Supervisory Developments
The Federal Reserve supervises financial institutions to assess their safety and soundness and compliance with laws and regulations. This section provides an overview of key supervisory developments. The section distinguishes large financial institutions versus community and regional banking organizations. Supervisory approaches and priorities differ across these groups.
The Federal Reserve also has responsibility for certain laws and regulations relating to consumer protection and community reinvestment. The scope of the Federal Reserve's supervisory jurisdiction varies based on the consumer law or regulation and on the asset size of the state member bank. Consumer-focused supervisory work is designed to promote a fair and transparent marketplace for financial services and to ensure supervised institutions comply with applicable federal consumer protection laws and regulations.
More information about the Federal Reserve's consumer-focused supervisory program can be found in the Federal Reserve's 107th Annual Report 2020.9
Supervisors are monitoring geopolitical events.
The Russian invasion of Ukraine has increased the risk environment for banks. U.S. banks' direct financial exposures to Russia and Ukraine appear limited and manageable. Indirect exposure through market volatility, such as the recent volatility in commodities markets, has had limited impact on U.S. banks to date. U.S. banks are well capitalized and have substantial liquidity buffers to withstand the increased volatility and potential for losses. Bank funding markets have remained stable. While some of the large, internationally active U.S. banks have operations in Russia and Ukraine, those operations are not significant. As a result of the crisis, U.S. banks have reduced activity in these international markets.
U.S. banks continue to work with governments to implement sanctions, both U.S. sanctions and sanctions levied in other jurisdictions in which U.S. banks operate. U.S. banks have also adopted a heightened cybersecurity alert level, given the significant risk of attacks on the financial services industry.
As geopolitical events continue to affect the banking sector, supervisors will continue to monitor the situation and engage with other government agencies when appropriate.
Supervision continues to adapt to the changing environment.
The Federal Reserve is assessing the risks created by the changing financial landscape and changes to bank business models. Technology is transforming how banks operate. Banks are exploring and adopting technologies such as AI, data analytics, and cloud computing. They are also developing new technology-based products and services and enhancing their back-office operations. These technological advances offer benefits to consumers, banks, and the financial system at large. However, banks' use of technology also generates risks that must be managed.
In addition to adopting new technologies, many firms are increasingly relying on third-party service providers for their operational and technology infrastructure. As a result, third-party service providers play an increasingly critical role in maintaining the operational resilience of individual financial institutions and overall financial markets. The interconnectedness of the financial system, service provider concentrations, and the lack of substitutes for these services make these third parties critical.
The Federal Reserve supports responsible innovation, including technology innovation by banks and by third parties who provide services to them. The innovation page on the Board's public website is a source for the most recent information on the supervisory approach to innovative technology.10 Innovation should, however, be paired with appropriate processes for identifying and managing risks. The Federal Reserve is updating its supervisory programs to ensure examiners are equipped to assess the risks posed by these innovations and industry changes. Two notable areas where supervisory programs are being enhanced is the third-party service provider program (box 3) and the review of fintech used by supervised institutions (box 4).
Box 3. Third-Party Service Provider Supervision
The Bank Service Company Act (BSCA) provides authority to the Federal Reserve, Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) to regulate and examine certain services performed by third parties on behalf of insured depository institutions and their affiliates.1 Services identified in the BSCA include activities such as check and payment processing, back-office services, accounting, and data processing services. When a service is covered by the BSCA, the agencies can regulate and examine the activity to the same extent as if the financial institution performed the service.
The banking agencies conduct examinations of the service providers that pose significant risk to client financial institutions and the financial sector. Examinations of technology service providers focus on the management of technology, integrity of data, confidentiality of information, availability of services, and compliance. Examination results are provided to the service provider and to client financial institutions. The examination results can help financial institutions with their ongoing monitoring of third-party service provider risk.
