We are likely to hear a lot more about “tailoring” when it comes to bank regulation in the U.S. It’s hard to argue with the concept that regulation and regulatory burden should be proportionate to a bank’s size, complexity, and risk. Applying that concept in a thoughtful, prudent way is quite another matter.
Background
The Economic Growth Regulatory Relief and Consumer Protection Act (EGRRCPA) raised asset thresholds for certain regulatory reporting, capital, liquidity, and stress testing requirements. Pursuant to the legislation, the Federal Reserve implemented a series of changes that sought to tailor rules for bank holding companies (BHCs) to “more closely match their risk profiles.” While supposedly risk-based, the Fed categorized firms primarily by their asset size. This meant a significant scaling back of requirements for firms with total assets in the $100-250 billion range. Size-based requirements were largely eliminated for banks in the $50-100 billion range. These rules remain in place.
The failure of Silicon Valley Bank caused some rethinking of this approach. The Fed’s post-mortem concluded that “a comprehensive assessment of changes from EGRRCPA, the 2019 tailoring rule, and related rulemakings show that they combined to create a weaker regulatory framework for a firm like SVBFG.” Some have disputed this conclusion, noting the limitations to current stress testing and liquidity requirements. However, tailoring was largely premised on the idea that regional banks like SVB posed little systemic risk. The invocation of the systemic risk exception in the cases of SVB and Signature strongly undermines this assumption. The Basel Endgame sought to pare back some aspects of the tailoring rule by making a larger group of firms subject to enhanced capital requirements. That proposal met with significant industry opposition and stands little chance of being revived in the current political environment.
Although the 2019 tailoring framework remains intact, nominees (or frontrunners) for key regulatory positions are strong advocates of tailoring. Comments by Acting FDIC Chairman Travis Hill, OCC nominee Jonathan Gould, and Federal Reserve Governor Michelle Bowman have all stressed the importance of tailoring. We are likely to see more tailoring, not less, in the coming years. But what does “tailoring” really mean as a practical matter?
Tailoring in Theory and Practice
Conceptually, tailoring makes a lot of sense. Regulators don’t have unlimited resources and should focus those resources they have on where it matters most. Focusing on the largest and most complex banks provides the most bang for your buck. The four largest banks hold 39% of U.S. banking assets, with the top fifteen holding 58%. There are also tradeoffs between effective prudential regulation and industry burden. Regulatory compliance can be especially burdensome on smaller banks and regulators should consider those burdens when establishing regulatory requirements.
Regulatory tailoring existed well before 2019. While tailoring advocates decry a “one size fits all” approach, they are largely attacking a straw man. Regulators tailor all the time. The phrase “commensurate with size, complexity, and risk” serves as practically a mantra, repeated countless times in regulatory guidance. Most of my time in Large Bank Supervision at the OCC involved covering two banks. One was a huge megabank with a varied and complex product line. The other was a considerably smaller but still substantial financial institution. OCC had 70 or more examiners at the first bank and less than ten at the second. The resulting resource constraints meant the second bank was subject to substantially fewer and less extensive exams. We didn’t need tailoring rules for that.
Regulatory and supervisory requirements for some smaller banks can still be excessive. At OTS, we supervised a tiny, tiny bank with less than $10 million in assets. The bank didn’t even carry cash at its one and only branch. If customers wanted to make withdrawals, the bank would provide a check, which they could cash at another bank. Nonetheless, we issued a Cease & Desist on the bank for, among other things, failing to have adequate Bank Secrecy Act procedures. The BSA/AML risk at the bank was literally zero!
I recall another, less extreme case. We received training on OCC’s supervisory approach when OTS merged into OCC. One of my coworkers, who was approaching retirement and in a bit of a spicy mood, started asking some questions. Community bank examiners at OCC cover portfolios of banks. They prepare and update Supervisory Strategy and Core Assessment documents for each bank. He noted that one of the documents involved a very conservative bank with about $1 billion in assets. The bank had been rated “1” (the highest rating) since time immemorial. Still, the document ran more than 20 pages. Was this necessary? I don’t remember the official response, but my view both then and now is, no.
There’s a distinction between requirements and true burden. I think of “burden” as additional requirements that a well-managed bank would not have done ordinarily and that are resource intensive. At least some of the requirements falling under tailoring weren’t especially burdensome. Consider the liquidity coverage ratio (LCR). Tailoring removed the LCR requirement for nearly all BHCs under $250 billion and significantly reduced requirements for those between $250 billion and $750 billion. The calculation isn’t especially complicated. It merely looks at the ratio of high-quality liquid assets (specified by regulation) and projected net inflows over a 30-day time horizon. The regulation also largely specifies outflow rates. There are some matters of interpretation within the LCR, but the calculation itself is quite simple. Moreover, inadequate liquidity represents an existential threat to any bank. Why wouldn’t a bank’s management want to know what happens to liquidity under stress?
