The MRA is the Core of Supervision, but Common Standards and Practices are MIA

A Matter Requiring Attention, or MRA, is the vernacular by which bank examiners communicate criticisms to a bank’s management or (increasingly) the board of directors.  Interestingly, MRAs have no origin or even reference in law or regulation; rather, they have grown up as an informal convention in the examination process, and since taken formal root.

Because MRAs are issued through the examination process, they have properly been designated by the supervisory staff as constituting confidential supervisory information.  (While presumably not confidential, aggregate information on the number or type of MRAs being issued system-wide is not disclosed either.)

Given that MRAs are confidential supervisory information, much of what follows is the product of word of mouth lore, some personal experience, and recent conversation with bank counsel.

The MRA Revolution

Traditionally, MRAs were used by bank examiners to direct banks to remediate unsafe and unsound practices or significant violations of law identified during the examination; other, less important, criticisms were included in an examination report or supervisory letter, but not so labeled.1  Post-crisis, however, both the Federal Reserve and the OCC have issued guidance – characteristically, without notice and comment – that defines what constitutes an MRA.  That guidance seems to offer a broader definition – in fact, two different, broader definitions.2

Federal Reserve Definition (from Supervisory Considerations for the Communication of Supervisory Findings, SR 13-13) (2013)OCC Definition (from Bank Supervision Process, Comptroller’s Handbook) (Updated 2014)
“MRIAs arising from an examination, inspection, or any other supervisory activity are matters of significant importance and urgency that the Federal Reserve requires banking organizations to address immediately and include:

1. matters that have the potential to pose significant risk to the safety and soundness of the banking organization;

2. matters that represent significant noncompliance with applicable laws or regulations;

3. repeat criticisms that have escalated in importance due to insufficient attention or inaction by the banking organization; and

4. in the case of consumer compliance examinations, matters that have the potential to cause significant consumer harm.

…MRAs constitute matters that are important and that the Federal Reserve is expecting a banking organization to address over a reasonable period of time, but when the timing need not be ‘immediate.'”
“Matters Requiring Attention (MRA) describe practices that:

– Deviate from sound governance, internal control, and risk management principles, and have the potential to adversely affect the bank’s condition, including its financial performance or risk profile, if not addressed; or

– Result in substantive non-compliance with laws and regulations, enforcement actions, or conditions imposed in writing in connection with the approval of any application or other request by the bank.”

Although the differences here are not dramatic, they are puzzling given that the legal basis of each agencies’ supervisory powers—its statutory authority to prohibit unsafe and unsound practices or violations of law – is the same (i.e., section 8 of the Federal Deposit Insurance Act).4

Practice, however, differs significantly from either version of the guidance.  There is now a widespread understanding that examiners routinely issue MRAs for issues that would not meet either the Federal Reserve or OCC’s definitions.  Instead, they are frequently issued on matters of no material impact on the firm’s financial condition or its key risk management and other controls.

Thus, consider the guidance issued by the OCC, which very reasonably requires that every MRA be based on either (i) a problem that could adversely affect the bank’s condition or (ii) substantial non-compliance with law or a prior enforcement action.  Most bank management would be shocked to know that the bar is set that high, as we understand that the great majority of MRAs meet neither test.  For example, as one scours the OCC’s voluminous 2013 vendor management guidance – any violation of which can trigger an MRA – one finds it difficult to find any standard the violation of which would either imperil financial condition or violate a law.  Such standards include, for example, the need to develop a contingency plan of response just in case a vendor –any vendor – changes its business strategy, and to review each vendor’s “succession and redundancy planning for key management and support personnel.”

In addition to their definition, the form and function of MRAs also appear to have changed significantly in other ways.

  • MRAs are issued more frequently.
  • MRAs have a more immediate and significant impact on a bank’s Management rating, which in turn often determines its composite rating.
  • MRAs are generally expected to be raised to the board of directors.

In short, MRAs have decreased in materiality yet increased in number and consequence.  As a result, there has been a reported massive reallocation of senior management and board time to matters of little actual importance.  In addition, a vast consulting-industrial complex has sprung up around the new high-volume, low-value MRA model.  That is a reflection of the stakes, which are exceptionally high: supervisors have made abundantly clear that failure to resolve MRAs can result in management downgrades or escalation to formal or informal enforcement actions, and compliance and other personnel know that their careers will also be endangered if MRAs are not remediated to examiners’ satisfaction.

In short, MRAs have gone from a vernacular for examiner criticisms in the examination process to mini-enforcement actions that are often based on immaterial issues.  (They are also effectively unappealable in practice, as law professor Julie Andersen Hill has shown.)

Rethinking the MRA Framework

For all of these reasons, we believe the banking agencies’ MRA framework is in serious need of reform.  And we can think of no better process for that reform than the one prescribed by law – notice and comment rulemaking.  Thus, given the overwhelming importance of MRAs to the bank supervision process, the Federal banking agencies can and should review their MRA definitions, subject those definitions to public notice and comment, and establish revised definitions.  And in importantly, they should do so jointly and uniformly, ideally through coordination at the FFIEC, and arrive at a single, uniform standard.

