’s liabilities upon consummation would exceed 10% of the aggregate liabilities of the U.S. financial sector, including the U.S. liabilities of foreign financial companies. Competition We face competition from domestic and foreign lending institutions and numerous other providers of financial services. The Company competes using a client-centered model that focuses on working together as OneTeam to deliver high quality advice and service, while offering a broad range of products and services. We believe this approach better positions us to increase loyalty and deepen existing relationships, while also attracting new customers. Furthermore, the Company maintains a strong