Perspective on Risk - March 9, 2025

Debanking is Bullshit; FDIC Withdraws Proposed Rules; SLR Reform; Regulatory Consolidation; Risk-Focused Supervision of Community Banks; The SVB Exemption Was A Crypto Bailout; M is for Management

Debanking is Bullshit

Not that I have a strong opinion here ;→

New GOP Bill Aims to End ‘Debanking’ of Crypto Companies and Conservatives (WSJ)

I’ve avoided writing about de-banking, but much of this story whole debanking story is bullshit.

The leader of the Senate Banking Committee wants regulators to stop worrying about customers causing reputational damage to banks. … Scott introduced a bill on Thursday that would end regulatory oversight of so-called reputational risks, calling the bill a first step toward ending discrimination against clients.

Banks have largely blamed regulators for a hesitancy to work with certain cryptocurrency companies. In other instances, they have pointed to the U.S. anti-money-laundering laws, which require them to flag suspicious transactions by customers. For years, industries ranging from pornography to firearms to cannabis, have claimed banks refuse to do business with them as well.

Once upon a time, there was a thing called the Five Cs of Credit (Character, Capacity, Capital, Collateral and Conditions). The first C was character. Let’s go all the way back to Mr. J. P. Morgan himself. During his 1912 testimony before the Pujo Committee, which was investigating the concentration of financial power in the United States, Morgan famously stated:

A man I do not trust could not get money from me on all the bonds in Christendom.

Before the focus on “reputational risk” there were issues that today might fall into that category, such as fair-lending and redlining. Reputational risk took off as a theme during the 1990s and 2000s, in my memory it was associated with money brokers, drug trafficking and remittances, and certainly got more important following 9/11 and the Patriot Act.

Before my time as a supervisor, in the late 1980s, the National Mortgage Bank of Greece and Atlantic Bank were convicted for illegally transferring tens of millions of dollars from the United States to Greece. In 1989, the Financial Action Task Force (FATF) was established. Although its initial focus was on combating money laundering, the FATF's work laid the foundation for future guidelines on KYC and dealing with Politically Exposed Persons (PEPs), which are crucial for managing reputational risk. Also in 1989, the Basel Committee issued a statement emphasizing the need for banks to prevent their systems from being used for criminal purposes. This early guidance highlighted the importance of customer identification and due diligence, precursors to formal KYC protocols.

In the 1990s, there was a large focus on unlicensed money remitters, and in the early 2000s, Colombian money brokers utilizing the Black Market Peso Exchange to launder drug proceeds were a focus.

And there was the conclusion of a formative experience for supervisors, the closure of Bank of Credit and Commerce International (BCCI). BCCI was involved in money laundering, fraud, bribery, and regulatory evasion on a global scale. It became the "go-to bank" for illicit financial transactions, including those for drug cartels, arms dealers, terrorists, and dictators. It laundered drug money for the Medellín Cartel (Pablo Escobar) and others, helping them move billions across borders. Throughout my early supervisory career, one could not help but hear about BCCI.

Finally, for me in the 1990s, there was Bankers Trust, which was blatantly ripping off its customers through the sale of leveraged derivatives. Credit Suisse also had numerous “appropriateness” issues.

In the early 2000s, largely due to 9/11, regulations were imposed on Politically-Exposed Persons (PEPs). This was highlighted by action against Riggs Bank. In the 2000s, the OCC explicitly included reputational risk in its framework for evaluating bank risk profiles, the Wolfsberg Group released principles focusing on AML in private banking, introducing guidelines on KYC, PEPs, and reputational risk management, and the Patriot Act imposed stringent KYC requirements and mandated enhanced due diligence for PEPs, significantly influencing supervisory expectations.

The current Republican focus on debanking is due to the focus on crypto activities. There has long been concern that a major, if not the primary, uses of crypto has been for money laundering and flight capital.

Importantly, unlike, say, the Germans, the US regulators have never focused on the tax avoidance aspects of these businesses.

Banks can choose who they will bank, but they do have to be aware of the consequences, comply with the law, and have risk management policies and procedures commensurate with the risks.

FDIC Withdraws Proposed Rules

Mixed bag here - some useful and some clear over-reach.

