This is the accessible text file for GAO report number GAO-07-154 entitled 'Financial Market Regulation: Agencies Engaged in Consolidated Supervision Can Strengthen Performance Measurement and Collaboration' which was released on March 15, 2007. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congressional Committees: United States Government Accountability Office: GAO: March 2007: Financial Market Regulation: Agencies Engaged in Consolidated Supervision Can Strengthen Performance Measurement and Collaboration: GAO-07-154: GAO Highlights: Highlights of GAO-07-154, a report to congressional committees Why GAO Did This Study: As financial institutions increasingly operate globally and diversify their businesses, entities with an interest in financial stability cite the need for supervisors to oversee the safety and soundness of these institutions on a consolidated basis. Under the Comptroller General’s Authority, GAO reviewed the consolidated supervision programs at the Federal Reserve System (Federal Reserve), Office of Thrift Supervision (OTS), and Securities and Exchange Commission (SEC) to (1) describe policies and approaches that U.S. consolidated supervisors use to oversee large and small holding companies; (2) review the management of the consolidated supervision programs, including use of program objectives and performance measures; and (3) evaluate how well consolidated supervisors are collaborating with other supervisors and each other in their activities. In conducting this study, GAO reviewed agency policy documents and supervisory reports and interviewed agency and financial institution officials. What GAO Found: The Federal Reserve, OTS, and SEC have responded to the dramatic changes in the financial services industry, and for many of the largest financial services firms, the agencies focus on the firms’ consolidated risks, controls, and capital. Reflecting in part differences in structure, traditional roles and responsibilities, and the length of time they have had to develop and refine their programs, the agencies employ somewhat differing policies and approaches for their consolidated supervision programs. Consolidated supervision becomes more important in the face of changes in the financial services industry, particularly with respect to the increased importance of enterprise risk management by large, complex financial services firms. Consolidated supervision provides a basis for the supervisors to oversee the risks of financial services firms on the same level that the firms manage those risks. GAO found that while all of these agencies were meeting international standards for effective oversight of large, internationally active conglomerates and have broad goals for supervision, they could more clearly articulate the specific objectives and performance measures for their evolving consolidated supervision programs. Both Federal Reserve and OTS, for example, focus on the safety and soundness of the depository institution but could take steps to better measure how consolidated supervision contributes to this in ways that differ from primary supervision of the depository institution. Such objectives and measures would help the agencies ensure consistent treatment of the firms that are subject to consolidated supervision. More effective collaboration can occur if agencies take a more systematic approach to agreeing on roles and responsibilities and establishing compatible goals, policies, and procedures on how to use available resources as efficiently as possible. While the three agencies coordinate and exchange information, they could take a more systematic approach to collaboration with respect to their consolidated supervision programs. For instance, SEC and OTS have authority for some of the same firms with no effective mechanism to prevent duplication, assign accountability, or resolve potential conflicts. Similarly, while the Federal Reserve and other federal bank supervisory agencies have taken steps to share information and examination activities when the Federal Reserve is not the primary supervisor of the lead bank in a bank holding company, some duplication and lack of accountability remain. As a result, consolidated supervision of U.S. financial institutions is not as efficient and effective as it could be if agencies collaborated more systematically. GAO has noted in the past that it is difficult to collaborate within the fragmented U.S. regulatory system and has recommended that Congress modernize or consolidate the regulatory system. However, if the current system is maintained, it is increasingly important for agencies to collaborate to ensure effective and efficient consolidated supervision, consistent treatment of financial services firms, and clear accountability of the agencies for their supervisory activities. What GAO Recommends: GAO recommends that the heads of the three agencies direct their staffs to develop a set of clear and consistent objectives and related performance measures specific to consolidated supervision and collaborate more systematically with each other and with other supervisors. The agencies generally agreed with these recommendations. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-154]. To view the full product, including the scope and methodology, click on the link above. For more information, contact Richard J. Hillman at (202) 512-8678 or hillmanr@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: Agencies Employ Differing Policies and Approaches to Provide Consolidated Supervision: Improved Program Objectives and Performance Measures Could Enhance Agencies' Consolidated Supervision Programs: Systematic Collaboration Could Enhance Consolidated Supervision Programs: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Objectives, Scope, and Methodology: Appendix II: Criteria for Consolidated Supervision Included in Basel Committee on Banking Supervision's Core Principles: Appendix III: Comments from the Chairman of the Board of Governors of the Federal Reserve System: Appendix IV: Comments from the Director of the Office of Thrift Supervision: Appendix V: Comments from the Chairman of the Securities and Exchange Commission: Appendix VI: GAO Contact and Staff Acknowledgments: Related GAO Products: Tables: Table 1: U.S. Primary Bank, Broker-Dealer, and Insurance Supervisors, 2005: Table 2: Number and Type of Institutions That Consolidated Supervisors Oversee, 2005: Table 3: Federal Reserve's Supervisory Cycle for LCBOs: Table 4: OTS's Standard Core Framework: Table 5: Thrift Holding Company Enterprises by Category, Complexity, Size, and Primary Business, as of December 31, 2006: Table 6: Key Elements of Collaboration: Figure: Figure 1: Supervisors for a Hypothetical Financial Holding Company: Abbreviations: BaFin: German Federal Financial Supervisory Authority (Die Bundesanstalt für Finanzdienstleistungsaufsicht): BCBS: Basel Committee on Banking Supervision: Board: Federal Reserve Board of Governors: CAMELS: capital adequacy, asset quality, management ability, earnings, liquidity, and sensitivity to market risk: CIO: Complex and International Organizations: CORE: capital, organization structure, relationship, and earnings: COSO: Committee of Sponsoring Organizations of the Treadway Commission: CSE: consolidated supervised entity: District Bank: Federal Reserve Bank in each of the 12 Federal Reserve Districts: EU: European Union: FCD: Financial Conglomerates Directive: FDIC: Federal Deposit Insurance Corporation: Federal Reserve: Federal Reserve System: FSA: Financials Services Authority of the United Kingdom: GLBA: Gramm-Leach-Bliley Act: ILC: industrial loan companies: LCBO: large complex banking organization: LTCM: Long-Term Capital Management: MOU: memorandum of understanding: NAIC: National Association of Insurance Commissioners: NERO: Northeast Regional Office: OCC: Office of the Comptroller of the Currency: OCIE: Office of Compliance Inspections and Examinations: OTS: Office of Thrift Supervision: SEC: Securities and Exchange Commission: SIBHC: supervised investment bank holding company: SRO: self- regulatory organization: [End of section] March 15, 2007: Congressional Committees: Increasingly, financial institutions headquartered in the United States, and their competitors, operate on a global basis, engage in a variety of businesses, and manage themselves from a consolidated perspective. Partly in response to these changes, entities with an interest in financial institutions have increasingly cited the need for supervisors to oversee the safety and soundness of these firms on a consolidated basis, mirroring the risk management practices of the firms. This increased focus is reflected in U.S. laws that provide holding company supervisors with authority to examine the financial and operating risks faced by holding companies and the controls for these risks on a consolidated basis. Similarly, the European Union's (EU) Financial Conglomerates Directive, implemented in 2005, requires conglomerates to have a consolidated supervisor--either an EU supervisor or a home supervisor that has demonstrated it provides equivalent consolidated supervision--and focuses on the risks, controls, and capital levels of holding companies. In the United States, consolidated supervision generally is equated with holding company supervision at the top tier or ultimate holding company in a financial enterprise. Three federal agencies--the Federal Reserve System (Federal Reserve), the Office of Thrift Supervision (OTS), and the Securities and Exchange Commission (SEC)--engage in oversight of financial services holding companies on a consolidated basis:[Footnote 1] the Federal Reserve oversees bank holding companies (including financial holding companies, which are bank holding companies qualified to engage in many nonbanking financial services), OTS oversees thrift holding companies, and SEC oversees consolidated supervised entities (CSE). Each of these agencies oversees large, complex financial institutions. In addition, the Federal Reserve and OTS provide consolidated supervision for the vast majority of U.S. financial institutions organized as holding companies that have remained relatively small, and are not complex. Under U.S. law, consolidated supervisors are to rely on primary bank and functional supervisors with respect to the supervision of regulated financial subsidiaries such as banks, broker- dealers, and insurers.[Footnote 2] The Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC), for instance, are the primary federal supervisors for state- chartered banks that are not members of the Federal Reserve System and for national banks, respectively. SEC is the primary regulator of broker-dealers and state insurance supervisors of insurers. As is generally the case for supervisors dealing with the financial viability of the entities they oversee, holding company supervisors face the challenge of striking the appropriate balance between adequately assessing the risks and controls of financial services firms and placing undue regulatory burdens on those enterprises. At the consolidated level the effects of not having the right balance could be unacceptable losses to the depository insurance fund, systemic failures that could threaten financial stability, competitive disadvantages for U.S. firms as a whole or for a firm or group of firms relative to their U.S. competitors, or higher costs or lower returns for consumers of financial services products or the owners of those firms. = In previous reports,[Footnote 3] we have noted the challenges confronting the U.S. regulatory system: The present federal financial regulatory structure evolved largely as a result of periodic ad hoc responses to crises such as financial panics. In the last few decades, however, the financial services industry, especially as represented by the largest firms, has evolved, becoming more global, more concentrated, complex, and consolidated across sectors, and increasingly converging in terms of product offerings. Multiple specialized regulators bring critical skills to bear in their areas of expertise but have difficulty seeing the total risk exposure at large conglomerate firms or identifying and preemptively responding to risks that cross industry lines.[Footnote 4] In particular, we previously concluded that while the strength and vitality of the U.S. financial services industry demonstrates that the regulatory structure has not failed, there are questions whether that structure is appropriate in today's environment, particularly with respect to large, complex firms managing their risks on a consolidated basis. We suggested that Congress consider several alternative structures, including consolidating some or all of the current regulatory agencies or having a single regulator oversee complex, internationally active firms. However, this report evaluates consolidated supervision under the existing regulatory structure and does not address proposals to consolidate federal financial regulation. In recognition of the increasing importance of consolidated supervision for the federal financial regulatory system raised in these earlier reports, we undertook a review of consolidated supervision in the United States under the Comptroller General's Authority to initiate reviews. This report: * describes the policies and approaches U.S. consolidated supervisors use to oversee large and small holding companies in the financial services industry; * reviews the supervisory agencies' management of their consolidated supervision programs, including program objectives and performance measures; and: * evaluates how well consolidated supervisors are collaborating with other supervisors and each other in their activities. To meet our objectives, we reviewed the structure, policies, and activities of the Federal Reserve, OTS, and SEC as they relate to these agencies' consolidated supervision programs. We reviewed laws and regulations pertinent to each agency's consolidated supervision, as well as agency planning and performance documents, and regulatory planning and examination reports and letters for a group of 14 large, complex firms selected because they had at least one of these characteristics: (1) major international operations, so that they were subject to the EU Financial Conglomerates Directive; (2) operations in several business lines; or (3) oversight by one or more consolidated supervisors. We also interviewed agency officials and examiners and officials from some of the selected group of firms to determine their view of the regulatory process. In addition, for the Federal Reserve and OTS, we reviewed examination materials related to the supervision of smaller, less complex institutions. To determine the adequacy of management practices at the agencies, we analyzed the goals for holding company supervision, the strategies agencies employ to achieve their goals, including collaboration, and how agencies monitor their performance. We also reviewed officials' and examiners' statements and other examination materials to determine the degree to which consolidated supervision programs have effective internal control, key management practices that provide agencies with reasonable assurance that the programs are operating efficiently and effectively. This included an evaluation of how agencies coordinate their activities relative to the practices for effective collaboration that we have identified.