The interagency program for supervising technology service providers has been in place for several years. However, the use of third-party service providers and technology-based products and services is expanding and evolving quickly. The number, type, and concentration of providers are also changing and, as a result, third-party service providers continue to play an important role in the financial sector.
1. 12 U.S.C. 1464(d)(7), 1867(c)(1). Return to text
Box 4. Fintech Is Transforming the Banking Industry
Fintech can be defined as technologically enabled innovation in financial services that could result in new business models, applications, processes, or products with an associated material effect on financial markets and institutions and the provision of financial services.1
Fintech is transforming how banks operate. The recent expansion of fintech activities is a result of abundant data, greater connectivity, cheaper computer processing power, and consumer demand for convenient, customized, and low-cost financial services. For example, some fintech companies develop alternative methodologies to assess the creditworthiness of a borrower. Other fintech firms develop computer software allowing for a seamless integration of bank services, such as account authentication and payment processing, with nonbank products. These advances offer benefits to consumers and the financial system. These benefits come with risks that may affect bank safety and soundness and consumer protection.
Risks stemming from fintech activities are not unique but reflect traditional banking risks (e.g., operational, cybersecurity, liquidity, and reputational risks). As with any new activity, banks are expected to ensure appropriate controls are established to support new fintech products and services. As banks engage in these activities, they should develop and implement risk-management practices and controls at a pace that aligns with their growth.
The use of fintech is prevalent across banks of all sizes; however, the approaches to adopting fintech vary across different segments of the banking sector.
- Large financial institutions often use a combination of service providers and internal capabilities when developing fintech solutions. For example, they may purchase data from service providers to support AI models that assist in making lending decisions.
- Smaller institutions rely more extensively on service providers when engaging in technology products and services. Smaller firms may engage directly with a variety of service providers, such as Application Programming Interface (API) lending, and payment platforms. By working with third-party technology providers, smaller institutions can compete with larger banks by offering a wider range of services to customers.
The Federal Reserve has established a System Fintech Supervisory Program to identify, monitor, and assess the range of risks arising from supervised firms' fintech activities. The program is developing a coordinated supervisory strategy for fintech activities. The strategy will be tailored to supervised firms' size and complexity.
1. Financial Stability Board, Financial Stability Implications from Fintech (Washington: FSB, June 2017), https://www.fsb.org/wp-content/uploads/R270617.pdf. Return to text
Key Supervisory Priorities
While supervisory programs are adapting to the risks posed by technology and innovation, supervisors continue to monitor capital, liquidity, and risk management across all portfolios. This includes a continued focus on cybersecurity risks. In large bank supervision, resolution plans are currently under review jointly with the FDIC. Recent work in the risk-management area has focused on prime brokerage activities and related counterparty risks, informed in part by the Archegos default. In community and regional bank supervision, credit and operational risks continue to be supervisory priorities.
Supervised Institutions
The Federal Reserve supervises bank holding companies, savings and loan holding companies, and state member banks of varying size and complexity. The Federal Reserve follows a risk-focused approach by scaling its supervisory work to the size and complexity of an institution.
- Firms identified as posing elevated risk to U.S. financial stability are supervised by the Large Institution Supervision Coordinating Committee, or LISCC, program.
- U.S. firms with assets of $100 billion or more that are not supervised by the LISCC program and all foreign banking organizations are supervised by the Large and Foreign Banking Organization, or LFBO, program.
- Regional banking organizations (RBOs)—U.S. firms with total assets between $10 billion and $100 billion—are supervised by the RBO program.
- Community banking organizations (CBOs)—U.S. firms with less than $10 billion in total assets—are supervised by the CBO program.
Table 2 provides an overview of the organizations supervised by the Federal Reserve, by portfolio, including the number of institutions and total assets in each portfolio.
