We have known that there would be a regulatory response to the market turmoil of the last several months. This turmoil is best represented by the failures of FTX, the world’s second-largest cryptocurrency exchange, and Silicon Valley Bank, the 16th-largest bank in the U.S. Although these two institutions failed for very different reasons, a discussion of which is beyond the scope of this paper, it is prudent to assume that the regulatory environment will change in response to these events. We now have indications of what those changes will be, and they foreshadow more assertive regulatory oversight and actions.

Setting the Stage: Relaxed Dodd-Frank Act Provisions

The Dodd-Frank Act (the Act) was passed in 2010 to fill the regulatory gaps that became apparent during the financial crisis of 2007-09 when large, complex, highly leveraged, and highly interconnected financial institutions—both banks and nonbanks such as insurers and mortgage companies—severely impacted the financial system, leading to the most serious economic crisis since the Great Depression.

Among the Act’s provisions was the creation of the Financial Stability Oversight Council (FSOC), chaired by the Secretary of the Treasury with eight regulatory agencies among its voting members. The FSOC issues rules and interpretive guidance to ensure the correct implementation of the Dodd-Frank Act. Its first mandate in the 2010s was to close regulatory gaps to avert another crisis. The FSOC also sought to ensure that regulatory standards were more consistently applied among banks and nonbanks, in part because implementing them would likely raise the cost of compliance for most financial institutions.

Subsequently, several important rules and guidance were issued that significantly increased the standards for how financial institutions managed risk, with a particular focus on capital, liquidity, asset-liability management, stress testing, risk governance, and the regulatory regime under which they would be supervised. The result was that midsized and large financial institutions had heavier regulatory burdens, since they had to build new functions and processes and hire new teams to staff them.

Fast forward to 2019. Driven by concerns about the undue burdens these standards created for midsized banks and nonbank financial institutions (such as insurers, nonbank mortgage businesses, fintechs, crypto-oriented firms, fund managers, and PE firms), the FSOC issued another interpretive guidance that reduced the regulatory impact on these types of institutions, leaving the enhanced prudential standards in place only for the largest and most complex banks. Under the revised guidance, banks with assets less than $250 billion were no longer subject to the enhanced prudential standards. This meant financial institutions like Silicon Valley Bank, Signature Bank, and First Republic Bank were no longer subject to these standards, which was one possible cause of the ineffective regulatory supervision of these banks. Also, crypto-related financial institutions like FTX could only be covered by the rules after a lengthy review process that could take six years, meaning they could not be designated as systemically important until well after a crisis had begun.

Fast Forward to Today: More Banks Face Tougher Restrictions

The Federal Reserve, led by Vice Chair for Supervision Michael Barr, is considering reversing the loosened requirements under the 2019 guidance and reinforcing tougher restrictions. Based on Barr’s comments, it is likely that the enhanced prudential standards, which currently affect only the largest banks, may soon be applied to banks with assets as low as $100 billion. Some of these standards could perhaps take effect as soon as this summer and could include more rigorous stress tests and tougher capital and liquidity requirements.

Another possible change is the treatment of unrealized gains and losses from some securities portfolios when calculating capital ratios. Unrealized gains and losses from Available-for-Sale (AFS) securities are classified as Accumulated Other Comprehensive Income (AOCI) and currently can be excluded from capital calculations. Recent data shows that almost two-thirds of FDIC-insured institutions currently exclude AOCI from their capital calculations, meaning any change could significantly impact bank capital.

As of March 31, 2023, the aggregate unrealized losses for AFS securities were approximately $400 billion for U.S. banks, while total equity was $2.2 trillion. Only banks with assets over $100 billion may be required to include these unrealized gains and losses in capital calculations, but for some banks these unrealized losses could negatively affect their capital ratios.

Nonbanks Face Even Greater Changes

The changes for nonbanks may be even more substantive. Treasury Secretary Janet Yellen recently gave a speech addressing her concerns about using the existing 2019 guidance to regulate nonbank financial institutions. First, she outlined an analytic framework to identify, assess, and mitigate risks to financial stability. Second, Secretary Yellen said that systemic risks “could emanate from a particular entity … that might not be within the jurisdiction of a regulator with adequate prudential or supervisory authorities” and that the existing guidance created “inappropriate hurdles” preventing actions that would address a systemic risk before it was too late. The Secretary explicitly mentioned crypto-assets, so it is reasonable to infer that she was thinking of the risk created by an entity like FTX.

Immediately after this speech, the FSOC issued a notice of proposed interpretive guidance that would replace the existing 2019 guidance for nonbank financial institutions (such as insurers, nonbank mortgage businesses, fintechs, crypto-oriented firms, fund managers, and PE firms). This proposed guidance would provide more transparency into the FSOC’s decision-making process and enable it to act more quickly when a systemic risk emerges.

One significant change in the proposed guidance is a revision to the process for designating specific nonbank institutions for supervision, likely resulting in them being subject to heavier oversight. This proposed change is subtle but potentially significant. The original 2019 interpretive guidance established that the FSOC would first rely on federal and state regulators before designating a nonbank financial institution for Federal Reserve supervision. The proposed guidance would permit the FSOC to act without necessarily waiting for other regulators to act first. This change would empower the FSOC to act more quickly than before, and nonbank financial institutions would be wise to anticipate more frequent outreach and scrutiny from regulators.

