The Bank Examination Problem, and How to Fix It

This note has benefited from the experience, analysis and research of numerous BPI colleagues in our Research and Regulatory Affairs groups. Numerous banks and outside experts have also contributed valuable insights, and are deserving of great thanks for their time and wisdom.

We are currently experiencing an unseen crisis in bank examination: it is failing at its core mission and driving both good assets and good people out of the banking industry, and it is degrading banks' ability to support U.S. economic growth. The problems are unseen because the examination regime operates in secret, and the public has no sense of its massive scope and problems.

Bank examination has expanded significantly in scope and is now focused largely on immaterial matters as opposed to material financial risk, making the industry less efficient and innovative. At the same time, the examination power is increasingly used as a substitute for regulation, imposing significant, unjustified restrictions on banks outside of public view and any legal oversight.

The Examination Regime

When most think of regulatory requirements on banks, the financial cost of capital and liquidity requirements come to mind because they are significant and overt. In contrast, details of the examination regime are difficult to ascertain, but some facts and anecdotal evidence paint a picture.

Supply

The examination regime for banking in the United States is unique in our federal administrative state. The OCC reports that it employs more than 3,000 full-time bank examiners, and the Federal Reserve employs over 2,300.^[2] The FDIC does not disclose the size of its examination force. There are also examiners at state banking departments and the CFPB. We know anecdotally that regional banks have dozens of full-time examiners and are subject to constant examination; for the largest banks, that number is in the hundreds, with a dozen or more examinations ongoing at all times, and examiners are resident at all large banks.

Demands

At the end of 2023, BPI conducted a survey of its members, which generally have assets above $100 billion, to determine the extent of the burden the examination process is imposing on those banks.

• For the average bank, compliance functions represent 5 percent of the bank's workforce.^[3]
• The C-suite of the average bank spends 42 percent of its time on compliance tasks or examiner mandates, while the board of directors spends 44 percent of its time on those tasks-as opposed to strategic planning, risk management, business planning, innovation or talent planning.
• For the average bank, 13 percent of its IT budget is devoted to demonstrating compliance with law or meeting other examiner mandates-as opposed to investment in innovation or improved customer service.

An unusually frank description of the process was offered by the late Bob Wilmers in his final shareholder letter as CEO of M&T Bank in 2016:

At M&T, our own estimated cost of complying with regulation has increased from $90 million in 2010 to $440 million in 2016, representing nearly 15% of our total operating expenses. These monetary costs are exacerbated by the toll they take on our human capital. Hundreds of M&T colleagues have logged tens of thousands of hours navigating an ever more entangled web of … examinations…. During 2016 alone, M&T faced 27 different examinations from six regulatory agencies. Examinations were ongoing during 50 of the 52 weeks of the year, with as many as six exams occurring simultaneously. In advance of these reviews, M&T received more than 1,200 distinct requests for information, and provided more than 225,000 pages of documentation in response. The onsite visits themselves were accompanied by an additional, often duplicative, 2,500 requests that required more than 100,000 pages to fulfill-a level of industry that, beyond being exhausting, inhibits our ability to invest in our franchise and meet the needs of our customers.

In our 2023 survey we asked the same questions as of 2016 for comparison purposes. We chose that date because it preceded what some contend was four years of deregulation of the banking industry. To the contrary: since 2016, the average percentage of C-suite time focused on compliance tasks or examiner mandates has increased 75 percent; percentage of board time 63 percent; FTEs in compliance functions 62 percent; percentage of IT budgets 40 percent. The supervisory ratchet, it seems, only turns one way.

That is the big picture, but some close-ups can provide further insights. Last year, we conducted a survey of the Chief Information Security Officers at banks-the people responsible for guarding against cyberattacks. They reported that they spent 30-50 percent of their time on compliance and examiner management; their teams spent 70 percent of their time on those functions. They reported on average over 100 requests for information leading up to an average examination, with anywhere from 75 to 100 supplemental requests during the exam. And 25 percent of examination requests duplicate requests from other agencies. By innumerable anecdotal accounts, this system has severely affected morale and retention among a class of experts who can freely move to other industries.

Compliance with anti-money laundering and sanctions is likely worse, as we have detailed at length.^[4] More advanced techniques are far more effective in actually detecting and preventing financial crime and sanctions evasion, but examiners prefer laborious procedures and manual review, which come with written policies and procedures and a clear audit trail.

