Monday, June 19, 2017

U.S. Bank Supervisors: Stray Watchdogs? 

Image result for camels
CAMELS (credit

You would definitely think so if you read the opinion piece recently published by the President and the General  Counsel of The Clearing House Association, titled How Bank Supervision Lost Its Way.  

On one hand, BRAVO! to the authors for underscoring the fact that the application of regulatory rules and standards is as important as the rules and guidelines themselves.  So many federal agency bureau heads think that when they burp out a rule, or a set of guidelines, that the world magically changes, in a uniform way, when they slip those rules and guidelines into an envelope and send them to both examiners and bank CEOs.  

On the other hand, the article relies on a series of anecdotes and assertions to assemble a narrative that, in general, doesn't really square with my 37 years as a national bank examiner and almost four years as a bank director.  However,  I'm very sympathetic to a philosophical undercurrent in the article - that many bankers feel that, on occasion, there's some kind of regulatory Three Card Monte going on when it comes to assigning CAMELS ratings.

Background Information

For those readers not steeped in the details of bank supervision, the Uniform Financial Institutions Rating System (UFIRS or CAMELS rating system) is an internal rating system used by the federal and state regulators for assessing the soundness of financial institutions on a uniform basis and for identifying those insured institutions requiring special supervisory attention.

The CAMELS rating system rates a bank using six components plus an overall composite rating.  They are rated on a scale of 1 (strong) to 5 (critically deficient) in the areas of (C)apital Adequacy, (A)sset Quality, (M)anagement, (E)arnings, (L)iquidity, and (S)ensitivity to Market Risk - hence the term CAMELS.  There are other specialty examination ratings, but CAMELS is the Big Kahuna.  CAMELS also helps drive individual bank deposit insurance premiums.

Long-time readers of the National Bank Examiner may remember my February 18, 2014 blog post titled:  Officially Distorted.   That post raised the issue of the economic distortion created by the unnaturally high profile of the bank regulatory agencies and their examiners.  The issue was reiterated in the July 2016 blog post titled:  The Nuns With Guns.

 The Three Developments

To sum up The Clearing House article, the authors assert that:

 "..three developments have converged to halt the ability of many banks to open branches, invest, or merge to better meet the needs of their customers.  First, even as banks have dramatically improved their financial condition by increasing their capital, liquidity, and asset quality positions, supervisors have transformed the supervisory scorecard (the CAMELS rating system) from a measurement of financial condition to a measurement of compliance.  Second, supervisors have adopted a series of unwritten rules that produce lower CAMELS ratings.  Third, supervisors have adopted another series of unwritten, or in some cases written, rules (albeit none with any basis in statute) that translate those low ratings or other supervisory issues into a bar on expansion." 

Combing through the article trying to find out where this argument might have gone astray, the following statement jumped off the page:

"With the sole exception of a few small changes in 1996 (most notably, the addition of the "S" component), the CAMELS standards have not been materially updated in the almost 40 years since their adoption..."

Well, that explains most of why I feel a disconnect.  The authors have not taken into consideration the tectonic shift that occurred in the inter-agency CAMELS rating system in December 1996.  In particular, the explicit (and transformational) insertion of risk management, as an additional formal evaluation factor, into the updated CAMELS rating system.

"The major changes to UFIRS include an increased emphasis on the quality of risk management practices [emphasis mine] and the addition of a sixth component called "Sensitivity to Market Risk." The updated rating system also re-formats and clarifies component rating descriptions and component rating definitions, revises composite rating definitions to parallel the other changes in the rating system, and highlights risks that may be considered in assigning component ratings. (Joint Interagency Common Questions and Answers)

The previous CAMEL rating system was largely considered (by both bankers and examiners) as a snapshot of current financial condition.  Those who were unaware of the importance of the 1996 changes, may still believe that it does.

The Brahmins at the federal bank regulatory agencies would surely assert that risk management "was always in there"; but the reality of the matter is that prior to the 1996 changes, CAMEL ratings were only loosely influenced by risk management considerations - mainly as a background factor flavored by the examiner's experience and judgement, but without articulated evaluation standards.

The First Development

The quote directly above speaks to the authors' first argument - "supervisors have transformed the supervisory scorecard (the CAMELS rating system) from a measurement of financial condition to a measurement of compliance."

Nope, the CAMELS rating became an assessment of financial condition and risk management practices, which include, among other risk management practices, an assessment of compliance risk management.

There was no "repeal and replace" of financial condition for compliance in the CAMELS rating system.

The Second Development

The second argument - "supervisors have adopted a series of unwritten rules that produce lower CAMELS ratings."  Speaking solely from my own experience at the Office of the Comptroller of the Currency (OCC), there is written guidance.