[Footnote 5] We conducted our work between November 2005 and February 2007 in accordance with generally accepted government auditing standards in Washington, D.C; Boston; and locations where financial institutions we visited are headquartered. See appendix I for additional details on the objectives, scope, and methodology used in this report. Results in Brief: In recent years, financial services firms have grown dramatically and become more complex in terms of the products and services they offer; they increasingly operate on a global basis and often manage risks across the enterprise. The Federal Reserve, OTS, and SEC have all responded to the dramatic changes in the financial services industry, and now, for many of the largest, most complex financial services firms in the United States, these agencies examine risks, controls, and capital levels on a consolidated basis. Given the differences in the institutions that the agencies supervise and other factors, their specific policies and procedures differ. The agencies divide responsibilities for developing and implementing policies across a number of agency components. The Federal Reserve and OTS generally set policy centrally and implement it through District Banks or regional offices, respectively. At SEC, the Division of Market Regulation (Market Regulation) has primary responsibility for policy and for overseeing how firms manage risks, while SEC's examination offices scrutinize more control-oriented activities. Almost all firms overseen by the Federal Reserve are engaged primarily in the business of banking and those overseen by SEC are engaged primarily in the securities business. In contrast, a substantial minority of the firms OTS oversees--especially the large, complex ones--have primary businesses other than those traditionally engaged in by thrifts, such as insurance, securities, or commercial activities. In addition, large firms tend to be overseen by multiple supervisors and in the case of firms overseen by the Federal Reserve, on a consolidated basis, OCC or FDIC is often the primary federal regulator of the lead insured depository subsidiary. Finally, for their smaller, less complex firms, the Federal Reserve and OTS use abbreviated examination programs. Consolidated supervision becomes more important in the face of changes in the industry, particularly with respect to the increased importance of enterprise risk management by large, complex financial services firms. Consolidated supervision provides a basis for the supervisors to oversee the risks of a financial services firm on the same level that the firm manages its risks. Each of the agencies has broad goals for its consolidated supervision programs. However, each could better ensure accountability, efficiency, and consistency by more clearly articulating the objectives of its consolidated supervision program, distinguishing these objectives from those for primary supervision, linking its activities to these objectives, and measuring the extent to which the activities achieve the objectives by developing and using performance measures that are specific to the program. In addition, agencies could achieve greater consistency by improving examiner guidance. We found that the Federal Reserve, OTS, and SEC were generally meeting criteria for comprehensive, consolidated supervision. However, particularly in rapidly changing environments such as the financial services industry, clearer objectives and performance measures are essential. The Federal Reserve and OTS identify an objective of consolidated supervision as protecting the safety and soundness of depository institutions, but the agencies could take steps to better measure how consolidated supervision contributes to this objective in ways that are different from primary bank supervision. Similarly, SEC identifies protection of regulated subsidiaries as an objective but does not distinguish the contribution that consolidated supervision makes in addition to SEC's oversight of regulated broker- dealers. SEC staff recently developed a draft document that is intended to provide objectives specific to its consolidated supervision program. Without such specific objectives and related performance measures, the agencies are less able to ensure that their supervisory activities avoid duplication and treat holding companies in a consistent manner. We have noted in the past that U.S. financial regulatory agencies cooperate through a myriad of devices such as the President's Working Group, the Federal Financial Institutions Examination Council, and Financial and Banking Information Infrastructure Committee often at the direction of the President or Congress. In addition, to varying degrees, examiners and officials at the supervisory agencies share information on supervisory procedures and examination findings over the course of exams. However, the U.S. regulatory system could benefit from more systematic collaboration, both between consolidated and primary bank and functional supervisors in the oversight of the largest, most complex firms and among the consolidated supervisors themselves. For many of the largest, most complex financial institutions, the consolidated supervisor is not the primary supervisor of holding company subsidiaries; other supervisors, such as bank supervisors, have this responsibility. The supervisory agencies, especially those involved in commercial bank supervision, do take steps to avoid duplication by sharing some information and examination activities. However, we found some evidence of duplication and lack of accountability when different agencies are responsible for consolidated and primary supervision, suggesting that opportunities remain for enhancing collaboration. For example, while the Federal Reserve and OCC have and generally follow procedures to resolve differences, one firm we visited had initially received conflicting information from the Federal Reserve, its consolidated supervisor, and OCC, its primary bank supervisor, regarding the firm's business continuity plans. Also, SEC and OTS both have consolidated supervisory authority for some of the same firms, but with no effective mechanism to collaborate in order to prevent duplication, assign accountability, or resolve potential conflicts in the feedback given to firms. Moreover, while these agencies all supervise large, complex, internationally active firms, they could better ensure consistency with more systematic collaboration to determine common goals, compatible strategies, and accountability. In this report, we make seven recommendations primarily related to improving certain management practices within and across the agencies engaged in consolidated supervision. We recommend that each agency better define objectives that are specific to its consolidated supervision program and develop performance measures that will help it measure the extent to which it is achieving these objectives. As noted above, SEC staff have developed draft objectives and performance measures for SEC's consolidated supervision program. With regard to the oversight of complex institutions where primary bank and functional supervisors oversee certain holding company subsidiaries, we recommend that those agencies engaged in consolidated supervision of the holding companies develop mechanisms for more systematic collaboration with the primary and functional supervisors responsible for the supervision of the subsidiaries. In a similar vein, we recommend that the three agencies engaged in consolidated supervision adopt mechanisms for more systematic collaboration among themselves, particularly when they share responsibility for the same firms. In both cases, more systematic collaboration would help to limit duplication, ensure that all regulatory areas are effectively covered, and ensure that resources are focused most effectively on the greatest risks across the regulatory system. In addition, we also make specific recommendations to each consolidated supervisor to help ensure that firms are treated consistently. The Chairman of the Board of Governors of the Federal Reserve System and the Director of the Office of Thrift Supervision provided written comments on a draft of this report; their comments are included in appendixes III and IV, respectively. The Chairman of the Securities and Exchange Commission provided written comments on a draft of this report and subsequently provided additional information detailing some of the actions he was taking in response to the report; these comments are included in appendix V. Officials from the three agencies generally agreed with the recommendations in this report and offered clarifying remarks. Background: Modern financial services firms use a variety of holding company structures to manage risk inherent in their businesses. The United States regulatory system that consists of primary bank supervisors, functional supervisors, and consolidated supervisors oversees these firms in part to ensure that they do not take on excessive risk that could undermine the safety and soundness of the financial system. Primary bank supervisors oversee banks according to their charters, and functional supervisors--primarily, SEC, self-regulatory organizations (SRO), and state insurance regulators--oversee entities engaged in the securities and insurance industries as appropriate. Consolidated supervisors oversee holding companies that contain subsidiaries that have primary bank or functional supervisors. They are chartered, registered, or licensed as banks, securities firms, commodity trading firms, and insurers. International bodies have provided some guidance for consolidated supervision. Modern Financial Services Firms Use Holding Company Structures to Manage Risk: Many modern financial firms are organized as holding companies that may have a variety of subsidiaries. In recent years, the financial services industry has become more global, consolidated within traditional sectors, formed conglomerates across sectors, and converged in terms of institutional roles and products. The holding company structure, which allows firms to expand geographically, move into other permissible product markets, and obtain greater financial flexibility and tax benefits, has facilitated these changes. Financial services holding companies now range in size and complexity from small enterprises that own only a single bank and are being used for financial flexibility and tax purposes to large diversified businesses with hundreds of subsidiaries--including banks, broker-dealers, insurers, and commercial entities--that have centralized business functions that may be housed in the holding company. In addition, modern financial corporate structures often consist of several tiers of holding companies. To varying degrees, all financial institutions are exposed to a variety of risks that create the potential for financial loss associated with: ² failure of a borrower or counterparty to perform on an obligation-- credit risk; ² broad movements in financial prices--interest rates or stock prices- -market risk; ² failure to meet obligations because of inability to liquidate assets or obtain funding--liquidity risk; ² inadequate information systems, operational problems, and breaches in internal controls--operational risk; ² negative publicity regarding an institution's business practices and subsequent decline in customers, costly litigation, or revenue reductions--reputation risk; ² breaches of law or regulation that may result in heavy penalties or other costs--legal risk; ² risks that an insurance underwriter takes in exchange for premiums-- insurance risk; and: ² events not covered above, such as credit rating downgrades or factors beyond the control of the firm, such as major shocks in the firm's markets--business/event risk. In addition, the industry as a whole is exposed to systemic risk, the risk that a disruption could cause widespread difficulties in the financial system as a whole. As firms have diversified, some holding companies have adopted enterprisewide risk management practices where they manage and control risks across the entire holding company rather than within subsidiaries. These firms have global risk managers who manage credit, market, liquidity, and other risks across the enterprise rather than within individual subsidiaries, such as securities, banking, or insurance businesses or subsidiaries in foreign countries. In addition, these firms generally provide services such as information technology on a firmwide basis and have firmwide compliance and internal audit functions. The U.S. Regulatory System Includes Many Agencies: We have previously reported that most financial services firms are subject to federal oversight designed to limit the risks these firms take on because (1) consumers/investors do not have adequate information to impose market discipline on the institutions and (2) systemic linkages may make the financial system as a whole prone to instability.[Footnote 6] In the United States, this oversight is provided by primary bank and functional supervisors as well as by consolidated supervisors. Primary Bank and Functional Supervisors Oversee Holding Company Subsidiaries: As table 1 illustrates, in the United States a variety of federal bank supervisors oversee banks that are subsidiaries of holding companies.[Footnote 7] State bank supervisors also participate in the oversight of banks with state charters. Similarly, securities supervisors that include SEC and SROs, such as the New York Stock Exchange and NASD, oversee broker-dealer subsidiaries and state insurance supervisors oversee insurance companies and products. While each of the agencies has multiple goals, all are involved in assessing the financial solvency of the institutions they regulate. Table 1: U.S. Primary Bank, Broker-Dealer, and Insurance Supervisors, 2005: Federal primary bank supervisors[A]. Regulatory body: Federal Deposit Insurance Corporation; Number of entities overseen: 5,245[B]; [Empty]; Functions: Provides oversight of state-chartered banks that are not members of the Federal Reserve, state savings banks, and industrial loan corporations with federally insured deposits. Also serves as the secondary regulator for all banks with federally insured deposits. Regulatory body: Federal Reserve; Number of entities overseen: 907[C]; Functions: Oversees state-chartered banks that are members of the Federal Reserve. Regulatory body: Office of the Comptroller of the Currency; Number of entities overseen: 1,933[D]; Functions: Charters and supervises banks with national charters. Regulatory body: Office of Thrift Supervision; Number of entities overseen: 866[E]; Functions: Supervises state-chartered savings associations that are federally insured and federally chartered thrifts. Broker-dealer supervisors. Regulatory body: Securities and Exchange Commission and self-regulatory organizations; Number of entities overseen: 6,300[F]; Functions: Oversee compliance of securities brokers and dealers with federal securities laws. Self-regulatory organizations play a major role in enforcing conduct of business and capital requirements. The Securities and Exchange Commission validates self-regulatory organizations' rules and inspects and oversees their regulatory programs. Insurance supervisors. Regulatory body: State insurance supervisors; Number of entities overseen: 8,794[G]; Functions: Insurance firms are regulated primarily at the state level. The National Association of Insurance Commissioners aims to achieve some common minimum standards by encouraging consistency and cooperation among the various states as they individually regulate the insurance industry.