The Purpose of Bank Examination

The banking industry is the only industry in America subject to such a regime; even financial firms that compete directly with banks and offer the same products to the same customers do not face such an administrative state. Why? There was and is one good reason: banks have access to a federal safety net in the form of insured deposits and the Federal Reserve's discount window.^[5] The ability to impose some of the costs of risk-taking on others while still earning the full reward creates moral hazard-an incentive to take more financial risk than a company without that power would take. That is a valid reason to require a bank to take less risk than its shareholders and management might otherwise decide is appropriate.

The legal authority granted to the federal banking agencies is narrowly tailored to constraining that incentive. First, while the agencies have authority to examine all the affairs of a bank, their ability to enforce changes at the bank is limited and circumscribed by law, not open-ended. Most prominent among their enforcement tools is the authority to issue orders to a bank to cease and desist from unsafe or unsound practices or conditions or violations of law.^[6] Courts have defined what constitutes an unsafe and unsound practice for this purpose, which generally must be quite serious; as explained by the D.C. Circuit Court of Appeals, an unsafe or unsound practice "refers only to practices that threaten the financial integrity of the institution."^[7] As another court has explained, "The imprudent act must pose an abnormal risk to the financial stability of the banking institution…. Contingent, remote harms that could ultimately result in 'minor financial loss' to the institution are insufficient to pose the danger that warrants cease and desist proceedings."^[8]

For banks that pose systemic risk, the Federal Reserve is authorized under Section 165 of the Dodd-Frank Act to impose heightened prudential standards on large, interconnected financial institutions.^[9] That authority, however, (1) does not extend to the OCC or the FDIC, and (2) reflects additional regulatory authority, not examination authority. To be sure, examiners must validate compliance with the heightened capital standards that the Federal Reserve has imposed pursuant to Section 165, but nothing in that statute changes the character or the scope of the examination function, and it has no effect on the authority of the OCC or FDIC at all.

The Current Focus

As the number of examiners and compliance officers would suggest, examiners are not focused primarily on material financial risks. Examiners now seek to supervise every aspect of banks' businesses-from IT systems to vendor selection to the composition of management and board committees to compensation decisions.^[10] As a practical matter, this means requiring that the bank enshrine its processes in written policies and procedures and employ hundreds or thousands of people to check for compliance with those policies and procedures, subject to a multi-layered governance regime that the examiners define as "three lines of defense"-that is, (i) the line of business, (ii) a compliance function and (ii) an audit function, all subject to review by agency examiners. (There is no statutory authority or analytical basis for this approach, but it is now dogma at the agencies, and no other structure is permitted.) Examiners also now focus on "reputational risk," which is conduct that is safe, sound and legal, but of which the banking agencies disapprove for other reasons.^[11] In areas that have minimal relationship to material financial risk, examiners routinely request volumes of information from bank management and then require meetings to have the information explained to them. Deadlines for remediating issues-whether serious or nonconsequential, self- or examiner-identified-are shortening, setting banks up for failure.

Consider this situation in light of the purpose and legal authority for bank examination. Neither moral hazard nor systemic risk provides grounds to examine, through constant on-site supervision, the IT systems of a bank, or co-manage its relationship with third-party vendors, or evaluate the background of its directors and their performance in meetings. Banks fully understand and bear the costs of problems in these areas: cost of IT breakdowns (angry and departing customers), bad vendors (lost money, more angry customers), cyberattacks and bad directors.

More broadly, as a society, we may care that a regional bank has good cybersecurity, but presumably we also care that Microsoft and Verizon have good cybersecurity. We would hope that a large bank monitors its vendors well, but we would also hope that General Motors and Chipotle manage their vendors well. A competent board of directors is important to any bank, but also to Google and Pfizer. Yet only at banks do government examiners "supervise" cyber security and vendor management, interview board directors on a regular basis, read the minutes of their meetings and evaluate their performance.

Note that I have been focused on banks, but supervisors also now examine non-bank affiliates that are not deposit-funded, have no discount window access and are subject to strict limits on their dealings with bank affiliates that ensure that the benefits of deposit insurance and discount window access cannot be passed to non-bank affiliates. Thus, the broker-dealer affiliate of a mid-sized regional bank is subject to Federal Reserve examination; Citadel Securities-which accounts for 23 percent of U.S. equity market volume-is not.

The examination framework's focus on non-financial issues is also apparent in the examination ratings system. Under the Federal Reserve's Large Financial Institution Rating System, the aggregate supervisory rating for a large bank holding company is the lowest of three components: (1) capital planning and positions; (2) liquidity risk management and positions; and (3) governance and controls. As a result, banks that are well capitalized and liquid can be-and frequently are-rated in unsatisfactory condition because of amorphous and inherently subjective "governance and controls" concerns alone. The story is similar at the bank level, where the CAMELS rating system (discussed more fully below) in theory evaluates six factors, but the management rating-the "M"-dominates for purposes of determining the composite rating. And the "M" can be determined by non-financial factors and the bank's willingness to accede to examiner mandates.

