Reading Between the Lines
By Alex Johnson
I have an unhealthy obsession with trying to parse meaning from seemingly anodyne speeches and documents.
If I’d lived in a more paranoid age, I could have been a kremlinologist.
Today, working in the financial services industry, I have to settle for trying to extract meaning from the dry, purposefully vague public statements made by financial services regulators.
It’s a tough job, but someone has to do it!
And I thought now would be a good time to indulge myself, as we’ve recently had a set of public speeches and presentations by U.S. financial services regulators that seem, to me, to be worthy of some interrogation:
- “The Future of Banking” – Comments by Federal Reserve Governor Michelle W. Bowman.
- “What Should the U.S. Banking System Look Like? Diverse, Dynamic, and Balanced” – Comments by Acting Comptroller of the Currency Michael J. Hsu.
- “Building Better Brakes for a Faster Financial World” – Comments by Acting Comptroller of the Currency Michael J. Hsu.
- The Federal Reserve’s Novel Activities Supervision Program – A presentation by Kavita Jain and Kristin LaPorte of the Federal Reserve (Editor’s note – there isn’t a link to a recording of this webinar, so I’m working off of my notes.)
Before we dive in, the standard disclosure – I’m not a lawyer, and nothing in this newsletter is ever legal advice.
OK, we good?
Here we go!
What Governor Bowman Said
Bowman spent the first bit of her speech talking about the current state of monetary policy (she is a member of the Federal Open Market Committee), before segueing into a broader discussion of the future of banking.
In this second (and longer) portion of the speech, she warned against the risk of complacency (interest rate risk is an example she cited of a well-known risk that we took our eyes off of in recent years), made it clear that a safe and sound banking system isn’t compatible with an ‘ask for forgiveness instead of permission’ approach to innovation (a great line from this section – “The banking system is not an unregulated petri dish.”), and talked about the increasingly fuzzy regulatory perimeter (the line between banks and nonbanks, typically defined by regulatory supervision).
What Jumped Out to Me
Most of Governor Bowman’s comments were rather vague and non-specific, except this little suggestion she tossed in at the end:
Regulators often address risks in the financial system by focusing on regulated banks, promoting up-front due diligence of bank partners, monitoring the risks of these relationships, and placing accountability for issues that arise on the banks themselves. A potentially underused tool that could be used to address these risks is oversight of third-party service providers under the authority granted to banking regulators under the Bank Service Company Act. Better aligning supervisory attention with the source of risk in this way could be a more efficient mechanism to address risks on the borders of the regulatory perimeter.
What is the Bank Service Company Act (BSCA), you ask?
The BSCA is a law that was passed in 1962 that requires depository institutions to notify their regulators when they engage the services of a technology service provider (TSP). Services covered by the BSCA include check and deposit sorting and posting, computation and posting of interest, preparation, and mailing of checks or statements, and other clerical, bookkeeping, accounting, statistical, or similar functions such as data processing, online banking, and mobile banking services.
Based on the list provided by banks, regulators (the Federal Reserve, the FDIC, the OCC, the NCUA, and the CFPB) will identify a shortlist of TSPs that are sufficiently large, popular among banks, and/or engaged in complex or sensitive work and thus worthy of direct examination.
There is no public list of companies that are examined by regulators under the BSCA, but, historically, it has been assumed to include the payment networks, the big core banking providers, bank-owned consortiums like EWS, and the major reciprocal deposit networks, among many others. More recently, there has been significant discussion about how the large public cloud providers (Amazon, Google, Microsoft) fit under the BSCA.
Governor Bowman’s description of the BSCA as “a potentially underused tool” is notable. It poses an obvious question – what would it look like if regulators started using the BSCA more aggressively? What additional third parties might fall under these BSCA exams? Could that include banking-as-a-service (BaaS) middleware platforms? Open banking data aggregators (prudential regulators haven’t gotten too involved in open banking yet, but that may change at some point.)
What Acting Comptroller Hsu Said
The speech was about the regulation of bank mergers, and Hsu teed up his comments by asking a deceptively simple question – what should the U.S. banking system look like?
He then goes on to explain why answering this question is challenging without considering the holistic purpose of banks in the broader economy. From this perspective, Hsu argues that the banking system should always be “in balance” with the economy, and that, in the U.S., that balance must consider the attributes that make the U.S. economy unique (its diversity, dynamism, and size).
