Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 8, member of the Federal Reserve Board of Governors Michelle W. Bowman delivered a speech at a community bankers conference on the banking regulatory highlights of 2023, as well as three “New Year’s resolutions” that she would like to see policy makers implement in 2024. The speech first covered highlights of this past year’s banking regulatory environment, including the changes in the federal funds rate, the risk of inflation among food and energy markets, the Basel III Endgame requirements, and new guidance on third-party risk management practices.
Governor Bowman also highlighted her list of three New Years Resolutions, including (i) prioritizing banking safety and soundness; (ii) a renewed commitment to tailoring the prudential regulatory framework to the size of the institution; and (iii) increasing transparency in supervisory expectations. Bowman also focused on the new climate guidance, as covered by InfoBytes here, which she posits a lost focus by the federal banking agencies. Bowman closed by commenting on the lasting impact of changes to the banking system and bank regulatory framework, requesting that bankers and other interested stakeholders to share their views and concerns broadly, including to regulators, and expressing her hope that policymakers have the humility and courage to acknowledge consequences and change course as needed.
On December 11, the OCC published its 2023 Annual Report, which provides a comprehensive overview of the current state of the federal banking system, outlines the OCC’s strategic priorities and initiatives, and details the agency’s financial management and condition.
The OCC restated its supervisory priorities for the year, summarized proposed rules, guidance and other publications issued in FY 2023, reported on its licensing activities and summarized the results of enforcement actions against institutions and individuals, which netted over $100 million in civil money penalties. The report also highlighted the OCC’s efforts in “guarding against complacency, reducing inequality, adapting to digitalization, and acting on climate-related financial risks—which collectively focus the OCC’s efforts on maintaining the public’s trust in banking.” According to the “comptroller’s viewpoint” within the report, Acting Comptroller Michael J. Hsu proposed an annual survey to gauge the American public’s trust in banks and banking supervision over time. The survey will aim to collect diverse data on consumer trends to aid policymakers, regulators, and community groups in better understanding and enhancing trust in the banking system. Hsu also highlighted some actions he believes will help restore trust in the banking system: (i) bank supervisors acting in a timely and efficient manner; (ii) the strengthening of large bank resilience and resolvability regulations; (iii) updates to deposit insurance coverage; and (iv) preserving “the diversity of the banking system… as the industry evolves.” Among other points of the annual report, as part of its emphasis on climate-related financial risk, the OCC reported that it is conducting exploratory reviews of banks with $100 billion or note in assets, in an attempt to establish a baseline understanding of how banks manage financial risks related to climate change.
On September 28, the OCC’s Committee on Bank Supervision released its bank supervision operating plan for fiscal year 2024. The plan outlines the agency’s supervision priorities and highlights several supervisory focus areas including: (i) asset and liability management; (ii) credit; (iii) allowances for credit losses; (iv) cybersecurity; (v) operations; (vi) digital ledger technology activities; (vii) change in management; (viii) payments; (ix) Bank Secrecy Act/AML compliance; (x) consumer compliance; (xi) Community Reinvestment Act; (xii) fair lending; and (xiii) climate-related financial risks.
Two of the top areas of focus are asset and liability management and credit risk. In its operating plan the OCC says that “Examiners should determine whether banks are managing interest rate and liquidity risks through use of effective asset and liability risk management policies and practices, including stress testing across a sufficient range of scenarios, sensitivity analyses of key model assumptions and liquidity sources, and appropriate contingency planning.” With respect to credit risk, the OCC says that “Examiners should evaluate banks’ stress testing of adverse economic scenarios and potential implications to capital” and “focus on concentrations risk management, including for vulnerable commercial real estate and other higher-risk portfolios, risk rating accuracy, portfolios of highest growth, and new products.”
The plan will be used by OCC staff to guide the development of supervisory strategies for individual national banks, federal savings associations, federal branches and agencies of foreign banking organizations, and certain identified third-party service providers subject to OCC examination.
The OCC will provide updates about these priorities in its Semiannual Risk Perspective, as InfoBytes has previously covered here.
On June 14, the OCC released its Semiannual Risk Perspective for Spring 2023, which reports on key risks threatening the safety and soundness of national banks, federal savings associations, and federal branches and agencies. The agency reported that the overall strength of the federal banking system is sound but warned banks to remain diligent and maintain effective risk management practices over critical functions in order to withstand current and future economic and financial challenges.