A last departure from the statutory authority of examination is worth particular note. Section 1025 of the Dodd-Frank Act in 2010 transferred to the CFPB "exclusive authority to require reports and conduct examinations on a periodic basis" of an insured depository institution with total assets of more than $10 billion. Section 1061 of Dodd-Frank also transferred all "consumer financial protection functions" from the federal banking agencies to the CFPB, including "all authority to prescribe rules or issue orders or guidelines" pursuant to any Federal consumer financial law.^[12] The statute explicitly states: "All consumer financial protection functions of the Board of Governors are transferred to the Bureau"; "All consumer financial protection functions of the Comptroller of the Currency are transferred to the Bureau."^[13] The law could not be more clear; the CFPB is the exclusive regulator of bank consumer compliance, and the exclusive examiner of bank consumer compliance at larger banks. After passage, there was therefore a widespread expectation that most of the consumer compliance examiners at the banking agencies would transfer to the CFPB. But they did not; by all accounts, the banking agencies increased their consumer compliance examination activity at larger banks in the years after Congress clearly divested them of the authority to engage in it.

I would also note that the FDIC, with the affirmative vote of the Acting Comptroller of the Currency, recently proposed to institute stakeholder capitalism at the banks it supervises.^[14] Those banks would no longer be operated for the benefit of shareholders but rather a broader group of stakeholders identified by the FDIC, with stakeholder service supervised by the FDIC. And of course the identified group of stakeholders includes the regulators themselves.

Unchecked Power

The existence of this compliance/examination/consulting complex depends on one crucial reality: banks generally must do as the agencies tell them through the examination process, even if they disagree with the substance or importance of what they are being told to do.

It has not always been so. At least a generation ago, when I was an attorney at the Federal Reserve, if the case was a close one or the stakes were low, a bank would accede to the examiner's demands; if the bank felt it was clearly in the right and the stakes were high, it might challenge the agency to bring the action, knowing it would have the ability to contest it. Of course, for reputational reasons, a bank would be very reluctant to risk such an action. But on the other hand, the agencies knew that the standard for what constitutes an unsafe or unsound practice is high and therefore were willing to act on that threat only in important cases. That balance of power generally resulted in a reasonable outcome.

Today that balance is gone, as examination ratings and a secret enforcement regime are now just as powerful as enforcement actions, and come with few checks and balances.

As background, know that banks are assigned CAMELS ratings in the exam process. That acronym stands for its six components: Capital, Asset quality, Management, Earnings, Liquidity and Sensitivity to market risk including interest rate risk. Ratings for each component range from 1 to 5. The Management rating is uniquely subjective; it is not based on any empirical standard but rather serves as a vehicle by which examiners can express displeasure with any aspect of a bank's compliance regime or fealty to the bank's response to examiner criticism of that regime.

The Management rating is by far the most important rating.

• A change to banking law made in 1999 provides that if any bank subsidiary of a financial holding company receives a "3" (or lower) rating for Management, the company becomes subject to significant limits on its non-bank activities, which are often fundamental to its franchise. Its only recourse is to seek a temporary waiver from the Federal Reserve, which is conditioned on promptly complying with examiner mandates.
• A "3" rating triggers significantly higher insurance premiums and limits on access to Federal Home Loan Bank funding.^[15]
• Finally, under guidance from both the Federal Reserve and the OCC, a "3" rating now also effectively disqualifies the bank from mergers and acquisitions.^[16]

Some of these powers also rely on the composite rating for the bank, but the composite rating of the bank is not an average of its six components. Rather, the Management component is rated more heavily than any of the rest.

Importantly, these grave consequences are typically imposed for years, as ratings are not upgraded until after multiple examination cycles-and after double and triple checking by compliance, audit and in many cases an outside consultant to verify that all identified issues have been completely resolved.

Thus, in practical effect, a Management downgrade to a "3" is no longer an examination criticism but rather effectively a large financial penalty, a multi-year cap on organic and inorganic growth, and potentially an order to divest whole businesses. And no violation of law or finding of unsafe or unsound practices is required for these penalties to be imposed; un-remediated MRAs for governance and controls can form the principal grounds for a Management downgrade.

So, the next logical question would be: why don't banks object to an unjustified "3" rating for Management or other unjustified examiner mandates?

First and foremost, there can be no public objection whatsoever; the agencies take the position that any disclosure of examination-related information is criminal theft of government property, so there can be no public complaint or discussion of the rating at all.

