If the capital rule recently proposed by the federal banking agencies is adopted, U.S. banks will end up holding over $300 billion in capital against "operational risk." The capital charge comes because the proposed rule would create more than $3.5 trillion in phantom assets to represent operational risk and then impose a capital charge against those assets. For capital purposes, approximately 24% of banks' collective risk-weighted assets would be these phantom assets. By the standard measure used by global regulators, this requirement alone would permanently reduce U.S. GDP by nearly $90 billion annually; operational risk charges would attach to every loan or other bank product, raising their cost to bank customers. There is no reason to believe that operational risk justifies this self-inflicted wound to our country's economic growth.
In fact, in
Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Cyber risk is universally considered the largest operational risk facing banks. That said, it is hard to find any record of a large U.S. bank ever failing for operational risk, or even suffering a material loss as a result of a cyberattack, an information technology failure or any other true operational risk event. Certainly, the proposed rule cites not a single case.
Instead, when regulators talk about large operational risk losses, they are generally referring to a type of operational risk loss that might not immediately come to mind: fines imposed by the agencies themselves, and judgments obtained in follow-on civil litigation. The largest such fines in the past have come from failure to monitor for money laundering or sanctions compliance; most recently, the banking industry has been assessed over $2.5 billion in fines for failing to monitor texts sent via employees' personal phones. Even here, none has ever produced a bank failure.
But, stepping back, consider how strange this idea is. Basically, the agencies are requiring banks to hold capital every day of the week against the risk that the agencies themselves will at some point impose ruinous fines on those banks.
There is a larger, conceptual problem. Future potential fines and litigation judgments are unlikely to coincide with very large market risk, credit risk and counterparty risk losses that are also being capitalized by the proposal. The agencies are no more or less likely to fine a bank for sanctions compliance during a credit crisis or a market crisis. While one could note that the global financial crisis produced large fines and litigation judgments as well as credit and market losses, the fines and litigation losses (either judgments or reserves established in anticipation of judgment) came several years later. For capital purposes, the origin story of the loss is not important; it is when the loss is incurred (either paid for or reserved against). And nobody was paying out mortgage judgments on Lehman weekend. Most of the judgments were not paid until 2014; some cases are only being paid now.
The Federal Reserve's vice chair for supervision said FedNow and digital currencies are important areas for research, but not at the expense of legacy systems like cash and debit.
Thus, a bank fined for some perceived past misdeed will in most cases be able to pay that fine out of earnings, but even in extreme cases will be able to use some of its otherwise-required capital to pay the fine and rebuild its capital over time through earnings. By analogy, a single airbag can guard against a variety of potential collisions.
Indeed, the agencies recognized this logic in their prior iteration of Basel implementation,
The only thing odder than taxing bank customers permanently for one-time losses would be taxing them twice, but that is exactly what the agencies propose to do. The proposed rule would create $2 trillion in phantom operational risk assets; the other $1.5 trillion come from the Federal Reserve's annual stress test, whose latest iteration assumed $188 billion in aggregate operational risk losses. So, the same risk is being counted twice. By definition, operational risk events are stress events, so both charges are for stress. Notably, the United States would be the only country in the world to double-count risk in this way, as no other country includes a stress capital charge, much less one with an operational risk component.
And then of course there is the calibration. The proposed rule contains no historical data or analysis to justify the charges it imposes, and as noted, the best data available suggests that it overstates the risk by a factor of five.
Why does this matter? If a bank is fined $1 billion, that fine is paid from current earnings and is basically incurred by the bank's shareholders; in investor parlance, it is a "one-timer." However, if the bank is assessed a permanent capital charge for the risk of future such fines, that charge is paid by the bank's customers — consumers and businesses — and ultimately by the economy.
The operational risk component of the agencies' capital proposal could not possibly pass any cost-benefit analysis. Perhaps that is why the agencies' capital proposal on operational risk did not contain one. The current proposal needs to be rethought and recalibrated, and once it is adopted, the operational risk component of the Federal Reserve's stress test needs to be eliminated.
