FRB and OCC release semiannual reports

July 7, 2019 | Financial services

Introduction

Coinciding with the federal banking agencies’ semiannual testimony¹ to Congress, the Federal Reserve Board (FRB) and Office of the Comptroller of the Currency (OCC) have released their semiannual reports on the state of the US financial system, current supervisory trends, and emerging risks.

The two reports—the FRB's Supervision and Regulation Report²  (Report) and the OCC’s Semiannual Risk Perspective (Risk Perspective)—include key insights and priorities set by the two federal agencies, which cover various themes and areas that financial institutions can expect increased regulatory supervision and scrutiny. Institutions can refer to these reports to understand the FRB's efforts to align the application of prudential standards to the risk profiles of different banking firms and the OCC's highlighted key risks, which may directly impact how these agencies will approach and tailor their regulatory and supervisory activities going forward.

The FRB's Report summarizes current banking system conditions and the FRB's recent supervisory and regulatory actions. The Report, which was first released semiannually beginning in November 2018³  and recently on May 10, 2019, highlights issues and supervisory concerns across its supervised institutions—including the large banking organization portfolio and the Large Institution Supervision Coordinating Committee (LISCC) portfolio across US bank holding companies, US banks, and foreign banking organizations. Read more on the Banking supervision and regulation report.

Two weeks after the FRB's second Report was released, the OCC issued its most recent Risk Perspective on May 20, 2019. The Risk Perspective highlights key risk themes facing the federal banking system. In its most recent release, the OCC identifies credit, operational, compliance, and interest rate as the main risks to the sector in 2019. In addition, the report discusses the emergence of financial technology (fintech) and regulatory technology (regtech) as developing contributors to risk.

Summary of the FRB supervision and regulation report

According to the Report, the financial condition of the US banking system has remained generally strong, with rising interest rates driving increases in earnings and measures of profitability reaching above their five-year averages in 2018 despite the market volatility during the second half of the year. The Report highlighted that all banking portfolios maintained overall strong capital positions, while there was a decrease in capital ratios at leveraged buyouts, a category that includes banks with more than $100 billion in assets that are not supervised by the LISCC.

The focus for 2019 across the portfolios remain under the banner of the four supervisory pillars:

1. Capital
2. Liquidity
3. Governance and controls (G&C)
4. Recovery and resolution planning (RRP).

The FRB has increased its emphasis on risk-focusing examination activities for regional and community banks, conducting more in-depth examinations for banks with high-risk activities. In addition, the FRB has taken steps to reduce supervisory burden by reducing information collection requirements for smaller banks. See below for a list of supervisory trends for LISCC firms and Large and Foreign Banking Organizations (LFBOs):

Supervision of LISCC Firms

• As shown through the FRB’s CCAR exercise, capital levels at LISCC firms are growing. These firms have experienced a more significant increase in capital ratios as compared with other portfolios. For example, the common equity tier 1 risk-based capital ratio has increased most significantly for LISCC firms since the financial crisis.
• Domestic LISCC firms have greatly increased their liquidity positions since the financial crisis and currently, hold substantial amounts of high-quality liquid assets.
• The LISCC G&C program uses horizontal and firm-specific examinations to assess the strength of LISCC firms’ governance, risk management, and internal controls.
• The RRP program for LISCC firms is conducted through horizontal and firm-specific supervisory assessments preparedness and capabilities. The program reviews the resolution plans and the assessments are included as inputs into supervisory messages to the firms.

Supervision of LFBOs

• An annual Horizontal Liquidity Review (HLR) is conducted for firms with total assets in excess of $100 billion. LFBOs have greatly increased their liquidity positions since the financial crisis and currently hold substantial amounts of high-quality liquid assets.
• LFBOs with less than $250 billion in assets are now only assessed with the CCAR’s quantitative approach. The qualitative assessment was removed because these firms generally have a lower systemic risk profile compared to the larger firms. LFBOs are also now subject to the horizontal capital review (HCR) which includes targeted evaluations of specific areas of capital planning and focuses on the more tailored standards set forth in supervisory guidance specific to these firms.
• For LFBO firms, the FRB and FDIC conduct joint point-in-time reviews of Title I resolution plan submissions. No separate supervisory activities to assess resolution capabilities are conducted. These firms are also not required to submit recovery plans, and there is no distinct review of these firms’ recovery strategy due to the firms’ simpler, less complex structures and activities.