Second, the agencies have adopted an internal appeals process, but that process almost invariably upholds the examination finding, which is not surprising given that the appeal is to the same division of the agency that imposed the finding.^[17] Furthermore, while these consequences of a ratings downgrade are significant and concrete, the assignment of these ratings is effectively left entirely to the subjective judgment of the examiner: the relative ratings frameworks themselves provide no meaningful standard at all to govern their use (or misuse). Thus, it is quite easy to uphold any examination finding on internal appeal, as there is no standard against which to judge it.

Third, even if there were a chance of a favorable appeal, any such victory would likely come at significant cost, as retaliation in future examinations is a real concern. The agencies do not disguise this fact: a favorite expression is that "examiners have long memories." Such concerns were heightened by a speech by the Acting Comptroller of the Currency, who stated that disagreement with examination findings constitutes evidence of "hubris, contempt and indifference" by bank management and thus could constitute grounds for finding the bank "too big to manage." One simple fact demonstrates how significant this fear of retaliation really is: banks almost never take the final step of seeking judicial review of ratings determinations, and the few cases in which they have almost exclusively involve banks that are no longer operating.^[18]

Thus, over time, the banking agencies have increasingly avoided using regulation and public orders to enforce change at banks, preferring instead to "supervise" through the secret, effectively unappealable powers of the examination process.

How the Regime Is Failing at Its Core Mission

While that secrecy gives us little ability to evaluate what has gone wrong, there is some evidence.

The Triumph of Process Over Substance

In its Supervision Report released in November 2022, the Federal Reserve disclosed that fewer than half of the large financial institutions it examined were rated as in satisfactory or better condition. This finding was remarkable, as large banks held extraordinarily high and rising levels of capital and liquidity, well above regulatory requirements. They had performed well in 2020, providing massive funding to the economy before governmental assistance commenced, and were prepared to so again during the ensuing banking turmoil of March 2023. Clearly, for a majority of those banks to be considered in unsatisfactory condition, examiners must have been focused on something else.

We know what it was. The report states:

While many firms have broadly met expectations in capital planning and liquidity risk management, they still have work to do to meet supervisory expectations for governance and controls (figure 11). Governance and controls findings represent over 75 percent of the outstanding issues at large financial institutions. Governance and controls findings include deficiencies related to operational resilience, information technology, third-party risk management, and compliance.^[19]

We also know with certainty that low ratings as of November 2022 were not attributable to prescient concerns about interest rate risk or liquidity risk of the type that emerged at certain banks five months later. The record at those banks is quite clear:

• Silicon Valley Bank's final composite CAMELS rating was "2," or satisfactory.^[20]
• The story was similar at First Republic. "From 2018 through March 2023, the FDIC assigned a Composite "2" CAMELS rating to First Republic, indicating that the overall condition of the bank was satisfactory. Its rating for Liquidity was 1, indicating that it was strong.^[21]
• At Signature Bank, the FDIC found that the bank's overall condition was satisfactory from December 2018 until its final rating in December 2021.

Thus, examiners at these institutions were giving them a clean bill of financial health while focusing heavily on "governance and control" issues that did not really matter at all. As two former senior Federal Reserve officials, now our Senior Fellows, have written of SVB:

Fed examiners appear to have been largely focused on nonfinancial risks, governance structures and compliance processes and procedures that were only weakly and indirectly related to its actual financial condition and safety and soundness.

This misguided focus is quite evident in the composition of the 31 MRAs and MRIAs that remained open at the end of 2022…. Of these 31, only six directly concern management of liquidity risk, and only one concerns management of interest rate risk; the remainder concern informational technology and security (13), lending and credit risk management (3), broad programmatic concerns about governance, audit, and risk management (3), vendor management (2), BSA/AML (2) and trust and fiduciary risk management (1). Looking only at the 12 MRIAs open at that time, the story is similar - only two dealt with liquidity risk, and none addressed interest rate risk.^[22]

It is hard to escape the conclusion that SVB had too many examiners, not too few. If a handful of well-trained examiners had been sent to SVB with the specific task of identifying its largest financial risks, it seems highly likely that the eventual outcome would have been different. Instead, examiners dedicated an enormous amount of time trying to identify every risk-25,000 hours spent on actual scheduled supervisory activities at SVB in 2022, according to the Federal Reserve-and co-manage the bank's operations.^[23]

While secrecy prevents much research on examination effectiveness, a recent paper suggests that experience in 2022 was not different from 2023.^[24] The study looked at the Liquidity (L) and Sensitivity to Market Risk Including Interest Rate Risk (S) CAMELS components ratings assigned as the Federal Reserve was raising interest rates. They find that L and S downgrades accelerated at banks with high interest rate risk exposure, though only 16 percent of the quintile of banks with the highest levels of interest rate risk saw a downgrade.^[25] More significantly for present purposes, though, there was no correlation to downgrades in the Management rating, and no correlation to downgrades with the composite rating, which is generally driven by the Management rating.^[26] So, it wasn't just the tail wagging the dog, it was the tail entirely detached from the dog.

