Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 13, the Federal Reserve Board (Fed) issued SR 20-2, “Frequently Asked Questions on the Tailoring Rules” (FAQs) applicable to bank holding companies, savings and loan companies, U.S. intermediate holding companies with $100 billion or more in total assets, and certain depository institutions. In October, as previously covered by InfoBytes, the Fed and the OCC released a jointly developed framework that set out four categories to be used to classify these banking entities for the purposes of determining regulatory capital and liquidity requirements based on risk. The FAQs provide guidance on the tailoring rules, including answers to questions about Liquidity Coverage Ratio (LCR) requirements, recognition of Accumulated Other Comprehensive Income, compliance requirements for foreign banking organizations with less than $100 billion in U.S. assets, and the interpretation of “quarterly” in relation to stress testing frequency.
On May 24, President Trump signed the Economic Growth, Regulatory Relief, and Consumer Protection Act (S. 2155) (the bill) — which modifies provisions of the Dodd-Frank Act and eases certain regulations on certain smaller banks and credit unions. Upon signing, the White House released a statement quoting the president, “[c]ommunity banks are the backbone of small business in America. We are going to preserve our community banks.”
The House, on May 22, passed the bipartisan regulatory reform bill by a vote of 258-159. The bill was crafted by Senate Banking, Housing, and Urban Affairs Committee Chairman Mike Crapo, R-Idaho and passed by the Senate in March. The House passed the bill without any changes to the Senate version, even though House Financial Services Chairman, Jeb Hensarling, originally pushed for additional reform provisions to be included. Specifically, the bill does not include certain provisions that were part of Hensarling’s Financial CHOICE Act, such as (i) a complete repeal of the Volker Rule; (ii) subjecting the CFPB to the Congressional appropriations process and restructure the agency with a bipartisan commission; and (iii) reducing the Financial Stability Oversight Council’s (FSOC) authority to designate nonbank financial institutions as Systemically Important Financial Institutions (SIFIs).
In response to the bill’s passage, the OCC’s Comptroller of Currency, Joseph Otting, issued a statement supporting the regulatory changes and congratulating the House, “[t]his bill restores an important balance to the business of banking by providing meaningful reductions of regulatory burden for community and regional institutions while safeguarding the financial system and protecting consumers.” Additionally, acting Director of the CFPB, Mick Mulvaney, applauded Congress, noting that the reforms to mortgage lending were “long overdue” and called the bill “the most significant financial reform legislation in recent history.”
As previously covered by InfoBytes, the highlights of the bill include:
- Improving consumer access to mortgage credit. The bill’s provisions state, among other things, that: (i) banks with less than $10 billion in assets are exempt from ability-to-repay requirements for certain qualified residential mortgage loans held in portfolio; (ii) appraisals will not be required for certain transactions valued at less than $400,000 in rural areas; (iii) banks and credit unions that originate fewer than 500 open-end and 500 closed-end mortgages are exempt from HMDA’s expanded data disclosures (the provision would not apply to nonbanks and would not exempt institutions from HMDA reporting altogether); (iv) amendments to the S.A.F.E. Mortgage Licensing Act will provide registered mortgage loan originators in good standing with 120 days of transitional authority to originate loans when moving from a federal depository institution to a non-depository institution or across state lines; and (v) the CFPB must clarify how TRID applies to mortgage assumption transactions and construction-to-permanent home loans, as well as outline certain liabilities related to model disclosure use.
- Regulatory relief for certain institutions. Among other things, the bill simplifies capital calculations and exempts community banks from Section 13 of the Bank Holding Company Act if they have less than $10 billion in total consolidated assets. The bill also states that banks with less than $10 billion in assets, and total trading assets and liabilities not exceeding more than five percent of their total assets, are exempt from Volcker Rule restrictions on trading with their own capital.
- Protections for consumers. Included in the bill are protections for veterans and active-duty military personnel such as: (i) permanently extending from nine months to one year the protection that shields military personnel from foreclosure proceedings after they leave active military service; and (ii) adding a requirement that credit reporting agencies provide free credit monitoring services and credit freezes to active-duty military personnel. The bill also addresses the creation of an identity theft protection database. Additionally, the bill instructs the CFPB to draft federal rules for the underwriting of Property Assessed Clean Energy loans (PACE loans), which would be subject to the TILA ability-to-repay requirement.