For example, at the OCC, risk management is evaluated across a spectrum of eight risk categories which take into account the quantity of risk and the quality of risk management in each risk category.  The entire process is called the Risk Assessment System (RAS).

This is verbatim from page 8 of the Community Bank Supervision portion of the Comptroller's Handbook:

"Relationship Between the RAS and the CAMELS Rating System
The RAS and the CAMELS rating system are used together during the supervisory process to evaluate a bank’s financial condition and resilience. The RAS provides both a current (aggregate risk) and a prospective (direction of risk) view of the bank’s risk profile that examiners incorporate when assigning regulatory ratings. The CAMELS rating system, which includes forward-looking elements, references the primary risk categories that examiners consider within each component rating, as well as the quality of risk management practices. (Updated 12/03/2015)

Under the RAS, for example, examiners may assess credit risk in a bank with insufficient risk management practices and increasing adverse trends as “moderate and increasing” or “high and increasing.” If the component rating for asset quality does not reflect the level of supervisory concern posed by credit risk as identified by the RAS, the component rating may be changed. Additionally, examiners consider their assessments of risk management practices for each of the risk categories when assigning management component ratings. Using the RAS and the CAMELS rating system in this manner provides an important verification of planned activities and supervisory findings. (Updated 12/03/2015)"

The Third Development

Lastly, there is the the third argument - "supervisors have adopted another series of unwritten, or in some cases written, rules (albeit none with any basis in statute) that translate those low ratings or other supervisory issues into a bar on expansion."

Let's first deal with Community Reinvestment Act (CRA) ratings and Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance.  CRA performance ratings and the BSA/AML compliance record must be taken into account when a regulator is asked to approve any corporate expansion.

By statute, the CRA rating must be taken into account when making such a decision.  After the 9/11 terrorist attacks on the Twin Towers and the Pentagon, terrorist financing concerns, which found form in the USA PATRIOT Act, required BSA/AML compliance to be taken into consideration also.

Where an "unwritten" factor may exist could be the nature of the collective psyche of bank regulators.  They have a conservative tendency in the administration of the legally-assigned banking industry oversight duties.  Although there have been a handful of notable exceptions in the history of bank supervision (subprime lending, Option ARMS, etc), bank supervisors tend to restrain entrepreneurial expansion until the risk management infrastructure is built and is operating consistent with the bank's risk appetite.  Putting the horse in front of the cart, and not vice-versa.

But the Authors are Making a Point

Are there rips in the fabric and firmament of  the bank supervision CAMELS rating cosmology.  Yes.  Do they need to be addressed as soon a practicable?  Yes.

There are occasional situations where the assessment of financial condition and risk management practices are in a state of tension.  Lacking clear, enunciated decision criteria for field examiners (and their accompanying internal layers of review), subjectivity will likely drive the decision.

Let's look at a couple of examples:

CAMELS Capital Adequacy Component Rating

Let's take XYZ Community National Bank.   XYZ Community National Bank happens to sport the highest risk-based capital and leverage ratios in the nation.  Credit risk, interest rate risk, operational risk, etc. are all well-controlled.  A unique and proud distinction reflecting the severe risk-averse nature of the family that owns the bank.  The CEO remembers that she received the OCC's Guidance for Evaluating Capital Planning and Adequacy , but filed it away after scanning it briefly, since it seemed irrelevant considering the bank's quite pleasant circumstances capital-wise.

Alas, at her own risk, she failed to read this dark and ominous threat embedded in the text of the capital planning guidance:

"A bank’s failure to have an effective capital planning process may be an unsafe and unsound banking practice. If a bank does not have an effective capital planning process that is commensurate with its overall risks, the OCC may require immediate corrective action.  An ineffective or weak capital planning process may invalidate the bank’s internal capital assessment and necessitate that examiners determine an appropriate capital level.  The OCC may impose higher capital requirements if a bank’s level of capital is insufficient in relation to its risks; determining the appropriate capital level is necessarily based in part on judgment grounded in agency expertise.  Potential OCC actions to ensure adequate capital may include, as deemed necessary, an individual minimum capital ratio, memorandum of understanding, formal written agreement, consent order, cease-and-desist order, or a prompt corrective action directive."

Sensing that she was having a James Comey moment, the bank CEO got the impression from the behavior of the examiner-in-charge, when he subsequently pointed out the written text of the OCC bulletin, that this set of best practice guidance (disseminated without notice and comment) was, in fact, a direction and not a suggestion or a recommendation.

Sprinkled throughout the guidance is the sweeping broad-brush phrase "commensurate with its overall risks", but the OCC guidance still requires that there be an identifiable capital planning process, and further, attaches certain specific corporate governance requirements to that capital planning process.

