Cybersecurity remains a top concern for banks and regulators, as data breaches pose substantial regulatory risk and high costs. As I have written in recent posts, banks must develop comprehensive cybersecurity policies to protect against data breaches and avoid adverse action from the regulators. Recent guidance and statements from the regulators provide additional insight into best practices in data security.
The Federal Reserve, FDIC, and OCC released their 2016 Shared National Credit Review and identified “growing credit risk in the oil and gas (O&G) portfolio” as an area of concern. Not surprisingly, the regulators pointed to the long-term decline in energy prices as the primary underlying cause of the heightened credit risk. This is consistent with the comments of Texas Department of Banking Commissioner Charles Cooper and the prudential regulators at the Sam Houston State Banking Seminar, identifying falling commodity prices as a risk to the financial stability of Texas banks.
The FDIC recently published a report highlighting trends and risks gleaned from Matters Requiring Board Attention (MRBA) that FDIC examiners have issued over the past five years. The report offers an in-depth look at the regulatory issues that have drawn the attention of FDIC examiners in recent years and provides guidance on areas bankers should focus on to avoid MRBAs or other adverse action from the regulators.
On Thursday and Friday, I had the privilege of attending the Texas Bankers Hall of Fame Gala and the 20th Annual Bank Executives’ & Directors’ Seminar hosted by the Smith-Hutson Endowed Chair of Banking at Sam Houston State. First, I’d like to thank Sam Houston State (including Pam Thaler and my grandfather, Dr. Jim Bexley) for hosting these great events. Second, I want to congratulate the new inductees into the Texas Bankers Hall of Fame: Charlie Cheever, Bookman Peters, Stretch Smith, and Terry Tuggle. I don’t know them personally, but their introductions made clear that they have had a tremendous impact on the banking industry and their communities. I also want to congratulate my grandfather, Dr. Bexley, on his receipt of the first ever Texas Bankers Association Lifetime Achievement Award in honor of his contributions to community banking and in particular to educating future bankers. Lastly, I want to recap some of the interesting and useful information that we learned from a panel of regulators who graciously took the time to come answer questions.
Last week, I wrote a post about how bank regulators determine when a banking practice is “unsafe and unsound.” As I explained, the regulators exercise broad discretion in defining unsafe and unsound banking practices, sometimes without any prior guidance. To get a better understanding of how the regulators define unsafe and unsound practices, this post highlights some of the enforcement actions the OCC, FDIC, and Federal Reserve Board have pursued over the last year and a half.
As every banker knows, a bank and its officers and directors can face an enforcement action for engaging in “unsafe or unsound banking practices.” This is true for financial institutions of all types and sizes, whether regulated by the OCC, FDIC, or Federal Reserve. The consequences of a finding that a bank has engaged in unsafe or unsound practices can be disastrous, ranging from a supervisory consent order to a cease and desist order and a civil money penalty. Despite these serious consequences, the phrase “unsafe and unsound banking practice” is not defined in the federal regulations. So what exactly is an “unsafe or unsound banking practice”?
Bank regulators have broad authority to impose civil money penalties (CMPs) against banks or institution-affiliated parties (IAPs) for violations of laws, regulations, and other written conditions or agreements. The OCC recently updated its policy on CMPs to change the factors considered in assessing CMPs. The new policy signals that the agency may be ramping up its enforcement efforts in certain areas and also provides useful guidance on how to avoid and, if necessary, respond to a potential enforcement action involving the imposition of CMPs.