The OCC highlighted liquidity, operational, credit, and compliance risk as key risk themes in the report. Observations include: (i) in response to recent bank failures and investment portfolio depreciation, liquidity levels have been strengthened; (ii) credit risk remains moderate, however in certain commercial real estate segments, signs of stress are increasing (high inflation and rising interest rates are also causing credit conditions to deteriorate); (iii) operational risk, including persistent cyber threats, is elevated, while opportunities and risks are created by banks’ increased use of third parties and the digitalization of banking products and service; and (iv) compliance risk remains heightened as banks continue to navigate a dynamic environment where compliance management systems try to keep pace with evolving products, services, and delivery channel offerings.
The report also discussed challenges banks face when trying to manage climate-related financial risks, as well as the importance of investing and aligning technology with banks’ business goals. Acting Comptroller of the Currency Michael Hsu urged banks “to ‘be on the balls of their feet’ with regards to risk management” and “guard against complacency.”
On February 7-8, EU and U.S. participants, including officials from the Treasury Department, Federal Reserve Board, CFTC, FDIC, SEC, and OCC, participated in the U.S.-EU Joint Financial Regulatory Forum to continue their ongoing financial regulatory dialogue. According to a joint statement issued by the participants, the matters discussed focused on six themes: “(1) market developments and financial stability risks; (2) sustainable finance and climate-related financial risks; (3) regulatory developments in banking and insurance; (4) operational resilience and digital finance; (5) regulatory and supervisory cooperation in capital markets; and (6) anti-money laundering and countering the financing of terrorism (AML/CFT).”
The joint statement acknowledged that the Russia/Ukraine conflict, coupled with global economic uncertainty and inflationary pressures, have exposed “the financial system to downside risk both in the EU and in the U.S,” with participants stressing the importance of international coordination in monitoring vulnerabilities and building resilience against stability risks. During the forum, participants discussed recent developments related to sustainability-related financial disclosures, climate-related financial risks, cross-border bank resolution coordination, the transition away from LIBOR, digital finance operational resilience, and progress made in strengthening their respective AML/CFT frameworks.
On January 17, the Federal Reserve Board provided additional details regarding its upcoming pilot climate scenario analysis exercise and the information on risk management practices that will be gathered from the program. As previously covered by InfoBytes, the Fed announced in September 2022, that six of the nation’s largest banks will participate in a pilot climate scenario analysis exercise intended to enhance the ability of supervisors and firms to measure and manage climate-related financial risks. According to the Fed, the banks will analyze the impact of scenarios for both physical and transition risks related to climate change on specific assets in their portfolios. The Fed noted that it will collect qualitative and quantitative information during the pilot, including details on governance and risk management practices, among other things. Additionally, the banks will be asked to consider the effect on corporate loans and commercial real estate portfolios using a scenario based on current climate policies and one based on reaching net-zero greenhouse gas emissions by 2050. The Fed noted that though no firm-specific information will be released, it anticipates publishing insights at an aggregate level, reflecting what has been learned about climate risk management practices and how insights can identify possible risks and promote risk management practices.
On January 10, Federal Reserve Governor Michelle W. Bowman spoke before the Florida Bankers Association Leadership Luncheon regarding the economy and bank supervision. In her remarks, Bowman said that inflation is “much too high” and that her focus is on “bringing it down toward our 2 percent goal.” Bowman stated it is a “hopeful sign” that unemployment has remained low. However, she acknowledged that it is likely that as a part of the process, “labor markets will soften somewhat before we bring inflation back to our 2 percent goal.”
Regarding crypto, Bowman said that crypto activities may “pose significant risks to consumers, businesses, and potentially the larger financial system.” She also said that there is “dysfunction” in cryptomarkets, “with some crypto firms misrepresenting that they have deposit insurance.” She also mentioned “the collapse of certain stablecoins, and, most recently, the bankruptcy of [a cryptocurrency exchange platform].”
Bowman additionally discussed the Fed’s push for a real-time payments system. Since 2019, the Fed has been working to launch FedNow, a new faster payments system that will be available in the first half of 2023. According to Bowman, “FedNow will help transform the way payments are made through new direct services that enable consumers and businesses to make payments conveniently, in real time, on any day, and with immediate availability of funds for receivers.” As previously covered by a Buckley Special Alert, in June, the Fed issued a final rule on its FedNow instant-payments platform that offers more clarity on how the new service will work while essentially adopting the proposed rule. She also noted that FedNow will enable depository institutions of every size to provide “safe and efficient” instant payment services.
Regarding climate change, Bowman noted that the Fed views its role on climate “as a narrow focus on supervisory responsibilities and limited to our role in promoting a safe, sound and stable financial system.” She also noted that the Fed’s recent climate guidance only applies to banks with more than $100 billion in assets. Bowman also disclosed while “climate supervision effort is a new area of focus, it has been a longstanding supervisory requirement that banks manage their risks related to extreme weather events and other natural disasters that could disrupt operations or impact business lines.”
