Stories Driving the Week
Top Takeaways from the Hill’s Regulator Hearing
Here are the major policy themes from the House Financial Services Committee hearing on oversight of prudential regulators this week.
- Are FinTech risks best handled within the system: Michael Hsu, the new OCC Acting Comptroller, said the agency must figure out where FinTechs fit in the banking system and develop a unified strategy with the FDIC, Federal Reserve and state regulators. “[S]ome are concerned that providing charters to fintechs will convey the benefits of banking without its responsibilities,” Hsu said in written testimony. “Others are concerned that refusing to charter fintechs will encourage growth of another shadow banking system outside the reach of regulators. I share both of these concerns.” The remarks imply a departure from the laissez-faire approach of his predecessor, Brian Brooks, but leave an opening to bring FinTechs into the banking system, perhaps just with stricter oversight. Hsu warned later in the hearing that bringing FinTechs into the system would be “easier said than done.”
- Banks passed the ultimate stress test, and they remain strong: The COVID shock was unprecedented, but it proved that the Federal Reserve’s stress testing program works. Federal Reserve Vice Chair for Supervision Randal Quarles said, “We can have particular confidence in the framework when it is supplemented and informed by a real-time stress testing regime.” Quarles reiterated that it was “prudent” to limit capital distributions in the pandemic given that this was the first real-world test of the post-2008 system, but going forward, regulators should rely on the existing system to limit bank shareholder payouts in times of market stress, rather than layering extra restrictions. “In the future, having learned the lessons of this test, we will be able to rely on the automatic restrictions of our carefully developed framework when the stress test tells us the system will be resilient, rather than impose ad hoc and roughly improvised limitations,” he said in prepared testimony.
Banks served as a source of strength in pandemic-stressed markets and remain strong supporters of the economic recovery, Quarles said. “Higher levels of capital and liquidity, better risk management, and more robust systems let them absorb an unprecedented shock—while providing refuge from market instability, delivering essential public aid, and working constructively to support borrowers and communities,” he said, adding that the U.S. banking system is actually more liquid and better capitalized today than a year ago with over $100 billion in additional loan loss reserves, leaving it well-positioned to weather future shocks.
FDIC Chair Jelena McWilliams highlighted banks’ essential support for the economy through PPP lending in her testimony.
- CRA redo on the horizon: The OCC said this week it will “reconsider” its June 2020 rule on Community Reinvestment Act regulations. Hsu provided more details in his testimony. “All options are under consideration, including rescinding or substantially revising the current rule and working with the Federal Reserve and FDIC on a joint proposal,” Hsu said, adding that the OCC will seek public input on any changes. Additionally, Hsu and McWilliams both discussed financial inclusion as a priority for their agencies – the FDIC is targeting unbanked consumers with a public outreach campaign, and the OCC is spearheading “Project REACh” to expand credit access for the “credit invisible.”
- Climate: Hsu said the agency is considering joining the Network for Greening the Financial System, an international group of central bankers and bank supervisors focused on climate issues. He also said the OCC should support “development and adoption of effective climate risk management practices at banks.” That could involve actions such as hosting conferences on climate risk management or evaluating how banks identify and manage climate-related risks. The FDIC’s McWilliams said her agency will continue to monitor climate-related risks. Quarles said it is not the Fed’s job to “use the financial system as a tool of broader climate policy.”
- Cyber: Both Hsu and McWilliams touched on cybersecurity as a major risk to the banking sector in their testimonies. As part of the nation’s critical infrastructure, banks’ cybersecurity efforts are likely to garner attention given the recent Colonial Pipeline ransomware attack.
- Leverage ratio: The Fed is reviewing the design and calibration of the supplementary leverage ratio, “which was originally gauged for a financial system with far lower levels of cash reserves and a much smaller Treasury market” according to Quarles. Back in March, the Federal Reserve had indicated that it would be seeking comment on proposed modifications to the SLR soon. Quarles said the central bank wants risk-sensitive capital requirements (those that consider the risk of each asset a bank holds) to be the binding limits on bank balance sheets, rather than leverage ratios, which treat all assets the same regardless of risk. Quarles indicated that “as the amount of reserves in the banking system, as the amount of deposits in the banking system grow,” the Fed will be monitoring it very closely. “Right now, it doesn’t seem to call for change, but it’s something that we’ll be looking at very closely in the coming months,” he said of leverage ratios generally.
- Fair access: Hsu said he does not intend to revisit the “fair access” rule that was finalized by former Acting Comptroller Brooks, but which never became legally effective and has been in a state of permanent pause since Brooks left. Hsu demurred when Rep. Maloney suggested he actively seek to formally rescind Brooks’s action. This leaves open the possibility that rule could be revisited under a future Comptroller.