Summary of the OCC risk perspective

Coinciding with the FRB’s supervision and regulation report, the Risk Perspective also evaluated the current condition of the federal banking system to be strong. It also mentions that although US economic growth is widely expected to slow down in 2019, the economy will be able to support loan growth and bank profitability for the remainder of the year. Below are key highlights from the Risk Perspective:

Finance and strategic risk

• The Risk Perspective, in a special segment on emerging risks, identified partnerships with fintech companies and other nonbank financial institutions as an emerging risk.
• The OCC urged banks to fully understand the risks of outsourcing critical operations to fintech companies, as more lenders look to partner with fintechs or change the way the bank interacts with customers.
• The OCC defines strategic risk as to the risk to the current or projected financial condition or resilience arising from an "adverse business decision, poor implementation of business decisions, or lack of responsiveness to changes in the banking industry and operating environment." Changing business models or offering new products and services can elevate strategic risk when pursued without appropriate corporate governance and risk management.
• Drivers of higher strategic risk include rapid industry changes, poor business decisions, imprudent or incomplete change management plans, the pressure to reduce expenses and control costs, the burden of some legacy technology systems, resource limitations, and need for the scale of operations.
• As of December 31, 2018, the OCC stated that 29 percent of banks supervised by the OCC exhibit moderate and increasing or high levels of strategic risk, a slight year-over-year increase.
• Banks should ensure that fintech partners understand the regulatory environment in which banks are required to operate. In addition, banks should guard their risk management and compliance obligations as they pursue new customers, business models, or technologies.

Operational and compliance risk

• Cyber threats continue to target vulnerabilities in the bank and third-party systems, and malicious actors continue to improve their tools such as spear phishing.
• The consolidation in the bank technology service providers has resulted in fewer entities providing certain critical services, increasing the risk to the sector if not properly managed.
• Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) risk remains high due to inadequate customer due diligence and enhanced due diligence, insufficient customer risk identification, and ineffective processes related to suspicious activity monitoring and reporting, including the timeliness and accuracy of Suspicious Activity Report filings.
• The Risk Perspective warned bank management about potential fair lending risks in using artificial intelligence to underwrite loans.
• The OCC has linked consumer compliance risk management concerns to weaknesses in change management processes. For example, some banks have failed to involve the compliance function when evaluating changes in, or additions to, products or services.

Upcoming risk considerations

Cross-report themes

One major area that both the OCC's Risk Perspective and the FRB's Report highlighted and coincided was a supervisory priority in nonbank financial institution risk exposure. With banks increasingly relying on third-party vendors for technology or fintech solutions, the OCC noted that there has been a consolidation in the bank technology service provider industry, resulting in fewer entities providing certain critical services. Furthermore, the OCC's Risk Perspective alerts that such consolidation could lead to increased risk to the banking sector if not properly managed.

The FRB’s Report lists horizontal examinations that assess nonbank financial institution risk exposure for LISCC firms as one of its supervisory priorities for 2019. Similarly, the OCC's Risk Perspective highlights how the OCC is working with interagency partners to examine related nonbank financial service providers to ensure appropriate supervisory oversight.

Other key areas that the FRB highlights as part of its LISCC supervisory priorities are governance, risk appetite, and internal controls. On these areas, the OCC's Risk Perspective encourages board and management to ensure new or revised business practices to align with the overall risk appetite of the bank, while also conduct an end-to-end review of innovative products and processes to disclose with the appropriate compliance risk evaluation.

In contrast to LISCCs, governance and controls-related supervisory work by the FRB for LFBO firms have been firm-specific. As one of OCC's identified key risks, cyber resilience has been assessed horizontally by the FRB across the LFBO portfolio, while another horizontal priority was the use of artificial intelligence for fraud and BSA/AML detection. In terms of cyber resilience, the OCC recommends banks to implement appropriate operational controls and processes and regularly validate the firm’s operational resilience to ensure bank business continuity. This step will include designating appropriate personnel with key responses and correctly identifying and managing vendors who may have access to data and control systems.

