Bank Supervision: Regulators Improved Supervision of Management Activities but Additional Steps Needed
Fast Facts
We and others have found that at large financial institutions, management weaknesses—such as ineffective leadership by boards of directors, and compensation tied to quantity of rather than quality of loans—contributed to the 2007-2009 financial crisis.
Are federal banking regulators addressing these weaknesses?
We found regulators have improved their supervision of large banks’ management activities and generally followed leading practices. However, regulators could do a better job informing institutions of potential emerging problems.
We made 4 recommendations to further strengthen the regulators’ bank supervision policies and procedures.
A side view of the New York Stock Exchange on Wall Street in New York City.
Highlights
What GAO Found
Since 2009, federal banking regulators have revised policies and procedures for use by examiners in supervising depository institutions' management activities (such as those related to corporate governance and internal controls) and for identifying and communicating supervisory concerns. For example, regulators differentiated levels of severity for supervisory concerns and specified when to communicate them to boards of directors at the depository institutions. GAO found that the updated policies and procedures generally were consistent with leading risk-management practices, including federal internal control standards.
Examination documents that GAO reviewed showed that examiners generally applied the regulators' updated policies and procedures to assess management oversight at large depository institutions. In particular, for the institutions GAO reviewed, the regulators communicated deficiencies before an institution's financial condition was affected, and followed up on supervisory concerns to determine progress in correcting weaknesses. However, practices for communicating supervisory concerns to institutions varied among regulators and some communications do not provide complete information that could help boards of directors monitor whether deficiencies are fully addressed by management. Written communications of supervisory concerns from the Federal Deposit Insurance Corporation (FDIC) and the Board of Governors of the Federal Reserve System (Federal Reserve) that GAO reviewed often lacked complete information about the cause of the concern and, for the Federal Reserve, also lacked information on the potential consequences of the concern, which in one instance led to an incomplete response by an institution. Communicating more complete information to boards of directors of institutions, such as the reason for a deficient activity or practice and its potential effect on the safety and soundness of operations, could help ensure more timely corrective actions.
While supervisory concern data indicated continuing management weaknesses, regulators vary in how they track and use the data. Data on supervisory concerns, and regulators' internal reports based on the data, indicated that regulators frequently cited concerns about the ability of depository institution management to control and mitigate risk. However, FDIC examiners only record summary information about certain supervisory concerns and not detailed characteristics of concerns that would allow for more complete information. With more detailed information, FDIC management could better monitor whether emerging risks are resolved in a timely manner. In addition, the regulators vary in the nature and extent of data they collect on the escalation of supervisory concerns to enforcement actions. FDIC and the Office of the Comptroller of the Currency (OCC) have relatively detailed policies and procedures for escalation of supervisory concerns to enforcement actions, but the Federal Reserve does not. According to Federal Reserve staff, in practice they consider factors such as the institution's response to prior safety and soundness actions. But the Federal Reserve lacks specific and measurable guidelines for escalation of supervisory concerns, relying solely on the judgment or experience of examiners, their management, and Federal Reserve staff, which can result in inconsistent escalation practices.
Why GAO Did This Study
Weaknesses identified after the 2007–2009 financial crisis included management weaknesses at large depository institutions and the need for federal regulators (FDIC, Federal Reserve, and OCC) to address the deficiencies in a timely manner. Concerns remain that positive economic results of recent years could mask underlying risk-management deficiencies.
This report examined (1) how consistent regulators' revised policies and procedures are with leading risk-management practices, (2) how they applied examination policies and procedures, and (3) trends in supervisory concern data since 2012 and how regulators tracked such data. GAO compared regulators' policies and procedures for oversight against leading practices; compared documents from selected bank examinations for 2014–2016 against regulator's risk-management examination procedures; reviewed aggregate supervisory concern data for 2012–2016; and interviewed regulators and industry representatives.