While recent experience has thus taught a clear lesson, the banking agencies have not learned it. To the contrary, by all accounts, agency examiners have redoubled their pursuit of immaterial concerns, increased the number of MRAs and MRIAs and begun downgrading banks for non-financial risks.

The results can be seen in the most recent Federal Reserve Supervision Report, from May 2024.^[27]Only one third of large U.S. banks are now rated as well managed.^[28] Note that under Federal Reserve guidance, "A 'well managed' firm has sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of conditions, including stressful ones."^[29] Thus, one would expect that a finding that two thirds of large U.S. banks cannot maintain safe and sound operations would be a major policy and market concern, but of course it is not-because that conclusion is flatly inconsistent with the extremely strong capital and liquidity position of large U.S. banks; the external credit ratings of those banks; universal analyst opinions of those banks; and innumerable statements from Federal Reserve officials that large U.S. banks are in excellent condition. Indeed, it is even inconsistent with the Supervision Report itself, which begins by stating, "The banking system remains sound and resilient."^[30]

So how could the Federal Reserve's Report reach a conclusion that is so patently absurd? The answer is simple: according to the Report, criticisms of Governance and Controls-not material financial risks-represented two thirds of outstanding issues.^[31]

And there are significant consequences. Given the Federal Reserve's Report, under existing agency guidance, one can assume that at least two thirds of large U.S. banks may now be restricted from M&A activity and likely subject to other secret sanctions. One can also be sure that massive resources are being dedicated to remediating whatever problems have generated the adverse rating, distracting management, increasing costs and slowing innovation.

More subtly, the focus on governance and controls is degrading the quality of risk management and banks (and the banking agencies). As one CEO put it to me, his risk executives are becoming "process engineers" who advance through good documentation, good meeting skills and good examiner relations. The ability to accurately assess financial risk-credit risk, liquidity risk, capital adequacy-has become a devalued asset.

And Bad Substance As Well

Unfortunately, the costs of misguided examination attention do not just take the form of dead weight compliance burdens and diversion of resources to immaterial matters. Increasingly, examiners impose business choices on the banks they examine, and often bad choices. As an example, consider the exponential growth in private credit markets at the expense of bank lending, particularly for so-called leveraged loans, or loans to growing companies. Frequently cited causes include higher bank capital requirements,^[32] but there is a simpler explanation that many seem to have overlooked or forgotten: banking agency examiners publicly and privately bullied banks out of making these loans in a now clearly failed attempt at market timing and "macroprudential" supervision. This effort included FAQs that set explicit, arbitrary limits on what loans banks could make. As we wrote in 2019:

In one form or another, the U.S. banking agencies have been warning banks of impending losses in leveraged lending for twenty years, and over the last five years they heightened their rhetoric and took increasingly aggressive efforts to force banks to restrict lending to growing businesses that meet the agencies' definition of leveraged. As such, this effort has been the most continuing and serious U.S. foray into what global regulators have begun calling "macroprudential" regulation. It also has been a demonstrated failure and a cautionary tale for future such efforts.^[33]

Failure took two forms: (1) no evidence of the losses that they so long predicted and (2) a direct migration of leveraged lending to non-banks, thereby defeating the "macroprudential" purpose of the exercise.^[34] Furthermore, the GAO subsequently determined that the guidance and subsequent FAQs that set arbitrary limits on bank leveraged lending were a rule that was never properly submitted to Congress under the Congressional Review Act; they were almost certainly also an illegal rule for purposes of the Administrative Procedure Act, as they were never published for comment.

In all likelihood, similar dysfunction is playing out currently. While the banking agencies are currently drafting a proposed rule on liquidity as a response to the events at Silicon Valley Bank, there is every reason to believe that agency examiners are already imposing changes behind closed doors. The binding constraint on liquidity for large banks generally is not the regulatory liquidity coverage ratio or net stable funding ratio but rather non-public internal liquidity stress tests and resolution planning requirements, imposed under the cloak of examination secrecy. And while agency heads are emphasizing the importance of banks being prepared to use the standing repo facility and the discount window, at least some agency examiners are telling banks that they will ignore such access when assessing the bank's liquidity strength. Perhaps not surprisingly, a large number of large banks have publicly reported decreasing loans and increasing their holdings of Treasury and agency securities.