FDIC Board of Directors Withdraws Four Outstanding Proposed Rules

The Federal Deposit Insurance Corporation’s (FDIC) Board of Directors today approved the withdrawal of three outstanding proposed rules relating to brokered deposits, corporate governance, and the Change in Bank Control Act (CBCA). The FDIC is also withdrawing authority for staff to publish in the Federal Register a proposed rule related to incentive-based compensation arrangements.

The FDIC's proposed rule on brokered deposits, published on August 23, 2024, aimed to impose stricter regulations on deposits obtained through third-party brokers. The proposal sought to broaden the definition to include entities that receive third-party funds and deposit them into insured depository institutions (IDIs), even if they had exclusive deposit placement arrangements with a single bank. This would have closed a loop-hole in existing regulations, and its withdrawl is a mistake.

The FDIC's 2023 Corporate Governance Proposal went beyond existing supervisory guidance from the Federal Reserve and OCC. It applied higher standards to institutions > $10 billion, whereas the OCC guidance applies to firms with > $50 billion in assets and the Fed’s applies at $100 billion. The proposal transferred some responsibilities from senior management to the company’s Board, and perhaps most importantly imposed a “stakeholder” approach on the Board’s responsibilities, requiring Boards to consider the interests of all stakeholders, including shareholders, depositors, creditors, customers, regulators, and the public, potentially conflicting with state laws that prioritize shareholder interests. This proposal alone is a great argument for regulatory consolidation. There ought to be a consistent approach across the agencies.

The proposed Change in Bank Control Act (CBCA) is on a shakier foundation. It was seeking FDIC authority where the Federal Reserve was already reviewing the transaction. Eliminating this potential duplication of effort is warranted. It was in part aimed at the ownership of bank equity by large asset managers.

Finally, the Incentive-Based Compensation Proposal was aimed at regulating compensation structures that might encourage excessive risk-taking, likely in line with Dodd-Frank Act requirements. Both the OCC and the Fed have proposed guidance on incentive-based compensation by issuing a joint Notice of Proposed Rulemaking (NPR). The FDIC proposal is substantively similar. The proposals include implementing compensation deferral and clawback provisions, while codifying risk management expectations. This is a legacy of the Global Financial Crisis that still has not been implemented, and now may never be. Frankly, this is a shame. Compensation incentives are frequently a contributing factor to financial crisis’s.

Related:

• Trump Organization sues Capital One bank over account closures after Jan. 6 Capitol riot (CNBC)

Supplemental Leverage Ratio (SLR) Reform

I think it is inevitable that Treasury securities will be exempt from the SLR.

Treasury Secretary Scott Bessent Remarks at the Economic Club of New York

Bank regulation and supervision should reflect the current needs of the economy. For example, the enhanced supplementary leverage restriction the SLR can be can risk becoming a binding constraint instead of a backstop.

Some have suggested that risk free exposures like central bank reserves and short duration treasuries should not be capitalized even under a risk and sensitive leverage capital restriction, while others have suggested an adjustment to the leverage restriction buffer. I'm not here today making a specific policy announcement only to make the point that rigorous analysis must be applied to these regulations if we are to appropriately supervise and regulate our banks.

As background, the goal of the Basel Capital Accords has been to implement a “risk-based” capital regime. All assets are not similarly risky, and there is a desire to have capital held commensurate with the risk. The original Basel Accord replaced a simple leverage ratio.

But a leverage ratio is a useful risk management control for any risk-based capital regime - it controls for the fact that a designated risk-weight for an asset may be too low. As seen in the GFC with senior mortgage tranches, if you systematically get the risk evaluation wrong, and hold too little capital against a supposedly low-risk asset (that turns out to have more risk than you thought) you can have an undercapitalized institution. A simple leverage ratio is a control for this.

Now sovereign debt securities in the chartering jurisdiction are an interesting issue. Banks, after all, are extensions of the sovereign in a leveraged system; the ultimate “tail risk” is born by the sovereign.

