Rethinking Safety and Soundness Supervision

In the Q2 2017 edition of Banking Perspectives, Jeremy Newell and I wrote “How Supervision Has Lost Its Way.” That article garnered a lot of interest and triggered an outpouring of calls from bankers who felt that we had captured the strange, secret supervisory world they are attempting to navigate. The article concluded with a promise of proposed solutions in a future issue, and here they come.

To be clear, the focus here is (1) safety and soundness supervision, (2) of banks (as opposed to their holding companies or non-bank affiliates), and (3) large banks in particular. That is not to say that safety and soundness supervision should not be rethought for non-bank affiliates of large banks, or for community banks, but they are not the focus of this article. (Indeed, as we go to press, the Federal Reserve Board has just proposed a new rating system for bank holding companies.)

To begin, here are principles that could guide a thoughtful re-evaluation of how safety and soundness supervision of large banks should be conducted.

Principles for Reform

Safety and Soundness Should Be Examined and Evaluated Independently from Compliance
Prior to the last seven or so years, banking supervision generally separated safety and soundness from consumer compliance. Indeed, the CAMELS rating system was adopted in 1978 and followed in 1979 by a separate consumer rating system. There are two reasons for supervisors to bifurcate: (1) it’s a good idea, and (2) it’s the law.

It’s a good idea to separate safety and soundness from consumer compliance because they are two different functions with very different goals. Thus, a bank with strong capital and earnings should be evaluated for consumer compliance purposes in the same way as one with weak capital and earnings. Conversely, a bank that commits a violation of a consumer law should be evaluated for safety and soundness purposes in the same way as one that does not. While the first proposition these days seems uncontested, the latter has been implicitly rejected by at least some bank examiners. Indeed, much of “How Supervision Lost Its Way” detailed the problems that arise when examiners contort to treat healthy banks as having soundness problems based on compliance violations or immaterial process fouls and use that supposed unsoundness as grounds for blocking expansion.

The law is crystal clear. On the consumer compliance side, Section 1011 of Dodd-Frank provides that the CFPB “shall regulate the offering and provision of consumer financial products or services under the Federal consumer financial laws.” The Bureau is granted clear and exclusive rulemaking authority. With respect to banks with more than $10 billion in assets, “The Bureau shall have exclusive authority to require reports and conduct examinations … (a) for purposes of – (A) assessing compliance with the requirements of Federal consumer financial laws; (B) obtaining information about the activities subject to such laws and the associated compliance systems or procedures of such persons; and (C) detecting and assessing associated risks to consumers and to markets for consumer financial products and services.”

Note: “exclusive.”

As any banker could tell you, however, the federal banking agencies have increased their supervision of consumer financial laws since being divested of it. How could that be? On to our next principle.

“Reputational Risk” is Rarely, and Likely Never, a Safety and Soundness Risk
In using compliance problems to block bank expansion, regulators often default to the following syllogism: (1) Compliance problems (including legal violations and alleged deficiencies in process that could lead to a legal violation) create “reputational risk” – that is, the risk that a violation of law could damage a bank’s reputation. (2) Damage to the bank’s reputation could lead to serious financial harm, imperiling the bank’s solvency. (3) Therefore, any compliance problem is also a safety and soundness problem. (Note: The Federal Reserve issued supervisory guidance in 1995 that identified the six primary risks that remain the focus of its supervisory program, one of which is “reputational risk.” SR Letter 95-51 (November 14, 1995). See Remarks by Federal Reserve Governor Sarah Bloom Raskin, “Reflections on Reputation and its Consequences,” at the 2013 Banking Outlook Conference at the Federal Reserve Bank of Atlanta, Atlanta, Georgia (February 28, 2013), in which she states that “…supervisors have a duty to see that all risks are fully understood, even those risks that, like reputational risk, are unquantifiable or have not fully emerged. I believe this is an area where supervision can add value. To the extent possible, supervision can unveil hidden loss exposures that may be building up through the accumulation of reputational risk elements.” The OCC’s Comptroller’s Handbook for Large Bank Supervision provides that “The OCC has defined eight categories of risk for bank supervision purposes: credit, interest rate, liquidity, price, operational, compliance, strategic, and reputation [sic].” Reputational risk, like the other risks, is evaluated by examiners during examinations, and “examiners are required to judge, based on the review of ‘core assessment factors,’ whether the risk is low, moderate, or high.” (January 2010). The OCC’s 2014 Heightened Standards for Large Financial Institutions establishes “minimum standards for the design and implementation of a risk governance framework” that is required to cover “credit risk, interest rate risk, liquidity risk, price risk, operational risk, compliance risk, strategic risk, and reputation [sic] risk.”)