Incentives and Culture

It is not difficult to understand why this was inevitable given the incentive structure and culture at the federal banking agencies.

First, the way for an examiner to advance is to issue MRAs and insist that they be resolved expeditiously. The way for an examiner to seem weak is to report that all is well. The way for an examiner to lose a career is to have something go wrong at a bank to which he or she has assigned a high rating and issued few MRAs. The same is true at the senior level, where those in charge of supervision worry for themselves and their agency about the consequences of a major problem at a bank that was rated satisfactory or better.

In sum, examiners have every incentive and human impulse to issue MRAs and insist on their prompt remediation at any cost, and they have every incentive to impose (or threaten to impose) a low rating on the bank, and thereby avoid dissent. They are under no pressure to limit their oversight to material matters.^[35] And because banks have no effective way to appeal or object and no objective standard to which to hold examiners, even if they could, there is now no countervailing force. In the absence of any external accountability mechanism, we should not be surprised by the inevitable result.

These incentives play out not only at the individual examination level but also in the policy arena. Consider the state of the CAMELS rating system, adopted in 1979.^[36] Except for the addition of the "S" component in 1996, the CAMELS standards have not been materially updated in the almost 40 years since their adoption-not after adoption of the original Basel Accord on capital in 1988, the Basel III regime in 2010, the Comprehensive Liquidity Analysis and Review in 2012 or the liquidity coverage ratio in 2014. More than four years ago, BPI filed a petition for rulemaking asking the agencies to seek comment on how the CAMELS framework could be improved - that's all, no specifics, just after 40 years, ask, "How's it going?"^[37]

Those petitions were recently denied.^[38] From the perspective of the supervisors, the regime is working so perfectly that there is no reason even to consider changes to it.

Reform: the Need and the Opportunity

To sum up, the bank examination process is broken, and it has thus far proven impervious to repair. Its collective weight means the very purpose of examination-correcting for moral hazard and lowering the risk of bank failures-is thwarted, and at the cost of innovation and efficiency. This is particularly true at mid-sized and regional banks, which have less scale to build and maintain the vast compliance/consulting bureaucracy that examination mandates require of them. Meanwhile, the flow of assets to financial firms not subject to this regime continues. There are three concrete steps that could help return the examination regime to sanity.

M Stands for Mistake

As noted above, the tipping point when examination became "supervision" and grew in scope and secrecy was 1999, when the power to continue as a financial holding company was conditioned on a "3" rating for the Management component of the CAMELS rating, in addition to a "3" for the composite rating (which generally is driven by the Management rating). A "1" or "2" rating has subsequently become a condition for favorable deposit insurance premiums, FHLB access, mergers and acquisitions, and in some cases (often secretly and sometimes publicly) even for organic growth. Similarly, the holding company level, Federal Reserve guidance provides that a bank with satisfactory Capital and Liquidity ratings will nonetheless be deemed in unsatisfactory condition if its Governance and Controls rating is unsatisfactory.

Of course, management is a key consideration for all the other components, and thus is already evaluated: for example, evaluation of the Capital component includes capital planning, which is a management function. Evaluating interest rate risk is all about asset-liability management. So, elimination of a separate, standalone Management rating would in no way suggest that management is unimportant but rather that there is no marginal benefit to having a separate, wholly subjective component untethered to any particular risk.

Thus, reformers at the agencies could simply eliminate the wholly subjective and standardless Management rating and instead focus a new, less catchy "CAELS" rating system on objective, material matters. At the holding company level, a bank with satisfactory capital and liquidity should be considered in satisfactory condition, even if examiners have issues with governance and controls. As the rating disappeared, so would the secret enforcement regime that uses it as a fulcrum. (A parallel change could be made by the Federal Reserve.)

Put another way, the agencies could presume that a bank with good capital, good assets, good earnings, good liquidity and good interest rate and market risk management probably . . . has good management. Doing so would be fully consistent with law; the statute provides that the Management rating must be satisfactory-that is, a "3"-"if such rating is given." There is no requirement, however, that it be given.

M Should Stand for Material

The overwhelming focus of the current examination regime is on precisely those acts that courts have made clear do not meet the legal standard-that is, they pose risk of only contingent, remote harms that could result only in a minor or no financial loss.

A solution to the current problem is obvious. First, define an MRA in regulation as a problem that meets the standard stated above. An MRA, as now, would then require a remediation plan, and attention from senior management and the board. Matters not rising to the level of an MRA explicitly would not.