XYZ Community National Bank has the highest capital ratios in the nation, but no capital planning process.  How is the examiner going to rate the Capital component of the CAMELS rating for XYZ Community National Bank?  Now, to add an additional degree of difficulty to the judgement - what if the extreme ends of this example were not so clear cut?

CAMELS Management Component Rating

Or let's take this recent example: "Regulators ding Wells Fargo's community-lending record, citing accounts scandal".  Wells Fargo is a systemically-important megabank that managed through the worst financial crisis since the Great Depression with a solid financial footing.  By all public accounts, the management of the bank seems to manage the bank's panoply of other risks adequately, but obviously not compliance management risk, nor operational risk, nor reputation risk, nor (possibly) strategic risk.

How do you think the bank supervisors rated the overall Management component of the Wells Fargo CAMELS rating?

Here, let me help you with the official rating criteria for the Management CAMELS component:

1  - A rating of 1 indicates strong performance by management and the board of directors and strong risk management practices relative to the institution's size, complexity, and risk profile. All significant risks are consistently and effectively identified, measured, monitored, and controlled. Management and the board have demonstrated the ability to promptly and successfully address existing and potential problems and risks.
2  - A rating of 2 indicates satisfactory management and board performance and risk management practices relative to the institution's size, complexity, and risk profile. Minor weaknesses may exist, but are not material to the safety and soundness of the institution and are being addressed. In general, significant risks and problems are effectively identified, measured, monitored, and controlled.
3  - A rating of 3 indicates management and board performance that need improvement or risk management practices that are less than satisfactory given the nature of the institution's activities. The capabilities of management or the board of directors may be insufficient for the type, size, or condition of the institution. Problems and significant risks may be inadequately identified, measured, monitored, or controlled.
4 -  A rating of 4 indicates deficient management and board performance or risk management practices that are inadequate considering the nature of an institution's activities. The level of problems and risk exposure is excessive. Problems and significant risks are inadequately identified, measured, monitored, or controlled and require immediate action by the board and management to preserve the soundness of the institution. Replacing or strengthening management or the board may be necessary.
5  - A rating of 5 indicates critically deficient management and board performance or risk management practices. Management and the board of directors have not demonstrated the ability to correct problems and implement appropriate risk management practices. Problems and significant risks are inadequately identified, measured, monitored, or controlled and now threaten the continued viability of the institution. Replacing or strengthening management or the board of directors is necessary.

The rating?  Beats the hell out of me.  Could be a 3.  Could be a 4.  Those ratings are confidential so we, the general public, will never know.


So while there is much for me to disagree with in The Clearing House article, I do agree that, in certain circumstances, CAMELS ratings decisions may have an aura of mysticism.  Thus, frustrating the ability of others to fully understand the CAMELS rating decision.

The OCC Ombudsman posts appeals summaries to the OCC website, but the last CAMELS rating appeal summary was published two years ago, in the second quarter of 2015.  The last appeals summary of any sort was dated the first quarter of 2016.  And, frankly, there are very few bank appeals in any given year anyway.  CAMELS-related appeals summaries could be very helpful in understanding the rating process, but they are very scarce.

Maybe the independent appeals process and examination quality control provisions of what has been titled the Financial CHOICE Act will help in this respect and also help address some of the other concerns mentioned by the authors of  The Clearing House article.

Monday, March 20, 2017

National Bank Charters for Fintech:
  Back to the Future?

Image result for fintech companies
credit: Business Insider

After a long and deliberate process of soliciting public input through multiple discussion documents and a forum on responsible innovation, Tom Curry, the Comptroller of the Currency, has just released his agency's draft Licensing Manual Supplement called Evaluating Charter Applications from Financial Technology Companies and a companion document titled OCC Summary of Comments and Explanatory Statement: Special Purpose National Bank Charters for Financial Technology Companies.

These documents are the result of a call for comments on an earlier document issued by the OCC on December 2, 2016 titled Exploring Special Purpose National Bank Charters for Fintech Companies.

In a nutshell, it contemplates the creation of a Special Purpose National Bank (SPNB) charter for the purpose of supporting responsible innovation in the financial technology (fintech) sector.  The charter would be an alternative to state-by-state licensing and, by providing a Federal licensing option, it is consistent with the tradition of the dual-banking system here in the United States.  The proposal, to me, is an honorable and admirable effort to expand the arc of what we call "banking" in order to keep up with the times.