 Key question: How often has damage to a bank’s reputation led to serious financial harm that imperiled a bank’s solvency? Ever?

Let’s consider the recent case of Wells Fargo. Regardless of how one views the merits of the charges brought against it, Wells Fargo has unquestionably suffered reputational damage as a result of alleged consumer compliance problems.

And what has been the effect of this reputational damage?

Let’s look at its credit default swap (CDS) spreads – the best measure of its perceived chance of insolvency, and thereby defaulting on its debt (see Figure 1).

Over the past 10 years, Wells Fargo’s spreads, like those of other companies, have varied based on economic and financial conditions. However, the “reputational risk” of the current scandal clearly has proven immaterial to those spreads. At all points since issues first came to light on September 8, 2016, however, spreads have remained significantly below their 10-year average. Indeed, they remain near their 10-year lows.

Thus, Wells Fargo appears to put the lie to the notion that consumer compliance risk is a safety and soundness risk.

The ramifications of the truth are significant for banking supervision. Banks can safely be permitted to manage their own reputations rather than having examiners manage their reputations for them. And safety and soundness supervision can go back to focusing on safety and soundness. For example, many are surprised to learn that in the wake of the clear and wholesale transfer of regulation, supervision, and enforcement over the consumer compliance laws from the banking agencies to the CFPB, the banking agencies have by all accounts increased the scope and severity of their supervision and enforcement in this area.

Agencies Should Assess Community Reinvestment when Evaluating Compliance with the Community Reinvestment Act
Aside from being improperly treated as “reputational risk,” consumer compliance has also been contorted into an assessment factor under the Community Reinvestment Act (CRA). So, consumer compliance factors are again transformed into a brake on expansion because CRA compliance is a statutory factor with regard to certain applications.

The purpose of the CRA was to require “private financial institutions [to] play the ‘leading role’ in providing the capital required for ‘local’ housing and economic development needs.” Thus, under the CRA, the ratings are defined as an “outstanding [or satisfactory, needs to improve, or unsatisfactory] record of meeting community credit needs.” The statute directs the agencies to “assess the institution’s record of meeting the of its entire community, including low- and moderate-income neighborhoods….”

Banks can safely be permitted to manage their own reputations rather than having examiners manage their reputations for them. And safety and soundness supervision can go back to focusing on safety and soundness.

Notwithstanding the fact that the CRA statute and the three assessment factors included in its implementing regulation clearly focus on credit availability, regulators have increasingly included in their assessments other criteria, particularly consumer compliance or other issues outside the scope of the CRA. (Note: Indeed, John Taylor, the head of the National Community Reinvestment Coalition and a staunch proponent of the CRA, recently criticized the regulators’ expansion beyond the original purpose of the CRA to encourage lending in underserved communities. Mr. Taylor stated, “I don’t want the message to the banks to be, ‘It doesn’t matter how good you do on the lending, if you do something wrong in another area, you could fail.’ . . . I think it’s a better idea to ding them, downgrade them, but don’t totally ignore the positive performance. You want to support that.”)

Banks Can Perform Multiple Functions at the Same Time
Improperly treating compliance issues as safety and soundness problems and CRA failures would be – to borrow a legal phrase – a “harmless error” if doing so did not have significant consequences for banks’ ability to manage themselves efficiently and serve their customers. But it does. Here we see the relevance of the Federal Reserve’s Supervisory Letter 14-02, issued in 2014, without notice and comment. (The OCC by all accounts maintains a similar policy but has not reflected it in writing.) That letter effectively states that except in rare cases, the Federal Reserve will not approve any application for expansion if, among other things, a subsidiary bank has a CAMELS rating of “3” or below, a component Management rating of “3” or below, or a Needs to Improve or Unsatisfactory CRA rating.

Competition in banking is universally recognized as good. But there will be less competition … if banks are required to measure risk in the same way and manage themselves in the same, examiner-mandated way.

