Tuesday, January 21, 2014

Strong Coffee and Weak Tea

On January 16, 2014, the Office of the Comptroller of the Currency (OCC) released a Notice of Proposed Rulemaking (NPR) to amend the existing 12 CFR 30 - Safety and Soundness Standards by establishing a set of formal safety and soundness standards specifically for the 21 national banks and federal savings associations with total assets greater than $50 billion.  These proposed safety and soundness standards (called Appendix D) are based on the OCC's heightened expectations program implemented for large national banks after the financial crisis.

The heightened expectations program was established to strengthen the governance and risk management practices in the OCC's largest banks.  The heightened expectations are that corporate governance and risk management practices in our nation's largest national banks need to be strong, not merely satisfactory.

The proposed guidelines set forth the minimum standards for the design and implementation of an institution’s risk governance framework and provide minimum standards for oversight of that framework by the board of directors.  The guidelines include provisions regarding:

  • The roles and responsibilities of those organizational units that are fundamental to the design and implementation of the risk governance framework. These units are front line units, independent risk management, and internal audit. Together, these units should establish an appropriate system to manage risk taking.
  • A comprehensive written statement that articulates the bank’s risk appetite, which serves as a basis for the risk governance framework. This statement should include both qualitative components and quantitative limits.
  • Board of directors’ oversight of a bank’s compliance with safe and sound banking practices. The board should ensure that the bank establishes and implements an effective risk governance framework that complies with the guidelines.
  • Active board oversight of a bank’s risk-taking activities. This includes establishing accountability for management’s adherence to the risk governance framework. The board should also evaluate management’s recommendations and decisions by questioning, challenging, and, when necessary, opposing, management proposals that could lead to excessive risk taking or pose a threat to safety and soundness.
  • Composition of the board of directors. A board of directors should have at least two independent members who are not part of the bank’s or the parent company’s management.

The OCC is stepping out in front of the other federal bank regulatory agencies with specific and enforceable safety and soundness guidelines.  You may have a different opinion, but frankly, prior to the OCC's heightened expectations program, governance and risk management guidance from all of the federal bank regulatory agencies read like little sermonettes - long on concepts and generalities, short on specifics and practical application.  This present high level of clear communication and transparency regarding OCC's expectations for large national banks is unique and refreshing among the federal bank regulatory agencies.  No hole cards and no guessing.  

Regarding the proposal... First, you cannot appreciate the sheer ecstasy that comes from finally being able to read a post-financial crisis Notice of Proposed Rulemaking that does not run several hundred pages in length.  This NPR is (only) 79 pages long.

Second, this NPR could as easily have been called the "Banking Consultant Screamingly Delicious Increase in Profits Regulation".  Bank consulting firms have already been engaged in the existing informal heightened expectations initiative, but now I anticipate that the combination of formalizing these safety and soundness standards in the Code of Federal Regulations and waving the stick of legal enforcement will have the boards of large banks further shoring up their fiduciary responsibility bona fides by requesting (and paying for) deeper dives.

The first four major provisions of the proposal (bulleted above) are the strong coffee. Read the details in the NPR and I think you will agree.  These are some meaty governance and risk management requirements that are very challenging to implement in large and complex organizations.

I thought the strong coffee provisions of the NPR were well thought out and organized.  My major concern centers on the approval of the resource budgets for what the NPR calls "independent risk management" and the "internal audit" functions.

While the board approves the appointment, removal, compensation, and salary adjustments for the Chief Audit Executive (CAE) and Chief Risk Executive (CRE), the specific language in the proposed regulation amendment itself is silent as to who is approving their resource budgets.  Resource budgets are a major determinant of the efficacy of these critical control functions.

The Supplementary Information section of the NPR indicates that, for internal audit functions (and CAEs) reporting to the Board's audit committee, the board, the board audit committee, or its chair, would oversee resource budgeting (among other functions).  On the other hand, for the CRE (and the administration of the "indpendent risk management function"), the CEO oversees the resource budgeting.  This disparity should be fixed in order to create equivalency in the checks-and-balances framework for both critical control functions.  The Board of Directors, or committee thereof, ought to approve, the appointment, removal, compensation, salary adjustment, and resource budgets for the CAE and the CRE.  