- ILCs: FDIC Chair McWilliams said the agency’s framework requires ILC parents to serve as a “source of strength” for the ILC if it struggles financially. She said it is up to Congress to change ILC supervision rules as it sees fit. “As a regulator, I’m comfortable where we are,” she said. Lawmakers of both parties pressed McWilliams on the issue of ILCs commingling banking and commerce.
The President’s Cyber E.O. is a Strong Start. Now It’s Congress’s Turn to Act
A string of recent high-profile incidents has made it clear our nation’s cybersecurity defenses are woefully inadequate. These events — starting with the SolarWinds compromise in December 2020, followed by the Microsoft Exchange Server hack and most recently the ransomware attack against Colonial Pipeline — illustrate two things: 1) it’s not a question of “if” but rather “when,” and 2) borders do not exist in cyberspace. Whether you are a small mom-and-pop shop, a large corporation or a government agency, even the most sophisticated organizations can be vulnerable, according to a new BPI blog by Heather Hogsett, Senior Vice President, Technology & Risk Strategy.
The recent Executive Order (Order) on Improving the Nation’s Cybersecurity is a far-reaching and important step, but there is still more to be done, and Congress should pass complementary legislation to address remaining gaps. There is a need for greater action on the part of both private sector critical infrastructure owners and operators and the government to improve transparency when critical infrastructure data may be impacted by a breach. Congress also needs to create effective processes for collaboration between intelligence agencies and critical infrastructure.
OCC Moves Toward CRA Overhaul
The OCC this week signaled it will revamp its Community Reinvestment Act approach. The agency said in a bulletin that it will reconsider its June 2020 final rule on CRA regulations and will not finalize a December 2020 proposal on benchmarks and thresholds related to that rule. The OCC had issued its CRA regulations on its own, and BPI has urged the agency to instead join the Federal Reserve and the FDIC in crafting a common set of CRA rules across the banking agencies. “This is a welcome development, and we look forward to the OCC’s re-engagement in the interagency process to craft a unified CRA regulatory framework,” BPI’s Dafina Stewart said in a statement on May 18.
Bank Director: New Rule Settles a Vexing Problem for Bank Exams
BPI CEO Greg Baer was quoted in a Bank Director article this week about the banking agencies’ rule clarifying that supervisory guidance does not have the force of law – a concept that BPI and the American Bankers Association petitioned regulators under the Administrative Procedure Act to codify. “It’s remarkable how much guidance the agencies have issued over the years,” Baer said.
White House Climate Order Directs FSOC to Examine Climate Risk
A new executive order released May 20 will direct the Financial Stability Oversight Council to issue a report on climate risk and share climate-related financial risk data. The order is largely the same as a draft from last month, which prompts the OMB director to consult with other agencies to identify drivers of federal climate-risk exposure and develop ways to parse such risk for the presidential budget calculations, among other items.
OCC Risk Report Highlights Climate, Cybersecurity
The OCC’s Semiannual Risk Perspective, released this week, highlighted climate risk and cybersecurity as potential threats to banks’ safety and soundness. Growing cybersecurity threats have heightened banks’ operational risks. Banks should also be vigilant about cyber risks from third-party vendors, the report said. The OCC noted that banks are in a healthy position and the economy is poised to recover well from pandemic effects. The agency also will ramp up scrutiny of LIBOR exposure among banks that still have contracts based on the reference rate, which is being phased out. It also encouraged banks to manage the risks associated with new technologies such as stablecoins and cryptocurrencies.
The report includes a graphic that shows all outstanding MRAs and buckets them by risk area, with operational and credit risk representing the vast majority of current MRAs. It also states that outstanding MRAs are down 1 percent versus the same time last year.
In Case You Missed It
Wells Fargo Launches 10-Year Commitment to Reach Unbanked Consumers
Wells Fargo this week announced an initiative aimed at expanding access to low-cost financial services for unbanked Americans, particularly consumers in underserved minority groups. The Banking Inclusion Initiative is a 10-year commitment to help unbanked individuals access “affordable, mainstream, digitally enabled transactional accounts,” the bank said in its announcement. It will focus on helping remove barriers to financial inclusion for Black, Hispanic and Native American/Alaska Native families and other underbanked and unbanked communities. The program includes outreach about Bank On-certified accounts, which offer low-cost services for unbanked customers, partnerships with minority-owned banks, financial education and a national advisory task force.
BofA Expands Affordable-Housing Program to $15 Billion by 2027
Bank of America is expanding its national affordable homeownership mortgage program target to $15 billion in mortgages to low- to moderate-income homebuyers through May 2027, the bank announced this week. The program, which helps underserved consumers build wealth, is in partnership with the Neighborhood Assistance Corporation of America, a nonprofit homeownership advocacy group. It provides mortgages without down payments or closing costs at a below-market fixed rate.
