Modernizing the U.S. Financial Regulatory System
The U.S. financial regulatory structure remains complex, with responsibilities fragmented among a number of regulators that have overlapping authorities. The current structure introduces significant challenges for efficient and effective oversight of financial institutions and activities. Moreover, in the decades leading up to the financial crisis of 2007—2009, the financial regulatory system failed to adapt to significant changes.
First, although the financial sector increasingly had become dominated by large, interconnected financial conglomerates, no single regulator was tasked with monitoring and assessing the risks that these firms' activities posed across the entire financial system.
Second, entities that had come to play critical roles in the financial markets were not subject to sufficiently comprehensive regulation and oversight.
Third, the regulatory system was not effectively providing key information and protections for new and more complex financial products for consumers and investors. Consequently, we added this area to the High-Risk List in 2009.
Modernizing the U.S. financial regulatory system and aligning it to current conditions is essential to ensuring the stability of the financial system, particularly during the period of profound economic disruption associated with the COVID-19 pandemic.
Since our 2019 High-Risk Report, ratings for all five criteria remain unchanged. Actions are needed by financial regulators and Congress to address this high-risk area.
Leadership commitment: partially met. Since policymakers enacted the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) in July 2010, financial regulators have shown leadership commitment by finalizing rules to implement the Dodd-Frank Act’s rulemaking requirements. While the act included provisions to better position the financial regulatory system to address financial stability risks, it generally left the financial regulatory structure unchanged.
In February 2016, we reported that remaining fragmentation and overlap in the structure have created inefficiencies in regulatory processes and inconsistencies in how regulators oversee similar types of institutions. We also reported that while the Dodd-Frank Act created the Financial Stability Oversight Council (FSOC) to identify and address threats to financial stability, FSOC’s legal authorities may not allow it to respond effectively to certain systemic risks. For example, these authorities may not allow FSOC to effectively address risks from financial activities that span multiple entities. Hence, addressing weaknesses in the U.S. financial regulatory structure will require additional congressional leadership.
In June 2020, we reported on financial regulators’ efforts to respond to the Coronavirus Disease 2019 (COVID-19) by implementing relevant provisions of the CARES Act, such as temporary changes to regulatory requirements to encourage banks to provide flexibility to borrowers facing disruptions. We noted that as market conditions continue to evolve, regulatory attention to safety and soundness of regulated banks would continue to be important to identify and respond to any emerging issues early.
Capacity: partially met. The Dodd-Frank Act created FSOC and included other provisions intended to increase the capacity of the financial regulatory system to identify and address risks to the stability of the financial system. While most of these reforms have been implemented, rulemakings for certain reforms have only recently taken effect or were modified under the May 2018 Economic Growth, Regulatory Relief and Consumer Protection Act.
For instance, in July 2020, we reported that the Federal Deposit Insurance Corporation and the Board of Governors of the Federal Reserve System (Federal Reserve) had finalized amendments to a rule to address changes under the act to resolution planning requirements for covered companies. In addition, in 2021, we plan to publish a framework for evaluating regulatory structures and policy actions pertaining to financial stability. We plan to conduct future work to compare the U.S. regulatory structure for overseeing financial stability to principles in this framework related to the capacity of this structure to address financial stability risks.
Action plan: partially met. FSOC’s annual reports have served as the council’s key accountability document, as each report (1) discusses the progress regulators have made in implementing reforms, (2) identifies newly emerging threats, and (3) includes recommendations to address them.
In December 2020, we reiterated that concerns remain that while FSOC can use its designation authorities to respond to certain potential systemic risks posed by individual entities, its authorities are limited with respect to risks that arise from financial activities spanning multiple entities. Specifically, FSOC can recommend but not compel regulators to act with respect to systemic risk arising from such activities. This presents a challenge to holding FSOC and the financial regulators accountable for addressing systemic risk.
Monitoring: partially met. FSOC monitors and reports on indicators of financial stability and potential emerging threats to financial stability. In addition, in 2018, the Federal Reserve began publishing an annual financial stability report that includes its assessment of the U.S. financial system. Also, since the financial crisis, the Federal Reserve’s stress test programs have played a key role in supervisory efforts to evaluate and maintain financial stability.
In November 2016, we recommended that the Federal Reserve enhance the effectiveness of these stress test programs by further assessing—and adjusting as needed—the severity of the stress scenarios and other aspects of the test design. Since 2019, the Federal Reserve has taken steps to enhance its stress testing practices that addressed seven recommendations. However, further actions are needed to address five open priority recommendations in this area related to stress test design and management of model risk (e.g., accounting for sensitivity of stress test model results). In 2020, we also highlighted opportunities for the Department of Treasury (Treasury) to improve tracking and prioritizing of cyber risk mitigation efforts in the financial services sector according to goals established by the sector.
Demonstrated progress: partially met. The new agencies and oversight bodies created under the Dodd-Frank Act continue to take actions to carry out their missions and coordinate efforts. For instance, Treasury’s Office of Financial Research and the Federal Reserve have taken steps to reduce potential duplication and ensure comprehensive efforts to monitor systemic risks. The two agencies coordinated semiannual meetings to jointly discuss views from their respective monitoring of the financial system.
In our continuing work to monitor this area, as of December 2020, we observed that federal financial regulators could take additional steps to improve the efficiency and effectiveness of the financial regulatory system. For example, additional continuing progress is needed for the Federal Reserve to enhance its stress test programs.