The second major change proposed by the FSOC is an analytical framework that would guide its approach to identifying, assessing, and mitigating potential risks that could threaten the financial system’s stability. Some of the vulnerabilities addressed are leverage, liquidity and maturity mismatch, interconnections with other entities, operational risk, complexity and opacity, inadequate risk management, concentration exposure to a small number of entities, and destabilizing activities such as actions that substantially increase volatility in one or more financial markets. This proposed framework provides a checklist that nonbank financial institutions should use to evaluate and enhance their own risk management practices. Nonbanks should prepare for a more intrusive and onerous regulatory environment that could be similar to the enhanced prudential standards discussed above.

The third major proposal is that the FSOC would no longer conduct a cost-benefit analysis and assess the likelihood of a firm’s material financial distress before determining whether to designate a nonbank for Federal Reserve supervision. The FSOC states that these analyses and assessments, mandated by the 2019 guidance, are not required by the Act, are not useful or appropriate, and unduly hamper the FSOC’s ability to use its statutory authority. The implication is that federal regulators intend to be more assertive and act more quickly in response to emerging concerns.

Key Takeaway: Prepare for What’s Coming

Significant changes are coming to the regulatory environment for both banks and nonbanks. Regulatory standards loosened in the 2019 guidance are likely to be significantly reversed, especially for midsized banks with over $100 billion in assets. These institutions should begin to prepare now to comply with the enhanced prudential standards and put plans in place to implement the necessary processes. Banks should evaluate and prepare for impacts to:

  • capital and liquidity planning;
  • investments in capabilities and talent;
  • governance practices; and
  • overall financial performance.

For many institutions for whom this level of sophistication is new, the preparations will be significant in both time and investment.

Nonbanks, which have not been subject to the same regulatory expectations as the banking sector, should also begin to prepare for more rigorous oversight. However, they likely have a longer horizon than banks, since the FSOC is still formulating the rules specific to nonbanks. Nonbanks should focus on the vulnerabilities listed in the proposed analytical framework. Regardless of their previous regulatory experience, nonbank institutions would be wise to place a heightened focus on strengthening their oversight and execution related to capital, liquidity, risk management, and the vulnerabilities noted previously, with a special emphasis on stress testing, since these areas are most likely to be part of future regulatory exams.

Important Steps to Take

As the federal response takes shape, here are key areas in which to focus planning and implementation:

  • Governance and risk management: Using the Fed’s and FDIC’s post-mortems on Silicon Valley Bank and Signature Bank as a roadmap, both banks and nonbanks should take immediate steps to review and then enhance their governance framework as well as their risk management practices. The regulatory agencies sharply criticized both management and the boards of directors for their failure to develop and maintain “adequate risk management practices and controls appropriate for the size, complexity, and risk profile” of these institutions. Governance and risk management will be among the first areas reviewed when regulators begin their exams because both were perceived to be root causes of the failures and resulting losses at each institution. Banks and nonbanks should conduct a gap analysis of these areas, then develop and initiate a robust plan with timelines and milestones to enhance their governance and risk management.
  • Liquidity management: Another area likely to receive regulatory attention is liquidity management. Silicon Valley Bank and Signature Bank were heavily dependent on uninsured deposits and did not implement fundamental liquidity risk management practices and controls. Assumptions underlying any analysis should be challenged by executives and board members, especially when reviewing stress test results. Overly optimistic assumptions can often diminish the capability of management and the board to identify potential dangers while there is still time to act.
  • Contingent funding: Sources of contingent funding should not only be identified but implemented effectively with approved lines in place and collateral already positioned with those funding sources. The process of setting up contingent funding sources can take time, especially if the collateral does not take the form of securities from the Treasury Department or a government-sponsored enterprise such as Fannie Mae. It can take weeks or even months for a Federal Reserve Bank or Federal Home Loan Bank to evaluate commercial business loans or jumbo mortgages. The regulators will criticize contingent funding programs that do not have these lines in places with acceptable collateral held and valued by liquidity providers.
  • Exam preparation: The Fed and the FDIC also criticized themselves for, as Fed Vice Chair Barr said, “failing to take forceful enough action.” Management and the board should prepare for a more rigorous exam program than they have experienced over the last several years and use the enhanced prudential standards to guide these preparations. It is also possible that the regulators will conduct off-cycle exams if they believe a firm could have systemic consequences through contagion, where concerns about one firm could spread to other firms.

Finally, it is not just regulators who are evaluating individual financial institutions. The markets are, as well. If investors, depositors, other liquidity providers, and customers doubt an institution’s solvency or ability to withstand adverse events, then technology will enable these stakeholders to act almost instantaneously and create a run on the institution. It was these stakeholders’ actions that led to the recent bank failures. The markets remain unsettled, so now is the time to take the steps necessary to protect your institution and its employees, customers, and investors.