Additionally, Bowman provided a Community Reinvestment Act (CRA) update. She said that the CRA, which requires the Fed and other banking agencies to encourage banks to help meet the credit needs of their communities, “was last updated 25 years ago.” As previously covered by InfoBtytes, in May, the Fed, FDIC, and OCC issued a joint notice of proposed rulemaking on new regulations implementing the CRA to update how CRA activities qualify for consideration, where CRA activities are considered, and how CRA activities are evaluated. The CRA proposal, which she is fully supportive of, “reflects these industry changes, including recognizing internet and mobile banking services, it also attempts to provide clarity and consistency, and it could enhance access to credit for these low- and moderate-income communities
On December 21, NYDFS proposed guidance for regulated banking and mortgage institutions to support efforts for responding to evolving risks stemming from climate change. The proposed guidance—which was developed to align with the climate-related work of federal and international banking regulators—will aid institutions in identifying, measuring, monitoring, and controlling material climate-related financial risks, consistent with existing risk management principles. Institutions should “minimize and affirmatively mitigate adverse impacts on low- and moderate-income communities while managing climate-related financial risks,” NYDFS said, explaining that the proposed guidance focuses on areas of risk management related to corporate governance, internal control frameworks, risk management processes, data aggregation and reporting, and scenario analysis that also accounts for unknown future risks. Among other things, the proposed guidance warned institutions of the importance of ensuring fair lending is provided to all communities, including low- to moderate-income neighborhoods that may face heightened risks, when managing climate-related financial risks. The proposed guidance also outlined tools institutions should use to measure and protect against climate change risks. NYDFS warned institutions that they may have to directly absorb a greater portion of losses and should plan for insurance coverage premiums to either increase or be withdrawn entirely in areas where climate risks are prevalent.
NYDFS commented that the proposed guidance serves as a basis for supervisory dialogue and instructed interested parties to provide input as it undertakes a data-driven approach to formulating the final guidance. Comments are due by March 21, 2023. A webinar will be held on January 11, 2023 to provide an overview of the proposed guidance.
“Regulators must anticipate and respond to new risks to operational resiliency and safety and soundness, jeopardizing an institution’s future,” Superintendent Adrienne A. Harris said. “NYDFS is committed to working with all stakeholders to further refine expectations and finalize guidance appropriate for institutions to address material climate-related financial risks.”
On December 16, the Financial Stability Oversight Council (FSOC or the Council) released its 2022 annual report. The report reviewed financial market developments, identified emerging risks, and offered recommendations to mitigate threats and enhance financial stability. The report noted that “amid heightened geopolitical and economic shocks and inflation, risks to the U.S. economy and financial stability have increased even as the financial system has exhibited resilience.” The report also noted that significant unaddressed vulnerabilities could potentially disrupt institutions’ ability to provide critical financial services, including payment clearings, liquidity provisions, and credit availability to support economic activity. FSOC identified 14 specific financial vulnerabilities and described mitigation measures. Highlights include:
- Nonbank financial intermediation. FSOC expressed support for initiatives taken by the SEC and other agencies to address investment fund risks. The Council encouraged banking agencies to continue monitoring banks’ exposure to nonbank financial institutions, including reviewing how banks manage their exposure to leverage in the nonbank financial sector.
- Digital assets. FSOC emphasized the importance of enforcing existing rules and regulations applicable to the crypto-asset ecosystem, but commented that there are gaps in the regulation of digital asset activities. The Council recommended that legislation be enacted to grant rulemaking authority to the federal banking agencies over crypto-assets that are not securities. The Council said that regulatory arbitrage needs to be addressed as crypto-asset entities offering services similar to those offered by traditional financial institutions do not have to comply with a consistent or comprehensive regulatory framework. FSOC further recommended that “Council members continue to build capacities related to data and the analysis, monitoring, supervision, and regulation of digital asset activities.”
- Climate-related financial risks. FSOC recommended that state and federal agencies should continue to work to advance appropriately tailored supervisory expectations for regulated entities’ climate-related financial risk management practices. The Council encouraged federal banking agencies “to continue to promote consistent, comparable, and decision-useful disclosures that allow investors and financial institutions to consider climate-related financial risks in their investment and lending decisions.”
- Treasury market resilience. FSOC recommended that member agencies review Treasury’s market structure and liquidity challenges, and continue to consider policies “for improving data quality and availability, bolstering the resilience of market intermediation, evaluating expanded central clearing, and enhancing trading venue transparency and oversight.”