- Changes for bank holding companies. Among other things, the bill raises the threshold for automatic designation as a SIFI from $50 billion in assets to $250 billion. The bill also subjects banks with $100 billion to $250 billion in total consolidated assets to periodic stress tests and exempts from stress test requirements entirely banks with under $100 billion in assets. Additionally, certain banks would be allowed to exclude assets they hold in custody for others—provided the assets are held at a central bank—when computing the amount such banks must hold in reserves.
- Protections for student borrowers. The bill’s provisions include measures to prevent creditors from declaring an automatic default or accelerating the debt against a borrower on the sole basis of bankruptcy or cosigner death, and would require the removal of private student loans on credit reports after a default if the borrower completes a loan rehabilitation program and brings payments current.
Each provision of the bill will take effect at various intervals from the date of enactment up to 18 months after.
Houses passes two bipartisan bills to ease stress test requirements and nonbank challenges to SIFI designations
On April 11, by a vote of 245-174, the House passed H.R. 4293, the “Stress Test Improvement Act of 2017,” which would amend the Dodd-Frank Act to modify stress test requirements for bank holding companies and certain nonbank financial companies. Among other things, H.R. 4293 prohibits the Federal Reserve Board’s (Board) to object to a company’s capital plan “on the basis of qualitative deficiencies in the company’s capital planning process” when conducting a Comprehensive Capital Analysis and Review (CCAR), and reduces the frequency of stress testing from semiannual to annual. As previously covered in InfoBytes, on April 10, the Board issued its own proposed changes intended to simplify the capital regime applicable to bank holding companies with $50 billion or more in total consolidated assets by integrating the Board’s regulatory capital rule and CCAR and stress test rules.
Separately on April, 11, the House passed H.R. 4061 by a vote of 297-121. The bipartisan bill, “Financial Stability Oversight Council (FSOC) Improvement Act of 2017,” would require FSOC to consider the appropriateness of subjecting nonbank financial companies (nonbanks) designated as systemically important to prudential standards “as opposed to other forms of regulation to mitigate the identified risks.” Among other things, the bill would also require FSOC to allow nonbanks the opportunity to meet with FSOC to present relevant information to contest the designation both during an annual reevaluation, as well as every five years after the date of final determination.
FDIC releases 2017 annual report, among key issues are living wills, cybersecurity, and simplifying regulations
On February 15, the FDIC released its 2017 Annual Report, which includes, among other things, the audited financial statements of the Deposit Insurance Fund and the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund. The report also provides an overview of key FDIC initiatives, performance results, and other aspects of FDIC operations, supervision developments, and regulatory enforcement, including the following:
- Living Wills. The report discusses the FDIC’s continued evaluation of resolution plans for Systemically Important Financial Institutions (SIFIs) and notes there remain “inherent challenges and uncertainties” associated with the plans, specifically within four areas: “intra-group liquidity; internal loss-absorbing capacity; derivatives; and payment, clearing, and settlement activities.” Further, the FDIC and Federal Reserve (who share joint responsibility for reviewing and assessing resolution plans) reviewed plans submitted by the eight largest U.S. SIFIs and noted that four of the firms’ plans had shortcomings—although no deficiencies were identified—and stipulated that the plans must be resubmitted by July 1, 2019. (See previous InfoBytes coverage here on recent comments by FDIC Chairman Martin concerning living will challenges.)
- Cybersecurity. Among other initiatives, the report discusses a collaboration between the FDIC, the Federal Reserve, and the OCC to update the interagency Cybersecurity Assessment Tool, which “helps financial institutions determine their cyber risk profile, inherent risks, and level of cybersecurity preparedness.” The report provides feedback from institutions currently using the tool.