In the process of doing so, we can think of at least three specific issues that the agencies ought to examine, seek public comment on, and address in a consistent manner:

1.  Appropriately limiting MRAs and MRIAs to unsafe and unsound practices and significant violations of law

The articulated standard for MRAs should mirror the legal authority by which they are issued – that is, any definition should make clear that MRAs must be limited to the remediation of (i) unsafe and unsound practices that may materially impair financial condition, and (ii) significant violations of law.  That definition should also make equally clear that MRAs should not be used as a means to communicate (and demand conformance with) supervisory preferences or best practices, or to enforce non-binding guidance or “supervisory expectations,” as has become increasingly common.

That review and redefinition can also be used to restore both materiality and prioritization to the MRA process.  For example, a revised, uniform standard should make clear that MRAs ought to be focused on problems that are significant and would have meaningful consequences, and not on those that are minor, trivial, or theoretical.  To be clear, deciding what “materiality” should mean in this context is not a simple exercise; it certainly demands substantial thought to identify and articulate what is and is not material.  But that is precisely why it ought to be done with the benefit of a deliberative public notice and comment process.

Similarly, a revised standard could also provide a better sense of prioritization, separating the most important MRAs from the less important ones, and ensuring there is clear alignment between supervisory views about the gravity of a problem and the relative time and attention that firm management allocated to resolving it.  (Such prioritization is already to do some degree captured by the Federal Reserve’s current MRA/MRIA dichotomy, but that dichotomy is more focused on timing rather than substantive importance, and is not particularly granular.)  A key part of that prioritization could be a standard for identifying when MRAs should directed to management, and when they should be directed to both management and the board.  (We note that, in a positive step forward here, the Federal Reserve has recently proposed such a distinction in its August 2017 proposed guidance on board effectiveness.)

2.  Creating alternative avenues for communicating examiner observations and preferences

None of the above is to suggest that examiners should limit their examinations and reviews only to those issues that rise to the level of unsafe and unsound practices or violations of law.  Examiners can, of course, add significant value in areas that do not meet those standards.  What is needed, however, is a lexicon by which they can convey criticism, or raise ideas, without having to sound the alarms of an MRA. For example, the agencies could consider creating a new category – “Matters for Discussion,” or “MFDs” – that are designed to capture other examiner observations, criticisms, or concerns that don’t qualify as MRAs or MRIAs.  This approach would provide the basis for a robust and candid dialogue between supervisors and banks on other issues.

3.  Ending the use of “industry MRAs”

Finally, revisiting the MRA standard would permit the agencies to formally and publicly terminate the existing (and pernicious) practice of so-called “industry MRAs” – that is, supervisory directives that are not specific to any one bank’s practices, but instead are issued to multiple firms in essentially identical terms.  There is a general sense that such industry MRAs have become increasingly common – most notably, they were a key part of the leveraged lending guidance episode, and also seem to be a growing part of the CCAR and living will exercises.  (Again, we cannot say with any certainty, as industry MRAs are deemed CSI by supervisors, and thus cannot be discussed openly.)  The problem with these industry MRAs, of course, is exactly that:  that in substance they are generally applicable and binding agency rules, not legitimate supervisory findings, but are shielded from public view and comment.  If the agencies wish to establish new, binding standards that all or a subset of banks must follow, the law requires that they do so via notice-and-comment rulemaking, not secret supervisory directive.


[1] As best we can tell, the documentary origin of the MRA was the introduction of a “Matters Requiring Board Attention” page to the then-four Federal banking agencies common core Report of Examination.  See Interagency Policy Statement of the Uniform Common Core Report of Examination (1993), available atwww.occ.gov/static/news-issuances/bulletins/pre-1994/examining-bulletins/eb-1993-7a.pdf.

[2] We also note that, notwithstanding the fact that the MRA standard has an enormous impact on how and when bank supervisors may force banks to take certain actions, it has never been subject to public notice and comment, nor submitted to Congress under the Congressional Review Act.  It is, rather, unilateral guidance, which the banking agencies have recently affirmed “does not establish legally binding standards, is not certain or final, and does not substantially affect the rights or obligations of third parties.”  See Government Accountability Office Letter to Sen. Pat Toomey (Oct. 19, 2017), available at www.gao.gov/assets/690/687879.pdf.  We suspect that is news to banks who are frequently directed via MRA to make substantial changes to their businesses and practices, under threat formal enforcement action.

[3] An “MRIA,” or “Matter Requiring Immediate Attention,” is a variant of MRA unique the Federal Reserve, and is self-evidently an MRA that is considered to be more urgent.  We note that the Federal Reserve has recently proposed to rescind and replace SR 13-13 in the context of its proposed guidance on supervisory expectations for boards of directors (82 Fed. Reg. 37219 (Aug, 9, 2017), but the relevant definitions remain effectively identical under that proposal.

[4] We focus here on the OCC and the Federal Reserve given their central importance in supervising U.S. banks and bank holding companies.  For its part, the FDIC uses a completely different vernacular and framework, which instead references “Matters Requiring Board Attention (i.e., “material issues and recommendations that require the attention of the institution’s board of directors and senior management”) and “Supervisory Recommendations” (i.e., FDIC communications with a bank that are intended to inform the bank of the FDIC’s views about changes needed in its practices, operations or financial condition).  https://www.fdic.gov/regulations/safety/manual/section16-1.pdf.