Some discipline could be imposed here by requiring that any MRA for a large bank be reported to the head or heads of the agency imposing it. Of course, the agencies' response would be that there is no feasible way for the Comptroller or any committee of the Fed or FDIC to review the hundreds, maybe thousands of MRAs. But that is precisely the point. If MRAs were restricted to material matters under the relevant legal standard, there would be far fewer of them, and they would be worthy of at least some attention by agency heads.

Relatedly, any downgrade of rating below satisfactory should be reviewed by the agency principal or a committee of principals, with the affected bank having the right to contest the downgrade, in a process akin to the Wells notice process at the SEC.

Staffing

Lastly, agency staffing needs to be completely rethought. As Silicon Valley Bank demonstrates, there are negative marginal returns as exam teams grow into the dozens, much less the hundreds. It is an invitation to focus on immaterial matters, request seemingly endless amounts of information, and engage in management consulting. It defeats the core purpose of examination.

For starters, examiners should be focused by regulation on material financial risk and not IT systems and reputational risk. And of course, the banking agencies should obey the law and desist from examining for consumer compliance those banks for which Congress explicitly divested them of such authority.

Conclusion

Fundamental problems require fundamental solutions. We have reached that point in the examination regime.

[2] See "Department of the Treasury: Office of the Comptroller of the Currency, Congressional Budget Justification and Annual Performance Plan and Report" at table 1.1 listing FTEs for "supervise" category at https://home.treasury.gov/system/files/266/23.-OCC-FY-2021-CJ.pdf; see also "Federal Reserve Board - Approaches to Bank Supervision" at https://www.federalreserve.gov/supervisionreg/approaches-to-bank-supervision.htm.

[3] Numbers reported in this paragraph are the mean. The survey defined a compliance FTE as one dedicated to supporting the organization's compliance with law, regulation, guidance or other governmental mandates, which includes responding to mandates, recommendations and requests from federal and state banking agencies, the CFPB, SEC or other U.S. market or prudential regulatory agencies. It excluded employees monitoring risk for financial purposes.

[4] For a compendium of past publications, see https://bpi.com/category/aml-cft/.

[5] Of course, bank examination in the United States predates the introduction of deposit insurance and the Federal Reserve, and also has older historical roots in banks' once-unique ability to create private money in the form of bank deposits. However, today's financial markets feature a proliferation of private money creation, including money market funds, securitization markets, digital payment wallets and stablecoins; none of these are subject to anything like bank examination, making it hard to believe that this historical argument for bank examination has any credibility today.

[6] 12 U.S.C. 1818. Similarly, the agencies have authority to establish by regulation specific safety and soundness standards and order banks to remediate violations of those standards. 12 U.S.C. 1831p-1.

[7] Johnson v. OTS, 81 F.3d 195, 204 (D.C. Cir. 1996).

[8]Seidman v. Office of Thrift Supervision, 37 F.3d 911 (3d Cir. 1994); see alsoHoffman v. FDIC, 912 F.2d 1172, 1174 (9th Cir. 1990) (requiring "abnormal risk or loss or damage to an institution, its shareholders, or the agencies administering the insurance funds"). A minority of circuits employ a different standard that describe an unsafe and unsound practice as "contrary to generally accepted standards of prudent operation, the possible consequences of which, if continued, would be abnormal risk of loss or damage to an institution, its shareholders, or the agencies administering the insurance funds." See, e.g., First National Bank of Eden v. Department of the Treasury, 568 F.2d 610 (8th Cir. 1978). That said, the law of the D.C. Circuit is effectively dispositive, given that the defendant in any action under 12 U.S.C. 1818 has the option of appealing to the D.C. Circuit, in addition to the relevant circuit for traditional venue purposes. Thus, a bank seeking to challenge an action can do no worse than the law of the D.C. Circuit.

[9] 12 U.S.C. 5365.

[10] The agencies constantly refer to themselves as "supervisors," but the law grants them no such authority; rather, it empowers them to impose a range of standards by rule, examine the books and records of banks and take enforcement action to remediate unsafe and unsound practices or punish violations of law. Congress has never assigned them the task of "supervising" the banks. But that is the mindset and announced mission of today's examiners.

[11]See Julie A. Hill, Regulating Bank Reputation Risk, 54 Ga. L. Rev. 523 (2019). Available at: https://scholarship.law.ua.edu/fac_articles/152.

[12] 12 U.S.C. 5581

[13]Id.

[14] 88 FR 70391 (October 11, 2023).

[15]See FDIC Deposit Insurance Assessments, Risk-Based Assessments at https://www.fdic.gov/deposit/insurance/assessments/risk.html; see also FHLB Lending and Collateral Q&A at https://www.fhlb-of.com/ofweb_userWeb/resources/lendingqanda.pdf.