- Simplifying Regulation. In accordance with the requirements of the Economic Growth and Regulatory Paperwork Reduction Act of 1996 (EGRPRA), the report discusses the FDIC’s, Federal Reserve Board’s, and OCC’s regulatory review process done in conjunction with the National Credit Union Administration and the members of the Federal Financial Institutions Examination Council (FFIEC). As previously covered in InfoBytes here and here, a report was issued in March outlining initiatives designed to reduce regulatory burdens, particularly on community banks and savings associations, and last September a proposed rule to simplify capital rule compliance requirements and reduce the regulatory burden was issued.
On February 16, FDIC Chairman, Martin J. Gruenberg, spoke at an event hosted by The Wharton School in Philadelphia about the challenges associated with managing the orderly failure of a systemically important financial institution. In prepared remarks, Gruenberg discussed his views on how the FDIC’s Title II Orderly Liquidation Authority granted under Dodd-Frank—which allows the regulator “to manage the orderly failure of any financial institution whose failure in bankruptcy could pose a risk to the financial system”—is complementary to the Title I living will process. Title I requires firms to “make significant changes in their organizational structure and operations to facilitate orderly failure in bankruptcy.” Gruenberg outlined the evolution of the living will process from its inception under Dodd-Frank in 2010, to the efforts undertaken by the eight largest, most complex banks when assembling their mandated resolution plans, which are reviewed by the FDIC and the Federal Reserve (the agencies). While the banks have demonstrated “substantial” progress on their resolution plans, Gruenberg commented “there is still a great deal of work to do.” Specifically, Gruenberg noted that in 2016, the agencies determined that (i) five of the eight submitted plans “would not facilitate an orderly resolution of the firm under the Bankruptcy Code,” and (ii) all eight plans contained “shortcomings” that raised questions about the plans’ feasibility. All systematically important financial institutions were directed to address their shortcomings in their next submissions. During his remarks, Gruenberg cited examples of progress made in 2017, and highlighted the “structural and operational improvements” firms have made to improve resolvability. However, he closed his remarks by noting these resolutions have not yet been tested and emphasized the need to continue to address challenges as they arise.
On January 23, the U.S. Court of Appeals for the D.C. Circuit dismissed an appeal by the Financial Stability Oversight Council (FSOC) after both parties filed a joint stipulated motion to voluntarily dismiss the case. The litigation began in 2015 when a national insurance firm sued FSOC over its designation of the firm as a nonbank systemically important financial institution (SIFI). In March 2016, the district court issued its opinion agreeing with the insurance firm and finding the FSOC determination arbitrary and capricious because it failed to consider the financial impact the SIFI designation would have on the firm. FSOC appealed the court’s ruling but after a change in FSOC leadership, agreed to jointly dismiss the appeal with the insurance firm.
For more InfoBytes coverage on SIFIs, click here.
On January 4, the Federal Reserve (Fed) issued for public comment proposed guidance setting forth core principles of effective risk management for Large Financial Institutions (“LFI”s) (“Risk Management proposal”). Given that it is increasingly likely that Congress will release financial institutions with assets below $250 billion from “SIFI” designation, the Fed’s guidance yesterday is a further effort to ensure that risk at LFIs will continue to be managed well even after many of them are no longer subject to other SIFI obligations. The proposal would apply to domestic bank holding companies and savings and loan holding companies with total consolidated assets of $50 billion or more; the U.S. operations of foreign banking organizations (“FBOs”) with combined U.S. assets of $50 billion or more; and any state member bank subsidiary of these institutions. The proposal would also apply to any systemically important nonbank financial company designated by the Financial Stability Oversight Council (“FSOC”) for Fed supervision. The proposed guidance clarifies the Fed’s supervisory expectations of these institutions’ core principals with respect to effective senior management; the management of business lines; and independent risk management (“IRM”) and controls.