Brown Sounds Alarm on OCC Crypto Trust Charters
The OCC should reassess offering national trust charters to cryptocurrency firms like Protego, Paxos and Anchorage and halt any new nonbank charter approvals because such firms may be masking risky business models under a bank charter’s seal of stability, Senate Banking Committee Chairman Sherrod Brown (D-OH) wrote in a May 19 letter to Acting Comptroller Michael Hsu. “[I]n many cases, the companies that seek access to the benefits of a bank charter do not meet the same set of regulatory and consumer protection standards that banks are required to meet,” Brown wrote in the letter. “The recent OCC approvals of national trust charters for these cryptocurrency firms raise similar concerns.” The OCC under former Acting Comptroller Brooks granted conditional national trust charters to those three FinTech firms. “A firm that cannot meet the rigorous requirements applicable to other banks should not be allowed to present itself to the public as a bank,” Brown also said. Rep. Ted Budd (R-NC) asked Hsu about the timeline for approving any remaining trust charters during a House Financial Services Committee hearing; Hsu said the matter is “under review.”
Paxos’ national trust charter marks a further integration of FinTech into the banking system, Roll Call said in a recent article, which cites a BPI statement on FinTech access to the banking system. “A lot of FinTechs are trying to act like banks while avoiding the supervisory and regulatory framework that applies to actual banks,” BPI said. “For these FinTechs, the duties and responsibilities — and costs — that come along with a real bank license are simply too great.”
BofA to Raise Minimum Wage to $25 by 2025
Bank of America will raise its minimum hourly wage in the U.S. to $25 by 2025, the bank announced this week. The bank’s current U.S. minimum wage is $20. It will also require its vendors to pay their employees dedicated to the bank at least $15 per hour.
Fed Senior Lawyer McDonough Joins OCC
The OCC this week named Federal Reserve attorney Benjamin McDonough as Senior Deputy Comptroller and Chief Counsel. McDonough, who until now served as an Associate General Counsel in the Federal Reserve’s Legal Division, starts at the OCC this week and will formally assume the new his position on June 7. “Ben brings a fresh perspective, deep bank regulatory experience, and strong interagency relationships to our leadership team,” Acting Comptroller of the Currency Mike Hsu, who took over the agency’s top role in recent weeks, said in a press release. McDonough will succeed Jonathan Gould, who has held the office since 2018, will stay on through June 4 to help with the transition, and then plans to return to the private sector.
Biden Infrastructure Plan Includes Cybersecurity Spending Boost
The White House infrastructure proposal would increase cybersecurity spending by billions of dollars, according to a Bloomberg article this week. The $2 trillion proposal would provide $20 billion to state, local and tribal energy systems to improve their cybersecurity, and $2 billion to bolster grid resilience in high-risk areas, according to the article. Cybersecurity is an increasingly prominent risk to critical infrastructure following the ransomware attack on Colonial Pipeline that left the East Coast scrambling for gasoline. The White House released an executive order on cybersecurity last week, which BPI applauded as an encouraging step toward embedding best practices already used by the banking sector across government agencies and contractors. BPI’s Heather Hogsett published a blog post this week encouraging Congress to fill in gaps in cybersecurity policy not addressed by the executive order.
Financial Regulators Extend Comment Deadline for AI Information Request
Five financial regulatory agencies announced this week that they will extend the comment period deadline on their request for information on how financial institutions use artificial intelligence to July 1, 2021. The original deadline was June 1. The agencies – the Federal Reserve, FDIC, OCC, CFPB and NCUA – seek to understand financial institutions’ use of AI in fraud prevention, personalized customer services, credit underwriting and other areas. They also want to understand governance and risk management of AI and the challenges financial institutions face in developing, adopting and managing it. FDIC Chair McWilliams said in congressional testimony this week that she hopes to implement the input from the RFI in the agency’s regulatory standards to allow banks to use AI tools to improve their supervisory processes and their customer service.
FDIC Seeks Information on Banks’ Digital Assets Activities
The FDIC announced this week that it is gathering information and comments from banks on how they use digital assets. The information request comes as some banks are beginning to offer digital asset services, such as custody services. Comments are due by July 16, 2021.
BPI CECL Research Featured in Bloomberg
BPI research on the CECL accounting standard and bank loans during COVID was covered in a Bloomberg Tax article this week. “If the banking agencies had not dampened the impact of CECL on regulatory capital at the onset of the pandemic, the decline in regulatory capital would have likely forced banks to reduce lending more broadly,” the research says, as quoted in the article.
Graham Cluley: Cyberinsurance Giant AXA Hit by Ransomware Attack After Saying it Would Stop Covering Ransom Payments
AXA, a French insurance firm that has offered cyber insurance, was hit with a ransomware attack soon after saying it would no longer cover ransomware payments, according to an article this week by Graham Cluley. Ransomware insurance has been the subject of debate, with some arguing that it encourages more attacks if hackers assume insurers will pay up. The AXA attack affected the firm’s operations in several Asian countries.