Over the summer, the Federal Deposit Insurance Corporation (FDIC) and Federal Reserve Board (FRB) released a series of Notices of Proposed Rulemakings (NPR) related to capital adequacy and resolution planning. The aim of these proposed rulemakings is to provide further guidance to financial institutions (FI) of all sizes on expectations in response to the regional banking crisis and to enhance their capital adequacy and resolvability. While this was not a surprise to many, it was a significant shift from 2019, when regulatory relief was granted for firms smaller than $250 billion in consolidated assets due to the prevailing thought that banks under that threshold were not “too big to fail.” This relief, known as the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA), raised the minimum asset threshold for required stress testing, or for some FIs, reduced required stress testing submissions from prior years. In 2023, however, the pendulum has swung back, with the new NPR aimed at enhancing 12 CFR Part 360.
What Changed?
The failure of regional-sized banks in early 2023, along with the contagion these not quite too-big-to-fail firms created, caused a rethinking of what the current too-big-to-fail threshold is and how technology may change it over time. It also led to reviewing the type and frequency of information needed by supervisors to address what may be a compressed resolution preparation runway. Regarding which FIs may pose systemic risk in the event of failure, supervisors are currently eyeing two thresholds that may dictate whether an institution meets the too-big-to-fail threshold. Group A FIs are classified as firms with greater than $100 billion in consolidated assets. Group B falls in the $50 to $100 billion range. Group A FIs will need to file full resolution plans with all the enhanced resolution capabilities that come with it, while Group B will need to submit informational filings going forward. The latter, although slightly less of a requirement, will still pose a significant burden on impacted FIs.
U.S. Domestic GSIBs Lead the Way
For U.S. global systemically important banks (GSIB), the new requirements shouldn’t come as a surprise. Much of what was outlined in the proposed rule was the subject of recent examinations and conversations with supervisory bodies. These FIs have built more advanced capabilities over the last decade through steady investment in operational, legal, and structural preparedness, along with consistent feedback from their respective supervisors. While the latest proposal may still require additional investment in capabilities and more full-time equivalent resources to maintain compliance, it is likely more incremental in nature when compared to a category III or IV bank (or smaller) whose plans have not been held to the standards of U.S. GSIBs.
If the NPR is published as currently written, regional banks and other similarly sized firms will need to emulate the capabilities of their GSIB peers. This is a big change from regulatory regimes of the past where smaller FIs were afforded some level of forgiveness for lack of sophistication as they were previously deemed not material contributors to systemic risk. This means regional banks and similarly sized firms may only possess a very basic foundation from which to build upon. As the old saying goes, “You don’t rise to the occasion, you fall to your level of training.”
Estimating the Impacts
The NPR specifically targets enhancements to operational and technological capabilities, which are costly and resource intensive. While the proposed rule provides some baseline estimate for a ramp-up versus an ongoing burden, it does not seem realistic when considering the need for banks on the lower end of the Group A spectrum to build up these capabilities from what may be a very immature level—even more so for banks between $50 to $100 billion (Group B) that may be starting from scratch. A good example is the development of a virtual data room, which will require the digitization of critical operational data and contracts, such as service-level agreements. The work required to identify approved data sources, service relationships (interdependency mappings, services taxonomy, etc.) is time-consuming. Documenting these data sources and relationships and getting them through the necessary governance and signoffs is yet another layer. Finally, building out the requirements to acquire, digitize, and produce this type of data in a large-scale, on-demand application, while also requiring the data must be transferred to the FDIC in a manner they can also digest, can take months, if not longer. Just this one example can take thousands of resourcing hours to complete the end-to-end build.
As expected, many regulatory and compliance programs have been downsized as regulatory requirements, such as CCAR and resolution planning, entered a period of stability in terms of requirements. In addition, EGRRCPA reduced the number of firms that needed to participate in these programs either at all or on an annual basis. As a result, the demand for this talent trended down, but that will likely rebound over the next 12 to 18 months. As firms look at force reductions or natural attrition to curb expenses in the current environment, they should carefully consider what impacts this proposed rulemaking and others are likely to have on staffing requirements. The first two iterations of the program will require much more in terms of resourcing as firms learn what full compliance means through the first cycle of full, supplemental filings and supervisory feedback—or in the case of Group B firms—informational and supplemental filings. Target operating models for these programs will need to assess the impacts of the final published rule, along with the others currently in flight to determine what the organizational structure and overall headcount will look like for teams managing these affairs.
What Now?
FIs need to make a realistic assessment of where they stand regarding full compliance with the proposed rule and what additional investment in technology and staffing support is required to achieve it. This assessment should include an end-to-end-test of the runbook to identify where substantive gaps may be present. In addition, firms should carefully consider how planned reductions in expenses may increase the potential for regulatory and reputational risk if full compliance is not achieved.
If you have questions or need assistance, please reach out to a professional at Forvis Mazars.