Regulators are increasing the pressure on the nation's largest banks and financial services firms to slim down and reduce the risk associated with being too big to fail. The Federal Reserve and several other regulatory agencies have proposed several new measures to minimize the systemic risks that large firms can pose to the broader financial system this fall, such as liquidity standards that would require big banks to retain liquid assets as extra equity capital.
The objective of these measures is to "improve the resiliency of these firms," Federal Reserve governor Daniel Tarullo said in testimony before the Senate Banking Committee in September, arguing that they "create incentives for [large banks] to reduce their systemic footprint and risk profile."
Lowering a banks risk profile has obvious benefits. But these new measures raise several critical issues that regulators should consider before requiring the country's largest institutions to take on more burdensome requirements.
Large banks make up the foundation of our banking system. They are the institutions with the talent and resources to advance cybersecurity efforts, build screening systems that help banks identify designated people and groups on the Office of Foreign Assets Control watch list and ensure that payments systems are working 24 hours a day, seven days a week. Given the importance of these priorities, it seems we are losing sight of the battles to win the war.
Regulators need to more deeply consider what parameters ought to be used to assess the risk that a given bank poses to the financial system. They tend to use asset size to determine whether or not a bank is too big to fail. But a number of other factors affect a bank's influence, from the number of clients it serves to the diversity of its businesses to its status as a multinational or national company.
Moreover, a financial institutions risk profile is highly influenced by the complexity and velocity of change in regulations. Compliance with regulations requires specialized talent. When talent is scarce, mistakes happen. Banks then incur class-action lawsuits and regulatory fines, both of which undermine consumer confidence. The biggest talent gaps are found in small communities, not large urban centers which may mean that regulators need to adjust their thinking.
Regulators should also focus on the extent to which they are increasing the risk of failure in small and midsize banks by neglecting to exempt them from certain aspects of the Dodd-Frank Act. Many people in the industry have argued that Dodd-Frank is too tough on small and regional banks, since the regulatory compliance burden is costly in terms of both time and resources.
Federal Reserve Bank of Kansas City president Esther George, provided poignant comments to that effect at a September conference in St. Louis.
"Community banks have become entangled in a web of reforms intended to address the risks in the largest banks," George said. "These reforms respond to a business model employed by a few large, globally active banks but have created spillovers for community banks."
Simply stated, adding additional layers of compliance and reporting requirements impacts smaller banks' ability to serve individual clients and the small and midsize businesses in the communities in which they operate.
The Fed appears to be willing to address this concern. "The Federal Reserve is supportive of considering areas where the exclusion of community banks from statutory provisions that are less relevant to community bank practice may be appropriate," Tarullo said in his testimony. "We believe it would be worthwhile to consider whether community banks should be excluded from the scope of the Volcker rule and from the incentive compensation requirements of section 956 of the Dodd-Frank Act."
Lastly, regulators need to focus more attention on identifying the holistic range of both the high-impact and high-probability risks faced by the banking industry. Banking has evolved significantly in the years since the financial crisis. Financial institutions need to make sure they are equipped to keep pace with constantly innovating mobile, social and cloud technology and with rapidly changing consumer preferences. They must also be prepared to deal with new areas of risk, from sophisticated data breaches to the increasingly porous organizational boundaries between banks and third-party vendors.
This is the time to invest in infrastructure, including training, technology and programs. This is not the time to turn the dial back and pretend that market risk is the only danger that banks face.
Indeed, most executives identify operational risk as a critical issue. Operational risk includes risks to systems, people, processes and vendors. The Target breach was a wakeup call regarding the risks associated with heating, ventilation and air-conditioning vendors. The market valuation, revenue and customer sentiment associated with this breach was unprecedented.
Policymakers and regulators need to take the same broad view of risk that they require of their financial institutions. It's also important for regulators to take steps to better understand a banks risk appetite in order to assess the likelihood and impact of its failure, irrespective of its size.
Financial regulators should be asking themselves how well firms are managing risk, what risk management measures and systems firms have in place, and what an acceptable level of risk is for a bank of a certain size. These considerations are good leading indicators of a bank's ability to weather a financial crisis.
Susan Palm is vice president of industry solutions at the risk management and compliance software company MetricStream. She previously served as senior vice president of audit and risk at Sterling Savings Bank and as senior vice president of enterprise governance and risk management at Norwest and Wells Fargo.