My favorite quote from the speech – “we don’t exist to serve banks; banks exist to serve us.”
What Jumped Out to Me
What jumped out to me was something that wasn’t mentioned – the granting of new bank charters.
I know this was a speech about bank mergers, but the Acting Comptroller went out of his way to broaden the scope of the discussion, and I’m not really sure how you can consider the question of what the U.S. banking system should look like without talking about both how banks “die” (through mergers) and how new banks are “born” through the granting of de novo and special purpose charters.
If you want a banking system that can support the diverse, dynamic, and large economy that we have in the U.S., you might want to more seriously consider how you can add to the total number of banks, not just regulate the mergers and breakups of existing banks.
What Acting Comptroller Hsu Said
Liquidity risk was the subject of this speech, and, as you might expect, there were frequent references to the failures of Silicon Valley Bank and Signature Bank last year, and what made those failures different from prior ones.
The differences noted by Hsu include the increase in uninsured deposits since 2009, the growing stigma of using backup liquidity sources (such as the Fed’s discount window), the emergence of faster payments, and the increasingly important distinctions between different categories of deposits, which are becoming increasingly complex thanks to innovations like reciprocal deposits and BaaS.
What Jumped Out to Me
Hsu made a point to talk about the difference between true financial contagion (as we saw with the interconnectedness of toxic assets during the 2008 financial crisis) and contagion resulting from “guilt by association”, which we saw last spring when depositors at banks with a similar profile to SVB became worried about their money:
While the customer profiles of the uninsured deposits at SVB and Signature were understood to be fairly unique, market participants did not have the means to quickly and credibly differentiate the behavior of uninsured deposits at other banks.
According to Hsu, the OCC will host an economics symposium in a few months to try to get a better handle on exactly how regulators and banks can better help customers and the market distinguish between different types of deposits and their associated liquidity risks.
(BTW – if anyone who works at the OCC is reading this, my Bank Nerd Corner co-host Kiah Haslett and I would very much like to sit in on that symposium!)
The Federal Reserve’s Novel Activities Supervision Program
What the Fed Said
Kavita Jain and Kristin LaPorte co-chair the Fed’s new Novel Activities Supervision Program. They gave a short presentation and answered questions about the program in a recent webinar. In their presentation, they explained the purpose of the program (originally created in August of 2023), which is to strengthen the Fed’s oversight of novel activities at supervised institutions and to help ensure that the novel risks associated with innovation are appropriately addressed.
Those novel activities include complex, technology-driven partnerships with nonbanks to provide banking services (customer-facing fintech partnerships), as well as crypto and distributed ledger technology.
The Fed’s approach to operationalizing this supervisory program is to have specialized examiners with expertise in these novel activities join the existing supervisory teams for banks that are heavily engaged in these activities. This minimizes the amount of additional exams or other regulatory burdens for the banks, while ensuring that the Fed has the right experts in the room, asking the right questions.
What Jumped Out to Me
First, I found it quite strange how focused the Fed is on crypto and distributed ledger technology in this program. I’m guessing that the Fed (like other financial services regulators) felt like they got caught a little flat-footed when crypto exploded in 2020 and 2021, but this level of focus on it in 2024 doesn’t make a ton of sense to me. Crypto is often dumb, but it’s rarely a systemic risk to safety and soundness.
Second, I thought this answer in the Q&A portion of the webinar about the unique risks posed by complex partnerships with nonbanks was pretty telling:
Banks have for a while now partnered with third parties to help with core services, say accounting or payments messaging in card services. But these traditional partnerships have not typically been customer-facing.
Having a fintech serve as the customer-facing entity is novel, and banks need to remember that they remain accountable for complying with laws and regulations, for example, with BSA/AML or UDAAP.
These arrangements can also involve complex intermediation chains where aspects of risk management and compliance are delegated to fintech partners. These complex intermediation chains can obscure the activities and transaction flow of end customers from the bank, although it is ultimately still the bank’s responsibility to measure, monitor, and control these risks.
Further, as I noted, the rapid growth associated with some of these partnerships can lead to the need for more sophisticated balance sheet management. For example, liquidity risk could be elevated by large concentrations and deposits, or capital management may need to be more sophisticated as deposits grow rapidly.
That’s a fairly sophisticated articulation of a lot of the challenges that we’re seeing in BaaS right now, which suggests to me that the Fed’s Novel Activities Supervision examiners are likely going into these exams with an uncommonly deep understanding of fintech.