WASHINGTON Congress should revisit the $50 billion-asset test used to subject larger banks to enhanced regulations and allow supervisors to look beyond an institution's size to assess its riskiness, Comptroller of the Currency Thomas Curry said Monday.
Curry, who sat down for a broad-ranging question-and-answer session before an audience at American Banker's Regulatory Symposium, said determining which banks should be covered by certain rules should be based more on their individual business models than just a size test. He also discussed how his agency will monitor compliance with its new "heightened expectations" rules, and steps banks should take to combat cyber risks.
"Fifty billion dollars [in assets] was a demarcation at the time" but "it doesn't necessarily mean you're engaged in that activity that they are trying to target," Curry said. "The better approach is to use an asset figure as a first screen and give discretion to the supervisors based on the risks in their business plan and operations It's just too easy to say, 'This is the cutoff.' I'm a little leery of just a bright line."
The Dodd-Frank Act used $50 billion as the asset threshold for banks that must follow new prudential standards from the Federal Reserve Board for "systemically important" companies. Banks above the cutoff are also required to submit "living wills" as a roadmap to their hypothetical resolution. The size test determines whether a bank faces heightened stress test requirements, and also is subject to enhanced standards from the Basel Committee.
Curry is not the first policymaker to raise questions about the $50 billion threshold. At a subcommittee hearing before the Senate Banking Committee in July, some lawmakers argued that the asset test favored in Dodd-Frank for defining a "systemic" institution catches some regional-sized banks that do not pose the kind of contagion risks targeted by the law.
For certain financial policy issues, Curry said, new requirements should apply equally to institutions regardless of size. He cited cybersecurity standards as an example of larger "principles" should be applied across the industry, rather than having a two-tiered system.
But generally, he said, regulators must try to do better than just having a one-size-fits-all approach, and recognize that in certain situations supervision is just as important as new regulation.
"We've been very successful in terms of recognizing the difference between JP Morgan [Chase], Citi and Wells [Fargo] that we supervise versus a small national bank in Oklahoma," Curry said. "But in order to do that you need to have some supervisory discretion and judgment. If we could strike the right balance between sound rules and sound supervision, we'd be better off. Whether we get it right or not, I don't know."
Curry also discussed examiners' concerns about the "culture" at banks. Earlier this month, the Office of the Comptroller of the Currency finalized its "heightened expectations" guidance, a new set of risk management standards for larger institutions. Curry said his agency will be keenly interested in how managers and boards of directors oversee compliance with the guidelines.
"The point to remember is that when I use the word 'culture,' it's really the establishment of standards and the enforcement of those standards," he said. "What we're really assessing and what really matters at end of day is management's ability to run those institutions and provide the framework for a successful operation."
Curry said cyber-attacks remain one of the "biggest threats" to the banking system. He noted that regulators are particularly concerned about cybersecurity at community banks, which often use vendors to help manage cyber threats. Effective oversight of technology service providers is important, he said.
There is "the issue of making sure [banks] have taken the appropriate steps to remediate and protect against those threats given the nature of the business," Curry said. "That's something we plan on working through, either through directives or individual procedures, and actual on-sight supervision, which has the benefit of helping banks actually prepare their own defenses against those threats."