[H]. Source: GAO analysis of agency data. [A] Because credit unions are not subsidiaries of holding companies, they are not included here. [B] Federal Deposit Insurance Corporation statistics, December 2005. [C] Federal Reserve, Annual Report 2005. [D] Office of the Comptroller of the Currency, Annual Report Fiscal Year 2005. This number does not include the 51 federal branches of foreign banks in the United States that are also overseen by OCC. [E] Office of Thrift Supervision, Budget/Performance Plan Fiscal Year 2006. [F] Securities and Exchange Commission. [G] National Association of Insurance Commissioners, 2005 Insurance Department Resources Report. [H] SEC regulates sales of discrete products, such as certain types of annuities considered to be securities. Also, banks engage in certain types of insurance activities, such as underwriting credit insurance and, under certain circumstances, acting as an insurance agent either directly or through a subsidiary. Although these activities are subject to OCC regulation, national banks can be subject to nondiscriminatory state laws applicable to certain insurance related activities. [End of table] All of the primary bank supervisors use the same framework to examine banks for safety and soundness and compliance with applicable laws and regulations. Among other things, they examine whether: ² the bank has adequate capital on the basis of its size, composition of its assets and liabilities, and its credit and market risk profile; ² the bank has an appropriate asset quality based on the credit risk of loans in its portfolio; ² the bank's earnings trend measures up to that of its peers; ² the competence and integrity of the bank's management and board of directors to manage the risks of the bank's activities and their record of complying with banking regulations and other laws; ² the bank has adequate liquidity based on its deposit volatility, credit conditions, loan commitments and other contingent claims on the bank's assets and its perceived ability to raise funds on short notice at acceptable market rates; and: ² the bank adequately identifies and manages its exposures to changes in interest rates and, as applicable, foreign exchange rates, commodity and equity prices. Primary bank examiners rate banks in each of the areas; these ratings are usually referred to as CAMELS ratings (capital adequacy, asset quality, management ability, earnings, liquidity, and, where appropriate, sensitivity to market risk). SROs oversee certain aspects of broker-dealer activity. SEC concurrently oversees these SROs and independently examines broker- dealers. SEC considers its enforcement authority crucial for its protection of investors. Under this authority, it brings actions against broker-dealers and other securities firms and professionals for infractions such as insider trading and providing false or misleading information about securities or the companies that issue them. However, to protect investors, SEC also requires broker-dealers to maintain a level of capital that should allow the broker-dealer to satisfy the claims of its customers, other broker-dealers, and creditors in the event of potential losses from proprietary trading or operational events. SEC and the SROs examine broker-dealers to determine if they are maintaining required capital and evaluate broker-dealers' internal controls. The central purpose of insurance regulation is to protect consumers by monitoring the solvency of insurers and their business practices. Insurance companies are supervised on a state-by-state basis, although states often follow general standards promulgated by the National Association of Insurance Commissioners (NAIC), a private voluntary association for insurance regulators. For example, insurance supervisors generally require insurance firms to prepare their quarterly and annual financial statements in a format unique to insurance known as statutory accounting principles that are maintained by NAIC. Insurance supervisors impose capital requirements on insurance companies to try to limit insurance company failures and ensure their long-run viability. In addition, all state insurance supervisors monitor insurers' business practices and terms of insurance contracts in their states. Consolidated Supervisors Oversee Holding Companies: In the United States, three agencies provide consolidated supervision- -the Federal Reserve oversees bank holding companies, OTS oversees thrift holding companies, and SEC oversees certain CSEs on a consolidated basis. As table 2 shows, the number and type of institutions these agencies oversee varies. Table 2: Number and Type of Institutions That Consolidated Supervisors Oversee, 2005: Consolidated supervisor: Federal Reserve; Number of entities overseen: 5,154; Type of entity overseen: Bank holding companies, including small shell, medium-sized, and large complex firms--the majority of which have banking as their primary business but many, especially larger firms, have securities or other nonbank subsidiaries. Consolidated supervisor: OTS; Number of entities overseen: 476; Type of entity overseen: Savings and loan holding companies, including small, medium-sized, and large firms that may include substantial nonbanking subsidiaries focused on commercial activities, securities, or insurance. Consolidated supervisor: SEC; Number of entities overseen: 5; Type of entity overseen: Large complex firms that focus primarily on securities and have chosen to be participants in the CSE program. Source: GAO analysis of agency data. [End of table] As the table shows, SEC, under its CSE program, oversees only large complex firms. These include Bear Stearns & Co., Goldman Sachs & Co., Lehman Brothers Inc., Merrill Lynch & Co. Inc., and Morgan Stanley & Co., while the Federal Reserve and OTS oversee firms that vary significantly in size and complexity. Among larger firms, the Federal Reserve oversees Bank of America Corporation, Citigroup, and JPMorgan Chase, and OTS oversees American International Group Inc., General Electric Company, General Motors Corporation, Merrill Lynch & Co. Inc., and Washington Mutual Inc. Most of the large bank holding companies that the Federal Reserve oversees are primarily in the business of banking but to a lesser extent engage in securities or other nonbank activities as well. Many of the large firms OTS oversees are engaged in commercial businesses, as well as securities and insurance. The Federal Reserve and OTS also oversee the vast majority of U.S. financial institutions that have remained relatively small and are not complex. The Federal Reserve and OTS base their consolidated supervision programs on their long-standing authority to supervise holding companies, while SEC has only recently become a consolidated supervisor. The Federal Reserve's authority is set forth primarily in the Bank Holding Company Act of 1956, which contains the supervisory framework for holding companies that control commercial banks.[Footnote 8] OTS's consolidated supervisory authority is set forth in the Home Owners Loan Act of 1933, as amended, which provides for the supervision of holding companies that control institutions with thrift charters (other than bank holding companies).[Footnote 9] SEC bases its authority on section 15(c)(3) of the Securities Exchange Act of 1934.[Footnote 10] Specifically, in 2004, SEC adopted the Alternative Net Capital Rule for CSEs based on its authority under that provision, which authorizes SEC to adopt rules and regulations regarding the financial responsibilities of broker-dealers that it finds necessary or appropriate in the public interest or for the protection of investors.[Footnote 11] Under the CSE rules, qualified broker-dealers can elect to be supervised by SEC on a consolidated basis. If the holding company of the broker-dealer also is a bank holding company, SEC defers to the Federal Reserve's supervision of the holding company. At the same time that it issued the CSE rules, SEC promulgated final rules for the consolidated supervision of supervised investment bank holding companies (SIBHC) pursuant to a provision in the Gramm-Leach- Bliley Act (GLBA).[Footnote 12] The GLBA provision established a supervisory framework for SIBHCs--qualified investment bank holding companies that do not control an insured depository institution-- similar to the approach prescribed in the act for the supervision of bank and thrift holding companies.[Footnote 13] As of this date, no firm has elected to be regulated under the SIBHC scheme. The Federal Reserve, SEC, and OTS vary in their missions in that the Federal Reserve and SEC have responsibilities outside of the supervision and regulation of financial institutions. The Federal Reserve is the central bank of the United States, established by Congress in 1913 to provide the nation with a safer, more flexible, and more stable monetary and financial system. It is responsible for conducting the nation's monetary policy; protecting the credit rights of consumers; playing a major role in operating the nation's payment system; and providing certain financial services to the U.S. government, the public, financial institutions, and foreign official institutions. The Federal Reserve consists of the Board of Governors (Board) and 12 Districts, each with a Federal Reserve Bank (District Bank). SEC is responsible for, among other things, overseeing the disclosure activities of publicly traded companies and the activities of stock markets. The three agencies engaged in consolidated supervision are financed differently. The Federal Reserve primarily is funded by income earned from U.S. government securities that it has acquired through open market operations; OTS primarily by assessments on the firms it supervises; and SEC by congressional appropriations. SEC collects fees on registrations, certain securities transactions, and other filings and reports. However, unlike the banking regulators, SEC deposits its collections in an SEC-designated account at the U.S. Treasury that is used by SEC's congressional appropriators for, among other things, providing appropriations to SEC. International Bodies Provide Some Guidance for Consolidated Supervision: International bodies in which U.S. supervisors participate have developed guidance for consolidated supervision of large, complex, internationally active financial firms or conglomerates.[Footnote 14] The Basel Committee on Banking Supervision (BCBS) does not have formal supervisory authority; rather, it provides an international forum for regular cooperation on banking supervisory matters, including the formulation of broad supervisory standards and guidelines. BCBS has recently revised its "Core Principles for Effective Banking Supervision," which include countries' requiring that banking groups be subject to consolidated supervision, although the definition of a banking group does not always include a top-tier holding company.[Footnote 15] These principles include a number of specific criteria that are presented in appendix II of this report. BCBS also has developed the Basel Capital Standards, which have been adopted in various forms by specific countries; a revised set of standards, Basel II, is currently under consideration for adoption in the United States.[Footnote 16] These standards require that holding companies engaged in banking meet specific risk-based capital requirements. In addition, the Joint Forum, an international group of supervisors established in 1996 under the aegis of BCBS and equivalent bodies for securities and insurance regulators[Footnote 17] to consider issues related to the supervision of financial conglomerates, has issued supervisory guidance. The guidance focuses on risks and controls and specifically directs examiners to review the organizational structure, capital level, risk management, and control environment of conglomerates. The EU promulgated rules for consolidated supervision of certain firms operating in Europe that took effect in 2005. U.S.-headquartered firms with operations in EU countries are among those affected by these rules, which, therefore, has had implications for consolidated supervision in the United States. The Financial Conglomerates Directive (FCD) requires that all financial conglomerates operating in EU countries have a consolidated supervisor. Conglomerates not headquartered in the EU must have an equivalent consolidated supervisor in their home country that has been approved by a designated supervisor from an EU member state in which the company operates. That supervision focuses on capital adequacy, intragroup transactions, risk management, and internal controls. Agencies Employ Differing Policies and Approaches to Provide Consolidated Supervision: The Federal Reserve, OTS, and SEC have all responded to the dramatic changes in the financial services industry, and now, for many of the largest, most complex financial services firms in the United States, these agencies examine risks, controls, and capital levels on a consolidated basis. Given the differences in their authorities and in the institutions that they supervise, as well as other factors, the agencies' specific policies and procedures differ. Also, the agencies divide responsibilities for developing and implementing policies across a number of agency components. The Federal Reserve and OTS generally set policy centrally and implement it through District Banks or regional offices, respectively. At SEC, Market Regulation has primary responsibility for policy and for overseeing how CSEs manage risks, while SEC's examination offices scrutinize more control-oriented activities. The oversight of complex firms involves multiple regulators. Finally, for their smaller or less complex firms, the Federal Reserve and OTS use abbreviated examination programs. All Agencies Examine Consolidated Risks, Controls, and Capital Levels of Their Largest, Most Complex Firms, but Specific Policies and Approaches Differ: All of the agencies have responded to the dramatic changes in the financial services industry, including dramatic growth, increased complexity in terms of the products and services firms offer, more global operations, and greater use of enterprisewide risk management. Now, for many of the largest, most complex financial services firms in the United States, the agencies focus on the firms' risks, controls, and capital levels on a consolidated basis. However, the agencies have developed and revised their programs over different time frames and used different frameworks. The Federal Reserve, beginning in the mid- 1990s, has developed a systematic risk-focused approach for large, complex banking organizations (LCBO); OTS began to move toward a more consistent, risk-focused approach for some large, complex firms in 2003; and SEC's CSE program, implemented in 2004, is new and evolving. Both the Federal Reserve and OTS have approaches to supervision of smaller, less complex holding companies that reflect the risks of these institutions. The Federal Reserve Has a Systematic Risk-Focused Approach for Large, Complex Banking Organizations: In the mid-1990s, the Federal Reserve began to develop a systematic risk-focused approach for the supervision of LCBOs. The program focuses on those business activities posing the greatest risk to holding companies and managements' processes for identifying, measuring, monitoring, and controlling those risks. According to the Federal Reserve, LCBOs have significant on-and off-balance sheet risk exposures, offer a broad range of products and services at the domestic and international levels, are overseen by multiple supervisors in the United States and abroad, and participate extensively in large-value payment and settlement systems.[Footnote 18] As of December 31, 2005, there were 21 LCBOs that together controlled 62 percent of all banking assets in the United States. In issuing a revised rating system in 2004, the Federal Reserve acknowledged that the firms it oversees had become even more concentrated and complex. In addition, it noted that the growing depth and sophistication of financial markets in the United States and around the world have led to a wider range of activities being undertaken by banking institutions.