- Cybersecurity. FSOC stated it supports partnerships between state and federal agencies and private firms to assess cyber vulnerabilities and improve cyber resilience. Acknowledging the significant strides made by member agencies this year to improve data collection for managing cyber risk, the Council encouraged agencies to continue gathering any additional information needed to monitor and assess cyber-related financial stability risks.
- LIBOR transition. FSOC recommended that firms should “take advantage of any existing contractual terms or opportunities for renegotiation to transition their remaining legacy LIBOR contracts before the publication of USD LIBOR ends.” The Council emphasized that derivatives and capital markets should continue transitioning to the Secured Overnight financing Rate.
CFPB Director Rohit Chopra issued a statement following the report’s release, flagging risks posed by the financial sector’s growing reliance on big tech cloud service providers. “Financial institutions are looking to move more data and core services to the cloud in coming years,” Chopra said. “The operational resilience of these large technology companies could soon have financial stability implications. A material disruption could one day freeze parts of the payments infrastructure or grind other critical services to a halt.” Chopra also commented that FSOC should determine next year whether to grant the agency regulatory authority over stablecoin activities under Dodd-Frank. He noted that “[t]hrough the stablecoin inquiry, it has become clear that nonbank peer-to-peer payments firms serving millions of American consumers could pose similar financial stability risks” as these “funds may not be protected by deposit insurance and the failure of such a firm could lead to millions of American consumers becoming unsecured creditors of the bankruptcy estate, similar to the experience with [a now recently collapsed crypto exchange].”
On December 8, the OCC released its Semiannual Risk Perspective for Fall 2022, which reports on key risks threatening the safety and soundness of national banks, federal savings associations, and federal branches and agencies. The OCC reported that, in the aggregate, banks “remain well capitalized” and have “ample liquidity and sound credit quality, although macroeconomic headwinds are a concern.” The OCC highlighted interest rate, operational, compliance, and credit risks as key risk themes. Observations include: (i) the rising rate environment has adversely impacted bank investment portfolios; (ii) operational risk, including evolving cyber risk, is elevated, with “threat actors continuing to target the financial services industry with ransomware and other attacks”; (iii) compliance risk remains heightened as banks navigate significant regulatory changes; and (iv) credit risk in commercial and retail loan portfolios remains moderate and demonstrates resiliency, “but signs of potential weakening in some segments warrant careful monitoring.”
The report discussed emerging risks related to innovation and the adoption of new products and services, including crypto-assets. Highlighting risks arising from banks’ expansion into digital offerings and the “heightened” threat of fraud risk associated with innovative peer-to-peer payment platforms, the OCC noted that banks should be “clearly communicating risks, educating customers on potential scams, and enhancing internal fraud monitoring capabilities” to mitigate threats and protect consumers. The report noted that “[b]anks may require additional or different controls to safeguard against fraud, financial crimes, violations of Bank Secrecy Act, anti-money laundering, and Office of Foreign Assets Control (BSA/AML/OFAC) requirements, and consumer protection or fair lending laws, or operational errors,” and should “maintain comprehensive operational resilience frameworks commensurate with the size and complexity of products, services, and operations being supported.”
The OCC reiterated the importance of taking a “careful and cautious approach” toward banks’ engagement with the crypto-related firms. Recent events in the crypto market have also “revealed a high degree of interconnectedness between certain crypto participants through a variety of opaque lending and investing arrangements,” which has led to “a high risk of contagion among connected parties.” The report noted that national banks and federal savings associations interested in engaging in crypto-asset activities should discuss the activities with their supervisory office before engaging the activities. Some activities may require a supervisory non-objection under OCC Interpretive Letter #1179.
The report cited risks related to cybersecurity and partnerships with fintech and other third parties. The OCC said it is applying a “heightened supervisory focus” to its scrutiny of banks’ oversight of third-party relationships and flagged an upward trend in ransomware attacks targeting banks’ service providers and other third parties. Partnering with fintechs to support operations or provide opportunities for customers to enter the digital asset market can “increase the risk of unfair or deceptive acts or practices because of the coordination, communication, and disclosure challenges involved in these partnerships,” the report said, adding that “[u]nclear or arbitrary partnership agreements may result in implementation breakdowns, untimely resolution of issues, or failure to deliver products or services as intended, and may result in significant customer remediation.” The OCC cautioned that banks must “conduct appropriate due diligence” before entering a partnership with a third party. “The scope and depth of due diligence, as well as ongoing monitoring and oversight of the third party’s performance, should be commensurate with the nature and criticality of the proposed activity.”
The report also discussed forthcoming climate risk management guidelines applicable to banks with more than $100 billion in total consolidated assets. As previously covered by InfoBytes, the OCC, Federal Reserve Board, and the FDIC announced they intend to issue final interagency guidance to promote consistency.