An influential counternarrative has emerged regarding 2023’s bank failures. Official post-mortems attributed the failures in part to a light touch approach to bank supervision. The counternarrative suggests that the problem may be too much supervision. Specifically, that supervisors failed to effectively prioritize and placed too much emphasis on non-core, non-financial weaknesses. Its advocates suggest that a back-to-basics approach that places more emphasis on core financial risks promises to make bank supervision both more effective and more efficient. But how well does this narrative stand up to scrutiny?
The Critique
The idea that banks and their regulators are somehow distracted away from core financial risks has its genesis in a report issued by the Bank Policy Institution (BPI). BPI is the advocacy arm for large banks and issued a rebuttal to the Federal Reserve’s post-mortem following the failure of Silicon Valley Bank. The report suggested that examiners spent too much time on processes and compliance and not enough on actual financial risk. However, as I pointed out in an earlier post, the BPI had also advocated and largely succeeded in limiting formal supervisory actions to specific regulatory violations. That approach pretty much assures a focus on compliance rather than actual risk. Avoiding bright lines does much the same.
BPI found a receptive audience among certain officials at the Federal Reserve and FDIC. Both agencies have a board structure that requires representatives from both major parties. (The Democratic seats on the FDIC board are all currently vacant.) That means officials from the out of power party can act as sort of a government in exile. Their speeches, testimony, and writings can provide clues to their policy stances when they return to power. These views have evolved, with more and more activity considered non-core, non-financial risks.
Federal Reserve Governor Michelle W. Bowman provides a good case in point. Bowman has been much more outspoken on bank supervision issues than fellow Republican Board members Powell or Waller. Her speeches in May and June 2023 critiqued the official SVB post-mortem but primarily emphasized management weakness at SVB. Two speeches in November 2023 expressed concern over distraction from “important risk management objectives,” but mainly in the context of climate risk initiatives. Speeches in February and May 2024 also focused on a perceived overemphasis on climate risk.
We saw a more fundamental change in an October 2024 speech. In that speech, Bowman listed non-core risks to include IT, operational risk, management, risk management, and internal controls. She made similar remarks in a February 17, 2025, speech. Bowman acknowledged that these issues are “certainly worthwhile topics for examiners to consider, but their review should not come at the expense of more material financial risk considerations—and they should not drive the overall assessment of a firm’s condition.” (Emphasis added.)
It’s hard to see how anyone familiar with the history of bank failures could see IT, operational risk, and internal controls as immaterial. (Bowman was previously Kansas Banking Commissioner.) Data breaches and other IT-related risks can lead to enormous direct and indirect losses. Large banks appear to be especially vulnerable in this area. Moreover, the ability to gather, aggregate, and report data in a timely and reliable manner is essential to the management of a financial institution. Otherwise, it’s garbage in, garbage out. Fat finger transactions, large legal settlements, business disruptions, and other types of operational risks can bring down a financial institution. Effective internal controls are essential to operating a bank in a safe and sound manner.
Perhaps most perplexing is the inclusion of “management” on the list of non-core risks. Assessment of management isn’t some trendy concept. It has been considered a fundamental element of bank supervision for as long as I can remember. Countless bank failures stem from ineffective, imprudent, or downright dishonest bank management. Historically, examiners have shown some reticence in adversely rating management, especially before financial deterioration becomes readily apparent. Assertive management assessments in recent years may have upset bank managers accustomed to more deferential supervision. That doesn’t make the assessments untrue.
Qualitative vs. Quantitative Measures
Supervisors should consider management quality as a necessary but not sufficient component of a healthy bank. You also need to consider performance and risk notwithstanding how impressive the bank’s management team might appear. Efforts to promote regulatory forbearance toward troubled banks and thrifts in the 1980s led to one of that decade’s great oxymorons: “well-managed but insolvent.” While that sort of phrasing was largely limited to lobbyists and politicians, some supervisors also brushed aside deteriorating financials by emphasizing their “comfort level with management.”
The balance between quantitative vs. qualitative assessments depends, in part, on the quality and reliability of quantitative metrics. We had a supervisory IRR model at the Office of Thrift Supervision (OTS) and used that model’s output as a starting point when assessing interest rate risk. This was just a starting point. You would also look at the bank’s internal IRR metrics and how effective management was at measuring, monitoring, and controlling risk. I later moved on to the OCC and the order was reversed. OCC didn’t have a supervisory model, so we relied primarily on the bank’s internal estimates. That necessitated a greater focus on processes. We spent a lot more time trying to ensure that the bank’s estimates were reliable. Were the data inputs that went into the IRR model accurate? Could the bank produce IRR estimates in a timely manner? Were the model’s underlying assumptions reasonable?
The garbage in/garbage out principal holds even with supervisory models. OTS required thrifts to provide detailed breakdowns of assets and liabilities, including weighted average coupons (WACs) and weighted average remaining maturities (WARMs). We used this information to generate our supervisory IRR model. A bank once filed a CMR identical to its prior quarter’s filing. Most of its assets and liabilities depended on the vagaries of customer behavior, making such a result is virtually impossible. The bank had historically shown only moderate IRR, but we downgraded its Sensitivity rating because neither we nor the bank’s management could rely on its IRR outputs. Few banks are quite this brazen, but weaknesses in data, controls, and governance can cause supervisors to cast a skeptical eye on a bank’s risk estimates.