Recommendations
GAO recommends that FDIC and the Federal Reserve improve information in written communication of supervisory concerns; FDIC improve recording of supervisory concern data; and the Federal Reserve update guidelines for escalating supervisory concerns. FDIC disagreed with the first recommendation, stating its policies address the issue, but GAO found clarification is needed. FDIC agreed with the second recommendation. The Federal Reserve neither agreed nor disagreed with the recommendations.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Federal Deposit Insurance Corporation | The Director of the Division of Risk Management Supervision of FDIC should update policies and procedures on communications of supervisory recommendations to institutions to provide more complete information about the recommendation, such as the likely cause of the problem or deficient condition, when practicable. (Recommendation 1) |
Closed – Implemented
In November 2019, FDIC reported that they formalized their policies and procedures regarding root cause analysis. In support, FDIC cited a memorandum to regional offices regarding strategies for identifying the root causes of deficiencies; training materials for examiners and case managers on root cause analysis; and, a new section in its Manual of Examination Policies on risk-focused, forward-looking safety and soundness supervision. We reviewed each of these documents, and found that FDIC updated policies and procedures to provide more complete information about supervisory recommendations, including the likely cause of the deficient condition. We also reviewed a number of recent supervisory letters and reports of examination, and found that they included information about causation and generally discussed deficient conditions in greater detail, indicating that examiners and case managers are following the updated procedures.
|
| Federal Reserve System | The Director of the Division of Supervision and Regulation of the Board of Governors of the Federal Reserve System should update policies and procedures on communications of supervisory concerns to institutions to provide more complete information about the concerns, such as the likely cause (when practicable) and potential effect of the problem or deficient condition. (Recommendation 2) |
Closed – Implemented
In May 2020, Board staff told GAO that they recently updated the procedures that examiners are expected to follow in communicating supervisory concerns to institutions, and that the updates include revisions to address GAO's recommendation. Specifically, in February 2020, the Board updated its Bank Holding Company Supervision Manual, and in April 2020, the Board updated its Commercial Bank Examination Manual. We reviewed the manuals and found that each includes a section entitled, "Communication of Supervisory Findings," with the following requirement: "In a supervisory finding, examiners should convey, if evident, both the root cause of the finding and potential effect of the finding on the organization." Based on this requirement, examiners should be able to provide more complete information about supervisory recommendations to bank board of directors, who in turn should be better able to oversee bank management's response to supervisory recommendations.
|
| Federal Deposit Insurance Corporation | The Director of the Division of Risk Management Supervision of FDIC should take steps to improve the completeness of matters requiring board attention (MRBA) data in its tracking system, in particular, by developing a structure that allows examiners to record MRBAs at progressively more granular levels (from a broad level such as examination area to more specific levels, including risk or concern type). (Recommendation 3) |
Closed – Implemented
FDIC agreed that a structure should be enhanced to allow staff to further categorize MRBAs at the point of entry into the system. FDIC sent a memorandum to FDIC regional managers dated July 2020 that provides updated instructions to examination staff for recording and tracking MRBA in FDIC's ViSION database. FDIC made enhancements to ViSION that allow the capture of MRBA data at progressively granular levels, including both by major examination area and by specific concern type. Our review of a sample of screen shots confirmed that with these enhancements, case managers can track MRBA by major category and then by sub-categories to further focus on the specific risk or area of concern. In addition, FDIC also prepared training materials and an MRBA tracking job aid for case managers regarding the MRBA ViSION enhancements. FDIC has addressed the recommendation with these changes, and FDIC management should have more complete information about MRBAs to better monitor the effectiveness of supervision activities in remediating emerging risks in a timely manner.
|
| Federal Reserve System | The Director of the Division of Supervision and Regulation of the Board of Governors of the Federal Reserve System should update policies and procedures to incorporate specific factors for escalating supervisory concerns. (Recommendation 4) |
Closed – Implemented
In May 2020, Board staff stated that they completed updates to their policies and procedures to incorporate specific factors for escalating supervisory concerns. Specifically, in February 2020, the Board updated its Bank Holding Company Supervision Manual, and in April 2020, updated its Commercial Bank Examination Manual. We reviewed both manuals, and found that each includes a new section entitled, "Factors in Escalating Issues into Enforcement Actions." Each section includes a list of key factors that examiners should consider in determining whether to recommend additional formal or informal investigation or enforcement action, including, for example, the severity or repetitive or intentional nature of the issues and management's willingness and ability to correct the issues. These factors should help examiners better determine if the volume of open supervisory recommendations and the materiality of the issues to the safety and soundness of the bank raises the need to consult with the Board's enforcement staff about escalating issues into enforcement actions.
|