[Footnote 19] This new rating system has components for the bank holding company's risk management, financial condition, and potential impact of the parent (and its nondepository subsidiaries) on the insured depository institution, as well as a composite rating of the holding company's managerial and financial condition and potential risk to its depositories; the system also includes the supervisory ratings for the subsidiary depository institution. Generally policy changes for the consolidated supervision program are made by the Board and implemented by the 12 District Banks which are responsible for day-to-day examination activities of banks and bank holding companies. However, the distinction between policy setting and implementation blurs at the edges. Board staff may participate in exams and District Bank officials serve on committees that provide input for policy development and ensure that supervision is provided at some level of consistency across District Banks. The Federal Reserve requires that all bank holding companies with consolidated assets of $500 million or more meet risk-based capital requirements developed in accordance with the Basel Accord and has proposed, with the other bank supervisors, revised capital adequacy rules to implement Basel II for the largest bank holding companies.[Footnote 20] In addition, the Federal Reserve requires that all bank holding companies serve as a source of financial and managerial strength to their subsidiary banks.[Footnote 21] The Federal Reserve's supervisory cycle for LCBOs generally begins with the development of a systematic risk-focused supervisory plan, follows with the implementation of that plan, and ends with a rating of the firm. The rating includes an assessment of holding companies' risk management and controls; financial condition, including capital adequacy; and impact on insured depositories. The Federal Reserve noted that in addition to its other activities, it obtains financial information from LCBOs in a uniform format through a variety of periodic regulatory reports that other holding companies also provide. Table 3 provides detailed descriptions for each of the steps. Table 3: Federal Reserve's Supervisory Cycle for LCBOs: Supervisory plan; The planning process begins with an overview of the consolidated holding company that may include its business strategy, organizational structure, and a summary of supervisory activity performed since the last review; proceeds through developing a critical risk assessment; and ends with a supervisory plan that determines the ongoing and targeted supervisory activities for the year. The risk assessment captures a preliminary analysis of firms' consolidated risks, including credit, market, liquidity, operational, legal, and reputational risks that are inherent in firms' activities and the controls firms use to manage those risks. Board staff will review key elements of the supervisory process. Supervisory activities; For LCBOs, a lead examiner called a central point of contact and dedicated team members assigned as coordinators for specific risk categories provide continuous supervision, which consists of regular ongoing contact with the relevant firm managers. These teams, which include from 3 to 11 members, also review internal management reports. For limited scope examinations and targeted reviews, a core team risk coordinator leads a team that includes specialists from the District Bank, and may have appropriate assistance from other District Banks or the Board. Targeted reviews can focus on particular nonbank subsidiaries of the holding company, such as consumer lending affiliates; one or more specific activities or business lines of the consolidated organizations and the risk management framework used by the holding company to manage those risks on a consolidated basis, such as market risk management for structured products; or compliance with holding company policies and procedures, and with applicable statutes and regulations. Rating; Once a year, examiners rate firms on their risk management and controls, financial condition, the impact of the holding company and nondepository subsidiaries on insured depositories, and on a composite basis. The financial condition component rating includes an assessment of the quality of the holding company's consolidated capital, asset quality, earnings, and liquidity. In evaluating capital adequacy, examiners are required to consider the risk inherent in an organization's activities and the ability of capital to absorb unanticipated losses. In addition, capital is expected to provide a basis for growth and support the level and composition of the parent company and subsidiaries' debt. Source: GAO. [End of table] For LCBOs, a management group, which consists of District Bank and Board officials, provides additional review of supervisory plans and examination findings. Annually, the management group chooses three or four topics for horizontal exams--coordinated supervisory reviews of a specific activity, business line, or risk management practice conducted across a group of peer institutions. Horizontal reviews are designed to (1) identify the range of practices in use in the industry, (2) evaluate the safety and soundness of specific activities across business lines or across systemically important institutions, (3) provide better insight into the Federal Reserve's understanding of how a firm's operations compare with a range of industry practices, and (4) consider revisions to the formulation of supervisory policy. Horizontal examination topics have included stress-testing practices at the holding company level and the banks compliance with the privacy provision in GLBA.[Footnote 22] Staff from more than one District Bank likely participate in the review. In addition, because many of the large bank holding companies have national banks, nonmember banks, or nonbank operations overseen by another governmental agency, Federal Reserve guidance instructs staff, consistent with the requirements of GLBA, to leverage information and resources from OCC, FDIC, SEC, and other agencies, as applicable.[Footnote 23] After the examinations are completed, the Federal Reserve informs firms generally on how they compare with their peers and may provide information on good practices as well. The Federal Reserve has a range of formal and informal actions it can take to enforce its regulations for holding companies. The agency's formal enforcement powers are explicitly set forth in federal law.[Footnote 24] Federal Reserve officials noted that the law provides explicit authority for any formal actions that may be warranted and incentives for firms to address concerns promptly or through less formal enforcement actions, such as corrective action resolutions adopted by the firm's board of directors or memorandums of understanding (MOU) entered into with the relevant District Bank. According to Federal Reserve officials, in 2006 the Federal Reserve took six formal enforcement actions against holding companies. OTS Is Moving to a Broader, More Systematic Approach to Consolidated Risks for Some of Its Largest, Most Complex Firms: In 2003, OTS revised its handbook for holding company supervision to reflect new guidance for its large, complex firms or conglomerates that it says relies on the international consensus (as evident in Joint Forum publications) of what constitutes appropriate consolidated oversight of conglomerates and also responds to the EU's FCD.[Footnote 25] While the guidance is presented in OTS's standard CORE--capital, organization, relationship, and earnings--format, it differs from OTS's standard guidance in that it focuses on consolidated risks, internal controls, and capital adequacy rather than on a more narrow view of the holding company's impact on subsidiary thrifts. As with the Federal Reserve, OTS headquarters officials generally set nationwide policies and programs and regional office staff conduct examinations. However, the Complex and International Organizations group (CIO), which was established in 2004 in OTS headquarters, both sets policy for holding company supervision of conglomerates and oversees examiners for three firms that must meet the FCD. CIO is developing a process that is similar in some respects to the Federal Reserve's. First, on-site examination teams consisting of lead examiners and others who focus on specific risk areas provide continuous supervision. Second, while examiners for firms in the CIO group we spoke with had not had a formal supervisory plan in past years, these examiners are now preparing plans that focus on the coming year and, unlike the Federal Reserve, take a longer 3-year prospective as well. A CIO official said that this planning framework allows them to examine high-risk areas on an annual basis while ensuring that lower risk areas are covered at least every 3 years. The plans we reviewed were less detailed than those of the Federal Reserve; however, the official in charge of this program said that the group is looking to develop more systematic risk analyses and has reviewed those being used by the Federal Reserve and their counterparts in Europe. Although OTS's guidance for its large, complex firms provides explicit directions on determining capital adequacy, OTS does not have specific capital requirements for holding companies. Generally, OTS requires that firms hold a "prudential" level of capital on a consolidated basis to support the risk profile of the holding company. For its most complex firms, OTS requires a detailed capital calculation that includes an assessment of capital adequacy on a groupwide basis and identification of capital that might not be available to the holding company or its other subsidiaries because it is required to be held by a specific entity for regulatory purposes. The EU's European Financial Conglomerates Committee's guidance to EU country supervisors on the U.S. regulatory system noted OTS's lack of capital standards;[Footnote 26] however, the United Kingdom's Financial Services Authority (FSA) has designated OTS as an equivalent supervisor for the two firms it has reviewed, and in February 2007, the French supervisory body, Commission Bancaire, approved OTS as an equivalent supervisor for another complex conglomerate.[Footnote 27] As noted, only three firms currently are subject to the increasingly systematic, detailed analysis of risks being implemented through the CIO program. Regional staff oversee other large, complex conglomerate thrift holding companies and use OTS's standard CORE framework, which focuses more directly on the risks to the thrift posed by its inclusion in the holding company structure rather than an assessment of the risk management strategy of the holding company (see table 4). We also found that OTS regional examination staff were expanding their risk analyses of some large, complex holding companies, but they had not adopted the CIO program. Table 4: OTS's Standard Core Framework: Capital: Examiners focus on the extent to which the holding company depends on subsidiary thrifts to meet debt commitments and other expenses. The handbook for holding company supervision defines the risks holding companies may face but does not provide specifics for analyzing those risks. Organizational structure: Examiners review the structure of the thrift holding company, the ownership/control of the holding company, and its potential effect on the thrift. They also review the activities of the holding company and other affiliates to determine whether the company is doing anything illegal. Relationship: To determine if the thrift has the ability to "stand alone" in the event of the parent company's financial collapse, examiners assess the degree of influence the holding company has over the thrift, whether the board of directors provides adequate oversight of the thrift, and the degree of managerial interdependence between the thrift and the holding company. Earnings: To determine the potential for the holding company to draw money or collateral from the thrift, examiners assess the current and prospective financial condition and the earnings and liquidity of the holding company. Examiners are also to assess whether the thrift would suffer operational or reputation risk if the holding company were to fail due to poor financial condition. Source: GAO. [End of table] Similar to the Federal Reserve, OTS has explicit authority to take enforcement actions against thrift holding companies that are in violation of laws and regulations.[Footnote 28] According to OTS officials, in 2005 OTS took three formal enforcement actions against holding companies.[Footnote 29] SEC's CSE Program Is New and Evolving: In 2004, SEC adopted its CSE program partly in response to international developments, including the need for some large U.S. securities firms to meet the FCD. However, SEC says that the program is a natural extension of activities that began as early as 1990 when, under the Market Reform Act, SEC was given supervisory responsibilities aimed at assessing the safety and soundness of securities activities at a consolidated or holding company level.[Footnote 30] Formally, SEC supervision under the CSE program consists of four components: a review of firms' applications to be admitted to the program; a review of monthly, quarterly, and annual filings; monthly meetings with senior management at the holding company; and an examination of books and records of the holding company, the broker-dealer, and material affiliates that are not subject to supervision by a principal regulator.[Footnote 31] Under the net capital rule establishing the CSE program, the Division of Market Regulation has responsibility for administering the program.[Footnote 32] Market Regulation recommends policy changes to SEC Commissioners and, through its Office of Prudential Supervision, performs continuous supervision of the five firms that have been designated as CSEs. Each firm is overseen by three analysts, and each of these analysts oversees at least two firms. This office includes a few additional specialists as well. Although the rule did not specify a role for the Office of Compliance Inspections and Examinations (OCIE), this office, with the assistance of the Northeast Regional Office (NERO), examines firms' controls and capital calculations.[Footnote 33] Each of these offices has designated staff positions for the CSE program but also uses staff from SEC's broker-dealer examination program. Market Regulation generally is responsible for overseeing the financial and operational condition of CSEs, including how they manage their risks, but does not provide written detailed guidance for examiners. During the reviews of the firms' applications for admittance to the CSE program, staff reviewed market, credit, liquidity, operational, and legal and compliance risk management, as well as the internal audit function, and continue to do so on an ongoing basis. The firms are to provide SEC with monthly, quarterly, and annual filings, such as consolidated financial statements and risk reports, substantially similar to those provided to the firm's senior managers. Unlike the Federal Reserve and OTS that have their examiners continuously on site at some of their larger more complex firms, Market Regulation staff are not on site at the companies. However, Market Regulation staff meet at least monthly with senior risk managers and financial controllers at the holding company level to review this material and share the written results of these meetings among themselves and with the SEC Commissioners. These reports show that meetings with the firms cover a variety of subjects, such as fluctuations in firmwide and asset- specific value-at-risk, changes to risk models, and the impact of recent trends and events such as Hurricane Katrina. Market Regulation staff also review activities across firms to ensure that firms are all held to comparable standards and that staff understand industry trends. Market Regulation staff has conducted some horizontal reviews of activities such as hedge fund derivative products and event-driven lending that are similar in some ways to the Federal Reserve's horizontal examinations. In addition, one staff member attends all monthly meetings that Market Regulation staff hold with the firms in a given month. That staff member identifies common themes and includes these in the monthly reports. OCIE generally is responsible for testing the control environments of the CSEs, focusing on compliance issues. OCIE and NERO staff followed detailed examination guidance when reviewing CSE applications but, unlike the Federal Reserve and OTS, this guidance is not publicly available. They reviewed firms' compliance with the CSE rule, including whether unregulated material affiliates were in compliance with certain rules that had previously applied only to registered broker-dealers. OCIE and NERO staff continue to conduct exams of the holding companies, the registered broker-dealers, and unregulated material affiliates. During our review of the program, NERO completed the first examination of one of the CSEs, which included a review of the capital computations for the holding company and broker-dealer, the firm's internal controls around managing certain risks, and internal audit. As a condition of CSE status, CSEs agree to compute a capital adequacy measure at the holding company in accordance with the new Basel II standards, and OCIE and NERO validated the firms' calculations as part of their reviews of firms' CSE applications. The U.S. bank supervisory agencies have proposed rules to implement Basel II standards for the largest, most complex banking organizations, and SEC officials said they will continue to monitor these developments and will adopt rules that are largely consistent with the banking agencies' final rules implementing the Basel II standards.[Footnote 34] According to Market Regulation staff, CSEs' use of the Basel II capital standards should allow for greater comparability between CSEs' financial position and that of other securities firms and banking institutions. As part of their supervisory activities, Market Regulation staff review the models or other methodologies firms used to calculate capital allowances for certain types of risks. While the CSEs' broker-dealers are also required to compute capital according to Basel standards, these broker- dealers are required to maintain certain capital measures above minimum levels.[Footnote 35] SEC staff also noted that CSEs are required to have sufficient liquidity so that capital would be available to any entity within the holding company if it were needed. Unlike the bank regulatory agencies, SEC does not have a range of enforcement actions that it can take for violations of the CSE regulations because participation in the CSE program is voluntary. That is, a violation of the CSE regulations can disqualify a broker-dealer from the benefits of CSE status without resulting in a violation of SEC regulations or laws that could lead to an enforcement action. SEC staff noted, however, that the prospect of not being qualified to operate as a CSE served as an effective incentive for complying with CSE requirements. Supervision of Complex Firms Involves Multiple Regulators: Large firms generally contain a number of subsidiaries that are overseen by primary bank and functional supervisors in the United States as well as by supervisors in other countries; however, in some cases, the holding company's supervisor may also be the primary bank or functional supervisor for subsidiaries in these holding companies. Figure 1 illustrates this regulatory complexity for a hypothetical financial holding company. A hypothetical thrift holding company and CSE would differ in that it would not have national or state member bank subsidiaries and potentially could have commercial subsidiaries. GLBA instructed the Federal Reserve, SEC, and OTS, in their roles as consolidated supervisors, to generally rely on primary bank and functional supervisors for information about regulated subsidiaries of the holding company.[Footnote 36] Figure 1: Supervisors for a Hypothetical Financial Holding Company: [See PDF for image] Source: GAO. [End of figure] While the Federal Reserve is the primary federal bank supervisor for the lead bank in some bank holding companies, OCC and FDIC are more often the primary bank supervisor for the lead banks in these holding companies. OCC, because of the growth in the national banking system over the past 10 years, is now most likely to be the supervisor of the lead banks that are owned by bank holding companies in the Federal Reserves' LCBO program. In examining these banks, OCC uses a systematic, risk-focused process similar to that of the Federal Reserve. Specifically, OCC's process begins with a risk analysis that drives the examination process over the course of the examination cycle. According to OCC's handbook, in assessing the bank's condition examiners must consider not only risks in the bank's own activities but also risks of activities engaged in by nonbanking subsidiaries and affiliates in the same holding company.[Footnote 37] FDIC is the primary federal supervisor of the lead bank in some larger bank holding companies and of most of the banks in smaller holding companies.[Footnote 38] In addition, as part of its deposit insurance role, FDIC officials told us that they have a continuous on-site presence at six of the largest LCBOs where OCC is the primary bank supervisor of the lead bank and the Federal Reserve is the consolidated supervisor. Larger bank holding companies also include a number of other regulated subsidiaries, including broker-dealers and thrifts. Except when a thrift is in a bank holding company, OTS serves as the supervisor for both the thrift and the thrift holding company.[Footnote 39] While most of these firms are in the business of banking, as table 5 shows, OTS also oversees a number of complex holding companies that are primarily in businesses other than banking, and some of these are in regulated industries, especially insurance. In addition, a number of thrift holding companies contain industrial loan companies (ILC), state- chartered institutions overseen by FDIC, and some have broker- dealers as well.[Footnote 40] Table 5: Thrift Holding Company Enterprises by Category, Complexity, Size, and Primary Business, as of December 31, 2006: Category I-low risk/ noncomplex. Holding companies: category, complexity, and size: Assets less that 1 billion; Primary business: Banking: 296; Primary business: Insurance: 6; Primary business: Securities: 2; Primary business: Other financial: 11; Primary business: Commercial: 4; Primary business: Total: 319. Holding companies: category, complexity, and size: Assets between 1 billion and 5 billion; Primary business: Banking: 47; Primary business: Insurance: 5; Primary business: Securities: 2; Primary business: Other financial: 3; Primary business: Commercial: 1; Primary business: Total: 58. Holding companies: category, complexity, and size: Assets greater than 5 billion; Primary business: Banking: 11; Primary business: Insurance: 9; Primary business: Securities: 0; Primary business: Other financial: 2; Primary business: Commercial: 1; Primary business: Total: 23. Category II-high risk/complex. Holding companies: category, complexity, and size: Assets less that 1 billion; Primary business: Banking: 12; Primary business: Insurance: 1; Primary business: Securities: 0; Primary business: Other financial: 5; Primary business: Commercial: 1; Primary business: Total: 19. Holding companies: category, complexity, and size: Assets between 1 billion and 5 billion; Primary business: Banking: 9; Primary business: Insurance: 3; Primary business: Securities: 2; Primary business: Other financial: 5; Primary business: Commercial: 1; Primary business: Total: 20. Holding companies: category, complexity, and size: Assets greater than 5 billion; Primary business: Banking: 7; Primary business: Insurance: 12; Primary business: Securities: 5; Primary business: Other financial: 5; Primary business: Commercial: 4; Primary business: Total: 33. Category III- conglomerate. Holding companies: category, complexity, and size: Assets less that 1 billion; Primary business: Banking: 0; Primary business: Insurance: 0; Primary business: Securities: 0; Primary business: Other financial: 0; Primary business: Commercial: 0; Primary business: Total: 0. Holding companies: category, complexity, and size: Assets between 1 billion and 5 billion; Primary business: Banking: 0; Primary business: Insurance: 0; Primary business: Securities: 0; Primary business: Other financial: 0; Primary business: Commercial: 0; Primary business: Total: 0. Holding companies: category, complexity, and size: Assets greater than 5 billion; Primary business: Banking: 0; Primary business: Insurance: 1; Primary business: Securities: 2; Primary business: Other financial: 0; Primary business: Commercial: 1; Primary business: Total: 4. Total; Primary business: Banking: 382; Primary business: Insurance: 37; Primary business: Securities: 13; Primary business: Other financial: 31; Primary business: Commercial: 13; Primary business: Total: 476. Source: OTS. Note: These data include 34 holding companies that own state savings banks where FDIC is the primary federal bank supervisor. [End of table] OTS oversees a large number of firms where insurance is the primary business of the firm and thus shares some responsibilities with state insurance supervisors that have adopted their own holding company framework. In addition, OTS and FDIC share responsibilities when thrift holding companies include ILCs. Generally, OTS guidance refers to protecting thrifts in thrift holding companies rather than more broadly to the protection of insured depositories. However, thrifts and ILCs in the same thrift holding company may face similar threats to their safety and soundness. As the consolidated supervisor of CSEs, SEC oversees large, complex entities that include insured depositories that have FDIC or OTS as their primary federal supervisor. Those CSEs that have thrifts are also supervised at the consolidated level by OTS. SEC's consolidated supervisory activities focus on the financial and operational condition of the holding company and, in particular, activities conducted in unregulated material affiliates that may pose risks to the group. SEC staff noted that they generally rely on the primary bank supervisor with respect to examination of insured depositories.[Footnote 41] Federal Reserve and OTS Use Abbreviated Approach for Smaller or Less Complex Holding Companies: In recent years, the Federal Reserve has limited the resources it uses to oversee the 4,325 small shell bank holding companies (i.e., companies that are noncomplex with assets of less than $1 billion) because it perceives that those entities pose few risks to the insured depositories they own.[Footnote 42] The Board has adopted a special supervisory program for these companies that includes off-site monitoring and relies heavily on primary federal supervisors' bank examinations. For these companies, the Federal Reserve assigns only risk and composite ratings, which generally derive from primary bank supervisors' examinations. Also, in addition to the primary bank supervisors' examinations, Federal Reserve examiners review a set of computer surveillance screens that include the small shells' financial information and performance, primarily to determine if the firms need more in-depth reviews. Federal Reserve staff told us that they spend a limited amount of time on small shell holding company inspections. For example, a Board official said they spend on average about 2 to 2.5 hours annually on each small shell bank holding company. According to Federal Reserve guidance, the only documentation required for small shell ratings where no material outstanding company or consolidated issues are otherwise indicated are bank examination reports and a copy of the letter transmitting the ratings to the company. Similarly, OTS uses an abbreviated version of its CORE program for its low-risk and noncomplex or Category I firms, which make up 401 of the 476 holding companies OTS oversees. Once examiners determine that the holding company is a shell, they are directed to the abbreviated program, which differs from the full CORE in that it requires less detailed information in each of the four CORE areas. For example, the abbreviated CORE does not require that examiners calculate leverage and debt-to-total-asset ratios in the capital component of the examination, while these are required in the full CORE program. However, the handbook advises examiners to refer to the full CORE program for more detailed steps whenever they feel it is warranted. In addition, the handbook advises examiners to consider the specific issues that relate to certain holding company populations, such as those containing insurance firms. At one regional office, managers told us that examinations of shell holding companies take 5 to 10 days; however, because the holding company examination is conducted concurrently with the thrift examination, OTS cannot determine the exact number of hours spent reviewing the holding company. An OTS official noted that for shell holding companies, the difference in examiners' activities between holding company and thrift examinations is largely a matter of perspective rather than a difference in what examiners review. Improved Program Objectives and Performance Measures Could Enhance Agencies' Consolidated Supervision Programs: In recent decades, the environment in which the financial services industry operates, and the industry itself, have undergone dramatic changes that include globalization, consolidation within traditional sectors, conglomeration across sectors, and convergence of institutional roles and products. The industry now is dominated by a relatively small number of large, complex, and diversified financial services firms, and these firms generally manage their risks on an enterprisewide or consolidated basis. Consolidated supervision provides the basis for supervisory oversight of this risk management, but managing consolidated supervision programs in an efficient and effective manner presents challenges to the supervisory agencies. We found that the Federal Reserve, OTS, and SEC were providing supervision consistent with international standards for comprehensive, consolidated supervision for many of the largest, most complex financial services firms in the United States. While the agencies have articulated anticipated benefits or broad strategic goals for their supervision programs in testimony and other documents, the objectives for their consolidated supervision programs are not always clearly defined or distinguished from the objectives for their primary supervision programs. Without more specific program objectives, activities linked to these objectives, and performance measures identified to assess the extent to which these objectives are achieved, the agencies have a more difficult task of ensuring efficient and effective oversight. In particular, with the financial services industry's increased concentration and convergence in product offerings, paired with a regulatory structure that includes multiple agencies, it is more difficult to ensure that the agencies are providing oversight that is not duplicative and is consistent with that provided by primary, functional, or other consolidated supervisors. As a result, the agencies could better ensure that consolidated supervision was being provided efficiently, with the minimal regulatory burden consistent with maintaining safety and soundness, by more clearly articulating the objectives of their consolidated supervision programs, developing and tracking performance measures that are specific to the programs, and improving supervisory guidance. Developments in the Financial Services Industry Have Affected the Environment Facing Financial Supervisors: The environment in which the financial services industry operates, and the industry itself, have undergone dramatic changes.[Footnote 43] Financial services firms have greater capacity and increased regulatory freedom to cross state and national borders, and technological advances have also lessened the importance of geography. Increasingly, the industry is dominated by a relatively small number of large, complex conglomerates that operate in more than one of the traditional sectors of the industry. These conglomerates generally manage their risks on an enterprisewide, or consolidated, basis. Generally, the greater ability of firms to diversify into new geographic and product markets would be expected to reduce risk, with new products and risk management strategies providing new tools to manage risk. Because of linkages between markets, products, and the way risks interact, however, the net result of the changes on an individual institution or the financial system cannot be definitively predicted. Consolidated supervision provides a basis for the supervisory agencies to oversee the way in which financial services firms manage risks and to do so on the same basis that many firms' manage their risk. While primary bank and functional supervisors retain responsibility for the supervision of regulated banks, broker-dealers, or other entities, the consolidated supervisor's approach can encompass a broader, more comprehensive assessment of risks and risk management at the consolidated level. Agencies Are Providing Comprehensive Consolidated Supervision for Many Conglomerates with Depository Institutions: The international consensus on standards or "best practices" for supervising conglomerates that include banks includes the review of risks and controls at the consolidated level, capital requirements at the consolidated level, and the authority to take enforcement actions against the holding company. As described above, we found that the Federal Reserve generally met these standards for its LCBO firms. OTS meets these standards for those firms overseen by CIO. For other firms that might be considered conglomerates, OTS does a more limited review of the risk posed to insured thrifts by activities outside the thrift and does not require that holding companies meet specific capital standards. Officials at both the Federal Reserve and OTS emphasized that the agencies' authority to examine, obtain reports from, establish capital requirements for, and take enforcement actions against the holding company was separate from the authority that primary bank supervisors have. A full assessment of SEC's CSE program is difficult given the newness of the program; however, it appears that for the CSE firms dominated by broker-dealers, SEC is monitoring risks and controls on a consolidated basis and requires that CSEs meet risk-based capital standards at the holding company level. However, with regard to SEC's ability to take enforcement actions at the holding company level. SEC staff acknowledged that SEC does not have the same ability, under the CSE program, to take enforcement actions as the Federal Reserve or OTS. Nonetheless, they noted that the potential removal of a firm's exemption from the net capital rule and notification of EU regulators that a firm was no longer operating under the CSE program would serve as effective deterrents. SEC is also authorized to impose additional supervisory conditions or increase certain multiplication factors used by the CSE in its capital computation. Clear Program Objectives and Performance Measures Are Essential for Ensuring Accountability and Efficiency: Management literature on internal controls, enterprisewide risk management, and government accountability suggest that to achieve accountability and efficiency requires that agencies clearly state program objectives, link their activities to those objectives, and measure performance relative to those objectives.[Footnote 44] This literature also recognizes the increased importance of these management activities in the face of substantial change in the external environment or in the face of the adoption of new "products" internally. When applied to the consolidated supervision programs at the Federal Reserve, OTS, and SEC, clearly defined objectives of consolidated supervision programs, agency activities of these programs linked to those objectives, and performance measures to determine how well the programs are operating are the management approaches that would contribute to the desired accountability and efficiency for the programs. The importance of these management activities is heightened because all three agencies face substantial changes in the external environment, including rapid growth in the financial sector, greater consolidation of firms leading to larger, more complex firms, and greater linkages among financial sectors and markets. In addition, the Federal Reserve and OTS have made substantial changes in their consolidated supervisory programs--particularly with the CIO program at OTS--and SEC has adopted a program that for the first time has staff providing formal prudential oversight at the consolidated level. Adopting sound management and control activities will help ensure that agencies are accountable for exercising the authority for their consolidated supervision programs and achieving the objectives of consolidated supervision, in ways that are effective and efficient. As a result, the regulatory burden would be as low as possible, consistent with maintaining safety and soundness of financial institutions and markets. The agencies face challenges in devising performance measures for consolidated supervision, including rapid changes in the industry. U.S. financial institutions and their competitors increasingly operate worldwide and engage in a number of businesses. Consequently, the global financial system is highly integrated and ensuring financial stability is even more important than in the past. Developing sound measures in such an environment can be difficult, and it is a challenge for agencies to distinguish how much of their work contributes to financial stability, in contrast to other goals such as protecting insured depositories. Further, these objectives are concepts that are not easy to measure. Development and use of appropriate performance measures, however, are critical to efficiently managing the risks that the agencies have in their consolidated supervision programs. Goals and Performance Measures Address Supervision Broadly, Rather Than Consolidated Supervisory Programs Specifically: Generally we found that the three agencies stated goals for all of their supervision programs broadly or that specific objectives for consolidated supervision were the same as those for their primary supervision programs. As a result, the contributions consolidated supervision programs make to the safety and soundness of financial institutions and markets could not be assessed separately from other agency programs. Clearer objectives specific to the consolidated supervision programs would facilitate linking program activities to those objectives and the authority that the agencies have to conduct consolidated supervision. In addition, clear program objectives would facilitate the development of specific performance measures to measure the contribution of these programs to those objectives as well as broader agency goals. Federal Reserve: Agencies' strategic and performance plans sometimes contain objectives for important programs. In its strategic plan, the Federal Reserve identifies objectives for all of its supervision programs: promoting a safe, sound, competitive, and accessible banking system and stable financial markets. However, the only discussion specific to consolidated supervision in the Federal Reserve's strategic plan relates to how the program complements its central bank functions by providing the Federal Reserve with important knowledge, expertise, relationships, and authority. In other statements, Federal Reserve officials have identified a number of potential benefits of consolidated supervision that reflect the changed environment. The then-Chairman of the Federal Reserve Board testified before Congress in 1997 that the knowledge of the financial strength and risk inherent in a consolidated holding company can be critical to protecting an insured subsidiary bank and resolving problems once they arise.[Footnote 45] In 2006, he noted further that consolidated supervision provides a number of benefits, including protection for insured banks within holding companies, protection for the federal safety net[Footnote 46] that supports those banks, aiding the detection and prevention of financial crises, and, thus, mitigating the potential for systemic risk in the financial system.[Footnote 47] In congressional testimony delivered in 2006, a Board official noted that the goals of consolidated supervision are to understand the financial and managerial strengths and risks within the consolidated organization as a whole and to give the Federal Reserve the ability to address significant deficiencies before they pose a danger to the organization's insured banks and the federal safety net. An official at the New York District Bank identified the goals of consolidated supervision as protecting the safety and soundness of depository institutions in the holding company, promoting the health of the holding company itself, and mitigating systemic risk. In its Bank Holding Company Supervision Manual, the Federal Reserve says that the inspection process is intended to increase the flow of information to the Federal Reserve System concerning the soundness of financial and bank holding companies. The manual goes on to explain how the purpose of bank holding company supervision has evolved since the passage of the Bank Holding Company Act in 1956, whose primary objective was to ensure that bank holding companies did not become engaged in nonfinancial activities. According to the manual, an inspection is to be conducted to: 1. inform the Board of the nature of the operations and financial condition of each bank holding company and its subsidiaries, including- -: a. the financial and operational risks within the holding company system that may pose a threat to the safety and soundness of any depository institution subsidiary of such bank holding company, and: b. the systems for monitoring and controlling such financial and operational risks; and: 2. monitor compliance by any entity with the provisions of the Bank Holding Company Act or any other federal law that the Board has specific jurisdiction to enforce against the entity, and to monitor compliance with any provisions of federal law governing transactions and relationships between any depository institution subsidiary of a bank holding company and its affiliates. The Federal Reserve also noted that the objectives of consolidated supervision are discussed in its supervisory guidance on the Framework for Financial Holding Company supervision introduced after GLBA.[Footnote 48] In the guidance, the Federal Reserve says that the objective of overseeing financial holding companies (particularly those engaged in a broad range of financial activities) is to evaluate, on a consolidated or groupwide basis, the significant risks that exist in a diversified holding company in order to assess how these risks might affect the safety and soundness of depository institution subsidiaries. The Federal Reserve has also developed a quality management program to evaluate its supervision programs overall. Board officials told us that each of the District Banks has established a quality management department that include quality planning, control, and improvement. As part of its quality management program, the Board evaluates and reports on District Banks' supervision function in its operations reviews across the major supervision and support functions. According to a Board document, each review assesses how well the Reserve Bank carries out its supervisory responsibilities, focusing not only on the effectiveness and efficiency of individual functional areas but also on how well the Officer in Charge of Supervision organizes and allocates departmental resources, and facilitates integration among those resources. However, in the three operations review reports we reviewed, the performance of consolidated supervisory activities was not assessed independently from the performance of other supervisory activities. Not clearly establishing specific objectives for the consolidated supervision, however, potentially lessens the Federal Reserve's ability to ensure that its consolidated supervision program provides comprehensive and consistent oversight with minimal regulatory burden. The Federal Reserve has authority for holding company supervision distinct from that for supervision of the insured depository itself. Specific objectives and performance measures would enhance the Federal Reserve's ability to ensure its accountability and the efficiency of its consolidated supervisory activities. OTS: OTS consistently identifies the protection of insured depositories as the objective of consolidated supervision. However, like the Federal Reserve, OTS generally does not distinguish between the objectives for holding company supervision and those for primary thrift supervision. In addition, OTS's activities often vary significantly across firms, depending in part on the risk and complexity of the firms. While the varying activities largely reflect the differences among the institutions, a clear link between these activities and the objectives of its consolidated supervision program would enhance OTS's ability to provide effective and consistent oversight with minimal regulatory burden. OTS identifies several strategic goals in its strategic plan, placing particular emphasis on achieving a safe and sound thrift industry, and its Holding Companies Handbook identifies protection of insured thrifts as an objective of holding company supervision; however, these documents distinguish the objectives of the holding company supervision program from those of primary thrift supervision in only one area. The strategic plan says that one objective of OTS's cross-border discussions is to receive additional equivalency determinations under EU directives, including the FCD, and its handbook focuses on international standards in its discussion of changes in its conglomerate oversight. In its strategic plan, OTS has five performance measures for supervision, including the percentage of thrifts that are well-capitalized and the percentage of safety and soundness examinations started as scheduled, but these largely relate directly to OTS's authority as a primary bank supervisor rather than as a holding company supervisor. Because OTS is almost always both the lead bank supervisor and the holding company supervisor for the holding companies it supervises, accountability for its supervision of thrift institutions is clear. However, for those thrift holding companies whose primary business activities are not banking, accountability for parts of the institution may still not be clear. Further, whether an agency is providing consistent and efficient oversight with minimal regulatory burden for all firms is still at issue. For firms overseen by CIO, OTS devotes substantial resources to the oversight of risk and controls consolidated at the highest financial holding company level, and assesses capital at that level. However, for some other firms that had some similar characteristics to the CIO-supervised conglomerates, OTS uses relatively fewer resources in the oversight of these firms at the holding company level. For these firms, consistent with its standard CORE program, OTS looks to see that the holding company is not relying on the thrift to pay off debt or expenses and then limits its oversight to that part of the firm that might directly place the thrift at risk. SEC: Similarly, SEC identifies a number of objectives and performance measures for the agency in its strategic plan, annual performance reports, and annual budget documents. However, none of these is specific to the consolidated supervision program. Instead, these documents provide goals and performance measures for other areas such as enforcement. Enforcing compliance with federal securities laws is one of SEC's strategic goals, and it measures performance in that area by reporting the number of enforcement cases successfully resolved in its 2005 Performance and Accountability Report. The only mention of the new CSE program in these documents is a listing as a "milestone" for Market Regulation in SEC's 2004 Performance and Accountability Report. SEC 2006 and 2007 budget requests note that OCIE will examine CSEs under the strategic goal of enforcing compliance with federal securities laws. The 2006 budget request also includes the need to modify and interpret the rules for CSEs to maintain consistency with the Basel Standards, in light of amendments to the Basel Capital Accord, to meet the goal of sustaining an effective and flexible regulatory environment. On the Web site created by Market Regulation in June 2006, SEC says that the aim of the CSE program is to reduce the likelihood that weakness in the holding company or an unregulated affiliate endangers a regulated entity or the broader financial system. In addition, SEC officials have said that the purpose of the program was to provide consolidated oversight for firms required to meet the EU's FCD. However, CSE oversight activities are not always linked to these aims and the extent to which these activities contribute to the aims is not measured. SEC officials have told us they have developed a draft that would establish program objectives, link activities to these objectives, and establish criteria for assessing the performance of the CSE program. Agencies Have Opportunities to Better Ensure Effective and Consistent Supervision, with Minimal Regulatory Burden: Because the U.S. regulatory structure assigns responsibility for financial supervision to multiple agencies, and a single firm may be subject to consolidated and primary or functional supervision by different agencies, not having objectives and performance measures for consolidated supervision programs increases the difficulty of ensuring effective, efficient, and consistent supervision with minimal regulatory burden and ensuring that each agency is appropriately accountable for its activities.[Footnote 49] The potential for duplication was demonstrated in three financial holding companies where we discussed Federal Reserve oversight with Federal Reserve and OCC examiners and with bank officials. Based on our interviews with OCC examiners, we noted some duplication in Federal Reserve and OCC activities, despite efforts to coordinate supervision by the two agencies. In particular, since these institutions manage some risks on an enterprisewide basis, OCC needed to assess consolidated risk management or other activities outside the national bank to assess the banks' risks. Some OCC officials said that the consolidated supervisor structure created by GLBA was primarily designed for bank holding companies with insurance subsidiaries, but this structure is not prevalent. The primary value of consolidated supervision, they said, is to prevent gaps in supervision, but the benefit for firms that hold primarily bank assets is unclear. Federal Reserve officials, on the other hand, noted that because OCC is a bank supervisor, and not a consolidated supervisor, it does not have the same authority as the Federal Reserve to conduct examinations of, obtain reports from, establish capital requirements for, or take enforcement action against a bank holding company or its nonbank subsidiaries. With more clearly articulated objectives for consolidated supervision that distinguish this authority from the primary supervisor's authority, linking consolidated supervisory activities to those goals and measuring performance would clarify accountability and facilitate greater reliance by each agency on the other's work, lessening regulatory burden. According to officials of the Federal Reserve Board, it takes a number of actions to ensure that the large banking organizations they oversee are treated similarly in its consolidated supervision program. These include a review of LCBO supervisory plans and other elements of the supervisory process as well as some centralized staffing. However, we found that because of the autonomy of the District banks and the lack of detailed guidance, the four District Banks in our study differed in the ways they identified examination or supervisory findings, prioritized them, and communicated these findings to firm management. For example, the Federal Reserve Bank of Atlanta more clearly defines different types of findings, provides criteria to examiners for determining and prioritizing findings, and uses this framework to communicate findings to firm management. At some other District Banks we visited, examiners did not provide us with explicit criteria for determining and prioritizing findings. As a result, it is more difficult to ensure that bank holding companies operating in different Federal Reserve districts are subject to consistent oversight and receive consistent supervisory feedback and guidance. To mitigate this potential for inconsistency, as we noted above, for large, complex institutions, committees such as the LCBO management group review supervisory findings. In addition, a Board official said that the Federal Reserve was considering implementing Atlanta's framework across the system. Without objectives and performance measures specific to the consolidated supervision program, however, the Federal Reserve is less able to gauge the value of the Federal Reserve Bank of Atlanta's more specific guidance to its examination staff. In part, because OTS oversees a diverse set of firms and has been changing some of its consolidated supervisory activities, consistency is a difficult challenge. An OTS official told us that OTS created the CIO in its headquarters to promote more systematic and consistent supervision for certain holding companies. In addition, OTS has issued guidance to help standardize policies and procedures related to providing continuous supervision. However, the criteria are not clear for determining whether a firm is overseen by CIO with continuous comprehensive consolidated supervision or remains in the regional group where it receives more limited oversight under the CORE program. In a speech in November 2006, OTS's Director identified seven internationally active conglomerates OTS oversees at the holding company level.[Footnote 50] Of these, three are overseen by CIO, one receives oversight under the standard CORE program, and two others are overseen regionally but are receiving greater scrutiny than in the past. The three firms receiving comprehensive consolidated oversight by CIO are the firms that have designated OTS as their consolidated supervisor for meeting the EU equivalency requirements, while three of the others have opted to become CSEs. While the small size of SEC's CSE program limits opportunities for treating firms differently, the lack of more complete written guidance and the decision to keep guidance confidential limit the ability of industry participants, analysts, and policymakers to determine whether firms are being treated consistently. In addition, Market Regulation staff said that more complete written guidance would reduce the risks of inconsistency should staff turnover occur. We also found that SEC's lack of program objectives, performance measures, and written public guidance led to firms' receiving inconsistent feedback from SEC's divisions and offices. According to the CSEs and application examinations we reviewed, OCIE conducted highly detailed audits that resulted in many findings related to the firms' documentation of compliance with rules and requirements, while Market Regulation looked broadly at the risk management of the firm. OCIE shared its findings with the firms, but Market Regulation determined that many of them did not meet its criteria for materiality and did not include them in its summary memorandums to the SEC Commissioners recommending approval of the applications. However, either a full or summary OCIE examination report was included as an appendix to these memorandums. Market Regulation staff said they drew on their own knowledge in deciding which findings were material and explained that a finding is material when the issue threatens the viability of the holding company. Further, Market Regulation staff told us that because they rely on managements' openness in their ongoing reviews of CSE's risk management, they do not always share supervisory results with OCIE staff. Market Regulation and OCIE staff stated that they are working on an agreement to facilitate communication between the offices. Finally, even if each agency provided consistent treatment and feedback to firms, there would be no assurance that consistent consolidated supervision would be provided across the agencies. We have noted before that, over time, firms in different sectors increasingly face similar risks and compete to meet similar customer needs.[Footnote 51] Thus, competitive imbalances could be created by different regulatory regimes, including holding company supervision, both here and abroad. Systematic Collaboration Could Enhance Consolidated Supervision Programs: Providing consistent efficient, effective oversight of individual financial institutions has become more difficult as institutions increasingly manage their more complex operations on an enterprisewide basis, often under the oversight of multiple federal financial supervisors. And providing efficient and effective oversight across the financial sector has become more challenging as institutions in different sectors and countries increasingly take on similar risks that may pose issues for a broad swath of the developed world's financial institutions in a crisis. The industry's increased concentration and convergence in product offerings, paired with a regulatory structure with multiple agencies, means that different large financial services firms, offering similar products, may be subject to supervision by different agencies. This leads to risks that the agencies may provide inconsistent supervision and regulation not warranted by differences in the regulated institutions. Supervisors in different agencies engaged in the oversight of a single institution take some steps to share information, avoid duplication, and jointly conduct some examination activities. However, these agencies did not consistently and systematically collaborate in these efforts, thus limiting the efficiency and effectiveness of consolidated supervision. For the three agencies engaged in consolidated supervision, changes in the firms they oversee have led to the firms facing similar risks and competing with each other across industry segments. As a result, it is essential for consolidated supervisors to systematically collaborate so that competitive imbalances are not created. Systematic Collaboration Is Essential for Multiple Agencies Sharing Common Responsibilities: In a system that is characterized by multiple supervisory agencies providing supervision for a single holding company and its subsidiaries as well as several agencies providing consolidated supervision for firms that provide similar services, collaboration among the supervisory agencies is essential for ensuring that the supervision is effective, efficient, and consistent. Through a review of government programs and the literature on effective collaboration, we have identified some key collaborative elements, which are listed in table 6.[Footnote 52] These elements stress the need to ensure, to the extent possible, that the agencies are working toward a common goal, that they minimize resources expended by leveraging resources and establishing compatible policies and procedures, and that they establish accountability for various aspects of these programs and for their efforts to collaborate. Table 6: Key Elements of Collaboration: Key elements of collaboration: Define and articulate a common outcome; Description: Agency staff must commit and devote resources to working across agency lines to define and articulate the common outcome they are seeking to achieve. Key elements of collaboration: Establish mutually reinforcing or joint strategies; Description: Agencies need to align the partner agencies' activities, core processes, and resources to accomplish the common outcome. Key elements of collaboration: Identify and address needs by leveraging resources; Description: Agencies should identify and leverage the human, information technology, physical, and financial resources needed to initiate or sustain their collaborative effort. Key elements of collaboration: Agree on roles and responsibilities; Description: Agencies should define and agree on their respective roles and responsibilities, including how to organize their joint and individual efforts. Key elements of collaboration: Establish compatible policies, procedures, and other means to operate across agency boundaries; Description: Agencies need to address the compatibility of standards, policies, procedures, and data systems that will be used, as well as cultural differences. Key elements of collaboration: Develop mechanisms to monitor, evaluate, and report on results; Description: Agencies should create the means to monitor and evaluate their efforts to enable them to identify areas for improvement. Key elements of collaboration: Reinforce accountability for collaborative efforts through agency plans and reports; Description: Agencies should ensure that goals are consistent and program efforts are mutually reinforcing. Accountability for collaboration is reinforced through public reporting of agency results. Key elements of collaboration: Reinforce individual accountability for collaborative efforts through performance management systems; Description: As a first step in reinforcing individual accountability for collaborative efforts, agencies set expectations for collaboration within and across organizational boundaries in staff performance plans. Source: GAO. [End of table] We have noted in our previous work that running throughout these elements are a number of factors, including leadership, trust, and organizational culture, that are necessary for a collaborative working relationship. We have also noted that agencies may encounter a range of barriers when they attempt to collaborate, including missions that are not mutually reinforcing, or may conflict, and agencies' concerns about protecting jurisdiction over missions and control over resources. As we have noted in the past, the U.S. financial regulatory agencies meet in a number of venues to improve coordination.