Federal Reserve Supervision and Disclosure of Enforcement Data
[This op-ed was originally published on Duke Law’s Global Financial Market Center’s "FinReg Blog."]
At an open meeting of the Federal Reserve Board (“Fed”) held earlier this month, Vice Chair for Supervision, Randal Quarles, said he was eager to identify changes to the Fed’s supervisory framework. Following these comments, the Fed solicited input on the supervisory ratings system used to evaluate the condition of depository institutions. These actions make clear that major changes to the Fed’s supervisory process are on the horizon.
While Congress has an oversight obligation, the opacity of supervision prevents it from effectively evaluating any upcoming proposals. Consequently, if supervision is weakened, some banks may appear healthier than they are and lull regulators into a false sense of security. To prevent this outcome, Congress should ask the Fed to disclose targeted data on enforcement actions in its upcoming supervision and regulation report. The data should illustrate how proactively banks remediate deficiencies and the consequences they face for failing to fix their shortcomings. These data will give Congress a baseline understanding of the challenges facing banks and help it evaluate upcoming proposals.
Supervision is the process by which the Fed and other regulators ensure that banks operate in a safe and sound manner. As part of the supervisory framework, the Fed assigns ratings to banks, including on their risk management, financial condition and overall state. Although ratings are transitioning, an overall or “composite” score of 1 or 2 signifies a “strong” or “satisfactory” assessment. A 3, 4 or 5 is considered “less than satisfactory” and reflects vulnerabilities that, to varying degrees of likelihood, could threaten a bank’s future viability.
To correct deficiencies, the Fed may bring an enforcement action. For less serious infractions, it may choose a confidential, informal action, such as a letter urging a bank to remediate “supervisory findings,” or matters requiring the attention (“MRAs”) or immediate attention (“MRIAs”) of management. The Fed may also restrict a bank’s growth or activities by letter or impose constraints and remediation timelines by a memorandum of understanding. By contrast, formal actions, which are public, are brought for relatively serious deficiencies and are imposed via written agreements, cease and desist orders and civil monetary penalties.
While the demand for additional data is driven by the opacity of supervision, the need for robust congressional oversight is prompted by recent supervisory trends. Although the Fed’s inaugural supervision and regulation report says that the U.S. banking system is generally strong, it also reveals that almost half of all bank holding companies with more than $50 billion in assets (“big banks”) are rated “less than satisfactory.” Strikingly, the report doesn’t explain how both statements could be true or why so many big banks fall short of supervisory expectations.
The report also reveals that big banks collectively have about 1,800 outstanding supervisory findings. Almost 800 pertain to the 12 most systemically important global banks and roughly 70 percent are for “governance and control” deficiencies—a broad category that implicates everything from anti-money laundering to cybersecurity risk management.
Troubling as they are, these data don’t paint a complete picture. The focus on MRAs and MRIAs prevents policymakers from learning more about other types of enforcement actions. What’s more, the data don’t specify how many supervisory findings apply to the most vulnerable banks or explain the relative seriousness of the MRAs and MRIAs. There is no indication of how long supervisory findings tend to persist, how diligently banks remediate deficiencies or what consequences banks face for failing to fix their problems.
To gain a foundational understanding of the supervisory challenges facing big banks, Congress should ask the Fed to disclose, in an anonymized format, the following about big banks rated “less than satisfactory:”
First, the number of enforcement actions (formal and informal) initiated in the last five years categorized by area of deficiency and their status. These data will sharpen Congress’ focus on banks with vulnerabilities and the nature of their challenges. They will also illustrate how successfully banks address weaknesses and the most persistent areas of deficiency.
Second, the percentage of formal actions that began as informal actions. Supervisors occasionally rely on informal actions and expect a bank will remediate weaknesses in a reasonable manner. Where a bank fails to do so, supervisors may increase pressure by escalating to a formal action. These data will illustrate how often banks are afforded an opportunity to remediate weaknesses outside the public glare and how often they avail themselves of that opportunity.
Third, the average length of time before escalation. It’s up to supervisors to decide when to increase pressure by escalating an enforcement action. These data will illustrate how the Fed exercises that discretion. If years go by before an informal action is ratcheted up, it could indicate excessive forbearance and may explain why some banks may not fix problems expeditiously.
Finally, the nature and frequency of restrictions placed under enforcement actions. Under certain conditions, the Fed can impose restrictions on a bank’s growth and activities. Data on the nature and frequency of these limits will show the severity of those constraints and the frequency with which they are applied. This information will help Congress understand if the cost of noncompliance is high enough to incentivize banks to remediate promptly.
Gaurav Vasisht is Senior Vice President and Director of Financial Regulation at the Volcker Alliance.