The Role of Examination

Last month, the Federal Reserve released proposed guidelines governing whether, and on what terms, FinTechs with novel and nontraditional charters should be able to access the Fed’s payment system via an account at a Federal Reserve Bank.  Under the proposal, access would be determined by each Federal Reserve Bank based on guidelines established by the Board.  The proposal requires the Reserve Banks to ensure at the time of application that the nonbank has established a series of policies, but does not require any future examination – whether by the Fed itself or the chartering authority – to ensure continuing compliance with the guidelines.

The proposal raises the question of why we examine banks – that is, traditional FDIC-insured banks.  Historically, three primary rationales were (1) to prevent a risk to the Deposit Insurance Fund, and ultimately the taxpayer; (2) to prevent excessive risk taking that could be produced by deposit insurance, as an obvious example of moral hazard; (3) to ensure compliance with consumer protection laws.  Post the Global Financial Crisis, a fourth rationale was added:  to protect financial stability.  (For the banking agencies, the third was largely removed in 2010, as all authority to examine, regulate and enforce the consumer financial protection laws was transferred to the CFPB for all banks with more than $10 billion in assets).

Today, regulation focuses on the first and second rationale, primarily in the form of prudential regulations including limits on risk-taking and extremely stringent capital and liquidity requirements.  For an uninsured bank (particularly one that takes no deposits), where taxpayers are not at risk and there is no moral hazard, there clearly is diminished need for such regulation.

Bank examination, however, today is not focused exclusively or perhaps even primarily on safety and soundness – that is, on financial risks that could cause material losses that imperil the solvency of the institution and cause it to fail at a cost to the FDIC Deposit Insurance Fund.  Consider:

  • First, the largest examination and corresponding bank compliance effort is focused on policies for anti-money laundering and countering the financing of terrorism.  These are not safety and soundness concerns; Congress obviously did not enact the Bank Secrecy Act and the USA Patriot Act in order to prevent banks from losing money but rather to enlist them in aiding law enforcement and national security.  The same motivation applies if bad actors choose to finance illegal activity through uninsured banks or FinTechs.  Thus, there appears no case to be made for examining an uninsured bank or FinTech processing payments any differently from an insured bank processing payments.
  • Second, a related, major examination and compliance focus is enforcement of U.S. sanctions.  (One could argue it should not be an examination focus, as the federal banking agencies have never been granted any examination, regulatory or enforcement authority by statute, but at least for now, they proceed as if they have.)  So, again, Congress or the President clearly do not impose economic sanctions on foreign enemies in order to prevent banks from losing money and depleting the Deposit Insurance Fund, but rather to promote the nation’s national security.  Thus, there appears no case to be made for examining an uninsured bank or FinTech processing payments any differently from an insured bank processing payments.
  • Third, the fastest-growing examination and compliance focus is on operational risk, which generally means cyber risk.  The concern is that bad actors – whether they be basement-dwelling miscreants or dedicated state actors – will disrupt the payment system either by denying service or destroying or disrupting data, and also potentially prey on businesses or consumers whose data they obtain.  Once again, the concern here is not primarily a risk to the Deposit Insurance Fund.  Rather, the overwhelming concerns are disruption of the payment system, a loss of privacy, potential consumer economic harm through fraud and a potential diminishment in economic commerce. Thus, there appears no case to be made for examining an uninsured bank or FinTech processing payments any differently from an insured bank processing payments.

These three examples are not three minor elements of how banks are examined.  They constitute a large percentage (and perhaps a majority) of examination time and compliance department budgets.

Thus, if the Fed believes that these issues are important and benefit from examination, then any access to the payments system should be conditioned on uninsured banks being examined by their supervisory or chartering agency in a substantially equivalent way as the federal banking agencies examine insured banks.

There is clear precedent for such a step.  Under the International Banking Act and the Fed’s Regulation K, when the Board considers an application by a foreign bank to establish a U.S. branch, it must consider whether the foreign bank and any foreign bank parent are subject to comprehensive supervision on a consolidated basis by their home country supervisor.[1]  In assessing this supervisory standard, the Board considers the extent to which home country supervisors (i) ensure that the bank has adequate procedures for monitoring and controlling its activities worldwide; (ii) obtain information on the condition of the bank and its subsidiaries and offices through regular examination reports, audit reports or otherwise; (iii) obtain information on the dealings and relationships between the bank and its affiliates, both foreign and domestic; (iv) receive from the bank financial reports that are consolidated on a worldwide basis, or comparable information that permits analysis of the bank’s financial condition on a worldwide consolidated basis; and (v) evaluate prudential standards, such as capital adequacy and risk asset exposure, on a worldwide basis.[2]

Alternatively such examination could be conducted by the Fed itself, as a condition for access to its systems.  Again, there is precedent here, as the Fed currently conducts rigorous on-site examination of the RTP system operated by The Clearing House as a condition for its maintaining a joint account at the Fed.   Further, a nonbank FinTech that grew to become a significant player could become subject to Fed regulation and examination under Title VIII of the Dodd-Frank Act.[3] 

There is an additional reason to equalize examination in this area.  If one does believe both that AML, sanctions and cyber issues are important, then a failure to examine for them in the same way regardless of charter would create a substantial arbitrage opportunity for those looking to launder money, finance terrorism, evade U.S. sanctions or launch a cyberattack against the nation’s critical financial infrastructure. So, all the more reason for parity.

[1] 12 U.S.C. § 3105(d)(2); 12 CFR 211.24(c)(1).

[2] See, e.g., FRB Order No. 2021- 06 at 2 (May 24, 2021).  

[3] Title VIII among other things provides for expanded Federal Reserve supervision and regulation of payment, clearing, and settlement systems designated as systemically significant by the Financial Stability Oversight Council.