The Risk Management proposal is part of the Fed’s broader initiative to develop a supervisory rating system and related guidance that would align its consolidated supervisory framework for LFIs. Last August, the Fed issued for public comment two related proposals: a new rating system for LFIs (“proposed LFI rating system”) and guidance addressing supervisory expectations for board directors (“Board Expectations proposal”). (See previous InfoBytes coverage on the proposals.) The proposed LFI rating system is designed to evaluate LFIs on whether they possess sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions. With regard to the Board Expectations proposal, the January 4 proposal establishes supervisory expectations relevant to the assessment of a firm’s governance and controls, which consists of three chief components: (i) effectiveness of a firm’s board of directors, (ii) management of business lines, independent risk management and controls, and (iii) recovery planning. This guidance sets forth the Fed’s expectations for LFIs with respect to the second component—the management of business lines and IRM and controls, and builds on previous supervisory guidance. In general, the proposal “is intended to consolidate and clarify the [Fed’s] existing supervisory expectations regarding risk management.”
The January 4 release delineates the roles and responsibilities for individuals and functions related to risk management. Accordingly, it is organized in three parts: (i) core principals of effective senior management; (ii) core principals of the management of business lines; and (iii) core principles of IRM and controls.
The Risk Management proposal defines senior management as “the core group of individuals directly accountable to the board of directors for the sound and prudent day-to-day management of the firm.” Two key responsibilities of senior management are overseeing the activities of the firm’s business lines and the firm’s IRM and system of internal control. The proposed guidance highlights the principle that: Senior management is responsible for managing the day-to-day operations of the firm and ensuring safety and soundness and compliance with internal policies and procedures, laws and regulations, including those related to consumer protection.
Management of Business Lines
The proposal refers to “business line management” as the core group of individuals responsible for prudent day-to-day management of a business line and accountable to senior management for that responsibility. For LFIs that are not subject to supervision by the Large Institution Supervision Coordinating Committee (“LISCC”) these expectations would apply to any business line where a significant control disruption, failure, or loss event could result in a material loss of revenue, profit, or franchise value, or result in significant consumer harm.
A firm’s business line management should:
- Execute business line activities consistent with the firm’s strategy and risk tolerance.
- Identify, measure, and manage the risks associated with the business activities under a broad range of conditions, incorporating input from IRM.
- Provide a business line with the resources and infrastructure sufficient to manage the business line’s activities in a safe and sound manner, and in compliance with applicable laws and regulations, including those related to consumer protection, as well as policies, procedures, and limits.
- Ensure that the internal control system is effective for the business line operations.
- Be held accountable, with business line staff, for operating within established policies and guidelines, and acting in accordance with applicable laws, regulations, and supervisory guidance, including those related to consumer protection.
Independent Risk Management and Controls
The Risk Management proposal describes core principles of a firm’s independent risk management function, system of internal control, and internal audit function. The guidance does not prescribe in detail the governance structure for a firm’s IRM and controls. While the guidance does not dictate specifics regarding governance structure, it does set forth requirements with respect to the roles of the Chief Risk Officer and Chief Audit Executive:
- The CRO should establish and maintain IRM that is appropriate for the size, complexity, and risk profile of the firm.
- The Chief Audit Executive should have clear roles and responsibilities to establish and maintain an internal audit function that is appropriate for the size, complexity and risk profile of the firm.
The proposal requires that a firm’s IRM function be sufficient to provide an objective, critical assessment of risks and evaluates whether a firm remains aligned with its stated risk tolerance. Specifically, a firm’s IRM function should:
- Evaluate whether the firm’s risk tolerance appropriately captures the firm’s material risks and confirm that the risk tolerance is consistent with the capacity of the risk management framework.
- Establish enterprise-wide risk limits consistent with the firm’s risk tolerance and monitor adherence to such limits.
- Identify and measure the firm’s risks.
- Aggregate risks and provide an independent assessment of the firm’s risk profile.
- Provide the board and senior management with risk reports that accurately and concisely convey relevant, material risk data and assessments in a timely manner.
With regard to internal controls, the proposed guidance builds upon the expectations described in the Fed’s Supervisory Letter 12-17. A firm should have a system of internal control to guide practices, provide appropriate checks and balances, and confirm quality of operations. In particular, the guidance states that a firm should:
- Identify its system of internal control and demonstrate that it is commensurate with the firm’s size, scope of operations, activities, risk profile, strategy, and risk tolerance, and consistent with all applicable laws and regulations, including those related to consumer protection.