[16]See Federal Reserve SR 14-2/CA 14-1: Enhancing Transparency in the Federal Reserve's Applications Process (2014); 89 FR 10010 (February 14, 2024) (proposed rule from OCC self-described as generally codifying current practice.

[17]See "Supervisory Ratings and Other Nonpublic OCC Information: Statement on Confidentiality" at https://www.occ.gov/news-issuances/bulletins/2019/bulletin-2019-15.html

[18]Builders Bank, LLC v. Federal Deposit Insurance Corp., No. 18-2804 (7th Cir. 2019)

[19]https://www.federalreserve.gov/publications/files/202211-supervision-and-regulation-report.pdf at 26-27.

[20] https://www.gao.gov/assets/gao-23-106736.pdf

[21] https://www.fdic.gov/news/press-releases/2023/pr23073a.pdf

[22] https://bpi.com/a-failure-of-self-examination-a-thorough-review-of-svbs-exam-reports-yields-conclusions-very-different-from-those-in-the-feds-self-assessment/

[23] See Michael Barr's "Review of the Federal Reserve's Supervision and Regulation of Silicon Valley Bank" at 38 / https://www.federalreserve.gov/publications/files/svb-review-20230428.pdf

[24] Gopalan, Y. and Granja, J., "How (In)Effective was Bank Supervision During the 2022 Monetary Tightening," Becker Friedman Institute, University of Chicago (September 2023). efaidnbmnnnibpcajpcglclefindmkaj/https://bfi.uchicago.edu/wp-content/uploads/2023/09/BFI_WP_2023-130.pdf

[25] Somewhat surprisingly, the paper counts this as a success. The abstract of the 2023 version of the paper states, "Overall our evidence supports the idea that regulators made the banking system safer by limiting the interest rate risk exposures and propping up bank liquidity of many banks…." Perhaps as a response to such surprise, the paper was updated in 2024, and the abstract amended to add the following: "Results suggest regulators recognized interest rate risks but lacked authority to compel greater risk reduction." It includes, however, no analysis or case studies to support that point.

[26] Id. at 18-19.

[27] https://www.federalreserve.gov/publications/files/202405-supervision-and-regulation-report.pdf

[28]Id. at 17.

[29] Federal Reserve SR 19-3/CA letter 19-2, Large Financial Institution Rating System (February 2019), www.federalreserve.gov/supervisionreg/srletters/SR1903a1.pdf

[30]Id. at 1, 8-9.

[31]Id. at 18 and Figure 13.

[32] International Monetary Fund, Global Financial Stability Report (April 2024) at 55.

[33] https://bpi.com/the-banking-agencies-and-leveraged-lending-a-case-study-in-the-hazards-of-macroprudential-regulation/

[34] Kim, Sooji and Plosser, Matthew C. and Santos, João A. C., Macroprudential Policy and the Revolving Door of Risk: Lessons from Leveraged Lending Guidance (2017-05-01). FRB of NY Staff Report No. 815 at 23-24. ("Our evidence on the migration of leveraged lending from large banks to foreign banks and nonbanks together with our evidence on nonbanks' increased use of bank funding to finance the growth of their leveraged lending business indicates that this migration was not accompanied by a similar reduction in risk in the banking sector. This finding is important because it shows that to evaluate the effectiveness of macroprudential policies it is not enough to consider targeted institutions' responses to policies.")

[35] To the contrary, the Acting Comptroller has decried the "immateriality illusion" and the "bad apple illusion," meaning that any issue identified by a bank examiner could and perhaps should be considered material, as a warning sign. For a fuller discussion, see Greg Baer and Jeremy Newell, "Too Big to Manage: It's a Bad Idea" Bank Policy Institute (February 14, 2023).

[36] https://www.fdic.gov/resources/regulations/federal-register-publications/2019/2019-aplication-of-the-uniform-financial-institutions-rating-system-3064-za08-c-004.pdf

[37] https://bpi.com/wp-content/uploads/2020/01/BPI-Comment-Letter-re-CAMELS-Docket-no-OP-1681-RIN-3064-ZA08-002.pdf

[38]See https://www.federalreserve.gov/newsevents/pressreleases/bcreg20240517a.htm (denial by Federal Reserve); https://bpi.com/wp-content/uploads/2024/07/FDIC-Response-to-BPI-Petition-7.3.24.pdf (denial by FDIC). We did not file a petition with the OCC because senior officials there told us that doing so would be fruitless.

Public link

Please use the above public link if you want to share this noodl on another website.