Table 2. Summary of organizations supervised by the Federal Reserve (as of 12/31/2021)
| Firm description | Definition | Number of institutions | Total assets ($ trillions) |
|---|---|---|---|
| Large Institution Supervision Coordinating Committee (LISCC) | Eight U.S. global systematically important banks (G-SIBs) | 8 | 14.6 |
| State member banks (SMBs) | SMBs within LISCC organizations | 4 | 1.1 |
| Large and foreign banking organizations (LFBOs) | Non-LISCC U.S. firms with total assets $100 billion and greater and FBOs | 173 | 10.0 |
| Large banking organizations (LBOs) | Non-LISCC U.S. firms with total assets $100 billion and greater | 17 | 4.8 |
| Large FBOs (with IHC) | FBOs with combined U.S. assets $100 billion and greater | 11 | 3.1 |
| Large FBOs (without IHC) | FBOs with combined U.S. assets $100 billion and greater | 7 | 1.0 |
| Small FBOs (excluding rep offices) | FBOs with combined assets less than $100 billion | 108 | 1.1 |
| Small FBOs (rep offices) | FBO U.S. representative offices | 30 | 0.0 |
| State member banks | SMBs within LFBO organizations | 9 | 1.4 |
| Regional banking organizations (RBOs) | Total assets between $10 billion and $100 billion | 86 | 2.6 |
| State member banks | SMBs within RBO organizations | 27 | 0.9 |
| Community banking organizations (CBOs) | Total assets less than $10 billion | 3,602* | 3.0 |
| State member banks | SMBs within CBO organizations | 665 | 0.6 |
| Insurance and commercial savings and loan holding companies (SLHCs) | SLHCs primarily engaged in insurance or commercial activities | 6 insurance 4 commercial |
0.9 |
* Includes 3,546 holding companies and 56 state member banks that do not have holding companies.
Large Financial Institutions
This section of the report discusses the supervisory approach for large financial institutions, which are U.S. firms with assets of $100 billion or more and foreign banking organizations with combined U.S. assets of $100 billion or more. These firms are within either the LISCC portfolio or the LFBO portfolio. Large financial institutions are subject to regulatory requirements that are tailored to the risk profiles of these firms. Appendix A provides an overview of key regulatory requirements.
Supervisory efforts for large financial institutions focus on four components:
- capital planning and positions,
- liquidity risk management and positions,
- governance and controls, and
- recovery and resolution planning.11
The Federal Reserve's assessment of a firm is reflected in the firm's supervisory rating under the LFI rating system.12 As of the end of 2021, over half of the large financial institutions are rated in satisfactory condition. Federal Reserve supervisors have observed that firms are generally meeting supervisory expectations with respect to capital planning and positions and liquidity risk management and positions. However, some firms continue to face challenges, particularly related to governance and controls.
Large financial institutions continue to report strong capital and liquidity positions.
Large financial institutions have remained well capitalized. The aggregate CET1 capital ratio for large financial institutions in the fourth quarter of 2021 was 12.8 percent. Large financial institutions have sufficient capital to continue lending to households and businesses in periods of stress.
Liquidity is at historic highs at large financial institutions, driven by strong deposit growth during the pandemic. Large financial institutions continue to maintain sufficient liquid assets to meet liquidity needs for a 30-day stress scenario.
Cybersecurity remains a high priority.
Cybersecurity is a critical component of operational resilience and remains the top risk identified at supervised firms. Cyber threats and attacks increased with the onset of the pandemic and are an increasing concern resulting from geopolitical unrest. Increasing ransomware attacks are a risk in the financial sector.
The Federal Reserve conducts joint cybersecurity examinations with the other federal banking agencies for the LISCC institutions. Examinations in 2021 focused on cybersecurity governance and the management of aging technology assets. Several themes were identified during these exams. In the area of governance, examiners noted that firms are integrating cybersecurity strategies with broader technology and business operating strategies. Competition for talent and turnover was also highlighted as a challenge.