For perspective, consider how odd such an approach looks in the context of other industries. If Pfizer experiences a problem with one of its drugs, the FDA does not prohibit it from developing new ones until the troubled drug is fixed. If General Motors produces deficient ignition switches, the Department of Transportation does not prohibit it from developing new vehicles or opening new dealerships until all the switches are recalled and repaired. If Target suffers a data breach, the FTC does not prohibit it from opening new stores until the FTC is satisfied with its cybersecurity. Rather, the FDA presumes that one group of researchers can fix the problem with one drug while other researchers work on other drugs; DoT presumes that different people at General Motors fix ignition switches and design cars and open dealerships; and the FTC makes the same presumption with regard to store openings and cybersecurity. In short, all of them presume that senior management can manage multiple projects at once. Only bank regulators – and only recently – presume differently. And they do so without legal basis: Neither 12 U.S.C. 1818 nor any other bank enforcement statute lists among its prescribed penalties a freeze on branching, investment, or merger.

The puzzlement is that banking regulators have less need than any other type of regulator to contort the law to enforce the law. As noted, banking regulators have extraordinary enforcement tools at their disposal – a panoply of civil money penalties, disgorgements, and debarments that can be issued for any violation of law.

The Federal Reserve’s Supervisory Letter does not appear to link its policies to the statutory standards the Board is directed to apply – for example, how an isolated, years-old problem in one of these areas could rise to the level of a finding that the bank lacked sufficient managerial resources (a statutory standard) to conduct an acquisition or offer a new product.

One hint is a statement that any firm seeking an exception to the general rule against expansion by “3”-rated banks must “convincingly demonstrat[e] that the proposal would not distract management from addressing the existing problems of the organization or further exacerbate these problems.” That statement is far more extraordinary than it first appears. We are talking about banking organizations with tens of thousands, some with hundreds of thousands, of employees. It is very difficult to imagine how senior management could not simultaneously oversee, for example, one group of employees mailing reimbursement checks to consumers under a consumer compliance settlement and another group of employees opening a branch in Philadelphia or buying an asset manager in Los Angeles.

Supervision Should Ignore Immaterial “Operational” Risks That Are Now the Predominant Focus of Current Examinations
Leaving the world of compliance and looking at how safety and soundness itself is examined, let’s consider the diminished role of materiality in that examination. Consider, for example, vendor management, which has been turned by the banking agencies into a cottage industry, requiring the retention of thousands of people to draft policies and procedures for practically any interaction with a vendor, and to document compliance with those policies on an ongoing basis. The requirements are absurdly detailed, contain no concept of materiality, and generally add nothing to safety and soundness, while generating massive costs, many of which are passed onto borrowers and other customers.

Thus, the OCC in 2013 issued a voluminous bulletin (which itself referenced and reinforced over 50 previous bulletins, advisory letters, and banking circulars) describing how banks should deal with their vendors and contractors. For example, the 2013 OCC guidance requires a bank, for any vendor or contractor it hires, to:

Review the third party’s program to train and hold employees accountable for compliance with policies and procedures. Review the third party’s succession and redundancy planning for key management and support personnel. Review training programs to ensure that the third party’s staff is knowledgeable about changes in laws, regulations, technology, risk, and other factors that may affect the quality of the activities provided.”

It is worth noting that this guidance requires a bank to effectively evaluate and monitor not merely its own training programs and succession plans, but those of multiple third parties. In addition, for subcontractors, the bank must, among other things, “evaluate the volume and types of subcontracted activities and the subcontractors’ geographic locations.”

Key question: When was the last time a bank failed because of poor vendor management? Because its vendor’s board did not have a good succession plan for the vendor’s CEO? Because the vendor chose its geographic locations unwisely? Clearly, banks these days should be very careful about cybersecurity, but (1) banks understand that fact well, (2) this guidance extends to vendors of far less importance than those presenting material cyberrisk, and (3) this guidance requires inquiry into matters that are not relevant to any actual risk that is presented.

It gets worse. In its latest Semi-Annual Risk Report, the OCC observes, “Consolidation among service providers has increased third-party concentration risk, where a limited number of providers service large segments of the banking industry for certain products and services.” Of course, the principal cause of concentration risk is the OCC’s own vendor management guidance, which gives banks overwhelming incentives to reduce the number of vendors they employ (and therefore on which they must conduct OCC-mandated due diligence) and employ only large companies that have the resources to manage the rigors of that vendor management due diligence. Small businesses need no longer apply.