Over the years since we added this area to our High-Risk List, we have made numerous recommendations related to this area. Since our 2019 High-Risk Report that highlighted 26 open recommendations, 12 recommendations remain open as of December 2020, which include two new recommendations related to cybersecurity risk mitigation in the financial services sector that should be addressed. FSOC and its member agencies should implement our open recommendations related to strengthening oversight of risks to financial stability and assessing the effectiveness of Dodd-Frank Act reforms:
- To improve the effectiveness of its stress test programs, the Federal Reserve should further assess key aspects of stress scenario design and take steps to improve its ability to manage model risk (the potential for adverse consequences from decisions based on incorrect or misused model outputs).
- Federal financial regulators should continue to work cooperatively to conduct required retrospective analyses of rulemakings.
- Treasury should track and prioritize the financial services sector’s cyber risk mitigation efforts and update the sector’s cyber risk mitigation plan with metrics and other information.
Congressional Actions Needed
Addressing weaknesses in the U.S. financial regulatory structure will require additional congressional leadership in the following two areas as cited in our February 2016 report:
- Congress should consider whether additional changes to the financial regulatory structure are needed to reduce or better manage fragmentation and overlap in the oversight of financial institutions and activities to improve (1) the efficiency and effectiveness of oversight; (2) the consistency of consumer and investor protections; and (3) the consistency of financial oversight for similar institutions, products, risks, and services.
For example, Congress could consider consolidating the number of federal agencies involved in overseeing the safety and soundness of depository institutions, combining the entities involved in overseeing the securities and derivatives markets, and determining the optimal federal role in insurance regulation, among other considerations.
- Congress should consider whether legislative changes are necessary to align FSOC’s authorities with its mission to respond to systematic risks. Congress could do so by making changes to FSOC’s mission, its authorities, or both, or to the missions and authorities of one or more of the FSOC member agencies.
GAO-21-167: Published: Dec 16, 2020. Publicly Released: Dec 16, 2020.
The market for corporate loans made to businesses with high levels of debt (i.e., "institutional leveraged loans") roughly doubled to $1.2 trillion over 2010-19. These higher risk loans offer a higher rate of return to investors. Some observers compare today's market with the pre-2008 subprime mortgage market that eventually collapsed, threatening U.S. financial stability. Regulators remain cautio...
GAO-20-631: Published: Sep 17, 2020. Publicly Released: Sep 17, 2020.
The financial services sector, a critical component of the nation's infrastructure that holds over $108 trillion in assets, is an increasingly attractive target for cyber-based attacks. The sector includes banks, mutual funds, and securities dealers The Treasury Department and other federal agencies are taking steps to reduce risks and bolster the sector's efforts to improve its cybersecurity. We...
GAO-20-608R: Published: Jul 21, 2020. Publicly Released: Jul 21, 2020.
The 2007-2009 financial crisis and the failures of large, complex financial institutions led some to question the adequacy of the Bankruptcy Code for reorganizing or liquidating these institutions. In response, the Dodd-Frank Act gave the Federal Deposit Insurance Corporation authority for a regulatory alternative to bankruptcy. We looked at some proposed changes to the code, FDIC's authority to l...
GAO-20-625: Published: Jun 25, 2020. Publicly Released: Jun 25, 2020.
In response to the COVID-19 pandemic, Congress appropriated $2.6 trillion in emergency assistance for people, businesses, the health care system, and state and local governments. How are federal agencies administering this spending? We found that the Small Business Administration processed over $512 billion in guaranteed small business loans, but isn’t ready to address fraud risks and hasn’t...
GAO-20-114R: Published: Dec 10, 2019. Publicly Released: Dec 10, 2019.
In response to the 2007-2009 financial crisis, the Dodd-Frank Act of 2010 required federal agencies to issue hundreds of new financial regulations. Since 2011, we have conducted an annual study of these regulations—and made a total of 37 recommendations to help enhance regulatory analyses and interagency coordination. We found that federal agencies have implemented 32 of these recommendations b...
GAO-18-213: Published: Feb 13, 2018. Publicly Released: Feb 27, 2018.
Interviews and focus groups GAO conducted with representatives of over 60 community banks and credit unions indicated regulations for reporting mortgage characteristics, reviewing transactions for potentially illicit activity, and disclosing mortgage terms and costs to consumers were the most burdensome. Institution representatives said these regulations were time-consuming and costly to comply wi...
GAO-17-48: Published: Nov 15, 2016. Publicly Released: Nov 15, 2016.
The Board of Governors of the Federal Reserve System (Federal Reserve) has two related supervisory programs that involve stress testing but serve different purposes. Stress tests are hypothetical exercises that assess the potential impact of economic, financial, or other scenarios on the financial performance of a company. Stress tests of banking institutions typically evaluate if the institutions...
GAO-16-175: Published: Feb 25, 2016. Publicly Released: Mar 28, 2016.
The U.S. financial regulatory structure is complex, with responsibilities fragmented among multiple agencies that have overlapping authorities. As a result, financial entities may fall under the regulatory authority of multiple regulators depending on the types of activities in which they engage (see figure on next page). While the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Fr...
GAO-15-51: Published: Nov 20, 2014. Publicly Released: Nov 20, 2014.
The Financial Stability Oversight Council (FSOC) uses committees comprising staff from member agencies to help it evaluate nonbank financial companies and determine if they will receive enhanced supervision. FSOC has developed and followed a process for making determination decisions that is, in part, systematic and transparent. FSOC published a final rule and guidance that establish a three-stage...
GAO-12-886: Published: Sep 11, 2012. Publicly Released: Sep 13, 2012.
These new organizations--the Financial Stability Oversight Council (FSOC) and Office of Financial Research (OFR)--face challenges in achieving their missions. Key FSOC missions--to identify risks and respond to emerging threats to financial stability--are inherently challenging, in part, because risks to financial stability do not develop in precisely the same way in successive crises. Collaborati...