Secrecy and Spin
Supervision of individual banks operates largely outside of the public view. One consequence is a tendency by banks and their advocates to characterize supervisory actions with little if any evidence. The idea of out-of-control examiners is not a new one. Charles Keating of Lincoln Savings and Loan described his regulator as a “mad dog turned loose in a police state effort” and a “horribly ignorant and misguided agency.” Lincoln’s independent accountant used more measured, but similarly derisive language, calling examiners’ interpretations “unreasonably pejorative” and their behavior “openly hostile and inflexible” towards Lincoln and its personnel. Complaints of regulator harassment during the 1980s were even more pervasive for Texas thrifts.
Some of those cases involved outright criminality. I doubt that is the case today, but banks are certainly working the refs. This comes largely in the form of trivializing examiners’ findings. For example, FDIC Acting Chairman Travis Hill has described a “litany of process-related issues that have little bearing on a bank’s core financial condition or solvency.” He notes downgrades to banks’ Sensitivity rating due to “inadequate documentation, to an inability to explain assumptions in models used by outside vendors, to insufficient focus in minutes at Board of Directors meetings.” The message is that examiners favored form over substance. We have no way to know whether this characterization is accurate. Moreover, these items can be perfectly consistent with substantive criticisms. A bank’s inability to support its assumptions, explain what’s driving its risk profile, or engage the board can all spell real trouble.
Let’s look at a real-life example. SVB started to breach its economic value of equity (EVE) risk limits in 2021. Management responded, not by trying to reduce the bank’s risk, but by “managing EVE sensitivity by deposit modeling.” Specifically, the bank altered the assumed weighted average life of its deposits from 5.5 to 12 years, dramatically altering its IRR measures. The change made little sense given the bank’s rapid growth and deposit concentrations. Was this merely “an inability to explain assumptions?” At least the Federal Reserve had downgraded SVB’s Management rating by August 2022. IRR exposure at the FDIC-supervised First Republic was similarly extreme. However, it maintained a Sensitivity rating of “2” and a “Management” rating of “1” throughout 2022.
Quantitative Alternatives
While the incoming regulators have critiqued qualitative assessments, they have offered little in the way of quantitative alternatives. They have opposed enhanced capital standards, expanded use of the Liquidity Coverage Ratio, or greater use of bright line standards for acceptable and unacceptable levels of risk. Supervisors sometimes make use of horizontal reviews, which compare risk and risk management practices across banks. However, Governor Bowman has also criticized this approach as “stifling competition and innovation.” Really? By this logic, SVB’s decision to get more than 90% of its funding from uninsured deposits and investing nearly half of its total assets in long-term securities counts as innovation.
The BPI has at least suggested a couple of alternatives. These include greater use of sell-side analysts, credit agency ratings, and spreads on credit default swaps. While these items can provide some useful market intelligence, they haven’t proven to be reliable leading indicators. SVB retained its investment grade rating until the day after its collapse. So did Lehman.
Stock prices for SVB showed signs of trouble (see chart below), but the timing is important. For example, the stock price for SVB Financial Group experienced a sharp decline during 2022. But it also rallied during early 2023, shortly before its collapse. More importantly, the price peaked in late 2021, just as the bank had loaded up on fixed rate MBS. The market was rewarding risky behavior – until it didn’t. Analyst opinion also took a rosy view. Two days before the bank’s collapse, 22 of 23 analysts covering the bank had “buy” or “hold” recommendations.
CDS spreads are only available for a handful of very large banks, limiting their application. While these spreads can help identify banks on the brink of collapse, they haven’t been very useful as a leading indicator. Consider the table below, which shows historical CDS spreads between 2007 and 2017 for six large banks. Did early 2007 CDS data presage a full-blown meltdown 18 months later? Not at all. Assuming a 40% recovery rate on defaults, these spreads implied a probability of default of only about 0.25% for Citi and Bank of America. Both banks required massive federal assistance the following year. CDS spreads weren’t even a good indicator of relative risk since both BAC and C had lower CDS spreads than JPM, which remained relatively healthy throughout the crisis.
Conclusions
John Kandrac and Bernd Schlusche of the Federal Reserve examined a “natural experiment” from the 1980s thrift crisis. The Ninth District, supervised by the Federal Home Loan Bank (FHLB)of Dallas, experienced outsized losses. A staffing shortage resulting from an ill-considered relocation; an ineffective financial monitoring process; and an accommodating approach toward bank management all contributed to notoriously weak supervision. A peer review by other FHLBs documented these weaknesses. Kandrac and Schlusche showed their practical effects. Ninth District thrifts took on significantly more risk, experienced many more bank failures, and at substantially higher resolution costs than otherwise similar thrifts and banks.
Let’s see what we have here. Incoming leadership of the federal banking agencies want supervisors to de-emphasize, if not ignore “non-core” risks like weak or incompetent management, inefficient and ineffective systems, and inadequate internal controls. They are also loath to introduce bright line tests, quantitative risk measures, or even comparisons across banks. Combine that with staffing cutbacks. True, the relationship between policy and outcomes is less than deterministic. Effective bank supervision won’t prevent all failures and weak bank supervision doesn’t make a wave of bank failures inevitable. But the track record isn’t promising. It boils down to Harry Callahan’s memorable question: do you feel lucky?
Leave a Reply