The weak tea is the fifth major provision of the NPR:  A board of directors should have at least two independent members who are not part of the bank’s or the parent company’s management.

That just doesn't square with a meaningful interpretation of the concept of credible challenge, published corporate governance best practice recommendations, and the elevated post-financial crisis public interest in the operations of these banking giants.  This specific proposal only serves to re-enact Custer's Last Stand at the Little Bighorn, except in the boardrooms of our largest banks, as the two independent directors will be seriously out-gunned by inside board members who run the daily operations of the bank.

Best practice for corporate audit committees, for example, is to have them consist of independent directors.  Two independent directors would not make a credible audit committee in our nation's largest banks.  Banks of this size, and weighing their systemic impact on the national and global economies, should ideally have a majority of directors be independent directors, not a symbolic lonesome twosome.

Hopefully, respected best practice organizations like the American Association of Bank Directors , the National Association of Corporate Directors, and the Conference Board can inform this process with their long experience and expertise on board-level governance by submitting comments on this provision of the NPR.

Otherwise, as a peripheral issue, it will also be interesting to see if there are any bank regulatory geopolitical ramifications to all of this.  As of 9/30, there were 33 banks with total assets over $50 billion.  21 of them are national banks and federal savings associations.  That leaves 12 state-chartered banks and savings associations that are supervised, at the federal level, by the Federal Reserve or the Federal Deposit Insurance Corporation (FDIC).  These state-chartered banks and savings associations were not subject to the informal heightened expectations program and will not be subject to the legally enforceable safety and soundness standards outlined in the NPR. 

I've railed about the OCC's excessive "rainy day" reserves (a FY 2012 net position of over $1 billion) in past blog postings.  I'm biting my tongue now on the topic.  Any tiny movement between federal and state bank charters in banks of this size can be seismic in terms of bank supervision workday impact as well as the number and geographic distribution of large bank examiners. 

Overall, this NPR is a bold example of leadership by Tom Curry, the Comptroller of the Currency.  In the same tradition of the leadership the agency exhibited in the previous amendment to the OCC's safety and soundness standards.  In February 2005, the OCC added Appendix C to 12 CFR 30 - Standards for National Banks' Residential Mortgage Lending Practices.  Those rules may have come a little late given the froth and craziness in the mortgage markets prior to the financial crisis, but it was also a courageous step by an Acting Comptroller of the Currency to do what needed to be done, at a time when timidity ruled in the interagency bank regulatory forum.

Monday, January 13, 2014

What's Wrong with Being Balkan?

On December 14, 2012, the Board of Governors of the Federal Reserve System released a Notice of Proposed Rulemaking (NPR) for Enhanced Prudential Standards and Early Remediation Requirements for Foreign Banking Organizations and Foreign Nonbank Financial Companies.  At 306 pages, this portion of Regulation YY outlined a revised architecture of enhanced prudential standards for Foreign Banking Organizations (FBOs).  Those standards include risk-based capital and leverage requirements, liquidity standards, risk management and risk committee requirements, single-counterparty credit limits, and stress testing requirements.

Well, it's been over a year now and the only sound coming from the Fed at this point is the sound of crickets chirping in an empty room.   The effort to implement these prudential standards has been reportedly stymied by objections by certain foreign countries, foreign bank lobbying groups, and trade associations representing large U.S. banks who fear in-kind retaliation - "reciprocal responses" for the diplomatically inclined.  62 discrete comment letters have been filed to-date by various entities, along with 925 form letters.

The major sticking point is the requirement to establish a U.S.-domiciled Intermediate Holding Company (IHC) for banks with total global assets exceeding $50 billion and whose non-branch assets in the U.S. exceed $10 billion.  All IHCs would be subject to U.S. Bank Holding Company (BHC) capital standards. Additionally, U.S. IHCs with assets between $10 billion and $50 billion would be subject to Dodd-Frank Act (DFA) company-run stress testing requirements.  IHCs with assets greater than $50 billion would be subject to all DFA stress-test rules and be subject to monthly liquidity stress tests and in-country liquidity requirements.

Here was the Fed's rationale as outlined in the NPR:
"Actions by a home country to constrain a banking organization's ability to provide support to its foreign organizations, as well as the diminished likelihood that home country governments of large banking organizations would provide a backstop to their banks' foreign operations, have called into question one of the fundamental elements of the Board's current approach to supervising foreign banking organizations – the ability of the Board, as a host supervisor, to rely on a foreign banking organization to act as a source of strength to its U.S. operations when the foreign banking organization is under stress.
The issues described above-- growth over time in U.S. financial stability risks posed by foreign banking organizations individually and as a group, the need to minimize destabilizing pro-cyclical ring-fencing in a crisis, persistent impediments to effective cross-border resolution, and limitations on parent support-- together underscore the need for enhancements to foreign bank regulation in the United States.”
Comment letters on the proposed Fed regulation were rich with accusations that this would create "balkanization" in the global banking system.  Timothy Adams, representing the Institute of International Finance (IIF) included this in his comment letter to the Fed objecting to the rule:
"... Regulatory fragmentation can be seen through the increasingly national approaches in key reform areas, such as provisions for resolution of failing firms, and capital and liquidity requirements. Differentiation in the implementation of globally agreed standards and domestic bias in supervisory practices, have also contributed to a sense of financial "Balkanization"... "
The joint comment letter submitted by The Clearing House, the American Bankers Association, and the Financial Services Roundtable, included the following:
"The Associations believe that the Proposal's approach, which would necessarily involve the balkanization of a sizable share of the global banking system along national borders, could both impair economic recovery and growth and increase, rather than diminish systemic risk."
Referred to in a couple of other comment letters is a quote from current Governor of the Bank of England and Chairman of the Financial Stability Board (and former Bank of Canada Governor) Mark Carney:
"Left unchecked, these trends could substantially decrease the efficiency of the global financial system. In addition, a more balkanized system that concentrates risk within national borders would reduce systemic resilience globally."
Folks, may I have permission to speak up and support the terms "balkan" and "balkanization"?  Using the terms "balkan" and "balkanization" as accusations, epithets, and terms of derision, masks the fact that spreading your risk (and your risk cushions) represents an important concept in the field of prudent risk management.  The U.S. learned many years ago... you don't anchor your entire Pacific Fleet in Pearl Harbor.

In most of the letters arguing against the proposed regulation, there is a certain idealistic and Utopian tone to how the global financial system, and its system of global regulatory coordination, works.  Prudential supervision, from a host country banking supervisor's perspective, is worrying about how to deal with the downside of risk as it impacts the constituency who appointed you to be their steward.  Sure, one can go overboard on protecting ones own citizenry, but there is a middle ground... and I believe the Fed tried to find it.  Maybe as the good work of constructing a global regulatory framework nears that Utopian ideal and when the bad memories fade about how imperfect the global financial system presently is, then it may be time to peel back the national ring-fencing of risk, capital, and liquidity.

Some of the comments against the proposed Fed regulation also seem to assume, with a prophet's degree of certainty, that all that needs to be known about macro-prudential risk is indeed known.  And I think that is because the global financial crisis painted the macro-prudential risk landscape with brilliant hues.  The problems presented in the aftermath of the financial crisis were so stark and easily visible (if not blindingly so) to everyone... liquidity stresses, market collapse, credit quality deterioration, etc.  These risk issues, having leviathan proportions, served to provide unmistakable targets for problem resolution, risk remediation, and regulatory action.

As we all know, the financial crisis and the concurrent economic slump are slowly becoming rear-view mirror issues and the condition of bank balance sheets is slowly improving.  The risk landscape will no longer provide such obvious and actionable cues.  Quickly departing are the days when risk management priorities are handed to bankers (and bank regulators) like low-hanging fruit.

We are moving into a business environment where the emerging risk cues will either be small, subtle, and creeping, or alternatively, immediate, surprisingly radioactive, and potentially explosive.  The direction and momentum of the banking industry itself also seems to be changing by moving away from the protective inward focus that comes from nursing your wounds, apologizing for past sins, and paying fines for violating laws.  Force projection, as the generals and admirals call it, will begin to make a stronger comeback this year, particularly in the regional banks.

We are getting back to expecting the unexpected... that's why it's so important to implement all of the Dodd-Frank Act enhanced prudential standards as soon as possible.