Examiners observed a range of practices for managing aging technology assets as those assets reach the end of their useful lives or end of support provided by vendors. The stronger practices observed include adopting a dedicated program for managing the risks of aging assets, creating and maintaining a comprehensive inventory, carrying out risk-based prioritization of replacement of aged systems, and detailed reporting.
Interagency examinations will continue during 2022, with two areas of focus. One focus area will review controls in place to manage access to a firm's systems and information. Another focus area will review a firm's processes and tools used to detect and respond to ransomware attacks. Particularly while the Russian invasion of Ukraine heightens geopolitical tensions, examiners will continue to regularly monitor firms' efforts to maintain effective cyber defenses.
Resolution plan reviews are underway.
Recovery and resolution planning is one of the four core areas of supervision (box 5) for the largest banks. Firms' resolution plans are reviewed jointly by the Federal Reserve and the FDIC. Currently the agencies are reviewing plans submitted by the eight LISCC firms in July 2021, one new LFBO firm in September 2021, and 16 LFBO firms in December 2021.13 In addition to the standard elements prescribed in the resolution plan rule, the agencies required each firm to submit information about the firm's pandemic responses and integration of any changes or lessons learned into resolution-related capabilities.14 In particular, the information request asked about a firm's experience during the pandemic related to reporting and escalation of information, operational continuity, and parent company support for foreign banking organizations.
Box 5. Large Financial Institution Supervisory Priorities
Capital
- Trading and counterparty credit risk management, including areas such as concentrations, hedging, and client leverage
- Risks associated with the evolving interest rate environment and the expiration of pandemic relief measures, including interest rate risk and credit risk
- Readiness for future updates to the capital framework and reviews of risk-weighted assets under the capital rule
Liquidity
- Internal liquidity stress testing scenarios, assumptions, and methodologies
- Independent liquidity risk management
- Nonbank subsidiary liquidity risk
- Collateral management
- Contingency funding plans
Governance and controls
- Operational resilience, including cybersecurity and information technology risks
- Compliance risk management, including Bank Secrecy Act/anti-money-laundering programs and Office of Foreign Assets Control compliance
- Third-party vendor risk management
Recovery and resolution planning
- Resolution plan and critical operations reviews
- International coordination
Prime brokerage services can pose significant risks.
Some large banks offer a suite of services to large investment funds known as prime brokerage. These services include the ability to borrow securities or cash, cash management, and access to research. An important aspect of these services is lending. The investment funds typically obtain loans secured by equities or other securities through the prime broker.
Prime brokerage services can pose significant liquidity and credit risks to the bank providing these services. These risks are heightened by the complexity of prime brokerage services and lack of transparency into the trading and investing activities of the investment fund clients, particularly trading activities with other counterparties. Strong risk management and controls are critical to the safety and soundness of a bank that provides these services.
Liquidity shortfalls and credit losses associated with prime brokerage activities occurred during the financial crisis of 2007–08. Since then, these services have grown in complexity, resulting in other risk-management failures. Most recently, the default of Archegos Capital Management (Archegos) highlighted gaps in bank risk management (box 6).
Accordingly, the Federal Reserve supervises banks for the risks associated with prime brokerage services along key areas, including capital and liquidity. Since the financial crisis of 2007–08, the Federal Reserve has conducted several reviews of banks' prime brokerage services. This includes evaluating firms' assessment and strategies for management of stress events that could affect its investment fund clients.
Box 6. The Archegos Default: Addressing Gaps in Risk Management
As noted in the November 2021 Supervision and Regulation Report, the Federal Reserve and other regulators conducted a supervisory review after the Archegos Capital Management default. Archegos was an investment firm with large exposures to a small number of U.S. and Chinese technology and media companies. It defaulted on March 26, 2021, causing over $10 billion in losses across several large banks. The review looked at due diligence practices, counterparty credit risk management, margining practices, and how banks exit relationships with fund clients when the client defaults.