- Regularly evaluate and test the effectiveness of internal controls, and monitor functioning of controls so that deficiencies are identified and communicated in a timely manner.
With respect to internal audit, the proposed guidance does not expand upon the Fed’s expectations; rather it references existing supervisory expectations. The proposed guidance highlights that a firm should adhere to the underlying principle that its internal audit function should examine, evaluate, and perform independent assessments of the firm’s risk management and internal control systems and report findings to senior management and the firm’s audit committee.
Comments on the Fed’s proposed guidance are due by March 15.
The House voted 288-130 on December 19 to pass legislation modifying Dodd-Frank Act asset requirements for systemic risk designations of bank holding companies. Under H.R. 3312, the Systemic Risk Designation Improvement Act of 2017, bank holding companies that are subject to increased capital requirements and heightened supervision by the Federal Reserve (Fed) will no longer be automatically designated as systemically important financial institutions (SIFIs) if their asset threshold is $50 billion or greater. Instead, the Fed will review a bank holding company’s size, interconnectedness, infrastructure, “global cross-jurisdictional activity,” and complexity to determine whether it should be designated as a SIFI. Relatedly, the Senate Banking Committee is currently considering a separate measure, S. 2155, which would, among other things, increase the SIFI asset threshold to $250 billion.
Federal Reserve Issues Guidance Regarding Roles of Bank Boards, Requests Comments on New SIFI Rating System
Guidance Regarding Roles of Bank Boards.
On August 3, the Federal Reserve (Fed) took an important step towards easing the heavy regulatory burden placed on the boards of directors at the largest U.S. banking organizations, when it issued for public comment a corporate governance proposal intended to “enhance the effectiveness of boards of directors” and “refocus the Federal Reserve supervisory expectations for the largest firms’ boards of directors on their core responsibilities, which will promote the safety and soundness of the firms.”
The proposal is a result of a multi-year review conducted by the Fed of practices of boards of directors, particularly at the largest banking institutions. The Fed focused on the challenges boards face, the factors that make boards effective, and the ways in which boards influence the safety and soundness of their firms and promote compliance within. The key takeaways of this review included:
- supervisory expectations for boards of directors and senior management have become increasingly difficult to distinguish;
- boards devote a significant amount of time satisfying supervisory expectations that do not directly relate to board’s core responsibilities; and
- boards of large financial institutions face significant information flow challenges, which can result in boards being overwhelmed by the complexity and quantity of information received.
The Fed expects that these issues can be remediated by allowing banks to refocus on their core responsibilities, including: (i) developing the firm’s strategy and risk tolerance; (ii) overseeing senior management and holding them accountable for effective risk management and compliance; (iii) supporting the independence of the firm’s independent risk management and internal audit functions; and (iv) adopting effective governance practices.
In April, Fed Governor Jerome Powell indicated that the financial crisis led to a “broad increase in supervisory expectations” for these boards of directors, but cautioned that the Fed needs to “ensure that directors are not distracted from conducting their key functions by overly detailed checklist of supervisory process requirements.” Explaining that the Fed was reassessing its supervisory expectations for boards, Powell stated “it is important to acknowledge that the board’s role is one of oversight, not management.”
The proposed guidance better distinguishes the supervisory expectations for boards from those of senior management, and includes new criteria by which the Fed will assess bank boards. The Fed describes effective boards as those which:
- set clear, aligned, and consistent direction regarding the firm’s strategy and risk tolerance;
- actively manage information flow and board discussions;
- hold senior management accountable;
- support the independence and stature of independent risk management and internal audit; and
- maintain a capable board composition and governance structure.
The proposal also clarifies expectations regarding internal communications within firms for communicating supervisory findings internally, stating that for all supervised firms, most supervisory findings should be communicated to the firm's senior management for corrective action, rather than to its board of directors. Such findings would only be directed to the board for corrective action when the board needs to address its corporate governance responsibilities or when senior management fails to take appropriate remedial action.