The OCC received over 100 comment letters.  Most were supportive, but several were critical.  Some legal objections were raised, but we can leave that to the lawyers to sort out along the way.  I was more concerned with the regulatory policy decisions; and three, in particular, trouble me:


First, I think the OCC is dodging public accountability through the lack of transparency in a vital piece of the charter approval process - the operating agreements.  For those not familiar with OCC's operating agreements, they are the "guardrails" which newly-chartered banks must steer between during the initial years of their operations.

The operating agreements are a critical part of the synthetic regulatory architecture that the OCC has to custom-build for those SPNBs who otherwise would not be subject to certain important legal requirements affecting "normal" national banks due to the SPNB's lack of deposit insurance and/or bank holding company status.

The OCC plans to announce the existence of an operating agreement, but will not disclose its contents.  That smacks of hiding the ball and provides no way for the public to assess the strength, effectiveness, and durability of the OCC's feat of custom-tailored regulatory architecture.

This layer of "regtech" overlaying the fintech in these SPNBs looks too much like our collective infatuation with the financial engineering craze of the early 2000's that later brought us boomerang products like Collateralized Debt Obligations (CDOs) and other financial derivatives that unexpectedly turned toxic.

The operating agreements for SPNBs need to see the light of day.

The Role of the Fed

Second, is the troubling wink-and-a-nod telegraphing, via footnote 17 in Exploring Special Purpose National Bank Charters for Fintech Companies, of the ability to avoid Federal Reserve Bank membership, and therefore Federal Reserve jurisdiction, by legally domiciling the national bank in U.S. territories and insular possessions.

Trivia note: The U.S. has 16 territories, five of which are permanently inhabited - Puerto Rico, Guam, Northern Mariana Islands, the U.S. Virgin Islands, and American Samoa.

Now, Tom, is that any way to treat a regulatory fraternity brother?  The Fed and the OCC need to be co-sponsors here; there are too many cross-jurisdictional issues, payments system impacts, and regulatory arbitrage risks involved with SPNBs for the OCC to go this alone.

Living Wills

Third, is the optionality regarding resolution plans or living wills. They should be required, updated regularly, and reviewed during the ongoing supervision process.  The OCC learned the hard way, with the first batch of internet banks in the late 90's, that entrepeneurial, start-up cultures that are venturing into uncertain business terrain will run into novel and unexpected situations that can complicate the receivership process.

Moreover, as these entities scale up and become more interconnected with the rest of the financial system, the OCC might be stuck with the regulatory equivalent of unscrambling an egg.  Instructive in this respect was the failure of the Penn Square Bank, N.A. in Oklahoma City on July 5, 1982.  Some of America's largest banks were brought to their knees by this small bank located in a shopping mall.

Unlike the situation with the internet banks, where the FDIC ended up holding the bag at the end of the day, SPNBs will be liquidated by the OCC.  Living wills also help reduce the agency's reputation risk.

Back to the Future

Why am I urging these changes?  President Harry Truman once said that "the only thing new in the world is the history you don't know."

Let me take you back in time, to the mid-1990's, when the OCC wanted to support another financial technology innovation - the internet bank.   Internet banks were the latest "new thing" in banking and the OCC was positioning itself to be the premier regulator of this new genre of banks.  I remember our Comptroller at the time, Gene Ludwig, saying frequently that the structure of the banking industry would soon look a lot like the bar scene in Star Wars.

The internet bank charters didn't do so well.   Here's a list, how many can you still recognize?

CompuBank, N.A., chartered by the OCC on August 20, 1997 was the OCC's first internet bank charter.  By January 2001, it was under a formal enforcement action (Compubank OCC Formal Agreement).  By April of 2001, NetBank, Inc. of Alpharetta, Georgia (an internet bank supervised by the Office of Thrift Supervision) acquired all of the deposits of CompuBank, N.A. (which then ceased operations).   The transfer of accounts from CompuBank was a fiasco for customers.  Between 4,000 to 8,000 customers had trouble accessing their deposit accounts.   NetBank, in turn, was closed by the FDIC on September 28, 2007.

The second internet bank chartered by the OCC was NextBank, N.A. on May 8, 1999.  It was subsequently closed by the FDIC on February 7, 2002 in a rare Thursday night closing.  Things were so gummed-up at NextBank, N.A. that not a soul bid for the bank and the FDIC was unable to even guesstimate an initial loss amount to the FDIC deposit insurance fund.  The subsequent assessment of the quality of OCC's supervision of NextBank, N.A. in the Material Loss Review conducted by the Office of the Treasury Inspector General was not one of our finer moments as a bank supervisor.  It remains in the OCC's Pantheon of woodshed experiences.

In the end, the Special Purpose National Bank charter proposal is also an early test of the OCC's newly-minted enterprise risk management function.  Without the changes I'm suggesting, I hope they have the risk pegged as High, and Increasing.