Vendor management is only the tip of an operational risk iceberg here, in terms of immaterial risks that supervision micromanages. Examiners often dictate the composition of board and management committees and how minutes of meetings are kept; they monitor minutes of meetings to ensure that board members and risk or compliance personnel are providing “credible challenge” (another concept with no legal basis); they mandate reporting lines. And they do so without evidence that doing it a different way presents material risks or even presents greater risk.

“Horizontal Review” and “Best Practice” Are Recent Inventions that Are a Poor Basis for Supervision and Should be Purged from the Supervisory Lexicon
On what basis, then, do examiners tell banks how to manage themselves? The terms “horizontal review” and “best practice” do not appear in banking statute or regulation, and yet they now drive much of bank supervision. Just as “reputational risk” is code for “something we don’t like,” so “horizontal review” and “best practice” are code for “we have looked at how other banks are managing a given risk, prefer at least one of your competitors’ practices to yours, and expect you to change.” This mandate comes through a confidential supervisory communication about which the bank is legally prohibited from complaining publicly and is rarely if ever accompanied by any demonstration that contrary practices constitute a material risk to the Deposit Insurance Fund, reflects moral hazard, or are in any way a concern of the taxpayer.

We recently met with a midsized bank that had used the same credit underwriting regime for 30 years. It had produced dependable returns, and the bank had not lost money in any quarter of the financial crisis. Recently, however, it was subjected to a “horizontal review” and directed to abandon its credit underwriting system and create a new one that corresponded to what examiners perceived as the industry norm, or “best practice.” The bank is convinced that its new system is not as good the old one. But a failure to comply would have resulted in a downgrade of the bank’s management rating, and a freeze on expansion.

Competition in banking is universally recognized as good. Ultimately, for the consumer, that competition occurs in innovation and in pricing, but there will be less competition in innovation and pricing if banks are required to measure risk in the same way, and manage themselves in the same, examiner-mandated way. Of course, at a higher level, no financial crisis has ever resulted from a financial institution taking an idiosyncratic view of risk; all financial crises result from many financial institutions taking the same view of risk – in other words, adopting the same “best practice.”

It is important to note that there is a phrase akin to “best practice” that does appear in banking law and regulation: “unsafe or unsound practice.” Congress has authorized banking regulators to proscribe practices that are found – after notice and an opportunity for a hearing – to constitute an unsafe or unsound practice, generally understood to mean a practice that imperils the safety and soundness of the institution. In effect, Congress has said that banks are free to develop different and competing practices, so long as they do not rise to the level of unsafe or unsound. But “unsafe and unsound” is a high bar from an evidentiary perspective, and due process can be a bother, so bank supervision has shifted from these concepts to “best practices” enforced by MRAs (Matters Requiring Attention) that are effectively unappealable.

“Sanctity of the Charter” is Another Concept with no Basis in Law, and No Clear Logic Behind It
This phrase, again rootless in law or regulation, has become another touchstone for OCC regulation. It is used to require independent management of a bank in numerous ways, without analysis of whether the costs of duplicating functions managed enterprise-wide at the holding company level exceed the benefits. Think: separate audit, CFO, compliance, legal, and other functions. Certainly, one can debate the extent to which an insured depository institution should be managed independently of its parent, but that is a question that should be the subject of notice and comment rulemaking and the product of serious analysis. (Note: For example, the OCC has stated that it is one of the primary fiduciary duties of an institution’s board of directors’ to preserve the sanctity of the charter, which it describes as the board’s duty “to ensure that the institution operates in a safe and sound manner … and to ensure that the bank does not function simply as a booking entity for its parent and that parent company decisions do not jeopardize the safety and soundness of the bank.” Former Comptroller Thomas J. Curry explained that “We also want boards and management to fulfill their fiduciary responsibility to preserve the sanctity of the federal bank charter. When I refer to the sanctity of the charter, I have something very specific in mind. We want to be sure that national banks and federal thrifts are not just treated as booking entities for the holding company. The federal bank charter is a special corporate franchise that provides a gateway to federal deposit insurance and access to the discount window, and the highest fiduciary duty of management and independent directors is to ensure the safety and soundness of the national bank or federal thrift.”)