Furthermore, to prepare for horizontal examinations related to BSA/AML compliance, the OCC recommends banks to continuously monitor regulatory requirements and implement appropriate systems and processes to comply with requirements such as the Financial Crimes Enforcement Network’s final rule on "Customer Due Diligence Requirements for Financial Institutions" implemented in May 2018. With more banks exploring ways to enhance their BSA/AML compliance programs through the use of technologies such as artificial intelligence (AI) or machine learning, the OCC advises banks to conduct sound due diligence and validation of such technology solutions, while also being mindful of privacy and data governance issues.

Main takeaways

• Increase in transparency—With both Vice Chairman for Supervision Randal Quarles⁵ and Comptroller Joseph Otting⁶ have stated their goals of increasing transparency within the regulatory system, the reports reflect another step for the regulators to strengthen transparency in regulation and supervision. This transparency can provide a forward look into supervision and examination areas of focus.
• Considerations for regulatory relations—The efforts by the banking agencies to recalibrate their supervisory programs in order to effectively and efficiently achieving their goals has resulted in an increased emphasis on risk-focused examination activities, tailored to the size and complexity of the regulated institution. The summaries of examination findings provide a comparative view across portfolios, trends over time, and a high-level ability to compare one’s own institution vis-a-vis the entire portfolio.
• Emphasis on growing convergence between financial services and technology—The OCC's Risk Perspective mentions the upward trend from banks investing in and leveraging technology, including cloud computing, credit partnerships, AI, or distributed ledger technology, to reduce costs, increase efficiency, and augment speed to market. With many banks seeing earnings returning to pre-crisis levels and growing need to adapt to the merge between the financial services and technology industries, banks should consider how they could increase their capabilities and improve their systems and processes through either outsourcing or organically implementing innovative technologies.
• Calibration against internal issues management processes—The reports emphasize the current safety and soundness of the US banking system, and how the agencies are now at a stage of testing the effectiveness and efficiency of their post-crisis regulatory framework through simplifying it without sacrificing financial stability. It will be important for banks to recognize that although capital and liquidity positions may generally be stable, continued deficiencies in managing non-financial risks, such as governance, internal controls, BSA/AML, or information technology risk may place endanger their supervisory ratings.
• Communication tool—Banks should consider utilizing these reports for Board and senior management discussions to help calibrate the broader industry landscape to their own issues, examination priorities, and feedback. Armed with the FRB's analysis on examination priorities and the OCC's early warnings on emerging risks, banks should be prepared for higher scrutiny in these areas, especially if these are also self-identified or internal audit-identified issues. These issues also may represent areas that coincide with compliance plans and areas for training. As a result, these reports can serve as a "roadmap" for potential regulatory interactions. 

As further developments occur, Deloitte will issue additional updates as appropriate.

Endnotes

¹ United States Senate Committee on Banking, Housing, and Urban Affairs, “Oversight of Financial Regulators – Full Committee Hearing,” (May 2019), available at https://www.banking.senate.gov/hearings/oversight-of-financial-regulators.

² Board of Governors of the Federal Reserve System, “Supervision and Regulation Report,” (May 2019), available at https://www.federalreserve.gov/publications/files/201905-supervision-and-regulation-report.pdf.

³ Board of Governors of the Federal Reserve System, “Supervision and Regulation Report,” (November 2018), available at https://www.federalreserve.gov/publications/files/201811-supervision-and-regulation-report.pdf.

⁴ Board of Governors of the Federal Reserve System, “Federal Reserve Board announces it will limit the use of the "qualitative objection" in its Comprehensive Capital Analysis and Review (CCAR) exercise, effective for the 2019 cycle” (March 6, 2019) available at https://www.federalreserve.gov/newsevents/pressreleases/bcreg20190306b.htm.

⁵ Testimony of Randal K. Quarles, Vice Chair of Supervision, before the Committee on Banking, Housing, and Urban Affairs, United States Senate (May 15, 2019) available at https://www.banking.senate.gov/download/05/14/2019/quarles-testimony-5-15-19.

⁶ Testimony of Joseph M. Otting, Comptroller of the Currency, before the Committee on Banking, Housing, and Urban Affairs, United States Senate (June 14, 2018) available at https://www.occ.treas.gov/news-issuances/congressional-testimony/2018/pub-test-2018-61-written.pdf.

Contact us