As a result of the review, the Federal Reserve in December 2021 issued supervisory guidance to remind banking organizations with large derivative portfolios and relationships with investment funds of supervisory expectations for counterparty credit risk management that were previously articulated in interagency guidance.1 The guidance also highlights the expectation that banking organizations should be capable of identifying and monitoring the risk associated with the fund client at the outset and throughout the relationship. Banks need to understand the risk posed by their clients and have adequate tools to manage it. Tools include ongoing due diligence on clients, risk-sensitive margining practices, and strong independent risk-management oversight of the business.
1. SR Letter 21-19, "The Federal Reserve Reminds Firms of Safe and Sound Practices for Counterparty Credit Risk Management in Light of the Archegos Capital Management Default" at https://www.federalreserve.gov/supervisionreg/srletters/SR2119.htm;
SR Letter 11-10, "Interagency Supervisory Guidance on Counterparty Credit Risk Management" at https://www.federalreserve.gov/supervisionreg/srletters/sr1110.htm. Return to text
Community and Regional Banking Organizations
This section of the report discusses the financial condition and supervisory approach for banking organizations with assets less than $100 billion, including CBOs, which have less than $10 billion in total assets, and RBOs, which have total assets between $10 billion and $100 billion.
CBOs and RBOs generally remain in stable financial condition as pandemic-related concerns have abated.
CBOs and RBOs have demonstrated resilience throughout the pandemic. More than 99 percent of CBOs and all RBOs have capital ratios above well capitalized minimum requirements as of the end of 2021. Tier 1 leverage ratios have declined following the emergence of the pandemic, as increased levels of cash and lower risk assets persist due to growth in deposits over the past two years. NIMs remain low or have recovered slightly, while ROAAs remained mostly robust throughout the period.
Total problem loan rates continued to decrease for most community and regional banks. Problem loan rates for commercial real estate, residential real estate, and other loans were lower or relatively flat for the latter part of 2021. The balances of loans modified because of COVID–19 (section 4013 loans) at CBOs and RBOs continued to decline, ending at 1.4 percent and 0.6 percent of total loans as of the end of 2021, respectively.15
Though issues have not materialized, credit risk remains an elevated concern.
While credit conditions have generally recovered since the onset of the pandemic, uncertainties continue to persist. Federal Reserve examiners have noted during recent examinations that credit risk may be increasing at community and regional banks because of their exposure to certain sectors particularly impacted by the pandemic. CBOs and RBOs are often more concentrated than larger banks in commercial real estate lending, a loan category that has been particularly impacted by the pandemic.
Cash positions have reduced liquidity risk.
Cash positions have been elevated throughout the pandemic. CBOs and RBOs have yet to fully deploy their elevated cash positions into lending due to persistent uncertainty in the economy and a low level of loan demand. CBOs and RBOs have stated that they expect loan demand to increase, resulting in business opportunities to deploy their excess liquidity. Increased cash positions have also led many banks to reduce their use of noncore funding sources. As a result, liquidity risk has generally fallen for these banks. Liquidity risk may increase as banks begin to deploy excess liquidity and as stimulus programs continue to unwind.
CBOs and RBOs continue to face operational risks.
Information technology risks and cybersecurity remain top concerns. Operational risk issues can arise from dependence on or increased activities with third-party technology providers. Smaller banks can also be vulnerable to cyberattacks and outages, as they may have less robust information technology infrastructure than larger institutions or may be more reliant on third-party vendors for their services. Additionally, small banks report challenges with hiring and retaining qualified information technology and cybersecurity staff.
Examination activities have not resulted in significant concerns.
During the second half of 2021, few CBO and RBO examinations and inspections resulted in downgrades to supervisory ratings. As of the end of 2021, nearly 97 percent of CBOs and RBOs are rated satisfactory or strong. The number of outstanding supervisory findings for CBOs and RBOs continued to decline during this period.
CBO and RBO supervision programs continue to transition from pandemic approaches.