The original Basel II proposal did not include a leverage ratio, and gave preferential risk weights under the Standardized Approach, and national regulators could allow banks to apply a lower risk weight to sovereign exposures denominated and funded in the domestic currency. Many developed countries took advantage of this, effectively assigning a 0% risk weight to their own government debt.

Basel III introduced a 3% leverage ratio, and sovereign debt was NOT excluded from the calculation, although this has been a point of discussion for years. Numerous jurisdictions have tinkered around the edges here, exempting reserves (EU) or coming up with specialized treatment (Japan).

In a world with high levels of sovereign debt, “fiscal dominance” and the continued need for financial repression, there will be pressure to exempt these securities. In the US, this is discussed as giving the banks the capacity to intermediate Treasuries during times of stress.¹ This simply means allowing them to buy and hold more Treasury securities.

Regulatory Consolidation

Bayesians may want to adjust their priors. I know I have.

Treasury Secretary Bessent Weighs In Against Consolidation of Banking Agencies (WSJ)

“We need our financial regulators singing in unison from the same song sheet,” Bessent said. “To be clear, this does not mean consolidation of agencies, but coordination via Treasury, such that our regulators work in parallel with each other and industry.”

Add Bessent’s remarks to that of the powerful community bank lobbying group:

ICBA Statement Opposing Consolidation of the Nation’s Banking Regulators

While Wall Street bank executives and others have called for consolidating the nation’s banking regulators, ICBA and community bankers have long supported the independence of the federal banking agencies and our nation’s dual banking system.

Oh well. Too bad.

Treasury Secretary Scott Bessent Remarks at the Economic Club of New York

The Trump administration aims to make financial regulation more efficient, effective, and appropriately tailored. President Trump's recent executive order that requires the Office of the Controller the currency the OCC the Federal Deposit Insurance Corporation, the FDIC, and the Federal Reserve to submit regulatory actions for review at the Office of Management and Budget will improve analytical rigor and discipline, while increasing accountability the supervisory failures at the heart of the 2023 banking crisis under President Joe Biden should have been a wakeup call, as the Fed's review noted, its supervisors did not fully appreciate Silicon Valley bank's vulnerabilities as a group in size and complexity when risk were identified, they did not take sufficient steps to ensure that SVB fixed those problems quickly. The result was the third largest bank failure in United States history. It was a supervisory failure.

Our financial regulatory agenda must start with a fundamental refocusing of supervisor’s priorities leadership must drive a culture that focuses on material risk taking, rather than box check checking. As such, I plan to use the financial oversight Council known as FSOC and the President's Working Group on Financial markets to drive change on our regulatory environment.

Risk-Focused Supervision of Community Banks

Fed OIG out with The Bank Exams Tailored to Risk Process Promotes Risk-Focused Supervision of Community Banking Organizations, but Training Can Be Enhanced

… we found that examination staff … tailored the BETR-suggested risk classifications, examination hours, and procedures to supervised institutions …

… we found that some examination staff expressed interest in increasing their understanding of the BETR process and models. We attribute examination staff’s desire for additional information on the BETR process and models to insufficient training on BETR and a lack of awareness about available resources …

That’s about as clean a conclusion as is possible.

On-site Supervision Changed Ex-Ante Risk Assessment

During our scope period, examination staff in the selected Reserve Banks increased the BETR-suggested risk classifications for credit in 24 percent of examinations. Examination staff frequently indicated that they increased the risk classifications for credit because supervised institutions had agricultural or commercial real estate (CRE) loan concentrations. Additionally, examination staff increased the BETR-suggested risk classifications for liquidity in 14 percent of examinations, frequently citing rising interest rates.

No Correlation Between Low-Risk Assessment & Subsequent MRAs

Further, in our review of 18 examinations from the three Reserve Banks, we found that a low-risk classification did not appear to affect examination staff’s willingness to issue MRAs, MRIAs, or CAMELS ratings downgrades.