Non-Bank Affiliates Should Be Recognized as Reducing, not Increasing, Risk to the Deposit Insurance Fund
One of the least noticed changes in Dodd-Frank was the codification of the source-of-strength doctrine. Also routinely underappreciated is the impact of the Federal Reserve’s total loss absorbing capacity (TLAC) rule when coupled with the single-point-of-entry resolution strategy that is now the norm for banks with large non-bank affiliates. Those two changes unequivocally put holding company bondholders in a second-loss position behind equity holders (and ahead of the FDIC as insurer of any subsidiary bank.) These changes should have – but certainly have not – caused a complete rethinking of the relationship between bank and non-bank affiliate.

When I worked at the Federal Reserve Board, the holding company affiliate was perceived as a danger to the bank, and sections 23A and 23B of the Federal Reserve Act were rigorously enforced to prevent a bank from supporting a troubled affiliate and assuming its losses. Even then, there were concerns when an affiliate became large in relation to its affiliated bank. Today, with sections 23A and 23B still in place, affiliate assets are at least arguably a significant benefit to the bank and ultimately the Deposit Insurance Fund and the banks that fund it. In recovery or resolution, all of their assets are available to protect the bank, which need assume none of their liabilities.

The Primary Justification for Stringent Bank Regulation is Obsolescent
One of the most overlooked events of the financial crisis was this: at the depth of the crisis in 2009, banks paid $51.2 billion in special assessments to replenish the Deposit Insurance Fund, the overwhelming majority of which was paid by the largest banks. As a result, the Fund never required a call on the taxpayer guarantee. Thus, if the question is “Who really pays if a bank’s failure depletes the Fund?” the answer is: surviving banks, and predominantly large ones. Indeed, it is fair to say that while the Treasury retains a contingent liability, it is so far down the waterfall that one could say that the Deposit Insurance Fund has been effectively collectivized and thereby privatized. Of course, the taxpayer still retains a tail risk, but that tail has gotten significantly longer, and some supervisory consequence should seem to follow from that fact.

In other words, in the modern regulatory regime of heightened resiliency and resolvability and deposit insurance funding, how necessary is it for a bank examiner to review and effectively approve a bank’s vendor management process? Or compensation practices? Or determine whether the head of compliance should report to the chief risk officer or the chief operating officer? Or similar processes? Leaving aside the question of whether that review has any value, and stipulating that it does, what is the taxpayer interest in each bank having the same, ideal vendor management or compensation practice, rather than competing in their ability to manage those risks? As noted above, it seems very difficult to argue that this risk is material to the safety and soundness of the bank. Given how resolution and TLAC are structured to bail-in bondholders, and how the Deposit Insurance Fund is financed through assessments on other banks, it seems beyond difficult to argue that these types of risk are material to the taxpayer. And it is impossible to argue that these are systemic risks.

The Application Process and the Process for Deciding and Lifting Enforcement Actions Must Be Reformed
Currently, the process for a bank to apply to merge, branch, invest – anything, really – is opaque, extended, and not subject to accountability within the banking agencies. Numerous people throughout the agencies can delay or derail an application for innumerable reasons, but it seems that no one can expedite it or call the question. Banks frequently are encouraged to withdraw applications once someone in the process indicates an unwillingness to proceed; in many cases, applications are withdrawn because the strategic opportunity prompting the application has been lost to time. The process is at times more akin to congressional “holds” than the one laid out in statute.

Notably, among the factors that can lead to an application being frozen is the pendency of an investigation. Such investigations can be pending for years. Thus, the bank is punished with a severe sanction (limitation on growth) that could be inappropriately severe even if found guilty, even before it has been charged. In many such cases, the bank is never charged.

In numerous discussions with executives from banks of all sizes, a frequent and loud lament is not just that they cannot expand to meet the needs of their customers but that they don’t even know who at a given agency needs to give his or her approval, why it is being withheld, and how they can change the outcome. This is not a policy problem; it is a management problem.

How to Modernize and Rationalize Supervision

Applying the principles above, here are some discrete steps that could be taken to rationalize supervision.