While the proposal does not address all of the post-crisis challenges faced by bank boards, it is a welcome message to the industry that the Fed recognized the need to recalibrate their expectations. The proposal also identifies existing supervisory expectations for boards of directors that could be eliminated or revised and notes that the Fed intends to continue assessing whether its expectations of bank boards require further changes.
New SIFI Rating System.
On August 3, the Fed also issued for public comment a new risk rating system for Large Financial Institutions (“LFI”s) that would replace the RFI rating system for bank holding companies with total consolidated assets of $50 billion or more; non-insurance, non-commercial savings and loan holding companies with total consolidated assets of $50 billion or more; and U.S. intermediate holding companies of foreign banking organizations established pursuant to the Fed’s Regulation YY. (The Fed will continue to use the same RFI rating system that has been in place since 2004 to evaluate community and regional bank holding companies.)
The LFI rating system is designed to evaluate LFIs on whether they possess sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions. The system would consist of three chief components:
- Governance and Controls
- board of directors
- management of core business lines and independent risk management and controls and
- recovery planning (for domestic bank holding companies subject to LISCC);
- Capital Planning and Positions; and
- Liquidity Risk Management and Positions.
The Governance and Control component would evaluate a LFI’s effectiveness in ensuring that the firm’s strategic business objectives are safely within the firm’s risk tolerance and ability to manage the accordant risk. The component will focus on LFIs’ effectiveness in maintaining strong, effective and independent risk management and control functions, including internal audit and compliance, and providing for ongoing resiliency.
The second and third components are intended to incorporate LFI supervision activities, including CCAR and CLAR, which will be directly reflected within the respective component ratings–resulting in a more comprehensive supervisory approach than the RFI rating system which did not incorporate the results of those supervisory activities.
Each LFI would receive a component rating using a multi-level scale (Satisfactory/Satisfactory Watch, Deficient-1 and Deficient-2). “Satisfactory Watch” would indicate that a firm is generally considered safe and sound, however certain issues require timely resolution. Any Deficiency rating would result in that LFI being considered less than “well managed.”
On July 19, Representative Blaine Luetkemeyer (R-Mo.) reintroduced legislation designed to overhaul the process used to manage systemic risk by basing the regulation of financial institutions on risk rather than asset size alone. As set forth in a press release issued by Rep. Luetkemeyer’s office, the Systemic Risk Designation Improvement Act of 2017 would replace the $50 billion threshold for designating a bank holding company as a Systemically Important Financial Institution (SIFI) with a series of standards for evaluating risk. The legislation would require the Federal Reserve to evaluate an “institution’s size, interconnectedness, substitutability, global cross-jurisdictional activity, and complexity” before designating it as a SIFI. The legislation was previously introduced in the House, but discussion was delayed to provide Rep. Luetkemeyer with time to propose a method for funding the proposed changes, which are estimated to cost more than $115 million. (See previous InfoBytes summary here.)
“This legislation supports economic growth throughout the country because it will free commercial banks to make loans while allowing financial regulators the ability to apply enhanced standards on banks based on actual risk posed to the financial system–rather than on arbitrary asset size alone," Luetkemeyer pronounced.
- Jonice Gray Tucker to join CFPB panel at CBA’s Washington Forum
- Jonice Gray Tucker to moderate “Pandemic relief response and lasting impacts on access, credit, banking, and equality” at the American Bar Association Business Law Section Spring Meeting
- Jeffrey P. Naimon to discuss "Post-pandemic CFPB exam preparation" at the Mortgage Bankers Association Spring Conference & Expo
- Jonice Gray Tucker to discuss "Making fair lending work for you" at the Mortgage Bankers Association Spring Conference & Expo
- Jonice Gray Tucker to discuss "Reading the tea leaves of President Biden’s initial financial appointees" at LendIt Fintech
- Moorari K. Shah to discuss “CA, NY, federal licensing and disclosure” at the Equipment Leasing & Finance Association Legal Forum
- Jonice Gray Tucker to discuss "Compliance under Biden" at the WSJ Risk & Compliance Forum
- Jonice Gray Tucker to discuss “The future of fair lending” at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference