What We Found
Financial regulators need to strengthen systemic risk oversight and monitor progress on reforms, and Congress may want to consider options to address inefficiencies that hamper the financial regulatory system.
Since our 2019 High-Risk Report, ratings for all five criteria remain unchanged. Actions are needed by financial regulators and Congress to address this high-risk area.
Leadership commitment: partially met. Since policymakers enacted the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) in July 2010, financial regulators have shown leadership commitment by finalizing rules to implement the Dodd-Frank Act’s rulemaking requirements. While the act included provisions to better position the financial regulatory system to address financial stability risks, it generally left the financial regulatory structure unchanged.
In February 2016, we reported that remaining fragmentation and overlap in the structure have created inefficiencies in regulatory processes and inconsistencies in how regulators oversee similar types of institutions. We also reported that while the Dodd-Frank Act created the Financial Stability Oversight Council (FSOC) to identify and address threats to financial stability, FSOC’s legal authorities may not allow it to respond effectively to certain systemic risks. For example, these authorities may not allow FSOC to effectively address risks from financial activities that span multiple entities. Hence, addressing weaknesses in the U.S. financial regulatory structure will require additional congressional leadership.
In June 2020, we reported on financial regulators’ efforts to respond to the Coronavirus Disease 2019 (COVID-19) by implementing relevant provisions of the CARES Act, such as temporary changes to regulatory requirements to encourage banks to provide flexibility to borrowers facing disruptions. We noted that as market conditions continue to evolve, regulatory attention to safety and soundness of regulated banks would continue to be important to identify and respond to any emerging issues early.
Capacity: partially met. The Dodd-Frank Act created FSOC and included other provisions intended to increase the capacity of the financial regulatory system to identify and address risks to the stability of the financial system. While most of these reforms have been implemented, rulemakings for certain reforms have only recently taken effect or were modified under the May 2018 Economic Growth, Regulatory Relief and Consumer Protection Act.
For instance, in July 2020, we reported that the Federal Deposit Insurance Corporation and the Board of Governors of the Federal Reserve System (Federal Reserve) had finalized amendments to a rule to address changes under the act to resolution planning requirements for covered companies. In addition, in 2021, we plan to publish a framework for evaluating regulatory structures and policy actions pertaining to financial stability. We plan to conduct future work to compare the U.S. regulatory structure for overseeing financial stability to principles in this framework related to the capacity of this structure to address financial stability risks.
Action plan: partially met. FSOC’s annual reports have served as the council’s key accountability document, as each report (1) discusses the progress regulators have made in implementing reforms, (2) identifies newly emerging threats, and (3) includes recommendations to address them.
In December 2020, we reiterated that concerns remain that while FSOC can use its designation authorities to respond to certain potential systemic risks posed by individual entities, its authorities are limited with respect to risks that arise from financial activities spanning multiple entities. Specifically, FSOC can recommend but not compel regulators to act with respect to systemic risk arising from such activities. This presents a challenge to holding FSOC and the financial regulators accountable for addressing systemic risk.
Monitoring: partially met. FSOC monitors and reports on indicators of financial stability and potential emerging threats to financial stability. In addition, in 2018, the Federal Reserve began publishing an annual financial stability report that includes its assessment of the U.S. financial system. Also, since the financial crisis, the Federal Reserve’s stress test programs have played a key role in supervisory efforts to evaluate and maintain financial stability.
In November 2016, we recommended that the Federal Reserve enhance the effectiveness of these stress test programs by further assessing—and adjusting as needed—the severity of the stress scenarios and other aspects of the test design. Since 2019, the Federal Reserve has taken steps to enhance its stress testing practices that addressed seven recommendations. However, further actions are needed to address five open priority recommendations in this area related to stress test design and management of model risk (e.g., accounting for sensitivity of stress test model results). In 2020, we also highlighted opportunities for the Department of Treasury (Treasury) to improve tracking and prioritizing of cyber risk mitigation efforts in the financial services sector according to goals established by the sector.
Demonstrated progress: partially met. The new agencies and oversight bodies created under the Dodd-Frank Act continue to take actions to carry out their missions and coordinate efforts. For instance, Treasury’s Office of Financial Research and the Federal Reserve have taken steps to reduce potential duplication and ensure comprehensive efforts to monitor systemic risks. The two agencies coordinated semiannual meetings to jointly discuss views from their respective monitoring of the financial system.
In our continuing work to monitor this area, as of December 2020, we observed that federal financial regulators could take additional steps to improve the efficiency and effectiveness of the financial regulatory system. For example, additional continuing progress is needed for the Federal Reserve to enhance its stress test programs.
The U.S. financial regulatory structure remains complex, with responsibilities fragmented among a number of regulators that have overlapping authorities. The current structure introduces significant challenges for efficient and effective oversight of financial institutions and activities. Moreover, in the decades leading up to the financial crisis of 2007—2009, the financial regulatory system failed to adapt to significant changes.
First, although the financial sector increasingly had become dominated by large, interconnected financial conglomerates, no single regulator was tasked with monitoring and assessing the risks that these firms' activities posed across the entire financial system.
Second, entities that had come to play critical roles in the financial markets were not subject to sufficiently comprehensive regulation and oversight.
Third, the regulatory system was not effectively providing key information and protections for new and more complex financial products for consumers and investors. Consequently, we added this area to the High-Risk List in 2009.
Modernizing the U.S. financial regulatory system and aligning it to current conditions is essential to ensuring the stability of the financial system, particularly during the period of profound economic disruption associated with the COVID-19 pandemic.
Over the years since we added this area to our High-Risk List, we have made numerous recommendations related to this area. Since our 2019 High-Risk Report that highlighted 26 open recommendations, 12 recommendations remain open as of December 2020, which include two new recommendations related to cybersecurity risk mitigation in the financial services sector that should be addressed. FSOC and its member agencies should implement our open recommendations related to strengthening oversight of risks to financial stability and assessing the effectiveness of Dodd-Frank Act reforms:
- To improve the effectiveness of its stress test programs, the Federal Reserve should further assess key aspects of stress scenario design and take steps to improve its ability to manage model risk (the potential for adverse consequences from decisions based on incorrect or misused model outputs).
- Federal financial regulators should continue to work cooperatively to conduct required retrospective analyses of rulemakings.
- Treasury should track and prioritize the financial services sector’s cyber risk mitigation efforts and update the sector’s cyber risk mitigation plan with metrics and other information.
Congressional Actions Needed
Addressing weaknesses in the U.S. financial regulatory structure will require additional congressional leadership in the following two areas as cited in our February 2016 report:
- Congress should consider whether additional changes to the financial regulatory structure are needed to reduce or better manage fragmentation and overlap in the oversight of financial institutions and activities to improve (1) the efficiency and effectiveness of oversight; (2) the consistency of consumer and investor protections; and (3) the consistency of financial oversight for similar institutions, products, risks, and services.
For example, Congress could consider consolidating the number of federal agencies involved in overseeing the safety and soundness of depository institutions, combining the entities involved in overseeing the securities and derivatives markets, and determining the optimal federal role in insurance regulation, among other considerations.
- Congress should consider whether legislative changes are necessary to align FSOC’s authorities with its mission to respond to systematic risks. Congress could do so by making changes to FSOC’s mission, its authorities, or both, or to the missions and authorities of one or more of the FSOC member agencies.