There Is A Bias Towards Spending More Time On-site Than Modelled

… material variances between the BETR-suggested examination hours and the actual examination hours for the credit and liquidity risk stripes generally occurred in half or more of the in-scope examinations led by the selected Reserve Banks

Interviewees stated that FRB San Francisco examination staff frequently exceeded BETR-suggested examination hours for some risk stripes, including credit, because of the unique and complex institutions in FRB San Francisco’s CBO portfolio. Further, an interviewee noted that FRB San Francisco examination staff often needed additional hours for the credit risk stripe because of the loan makeup of the institutions in the Reserve Bank’s portfolio, which includes institutions engaged in novel activities. Another interviewee noted that FRB San Francisco’s portfolio includes institutions with high CRE concentrations.

We also found that some examination teams deviated from the BETR-suggested hours based on the examination staff’s experience level. For example, FRB Kansas City frequently cited experienced examination staff as a reason for using fewer than the aggregate BETR-suggested hours.

On the face, the reasons sound reasonable, but ex-post justifications often do. Hours spent on one class of institution are hours not spent on others, so while this sounds reasonable, I’d argue it still shows some inefficiency in resource assignments.

The SVB Exemption Was A Crypto Bailout

Rushing to Judgment and the Banking Crisis of 2023 (FRB-Chicago)

This working paper from Rose (FRB-Chicago) and Kelly (Yale) challenges conventional wisdom, focuses on business models, and uses strong empirical evidence. However, it’s a descriptive, rather than an analytically causal paper. It doesn't fully test its claims, but in general feels correct to me.

The paper does a solid job of pointing out gaps in the mainstream explanation. It correctly questions why the crisis started in March 2023, even though unrealized losses had been an issue for months. It also provides a strong argument that bank business models (crypto and VC focus) mattered more than just "uninsured deposits" and "unrealized losses."

… we critically review the standard account of the crisis (“the standard account”) that has developed. The standard account typically starts by focusing intensely, if not exclusively, on Silicon Valley Bank (SVB). The standard chronology begins with SVB’s failure, the cause of which is attributed to sudden scrutiny of unrealized losses on securities combined with extremely high levels of uninsured deposits.

It asks, and proposes some solid answers to quite a few important and frequently ignored questions:

• Why did the crisis start in early March 2023, even though unrealized losses had been elevated in the banking system for several quarters?

• Why would market participants have ignored these problems until March 2023, when the losses were falling?

• Why did some of the failed banks have such extremely low insurance coverage?

• Why was Signature Bank, of all the banks in the US, the next bank to fail after SVB?

• Why were the deposit runs so rapid?

Most importantly, it focuses on the linkage to the crypto industry (interesting, given what I’ve highlighted above). The paper asserts seven facts:

1. Silvergate Bank, rather than SVB, was the first bank to fail and the first bank to have a run.

2. Bank business models that materially focused on the venture capital and crypto sectors were at the center of the crisis.

3. Unrealized losses and uninsured deposits are inadequate explanations of which banks experienced runs in 2023.

4. While the crisis affected midsize “regional” banks in general, the most severely impacted banks were geographically clustered around the tech- and crypto-heavy West Coast.

5. Affected banks had been under considerable prior market pressure in 2022 and were not suddenly scrutinized for the first time in March 2023.

6. The historically unprecedented speed of the 2023 bank runs is not well explained by social media or digital banking applications.

7. The crypto and VC sectors had a special role in triggering the 2023 runs because the affected banks had business models focused on them. Once the runs were initiated, other large, sophisticated depositors ran with roughly the same speed and severity.

The paper tells a nice story about how these failures were part of the larger “crypto-winter” story:

Crypto-asset prices reached a cyclical peak in November 2021, when the so-called “crypto winter” set in. Falling prices for crypto-assets revealed a number of fraudulent schemes such as Terra/Luna and Celsius. Crypto hit its low point at the end of 2022, following a swift fall from grace of famed crypto exchange FTX and its founder, Sam BankmanFried, under revelations of fraud.

At this point, Silvergate began experiencing sharp deposit outflows, losing over 50% of the deposits it started the fourth quarter with by the end of the year. Signature Bank’s deposits had peaked in 2022-Q1, but its outflows similarly sharpened in 2022-Q4. By the end of 2022, Signature had lost 20% of its deposits relative to nine months prior.

