The high cost of giving banks too much slack

After the 2008 financial crisis, I spent a good deal of time serving as an expert on who was to blame when banking organizations failed.

What struck me most was how well examiners spotted trouble and then how little they did to correct it. One might have thought that the great financial crisis and its cost — $3.5 trillion worldwide just for taxpayers — would suffice to give examiners more gumption now.

However, details of Citigroup’s enforcement actions released last week by the Federal Reserve Board and the Office of the Comptroller of the Currency make it clear that, in at least one very big case, problems seen were still problems that only got worse.

The discretion the Fed and OCC still have to decide when and how to sanction big banks remains only after pitched battles in 2010 with members of Congress who didn’t trust regulators they thought were unduly captive. Many of these lawmakers are still sore losers. If they gain power in 2021, they’ll stop scolding and start legislating.

They’ll have a lot of ammunition. The two Citi enforcement agreements are sobering reading. The supervisory orders lay out a litany of infractions going back to a 2013 Fed order on anti-money-laundering and proceed through a 2015 Fed order on foreign-exchange compliance; to a 2017 high-profile AML enforcement action, a 2019 OCC penalty for Fair Housing Act and other violations; a 2020 order from the OCC on flood-insurance violations; and finally, to what sounds like a drubbing at about the same time from the Federal Reserve Bank of New York.

It’s true that supervisors tend to throw the book at malefactors when agencies are finally spurred into action. But the range of fundamental lapses laid out in the OCC’s order are unusually scathing in both detail and the extent to which fundamental, structural risk management, control and governance failings are detailed. None of these could have been new.

Although virtually all of Washington’s bandwidth now is consumed by nonstop drama surrounding the president and the election, this perspective will not be lost on those in Congress and, indeed, in some of the supervisory agencies who want to see large banks held more quickly and sternly to account.

The 2008 financial crisis wasn’t the only one followed by statutory changes aimed at forcing supervisors to intervene early and forcefully. The 1989 response to the savings and loan crisis overhauled the U.S. supervisory framework in hopes of ending regulatory forbearance.

When forbearance was still de rigueur as the S&L crisis of the 1980s turned into the banking crisis of the 1990s, Congress tried again with the “prompt corrective action” framework in the FDIC Improvement Act of 1991.

By 2008, it was clear again that many banks and virtually all savings associations had again been backsliding without even a bump or two back uphill from their supervisors.The “early-remediation” provisions embodied in Section 166 of the Dodd-Frank Act are thus aimed at this PCA construct in hopes of making it truly prompt and meaningfully corrective, but rules to do so remain in only proposed form after the Fed took a crack at it.

What might Congress do now to ensure that crime is answered with punishment? And how might large banks ensure that justice is tempered, not just with mercy, but also knowledge?

There is a strong tendency for bankers to circle the wagons when talk turns to prompt corrective action. Given the often contradictory and sometimes illusory conclusions examiners can reach, companies are understandably loath to allow their examiners to lower any booms.

However, forbearance for poor internal practice inevitably leads to regulatory arbitrage and then to moral hazard, followed by heightened risk, as it seems to appear in a financial crisis every ten years or so. Lowest-common-denominator supervision affords lowest-common-denominator competitive advantage. This ultimately leads to shared political risk and still more regulatory burden, often without accompanying supervisory acumen.

After wagon-circling doesn’t work, the conventional response to supervisory and political risk taken together is industry best practices. These often have a calming effect but are best suited to emerging concerns — cybersecurity, for example.

A more effective option is the self-regulatory organizations (SROs) that have long dignified the securities industry.

Despite occasional incidents in which critics cite capture, SROs have an excellent track record. When used for targeted risks — AML, fair lending, operational resilience, even climate risk — SROs may be viable for the banking industry. Efforts to consider them might even enhance credibility in key areas.

However, there’s no getting around it — prompt supervisory intervention is essential to prevent poor governance from metastasizing into fragile banks.

Self-regulation is an important safeguard, but it’s no substitute for meaningful enforcement. Without it, Congress will get really angry, supervisors will be granted no discretion, banks will be unduly chastised and regulation will accelerate.

Surely, there’s a better way.

Editor's note: This article originally appeared, in slightly different form, in an email to Federal Financial Analytics’ clients.