As Federal Reserve examinations continue to transition out of pandemic approaches, examiners are maintaining their focus on high-risk activities. The Federal Reserve's supervision program for community and regional banking organizations (box 7) will include some on-site examination presence in 2022. Each Reserve Bank is considering local pandemic conditions as well as the ability of supervised institutions to accommodate examiners at their offices. For example, the Federal Reserve has improved the process for the exchange of information (box 8).
The federal bank regulatory agencies provided temporary regulatory relief for CBOs that had grown in size, in part, because of participating in pandemic response programs.16 The Federal Reserve temporarily delayed transitioning CBOs that crossed the $10 billion asset level into the RBO supervision program. This temporary relief expired at the end of 2021. Those institutions that crossed and remained above this asset threshold have transitioned to the RBO portfolio. Between the end of 2019 and the first quarter of 2022, 23 institutions have transitioned to the RBO portfolio.
Box 7. CBO and RBO Supervisory Priorities
Credit Risk
- Loan modifications and underwriting practices
- Credit concentrations
- High-risk loan portfolios
- Reserve practices and levels, and implementation of Current Expected Credit Losses (CECL)
Capital
- Capital adequacy, needs, and
vulnerabilities
Operational Risk
- Information technology and cybersecurity
Box 8. New Supervision Central App Aids Collaboration between Banks and Examiners
In June 2021, the Federal Reserve launched Supervision Central, a cloud-based application. The application allows the secure exchange of information between examiners and state member banks and holding companies with less than $100 billion in total assets. Supervision Central provides these supervised institutions with a simple method to upload documents with an easy drag-and-drop function. The application also facilitates information exchange and collaboration between state examiners and Federal Reserve Bank examiners. This functionality should reduce the likelihood of redundant information requests by examiners to an institution.
Since launching Supervision Central, the Federal Reserve has received positive feedback. To learn more, please visit the Supervision Central Help Site at https://www.supervisioncentral.org.
Return to text
References
9. Board of Governors of the Federal Reserve System, 107th Annual Report (Washington: Board of Governors, 2021), https://www.federalreserve.gov/publications/files/2020-annual-report.pdf. Return to text
10. See the Board of Governors of the Federal Reserve System, "Innovation" web page at https://www.federalreserve.gov/aboutthefed/innovation.htm. Return to text
11. The Federal Reserve focuses on recovery planning for LISCC firms only. For more information regarding the framework for supervision of large financial institutions, see SR Letter 12-17/CA Letter 12-14, "Consolidated Supervision Framework for Large Financial Institutions," at https://www.federalreserve.gov/supervisionreg/srletters/sr1217.htm; and box 4 of the November 2018 Supervision and Regulation Report at https://www.federalreserve.gov/publications/2018-november-supervision-and-regulation-report-preface.htm. Return to text
12. See SR Letter 19-3/CA Letter 19-2, "Large Financial Institution (LFI) Rating System," at https://www.federalreserve.gov/supervisionreg/srletters/sr1903.htm. The Federal Reserve's and FDIC's assessment of resolution planning is communicated to the firm in connection with the agencies' review of the Title I resolution plans. Return to text
13. These 25 firms' public resolution plans are available on the Federal Reserve Board's public website at https://www.federalreserve.gov/supervisionreg/resolution-plans.htm. Return to text
14. The LISCC targeted information request may be found on the Federal Reserve Board's public website at https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20200701a1.pdf; and the LFBO targeted information request may be found on the Federal Reserve Board's public website at https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20201209a4.pdf. Return to text
15. See appendix A for the definition of loan modifications under section 4013 of the CARES Act. Return to text
16. Refer to box 2, Temporary Relief from Asset-Based Thresholds in Regulations, in the April 2021 Federal Reserve Supervision and Regulation Report, p.26, https://www.federalreserve.gov/publications/2021-april-supervision-and-regulation-report.htm. Return to text