Research papers often abstract away from the concrete to the more general. Here there is a larger discussion of Twitter and social media, and why this isn’t the cause of the run. The closest they come to naming names is to quote a Bloomberg News story thusly:

Channels like messaging platform WhatsApp, email chains, texts and other closed forums were full of chatter over the bank’s financial precarity well before those fears showed up Twitter. In tech, where executives’ networks can dictate whether companies have access to the best information, warnings about SVB had been simmering for a while when they boiled over into wider view online. […] By the time most people figured out that a bank run was a possibility on Thursday, March 9, it was already well underway.

Let’s get more specific. Peter Thiel’s Founders Fund was reportedly one of the first to advise its portfolio companies to pull deposits from SVB, contributing to the initial $42 billion in withdrawals on March 9, 2023. Other VCs, including Union Square Ventures and Coatue Management, followed suit, creating a herding effect where firms rapidly pulled funds. Unlike a general banking panic where depositors react to public news, this suggests that a highly concentrated and interconnected group of depositors (VC-backed firms) coordinated withdrawals based on inside information and personal networks.

Policymakers and supervisors distinctly, and probably deliberately, referred to the use of the systemic risk exemption. Barr emphasized that the decision was made to prevent broader financial system collapse rather than to protect any specific group of depositors or industries. Officials were careful to frame the intervention as protecting the broader financial system. Sounds like BS to me. This was a crypto-related bailout.

I’d note that the Fed still has not replied to my FOIA request for information on the use of the systemic risk exemption. It’s been 18 months.

M Is For Management

A Better M for CAMELS (Bank Policy Institute)

Two former Fed Board staff have written a piece for the BPI pointing fout the flaws in the M component of CAMELS, the bank rating system.

While Management is a standalone component of the CAMELS regime, it is important to note that every other ratings component already includes management as a factor …

Let’s be clear, this is a legitimate concern. Much supervisory time is spent discussing whether things like weaknesses in credit risk management processes belong in the C or M component.

They go further, too far in my opinion, by stating:

The standalone “M” is therefore notable because it evaluates management untethered to any financial risk, and is therefore wholly subjective and variable. It is where immaterial and non-financial issues like “reputational” risk can manifest themselves, or simply displeasure with how management is behaving.

I would agree that it is subjective, but not untethered, variable or immaterial. A typical examiner’s default will be to rate Management a “2” - Satisfactory, unless other factors warrant a change. These factors would usually be Board or risk management deficiencies. Often the “M” component can be a derivative rating; hard to rate Management strong or satisfactory if the other components are less than satisfactory.

They go on to advocate making the M component, for the large banks, based on external market indicators, such as debt spreads, credit default swap spreads, rating agency opinions or sell-side analyst opinions. I could go on to explain the flaws in each of these (trust me), but I do think these provide useful information on the health of a financial institution.

In 2004, I was part of the team that developed a new rating system that applied to bank holding companies (the Fed’s jurisdiction). This approach, the RFI system sought to specifically address the issue of separating the evaluation of management and risk management from the financial health of the firm. It had 3 components, an “R” for risk management, an “F” for Financial Condition, and an “I” for the impact of non-bank subsidiaries on the bank. Here it was clear that a firm could have strong or satisfactory risk management, but weaker financials, or the opposite (strong financials but risk management deficiencies). In addition, one could literally develop a model to evaluate the F component, reducing subjectivity, tying the F rating to probability of distress, and leaving examiners to focus on what they do best, evaluating management and controls.

This rating system was subsequently replace in 2019 with the Large Financial Institution (LFI) Rating System² for banking firms with more that $100 billion in assets. The change was made “to better reflect the supervisory focus for large financial institutions” and “address systemic concerns.” This system has three components: 1) Governance & Controls, 2) Capital Planning and Positions, and 3) Liquidity Risk Management and Positions ratings.

In my opinion, the LFI represents a step backwards with regard to the potential double-counting of risk management concerns. In LFI, risk management is assessed through Governance & Controls but also influences Capital and Liquidity ratings, meaning a governance failure could hurt multiple components.

Risk Management Graphics

On Twitter, Benn Eifert had some very nice, simple graphics that explain aspects of risk management.

1

See Efficient and effective central bank balance sheets (Logan)

2

SR19-3 “Large Financial Institution (LFI) Rating System”