Measuring reporting burden by number of line items can be misleading. Consider the Call Report, which has three different versions, depending on the size and complexity of the bank. Both Synchrony Bank ($112 billion) and PNC ($556 billion) fill out the same version (FFIEC 031). One size fits all, right? Not necessarily. Reporters only fill out those items applicable to their bank. Once we exclude lines reported as “0” or “NR,” Synchrony reported less than 40% as many line items as PNC. Other regulatory reports follow a similar pattern.
Many small and even medium-sized banks simply lack the resources to take on certain new activities prudently. Supposedly onerous regulatory requirements can be a proxy for that. CMOs started to become popular in the 1990s and many community banks wanted to get a piece of the action. However, CMOs could also be quite complex and risky. Regulators required banks to do a pre-purchase analysis to ensure what they were buying wasn’t “high risk.” Community banks typically lacked a pricey Bloomberg terminal that could do that analysis or staff that could wade through a lengthy prospectus. Some bought the CMOs anyway, often with disastrous results. But the presence of these requirements probably deterred many more.
We have a more recent case with crypto. The Acting Chairman of the FDIC recently released (previously confidential) correspondence between the FDIC and banks planning to engage in crypto-related activity. The apparent objective of the release was to show FDIC-initiated “debanking,” but a review of the correspondence suggests something different. Crypto-related activity can expose a bank to considerable compliance, operational, and reputational risks. Banks need to fully understand and have plans to mitigate that risk, as they should for any new activity. FDIC had requested some additional details on the proposed activity, mostly Risk Management 101 sorts of questions. When bank managers saw what this new activity involved and what supervisors expected, the inevitable response was “never mind.” That’s not a bad thing.
Policymakers tend to under-identify systemically risky banks. That can also be true of supervisors. At least some of my colleagues covering megabanks tended to understate the importance of other banks. Bank teams compete for resources and it’s easy enough to view the fate of a $300 billion bank as little more than rounding error when you are covering a bank ten times that size. But a look at the evidence tells a different story.
The failures of SVB, Signature, and First Republic cost the FDIC more than $38 billion due to the use of the systemic risk exception. It’s hard to argue on the one hand that banks in this size range don’t require added supervision because they aren’t systemically risky and then invoke the systemic risk exception when they fail.
SVB is often cited as the second largest bank failure in U.S. history. It’s also the costliest, followed closely by First Republic. Prior to SVB, the costliest failure wasn’t $307 billion WaMu (which was resolved at no cost) but $31 billion IndyMac, which cost $12 billion to resolve. Even adjusted for inflation, IndyMac wouldn’t meet the old $50 billion threshold for enhanced supervision. Some other high-profile failures, like Superior Bank, wouldn’t even meet the $5 billion asset threshold for reporting items like levels of insured deposits.
Resolution costs can add up, even for small banks. The Congressional Research Service notes in Over the Line: Asset Thresholds in Bank Regulation that more than 85% of the 507 bank failures between 2008 and 2014 involved banks with less than $1 billion in total assets. A clearer case involves the 1980s savings and loan crisis. More than 1,000, mostly small banks failed during this period at an estimated cost to taxpayers of $124 billion. Asset bubbles combined with breakdowns in underwriting standards and internal controls can affect banks across a wide range of asset sizes.
Conclusions
It makes sense to impose more stringent requirements on the largest and most complex banks. These institutions played a significant role in the 2008 Financial Crisis. The collapse of one or two megabanks risks bringing the rest of the financial system along with them. There are also costs associated with regulation and supervision that can include operating costs for regulators and compliance costs for banks. Regulatory requirements should recognize these tradeoffs.
At the same time, tailoring often means arbitrary asset-based cutoffs that place little emphasis on the risk of the individual bank or to the financial system. Effective supervision usually involves some combination of people and technology. You can’t skimp on both.
Back in 1988, I participated in a peer review of the FHB of Dallas. A large share of the $124 billion in S&L losses came from banks supervised by the Dallas Bank. The FHLB had moved from Little Rock a few years earlier and lost much of its staff in the process. The Bank resumed hiring after moving to Dallas, but staffing levels had trouble keeping up with new and risky activities by member banks. The quality of offsite monitoring was also very weak. The FHLBB had created some decent monitoring reports but management at the Dallas Bank rejected using those reports while failing to put new reports into production. Fast forward to today. Incoming agency leaders have focused on promoting “innovative” banks and products and reducing staffing levels, while saying little about improving off-site monitoring. Based on history, it’s not a promising combination.
Leave a Reply