[Footnote 53] These venues include the President's Working Group, the Federal Financial Institutions Examination Council, and the Financial and Banking Information Infrastructure Committee. In addition, the agencies told us they have frequent informal contact with each other. These contacts address several of the key elements of collaboration identified above, but opportunities remain to enhance collaboration in response to the changes in the financial services industry. These opportunities exist both for agencies that could collaborate in oversight of individual firms where agencies share supervisory responsibility as well as for collaboration among the consolidated supervisors to ensure consistent approaches to common risks. In the Oversight of Individual Firms, Supervisors from Different Agencies Take Steps to Work Together but Could Collaborate More Systematically: Enterprisewide risk management in large financial firms has complicated the task of regulating them, since agency jurisdiction is defined by legal entities. When an agency oversees both the ultimate holding company and its major bank or broker-dealer subsidiary, examination activities tend to be well-integrated. When consolidated and primary bank or functional supervisors of a firm's major subsidiaries are from different agencies, they take some actions to work together and share information. However, we found instances of duplication and regulatory gaps that could be minimized through more systematic collaboration. Moving to Enterprisewide Management and Other Organizational Changes Increases the Potential for Several Agencies to Share Responsibilities: Large, complex firms are increasingly managing themselves on an enterprisewide basis, further blurring the distinctions between regulated subsidiaries and their holding companies. Many of the banking and securities firms included in our review were managing by business lines that cut across legal entities, especially those institutions engaged primarily in banking or securities. At least three of the companies in our review primarily engaged in banking were simplifying their corporate structures, either by reducing the number of bank charters or bringing activities that had been outside an insured depository into the depository or its subsidiaries. Some of these entities had been unregulated by a primary federal bank or functional supervisor and thus had been the primary responsibility of the holding company supervisor or were regulated by a primary bank supervisor different from the supervisor overseeing the lead bank. Finally, we found that several firms that are CSEs, thrift holding companies, or both were conducting extensive banking operations out of a structure that includes an ILC and a thrift and that these entities, which are overseen by different primary bank supervisors, might not be receiving similar oversight from a holding company perspective. As a result of changes in corporate structures and management practices, there are increasing opportunities for collaboration among supervisors with safety and soundness objectives at the subsidiary level and holding company supervisors. For example, primary bank and functional supervisors involved in safety and soundness supervision need to review the organizational structure of the holding company and have to evaluate increasingly centralized risk management activities and the controls around those activities as they may apply to the regulated subsidiary, but the consolidated supervisor is responsible for understanding the organizational structure and monitoring risks and controls at the holding across the entire organization. When the large enterprises we reviewed had the same agency overseeing their ultimate holding company and its lead bank (or its broker-dealer, in the case of CSEs), supervisory activities tended to be well- integrated. For the financial holding company that was dominated by a state member bank and the thrift holding company dominated by a federal thrift institution, we found that the oversight of the dominant financial subsidiary and the ultimate holding company were conducted jointly with the same examination team, a single planning document, and the same timeline. In the case of the CSEs dominated by a broker- dealer, SEC supervises both the holding company and the broker-dealer; NERO completed targeted examinations of one firm in 2006 on an integrated basis. The relationship between the consolidated supervisor and other agencies that serve as primary or functional supervisors for subsidiaries is governed by law, which does provide for some information exchange among the agencies. Under the regulatory structure established by GLBA, the Federal Reserve and OTS are to rely on the primary supervisors of bank subsidiaries in holding companies (the appropriate federal and state supervisory authorities) and the appropriate supervisors of nonbank subsidiaries that either are functionally regulated or are determined by the consolidated regulator to be comprehensively supervised by a federal or state authority.[Footnote 54] Consistent with this scheme, GLBA limits the circumstances under which the Federal Reserve Board and OTS may exercise their examination and monitoring authorities with respect to functionally regulated subsidiaries and depository institutions that are not subject to primary supervision by the Board or OTS. GLBA also provides that the consolidated supervisor is to rely on reports that holding companies and their subsidiaries are required to submit to other regulators and on examination reports made by functional regulators, unless circumstances described in the act exist.[Footnote 55] Among other things, GLBA specifically directs the Federal Reserve and OTS, to the fullest extent possible, to use the reports of examinations of depository institutions made by the appropriate federal and state depository institution supervisory authority. Also, consolidated supervisors are directed to rely, to the extent possible, on the reports of examination made of a broker-dealer, investment adviser, or insurance company by their functional regulators and defer to the functional regulators' examinations of these entities. GLBA also provides for the sharing of information between federal consolidated supervisors and bank supervisors on the one hand and state insurance regulators on the other hand. The act authorizes these regulators to share information pertaining to the entities they supervise within a holding company. For example, with respect to the holding company, the act authorizes the Board to share information regarding the financial condition, risk management policies, and operations of the holding company and any transaction or relationship between an insurance company and any affiliated depository institution.[Footnote 56] The consolidated supervisor also may provide the insurance regulator any other information necessary or appropriate to permit the state insurance regulator to administer and enforce applicable state insurance laws. Consistent with GLBA, consolidated supervisors have negotiated MOUs or other formal information sharing agreements with functional supervisors and were reviewing reports from them. The supervisors had also entered into MOUs with relevant foreign supervisors. For example, OTS had negotiated MOUs with 48 state insurance departments, 7 foreign supervisors, and with the EU. Similarly, the Federal Reserve has a number of MOUs with regulators. One provides for SEC to share information concerning broker-dealer examinations for broker-dealers owned by financial holding companies. Most MOUs include agreements to share information on an informal basis. For example, the Federal Reserve and SEC have a "pilot program" that allows the Federal Reserve to share information on a particular holding company with SEC staff on an ongoing basis. Examination information from the functional supervisors was being provided to the consolidated supervisor, and to some extent, the consolidated supervisor was relying on that information in planning and reporting. Supervisors do communicate when developing holding company supervisory programs. For example, staff at SEC, especially in OCIE, noted that they communicated regularly with the supervisory management at the Federal Reserve Bank of New York when setting up their CSE program. In addition, the agencies gave us examples of when they communicated with regard to specific issues, and the Federal Reserve and SEC have taken opportunities to learn from the firms under each other's jurisdiction. SEC said the Federal Reserve had asked to meet with some of CSEs regarding peer valuation, and SEC had facilitated such meetings. Following the enactment of GLBA, OCC and the Federal Reserve agreed on how they would coordinate in the supervision of LCBOs. While some duplication remains, we found examples of that agreement being implemented. For example, OCC and the Federal Reserve share supervisory planning documents for LCBOs when OCC is the primary bank supervisor for the lead bank in the bank holding company. As a result, the Federal Reserve is able to factor OCC's planned work into its supervisory plan process. In addition, we found that OCC and Federal Reserve examiners at some institutions shared information informally over the course of the examination cycle, allowing them to conduct joint or shared target examination activities that might not have been part of the original plan. OCC examiners told us they are now also receiving information about the Federal Reserve's horizontal reviews in a timelier manner and can thus make better decisions about the extent to which they want to participate in those reviews. Federal Reserve officials said that when OCC has conducted examination activities related to horizontal reviews, they rely on OCC's information. OCC and Federal Reserve examiners also told us that when they disagree on examination findings, they attempt to work out those disagreements before presenting conflicting information to management. Finally, OCC and Federal Reserve examiners jointly attend meetings with management and the Boards of Directors of the financial institutions where they have primary and consolidated supervisory responsibilities. They invite other relevant bank examiners to attend some of these meetings as well. Finally, the Federal Reserve provides OCC and FDIC full online access to its supervisory database, which contains examination reports and other supervisory information for bank holding companies. The supervision of one firm, headquartered abroad but with significant U.S. operations, including substantial securities activities, is an example of coordination between the Federal Reserve, the holding company supervisor for the firm's U.S. operations, two foreign supervisory agencies involved in the oversight of the ultimate holding company, and operations in their countries, and the SEC, which is the functional supervisor of firm's most important U.S. operations. The Federal Reserve meets with supervisors from the other countries formally twice a year to coordinate activities. A representative of the firm said the three agencies meet jointly with representatives of the firm prior to developing a supervisory plan. The lead examiner at the Federal Reserve said that including representatives from other governments on examination teams makes it easier to access information across international borders. While SEC is not included in these meetings, the Federal Reserve and SEC agreed to a "pilot program" for the Federal Reserve to regularly share holding company information with OCIE staff that oversee the firm's U.S. broker-dealers and investment advisers. Collectively, these efforts to coordinate do address several of the key elements of collaboration identified in table 6, above. In particular, the agreements among the supervisors provide a basis for joint strategies, for agreements on roles and responsibilities, and for operating across agency boundaries. Joint examination activities between the Federal Reserve and OCC, for instance, address these elements and are a way to leverage resources. Similarly, coordination between SEC offices and the Federal Reserve promote efforts to learn from each other despite agency boundaries. Opportunities remain for the agencies to collaborate more systematically, however, and thus enhance their ability to provide effective and consistent oversight when they share responsibility for a holding company and its subsidiaries. More consistent collaboration between OCC as the lead bank examiner and the Federal Reserve as the holding company supervisor, for instance, would allow the agencies to take advantage of opportunities to supervise some large, complex, banking organizations as effectively and efficiently as possible. Conducting some examinations and meetings on a joint basis--the solution adopted by the Federal Reserve and OCC--is a positive step but does not ensure that the agencies develop consistent mechanisms to evaluate the results of joint examinations or to judge the extent to which such examinations or other approaches lessen duplication, promote consistency, or otherwise enable more efficient supervision. In addition, we found that coordination between these agencies did not always run smoothly. OCC examiners at some of the institutions we reviewed and officials at headquarters told us that they see some coordination issues, especially with regard to the horizontal examinations the Federal Reserve conducts across some systemically important institutions. OCC examiners at one LCBO said that some cases could lead to the Federal Reserve and OCC providing inconsistent feedback to the firm. They also noted that when the Federal Reserve collects information for these examinations, they do not always rely on OCC for that information when OCC is the primary bank examiner of the lead bank. Finally, while OCC and the Federal Reserve follow the procedures they have laid out for resolving differences, the potential still exists for the two to give conflicting information to management. We found one firm that had initially received conflicting information from the Federal Reserve, its consolidated supervisor, and OCC, its primary bank supervisor, about sufficient business continuity provisions. While the holding company supervisor for thrift holding companies (OTS) or CSEs (SEC) is often the supervisor of the dominant regulated subsidiary, opportunities to reduce regulatory burden and improve accountability through better collaboration continue to exist. While an OTS official told us that one of the main responsibilities of a holding company supervisor is to improve efficiency by serving as a source of information about the holding company to the functional supervisors, this opportunity to leverage information is not fully utilized. FDIC examiners, for instance, could collect information on the organizational structure of the holding company from OTS, but obtained this information from bank officials when examining an ILC that was part of a thrift holding company. In other instances, OTS and the Federal Reserve have taken some steps to work collaboratively with other supervisors in supervising a particular firm, but the results are incomplete. A decision by the United Kingdom's Financial Services Authority to include the German and French regulators in a meeting with OTS led OTS to call a November 2005 meeting that included a broader range of supervisors. OTS officials said they invited insurance, FDIC, and SEC supervisors in the United States. Officials at the company told us, however, that FDIC did not attend the 2005 meeting because the meeting had been arranged hastily. OTS held a similar meeting in November 2006, and FDIC staff attended this meeting; SEC, however, did not attend and senior staff at Market Regulatio