1. Regulators should return to the practice of issuing independent safety and soundness and compliance ratings. Absent clear, documented evidence that consumer compliance problems can have a material impact on safety and soundness, federal banking agencies should leave that work to the CFPB and the Department of Justice, and instead focus exclusively on safety and soundness. Any decision to invoke a consumer compliance issue as a justification for sanction under a banking agency’s supervisory authority should require approval at the highest level of the relevant agency. (Note: The banking agencies do retain authority over the Community Reinvestment Act, which they would continue to exercise. Even here, though, as noted above, CRA compliance should not be conflated with consumer compliance. Similarly, section 1092 of the Dodd-Frank Act divested the Federal Reserve Board of regulatory authority under section 5 of the FTC Act, and granted the CFPB new authority to prescribe regulations on a standard similar to section 5. While the banking agencies do retain enforcement authority under section 5 of the FTC Act, that law grants neither the FTC nor the banking agencies examination authority. Thus, the FTC Act would not appear sufficient basis for the banking agencies to retain duplicative compliance examination functions in the wake of the transfer of broader authority – including, explicitly, examination authority over consumer laws – to the CFPB.)

2. A zero-based review of the application process should be undertaken by each banking agency. Pending such a review, the Federal Reserve should rescind its SR Letter 14-02 (establishing a series of ultra vires rules for bank expansion) and return to applying statutory standards for branching, merger, and investment applications. The OCC, which has acted similarly but without issuing public guidance to that effect, should do likewise. Any resulting application process should emphasize transparency and accountability. For example, the Governors of the Federal Reserve Board, the Comptroller, and the Directors of the FDIC should receive regular reports on applications that have been pending for more than a given period – say, 75 days – along with the reason for the delay. The pendency of an investigation should not constitute grounds for delay absent extraordinary circumstances.

3. Horizontal reviews should be used solely to inform agency regulations, published for notice and comment, after a cogent explanation of why one practice alone should be allowed to persist. Horizontal reviews should never result in ad hoc mandates to banks to change their practices.

4. “Best practices” should be redefined to as “agency-required practices” and adopted solely through regulation. And they should only be adopted when necessary to mitigate a material risk to safety and soundness.

5. MRAs and MRIAs should be considered just that, and not consent orders with penalties for noncompliance. Examiners should raise failures to remediate an MRA or MRIA to senior management or in some cases to the board of directors, but those failures should not form the basis of a halt on expansion or other sanction. If the agency believes that MRAs or MRIAs, either individually or collectively, rise to the level of an unsafe or unsound practice, it should proceed on that basis, with due notice and opportunity for the bank to be heard.

6. A zero-based review of agency guidance should be undertaken. Post-crisis, agency guidance in various forms has proliferated. The banking agencies should determine which guidance they believe should be retained. The Federal Reserve’s recent proposal on guidance applicable to boards of directors is a very thoughtful step in this direction.

7. Violations of guidance should not be the basis, directly or indirectly, for any ratings downgrade, brake on expansion, or other sanction. If an agency wishes to enforce guidance as a binding requirement, it should either (1) publish it for notice and comment under the Administrative Procedure Act, or (2) make the case that the violation of guidance constitutes an unsafe or unsound practice under 12 U.S.C. 1818. Doing otherwise is not only unwise but improper. Post-crisis, agency guidance in various forms has proliferated. The banking agencies should determine which guidance they believe should be retained. The Federal Reserve’s recent proposal on guidance applicable to boards of directors is a very thoughtful step in this direction.

8. Ratings should be rethought entirely. The Federal Reserve Board has recently proposed a significant rethinking of holding company ratings, and the banking agencies/FFIEC should do likewise. Such a review should emphasize the benefits of objective, transparent, consistent standards over subjective, opaque, and ad hoc standards. In particular, as noted in our earlier article, a management component, if retained, should not be a highly subjective wild card that can be used to deem a bank with solid capital, liquidity, and earnings to be unsafe and unsound, and thereby subject to an expansion ban. Any assessment of management should focus on financial management. A meaningful appeals process should be instituted.

9. More broadly, supervision of a bank versus a non-bank affiliate should be rethought, based on fundamental changes made by post-crisis regulation. Perhaps this topic could be addressed in a future edition of this magazine, but in any event, regulators should devote study to what TLAC and single-point-of-entry resolution means for the place of a bank in a holding company structure and how it should be regulated.

About the Author:
Greg Baer is President of The Clearing House Association and Executive Vice President and General Counsel of The Clearing House Payments Co. He oversees the legal, compliance, and litigation functions for the organization’s payments business and leads the strategic agenda and operations of the Association. Prior to joining TCH, Baer was Managing Director and Head of Regulatory Policy at JPMorgan Chase.