Federal and Federal Deposit Insurance Corporation (FDIC) oversight exhibits 'deficiencies', according to GAO report

Federal and Federal Deposit Insurance Corporation (FDIC) oversight exhibits 'deficiencies', according to GAO report

GAO Report Outlines Recommendations for Improving Bank Supervision

In the wake of the March 2023 failures of Silicon Valley Bank and Signature Bank, the Government Accountability Office (GAO) has released a report detailing specific recommendations for enhancing supervisory processes at the Federal Reserve and Federal Deposit Insurance Corporation (FDIC).

The report, addressed to the Senate Banking Committee, criticizes weaknesses in the current processes for advancing supervisory concerns. It suggests measures to strengthen oversight, ensure risk management, and improve examination procedures, particularly regarding third-party service providers and supervisory appeals mechanisms.

Key Recommendations

1. Enhancing the Supervisory Appeals Process: The GAO proposes establishing an independent Office within federal bank regulatory agencies, including the FDIC and Federal Reserve, as the final level of review for material supervisory determinations. This Office would be staffed by officials with extensive banking and supervisory experience to ensure consistency and independence in supervisory decisions over time.
2. Strengthening Examination of Significant Service Providers (SSPs): The FDIC audit underscores the importance of comprehensive examination of SSPs under the Bank Service Company Act. The GAO recommends improved joint examinations with the Federal Reserve and Office of the Comptroller of the Currency (OCC), guided by interagency IT examination handbooks, to better identify and manage risks arising from outsourced services that can affect financial institutions' safety and soundness.
3. Improving Supervisory Clarity and Independence: The report advocates for legal and operational frameworks that reinforce supervisor independence and accountability necessary for effective supervision. This includes clear mandates focused on banking system safety and soundness over conflicting goals.
4. Operational Resilience and Third-Party Risk Management: The GAO suggests the implementation of operational resilience frameworks with strong third-party risk oversight. Although this recommendation is initially focused on derivatives markets, it reflects a broader trend towards requiring comprehensive operational resilience frameworks, including technology security, third-party relationship management, and continuity plans.

In addition to these recommendations, the FDIC is working to replace older technology for tracking supervisory records and aims to centralize supervisory recommendations by June 30, 2025. The FDIC's existing methods do not provide managers and staff at headquarters with readily available information on supervisory recommendations.

The OCC, which supervises national banks, generally adheres to its procedures for escalating supervisory concerns to enforcement actions, according to the GAO report. However, the FDIC lacks a formal process for consulting large bank examination teams and relevant stakeholders before escalation decisions or changes. The FDIC's lack of a centralized tracking system for supervisory recommendations limits the agency's ability to flag emerging risks across supervised banks.

The GAO report also recommends changes at each regulator, including a centralized system to track supervisory recommendations at the FDIC. The FDIC response noted that the GAO staff made several changes to its recent report based on the FDIC's comments.

The FDIC supervises more banks than the OCC and Fed, with an average size of banks smaller than those supervised by its fellow agencies. The Fed has modified its supervisory processes with the goal of addressing material issues more quickly, and all examiners have gone through training on providing proper support for supervisory findings and communicating those findings clearly to bankers.

However, the FDIC disagrees with the recommendation on requiring rotations for large-bank case managers, citing insufficient support and other controls in place. Examiners from selected banks have expressed concerns about managers altering conclusions without consulting examiners or being unreceptive to divergent views.

Carl Goss, a former OCC vet, notes that all three regulatory agencies can take a while to escalate supervisory concerns. The Fed has not finalized a Dodd-Frank Act requirement intended to address earlier remediation of bank issues.

These recommendations collectively aim to address supervisory weaknesses that contributed to the failures by enhancing independent review, risk oversight, especially of third-party dependencies, and clarity in supervisory objectives and governance structures. The steps are intended to improve supervisory effectiveness and help prevent failures similar to Silicon Valley Bank and Signature Bank.

1. The report from the Government Accountability Office (GAO) includes a recommendation for the Federal Deposit Insurance Corporation (FDIC) to establish an independent Office within federal bank regulatory agencies to ensure consistency and independence in supervisory decisions, particularly in thearea of finance and business, regarding material supervisory determinations.
2. The FDIC needs to address weaknesses in the current processes for advancing supervisory concerns, as the report suggests improving operational resilience frameworks, including strong third-party risk oversight, which is crucial for the finance and business sectors, to better manage risks arising from outsourced services that can affect financial institutions' safety and soundness.

Read also: