Chairman Brown, Ranking Member Toomey and Members of the Committee, I am pleased to appear today at this hearing on “Oversight of Financial Regulators: A Strong Banking System for Main Street.”
The core mission of the Federal Deposit Insurance Corporation (FDIC) is to maintain stability and public confidence in the U.S. financial system. The FDIC carries out this mission through its responsibilities for deposit insurance, banking supervision, and the orderly resolution of failed banks, including systemically important financial institutions. Banking supervision encompasses safety and soundness and consumer protection, both of which are essential to this important responsibility. I appreciate the opportunity to report on the agency’s work in carrying out these responsibilities and to address the specific issues raised by the Committee in its letter of invitation.
My written testimony will begin with an overview of the condition of the banking industry and the FDIC’s Deposit Insurance Fund (DIF). I will then update the Committee on five key policy priorities for 2022: strengthening the Community Reinvestment Act (CRA); addressing the financial risks that are likely to affect banking organizations and the financial system as a result of climate change; reviewing the bank merger process; evaluating the risks of crypto-assets to the banking system; and finalizing the Basel III capital rules. I will then discuss the FDIC’s efforts to support Minority Depository Institutions (MDIs) and Community Development Financial Institutions (CDFIs), as well as to promote a diverse and inclusive workplace at the FDIC. Finally, I will describe the FDIC’s work to strengthen cybersecurity and information security within the banking industry and our return to in-person bank examinations and other in-person activities at every level of the FDIC.
State of the Banking Industry
The banking industry has reported generally positive results this year, amid continued economic uncertainty. Loan growth strengthened, net interest income grew, and most asset quality measures improved. Further, the industry remains well-capitalized and highly liquid.1 The number of institutions on the FDIC’s “Problem Bank List” remained stable in the second quarter at 40, the lowest number in the FDIC’s Quarterly Banking Profile history. Fourteen new banks opened through October 2022, including the first mutual bank in 50 years. Additionally, no banks failed during 2021 nor this year.
At the same time, the banking industry reported a moderate decline in net income in the first two quarters of this year from one year ago, primarily because of an increase in provision expense at the largest institutions. The increase in provision expense—the amount set aside by institutions to protect against future credit losses—reflects the banking industry’s recognition of risks related to persistent economic uncertainties, and slowing economic growth, as well as the increase in loan balances. Net income also declined year-over-year at community banks. Unlike results for the industry as a whole, an increase in compensation costs led the decline in net income at community banks.
Rising market interest rates and strong loan growth supported an increase of 26 basis points in the banking industry’s net interest margin (NIM) from the first to the second quarter of this year to 2.80 percent. Most banks reported higher net interest income compared with a year ago as a result.
However, rising interest rates and longer asset maturities also resulted in unrealized losses on investment securities held by banks. As of the second quarter 2022, banks reported $470 billion in unrealized losses, as the market value of securities fell below the book value. The FDIC expects this trend to be an ongoing challenge as interest rates continued to rise in the third quarter, especially if banks need to sell investments to meet liquidity needs.
Despite several favorable performance metrics, the banking industry continues to face significant downside risks. These risks include the effects of inflation, rapidly rising market interest rates, and continuing geopolitical uncertainty. Taken together, these risks may reduce profitability, weaken credit quality and capital, and limit loan growth in coming quarters. Furthermore, higher market interest rates have led to continued growth in unrealized losses in the banking industry’s securities portfolios. Higher interest rates may also erode real estate and other asset values as well as hamper borrowers’ loan repayment ability. These will be matters of ongoing supervisory attention by the FDIC.
Condition of the Deposit Insurance Fund
Extraordinary growth in insured deposits during the first half of 2020 caused the DIF reserve ratio to decline below the statutory minimum of 1.35 percent as of June 30, 2020. The reserve ratio of the DIF is the DIF balance as a percent of the banking industry’s estimated insured deposits.
On September 15, 2020, the FDIC adopted a Restoration Plan as required by law to restore the reserve ratio to the statutory minimum of 1.35 percent within the statutory 8-year period, ending on September 30, 2028.2 The Restoration Plan maintained the assessment rate schedules in place at the time and required the FDIC to update its analysis and projections for the DIF balance and reserve ratio at least semiannually.
While the DIF balance increased by about $1.3 billion over the first half of 2022 to $124.5 billion, continued elevated levels of insured deposits have caused the reserve ratio to remain low at 1.26 percent as of June 30, 2022, well below the statutory minimum.
While insured deposits have shown signs of possibly normalizing, the banking industry continued to report strong insured deposit growth through June 2022, outpacing growth in the DIF. Projections of the reserve ratio under different scenarios indicated that the reserve ratio was at risk of not reaching 1.35 percent by the statutory deadline. Consequently, the FDIC Board amended the Restoration Plan to incorporate an increase in assessment rate schedules of 2 basis points for all insured depository institutions, and concurrently approved a notice of proposed rulemaking to implement this increase.3
The increase in assessment rate schedules is intended to improve the likelihood that the reserve ratio will reach the statutory minimum of 1.35 percent by the statutory deadline. It will also support growth in the DIF in progressing toward the FDIC’s long-term goal of a 2 percent Designated Reserve Ratio, and will increase the likelihood of the DIF remaining positive throughout periods of significant losses due to bank failures, consistent with the FDIC’s long-term fund management plan.
Following careful consideration of the comments received on the proposal, and based on updated projections and analysis, on October 18, 2022, the FDIC adopted a final rule implementing the increase in assessment rate schedules of 2 basis points.4 Under the final rule, the new assessment rate schedules will take effect on January 1, 2023. Assessments will be calculated at the end of the first quarter of 2023 and will be payable by June 30, 2023. Banks will have ample time to plan for the new assessment rates. The FDIC projects the increase in assessment rates will have an insignificant effect on institutions’ capital levels and estimates the new rates will reduce income only slightly by an annual average of 1.2 percent. The FDIC does not expect the increase to impact lending or credit availability in any meaningful way.
As noted previously, the banking industry’s current performance is strong, but it faces significant downside risks. It is better to take prudent but modest action earlier in the statutory 8-year period to reach the minimum reserve ratio of the DIF while the industry is in a strong position than to delay and potentially have to consider a pro-cyclical assessment increase. In the event that the industry experiences a downturn before the FDIC has exited its current Restoration Plan, the FDIC might have to consider even larger assessment increases to meet the statutory requirement in a more compressed timeframe and under less favorable conditions.
Strengthening the Community Reinvestment Act
The Community Reinvestment Act seeks to address one of the most intractable challenges of our financial markets – access to credit, investment, and basic banking services for low- and moderate-income communities and borrowers, both urban and rural.
The provisions of CRA as originally enacted in 1977 were deceptively simple but groundbreaking.5 The key operative provision of the Act states, “In connection with its examination of a financial institution, the appropriate Federal financial supervisory agency shall ... assess the institution’s record of meeting the credit needs of its entire community, including low- and moderate-income neighborhoods....”6
Since its enactment, CRA has become the foundation of responsible finance for low- and moderate-income communities in the United States.
While the rule implementing CRA has not undergone a major revision since 1995, the banking industry has evolved dramatically over that time. On May 5, the three federal banking agencies – the Federal Reserve Board (Federal Reserve), the Office of the Comptroller of the Currency (OCC), and the FDIC adopted a Notice of Proposed Rulemaking (NPR) in an effort to adapt CRA to that evolution and to strengthen and enhance its effectiveness in achieving its core mission.7 There is a lot in this NPR, but in the interest of brevity, I would like to focus on four key elements of the proposed rule.
First, the NPR would establish new retail lending assessment areas to allow for CRA evaluation in communities where a bank may be engaging in significant lending activity but where the bank does not have a branch. Currently, CRA assessment areas are tied to bank branches. Bank lending in communities in which the bank does not have a physical presence is generally not subject to CRA. While bank branches continue to play a critical role in serving communities, technology has made possible an increasing portion of bank lending activity unrelated to the branch network. Some banks have only one branch or no branch at all, yet engage in large scale lending.
These new retail lending assessment areas are a means of subjecting that lending activity to a CRA review. They represent a critically important adaptation of CRA to the changing nature of the banking business, and they do so in a manner that is neutral with regards to the business model of the bank. In addition, under the new community development test in the NPR, a bank could earn community development credit under the CRA evaluation for activity outside of the traditional branch-based assessment areas. This provides an incentive for bank activity in rural communities, Native lands, areas of persistent poverty, and underserved areas – so–called credit deserts.
Second, the NPR incorporates detailed metrics on bank lending activity. This provides an improved line of sight into bank lending and allows for the consideration of higher standards for bank lending performance under CRA. The objective here is to provide an incentive for increased bank lending to underserved communities.
Third, the availability of metrics will allow for greater transparency and certainty for banking institutions in meeting their CRA responsibilities under the retail lending and the community development financing tests. This is an objective on which the banking industry has placed a high value.
Finally, the NPR is tailored to the size and complexity of banking institutions with different standards for small, intermediate, and large institutions. For example, the NPR raises the thresholds for defining both “Small Bank” and “Intermediate Bank.” This will maintain or reduce the requirements for hundreds of community banks with regards to CRA data collection and reporting.
In addition to these four core elements of the NPR, the proposed rule provides greater transparency on lending to communities of color utilizing publicly available information. It also provides enhanced incentives for bank collaboration with MDIs and CDFIs, bank investments in disaster preparedness and climate resilience in low- and moderate-income neighborhoods, and bank lending, investment, and services in rural communities and Native lands.
Taken together this NPR represents a major revision of CRA intended to strengthen its impact and increase its transparency and predictability. The three banking agencies received approximately one thousand unique comments from a wide range of stakeholders, many of which are quite detailed and thoughtful.8 The staffs of the three agencies are working diligently to review those comments and consider possible changes to the NPR in response to those comments in crafting a final rule.
Addressing the Financial Risks Posed by Climate Change
There is broad consensus among financial regulatory bodies, both domestically and abroad, that the effects of climate change and the transition to reduced reliance on carbon-emitting sources of energy present unique and significant economic and financial risks, and therefore, an emerging risk to the financial system and the safety and soundness of financial institutions.
The role of the FDIC with respect to climate change is limited to the financial risks that climate change may pose to the banking system and the extent to which those risks impact the FDIC’s core mission and responsibilities. The FDIC is not responsible for climate policy. As such, we will not be involved in determining which firms or business sectors financial institutions should do business with. These types of credit allocation decisions are the responsibility of financial institutions. We want financial institutions to fully consider climate-related financial risks—as they do all other risks—and continue to take a risk-based approach in assessing individual credit and investment decisions.
The financial system has always had severe weather events to contend with and, thus far, the banking industry has handled these events well. Agricultural banks know well the effects that drought conditions can have on farming communities; banks in the west understand the impacts of wildfires; and coastal banks have long responded to the annual threat of tropical storms and hurricanes.
However, changing climate conditions are bringing with them challenging trends and events, including rising sea levels, increases in the frequency and severity of extreme weather events, and other natural disasters.9 These trends challenge the future resiliency of the financial system and, in some circumstances, may pose safety and soundness risks to individual banks. The goal of the FDIC’s work on climate-related financial risk is to ensure that the financial system continues to remain resilient despite these rising risks.
In order to understand and address the financial risks that climate change poses to financial institutions and the financial system, it is important to foster an open dialogue with our counterparts in the U.S. and international financial regulatory bodies, and especially with stakeholders throughout the banking industry. It is for these reasons that the FDIC established an internal, cross-disciplinary working group to assess the safety and soundness and financial stability considerations associated with climate-related financial risk and to develop an agency-wide understanding of climate-related financial risk. The FDIC is also coordinating with our interagency peers and is participating on the Financial Stability Oversight Council’s (FSOC) Climate-related Financial Risk Committee. Further, as climate change is an international problem, the FDIC, along with the Federal Reserve and the OCC, have joined the Network of Central Banks and Supervisors for Greening the Financial System (NGFS) to foster collaboration and share best practices in addressing climate-related financial risks on a global basis. This complements our existing work with the Basel Committee’s Task Force on Climate-related Financial Risks and other appropriate international organizations.
While the FDIC remains in the early stages of addressing climate-related financial risk, regulators need to work with the banking industry now to support financial institutions as they develop plans to identify, monitor, and manage the risks posed by climate change. This should be done in a manner that is flexible enough to allow for change as knowledge is gained, data are developed, and new methodologies and tools are explored. Consistent with this, the FDIC issued a request for comments in April on draft principles that would provide a high-level framework for the safe and sound management of exposures to climate-related financial risks for large financial institutions.10 This request for comments is substantively similar to the principles that were issued by the OCC in December of last year.11 Comments received on the proposed principles are currently under review and consideration.12 The FDIC and OCC are also collaborating with the Federal Reserve to bring the three agencies into alignment on the principles.
I want to stress that the FDIC is still in the beginning stages of our work on climate-related financial risks, and we will continue to expand our efforts to address these risks through a thoughtful and measured approach. We will emphasize risk-based assessments and collaboration with other supervisors as well as with stakeholders in the banking industry, and our actions will complement actions that have been taken domestically and internationally. Importantly, the FDIC will continue to encourage financial institutions to consider climate-related financial risks in a manner that allows banks to prudently meet the financial services needs of their communities.
Reviewing the Bank Merger Process
The Bank Merger Act of 1960 (BMA) established a framework that requires, in general, approval by the Federal Reserve and the OCC, or the FDIC, as appropriate, of bank mergers.13 FDIC approval is also required for a bank merger with a non-insured entity.14 The statute generally requires the banking agencies to consider several factors when reviewing a merger application including whether a proposed merger would substantially lessen competition or tend to create a monopoly, the financial and managerial resources and future prospects of the existing and proposed institutions, the convenience and needs of the community to be served, and the risk to the stability of the United States banking or financial system.15 The FDIC has adopted a rule and a policy statement implementing the statutory requirements but neither yet address the financial stability factor, which was added to the BMA under the Dodd-Frank Act of 2010.16
Although there has been a significant amount of consolidation in the banking sector over the last thirty years, facilitated in part by mergers and acquisitions, there has not been a significant review of the implementation of the BMA by the agencies in that time. Additionally, the prospect for continued consolidation among both large and small banks remains significant. In light of these circumstances, a review of the regulatory framework implementing the BMA is both timely and appropriate.
In March, the FDIC Board submitted to the Federal Register a Request for Information and Comment on Rules, Regulations, Guidance, and Statements of Policy Regarding Bank Merger Transactions (RFI).17 The RFI requested comment on the four statutory factors the FDIC must consider in reviewing bank merger applications: competition, prudential risk, the convenience and needs of the communities affected, and financial stability.
The comment period closed on May 31, 2022, with 31 comments received.18 The FDIC is considering updates to its BMA Statement of Policy in light of the comments received. Moreover, the FDIC is working collaboratively with the other banking agencies and the Department of Justice on an interagency review of the bank merger application process.
Evaluating the Risk of Crypto-Assets to the Banking System
The recent growth in the crypto-asset industry has corresponded with an increasing interest on the part of some banks to engage in crypto-asset activities.19 Crypto-assets bring with them novel and complex risks that, like the risks associated with the innovative products in the early 2000s, are difficult to fully assess, especially with the market’s eagerness to move quickly into these products.
The recently published digital asset report by the FSOC describes crypto-assets as private sector digital assets that depend primarily on the use of cryptography and distributed ledger or similar technologies.20 Crypto-assets such as Bitcoin are not backed by physical assets, but rather they purport to establish value by their scarcity or utility. As such, the value of these crypto–assets at any point is driven in large part by market sentiment. This has resulted in a highly volatile marketplace.
While the FDIC had been generally aware of the rising interest in crypto-asset related activities through its normal supervision process, as this interest has accelerated, it became clear that more information was needed to better understand the risks associated with these activities as well as which banks have been engaging in, or are interested in engaging in, crypto-asset related activities.
To address that gap, the FDIC issued a Financial Institution Letter (FIL) in April of this year asking the banks the FDIC supervises to notify the FDIC if they are engaging in, or planning to engage in, crypto-asset related activities.21 If so, we asked banks to provide us enough details to allow us to work with them to assess the safety and soundness, consumer protection, and BSA/AML risks associated with the activities and the appropriateness of their proposed governance and risk management processes associated with the activity. The other federal banking agencies have issued similar requests to their supervised institutions.22
Once the FDIC develops a better understanding of activities planned or already active, we will provide the institution with case-specific supervisory feedback.23 As the FDIC and the other Federal banking agencies develop a better collective understanding of the risks associated with these activities, we expect to provide broader industry guidance on an interagency basis.
These risks of crypto-assets are very real. After the bankruptcies of crypto-asset platforms that have occurred this year, there have been numerous news stories of consumers who have been unable to access their funds or savings. 24
The FDIC will continue to work with our supervised banks to ensure that any crypto-asset-related activities that they engage in are permissible banking activities that can be conducted in a safe and sound manner and in compliance with existing laws and regulations. If so, we will work with banks to ensure that they have put in place appropriate measures and controls to identify and manage risks and can ensure compliance with all relevant laws, including those related to anti-money laundering and consumer protection and we will do this in collaboration with our fellow banking agencies.
In addition, crypto firms have used false and misleading statements concerning the availability of federal deposit insurance for their crypto products in violation of the law. In response, the FDIC issued letters demanding that the firms cease and desist from using misleading statements with regard to deposit insurance.25 The FDIC also issued an Advisory in July of this year reminding insured banks of the risks that could arise related to misrepresentations of deposit insurance by crypto-asset companies.26
One closely related issue that has been a focus of policymakers both at the agencies and the Congress is stablecoins. As investors traded in and out of various crypto–assets, a desire arose for a crypto–asset with a stable value that would allow investors to transfer value from one crypto–asset into another without the need for converting into and out of fiat currencies. This gave rise to the development of various so–called stablecoins.
Unlike Bitcoin and similar crypto–assets, most stablecoins are represented as backed by a pool of assets or utilize other methods to help maintain a stable value. Currently, the most prominent stablecoins are purported to be backed by financial assets such as currencies, U.S. Treasury securities, or commercial paper.
Thus far stablecoins have predominantly been used as a vehicle to buy and sell crypto–assets for investment and trading purposes– there has been no demonstration so far of their value in terms of the broader payments system.27 However, the distributed ledger technology upon which they are built may prove to have meaningful applications and public utility within the payments system. This raises a host of important policy questions that will be the subject of careful attention by all of the federal financial regulators.
Finalizing the Basel III Capital Rules
After the global financial crisis of 2008, the FDIC, OCC and Federal Reserve sought to strengthen the banking system through changes to the regulatory capital framework. This work has been based largely on two sets of standards issued by the Basel Committee on Banking Supervision (BCBS), known as Basel III.28 The agencies’ initial revisions in 2013 included an increase in the overall quality and quantity of capital. The agencies are now turning to the second set of BCBS standards to finalize the implementation of Basel III.
On September 9, the three agencies reaffirmed their commitment to implementing enhanced regulatory capital requirements that align with the final set of Basel III standards issued by the BCBS.29 These standards, issued by the BCBS in 2017, include ways to strengthen capital requirements for market risk exposures, improve the capital requirement for financial derivatives, and simplify the measurement of operational risk for regulatory capital purposes.
The agencies plan to seek public input on the new capital standards for large banking organizations and are currently developing a joint proposed rule for issuance as soon as possible. Importantly, community banks, which are subject to different capital requirements, would not be impacted by the proposal, given their limited overall size and trading activities.
Supporting Minority Depository Institutions and Community Development Financial Institutions
The preservation and promotion of MDIs remains a long-standing priority for the FDIC.30 The FDIC’s research study, Minority Depository Institutions: Structure, Performance, and Social Impact,31 found that FDIC-insured MDIs have played a vital role in providing mortgage credit, small business lending, and other banking services to minority and low- and moderate-income communities. Similarly, banks designated as CDFIs by the Treasury’s CDFI Fund provide financial services in low-income communities and to individuals and businesses that have traditionally lacked access to credit.
MDIs and CDFIs are anchor institutions in their communities and play a key role in building a more inclusive financial system. The FDIC supervises approximately two-thirds of the approximately 280 FDIC-insured MDIs and CDFIs. In addition to its supervisory activities, the FDIC’s Office of Minority and Community Development Banking supports the agency’s ongoing strategic and direct engagement with MDIs and CDFIs.
In support of its statutory requirement to encourage the creation of new MDIs, this past May the FDIC issued a FIL that outlines the process by which FDIC-supervised institutions or applicants for deposit insurance can make a request to be designated as an MDI.32
In 2021, the FDIC designated five new institutions as MDIs, and to-date in 2022, one new FDIC-supervised de novo MDI opened for business. Three other existing institutions have been designated as MDIs, and the FDIC approved a conditional application for deposit insurance for a de novo MDI that is now raising capital.
Since 2020, significant new sources of private and public funding have become available to support FDIC-insured MDIs and CDFIs, known collectively as mission-driven banks. The FDIC issued a publication, Investing in the Future of Mission-Driven Banks: A Guide to Facilitating New Partnerships,33 to connect those who wished to support and partner with these institutions. Numerous large banks, technology companies, and others have invested hundreds of millions of dollars into mission-driven banks over the past two years. The FDIC also initiated the creation of the Mission-Driven Bank Fund, a private investment fund that will invest in FDIC-insured MDIs and CDFIs.34 We understand that the anchor investors, Truist Financial Corporation and Microsoft, are poised to select the fund manager in the coming weeks.
The federal government has provided new funding to these institutions through nearly $8.3 billion in the U.S. Treasury’s Emergency Capital Investment Program (ECIP) and up to $3 billion in CDFI Fund programs, including up to $1.2 billion set aside for minority lending institutions. The banking agencies issued new regulations that revised capital rules to provide that Treasury’s investments under the program qualify as regulatory capital of insured MDIs and CDFIs and holding companies.35 The FDIC developed a Capital Estimator Tool and a Regulatory Capital Guide to enable mission-driven banks to approximate the impact of additional capital on various capital ratios. At the request of mission-driven banks, the FDIC developed a technical assistance program to help ECIP recipients understand supervisory expectations for the significant new growth that this capital will support over the coming years.
The FDIC also benefits from a number of MDI and CDFI bank executives serving on its Advisory Committee on Community Banking (CBAC), the MDI Subcommittee of the CBAC, and the Advisory Committee on Economic Inclusion. These bankers bring the voices of mission-driven banks to the FDIC board and senior executives, and they have provided input on important policy initiatives.
Diversity, Equity, Inclusion and Accessibility Priorities of the FDIC
Fostering diversity, equity, inclusion, and accessibility (DEIA) continues to be a top priority for the FDIC.36 Our goal is to have a workforce that is talented, diverse, and committed to fostering a safe, fair, and inclusive workplace and banking system. The agency is focusing on three strategic areas in 2022: (1) implementing strategic initiatives focused on the workplace; (2) Hispanic recruitment and retention, an area identified as needing special attention by an analysis of our employment data; and (3) financial institution diversity.
A diverse and inclusive workforce, reflecting a variety of experiences and perspectives, is central to accomplishing the mission of the FDIC. Promoting DEIA within the FDIC workforce and the broader financial industry is a key priority for 2022, and was established as one of the seven FDIC Performance Goals.37 Recruitment and hiring diversity initiatives, support for first-generation professionals and career development programs for the next generation of leaders are among several other employee initiatives.
The FDIC has worked to engage employees at all levels across the agency in strategic initiatives. The Diversity and Inclusion Executive Advisory Council (EAC), comprised of the FDIC’s most senior leaders, meets monthly to discuss DEIA matters. Regional Directors discuss DEIA strategies with regional and field office employees. Each month a representative from a diverse identity employee resource group meets with the EAC to share perspectives. In addition, I meet regularly with employee resource groups.
Over recent years, the FDIC has made progress toward improving the diversity of its workforce to better reflect the demographics of the civilian labor force (CLF). The percentage of women hired into entry-level examiner positions, the agency’s largest occupational group, increased to 41 percent. In 2021, minority representation at the executive level increased to 23 percent and minority representation across all management levels increased to 24 percent. Persons with disabilities increased to 13 percent of the workforce, above the 12 percent federal benchmark. Veterans increased to 9 percent of the workforce with veterans representing almost 13 percent of new hires in fiscal year 2021.
One area where the FDIC is placing increased emphasis toward improving diversity is with individuals who self-identify as Hispanic. At less than 5 percent, Hispanic representation is well below the CLF percentage of almost 10 percent based on 2010 census data. By contrast, the agency’s workforce who identify as American Indian/Alaska Native, Asian, Black/African American, or Native Hawaiian/Pacific Islander exceeds the CLF.
In an effort to improve the agency’s representation with this part of the workforce, the FDIC established an executive level task force to address challenges for Hispanic recruitment and retention. While the agency is focusing efforts to reach individuals that identify as Hispanic, the FDIC will continue recruiting strategically to reach all available talent in the labor market, providing upward mobility opportunities to current employees, and supporting employee engagement at all levels.
Financial Institution Diversity
Since 2016, the FDIC’s Financial Institution Diversity Self-Assessment (Diversity Self-Assessment) program has supported the efforts of supervised institutions to create and grow their diversity programs, which allow them to build strong relationships with their clients and communities, maximize workforce representation, and develop and implement inclusion efforts. The FDIC developed the diversity self-assessment framework based on the Joint Standards for Assessing our Regulated Entities’ Diversity Policies and Practices that were established with five other federal agencies.38 To increase awareness of the agency’s Financial Institution Diversity Program, in 2021 the FDIC expanded its outreach with banking organizations and individual banks and launched a social media campaign. For the 2021 reporting period, 172 or 22 percent of 774 FDIC supervised banks with 100 or more employees submitted their Diversity Self-Assessments. This represented a 16 percent increase over 2020 submissions.
Threats from malicious cyber actors continue to be a significant and evolving risk for banks and their service providers. Evaluating cybersecurity practices continues to be a high-priority focus of the FDIC’s supervision program. In its 2022 Report on Cybersecurity and Resilience,39 the FDIC highlighted several components of our cybersecurity program including our relevant safety and soundness standards, periodic guidance, alerts and advisories, technical assistance, and other outreach efforts. The report also discussed the agency’s efforts to enhance the cybersecurity education of our examination force and the creation of examiner work programs related to particular threats. Our report also highlights interagency work related to cyber threats.
The FDIC recently examined the ransomware attacks against FDIC-supervised institutions and their service providers to learn about the techniques that were most helpful in defending against those attacks. Our examination of ransomware attacks suggests significant vulnerabilities exist. While we did not discover new categories of controls that need to be communicated to financial institutions, our examinations did reveal that those institutions that dedicate resources to implement appropriate controls can effectively defend against these attacks.
The FDIC is now piloting technical examination aids that will help our examiners focus on the controls we found to be most effective in defending against these attacks. Examples of effective controls include high quality multi-factor authentication to control access to systems and network segmentation to limit the ability of a malicious actor to move laterally in a network. Where we find these controls to be missing, our feedback and a bank or service provider’s response could make a big difference in the company’s cybersecurity effectiveness.
Of course, ransomware is one threat among many. We continue to highlight the value of banks and service providers staying aware of the range of threats and vulnerabilities by using the services of entities like the Financial Services Information Sharing and Analysis Center, the U.S. Department of the Treasury, the Federal Bureau of Investigation, and the Cybersecurity and Infrastructure Security Agency. The FDIC will also periodically amplify messages from the intelligence, law enforcement, and other security agencies regarding threats and vulnerabilities that appear particularly critical and actionable.
The FDIC’s Pandemic Response and Current Operations of the FDIC
When the FDIC instituted mandatory telework in response to the pandemic on March 13, 2020, the agency could not have imagined that it would be two and a half years before we returned. The FDIC was fortunate, however, in that the foundations for conducting offsite bank examination operations were laid in 2016. Based on work begun in 2017, the FDIC began testing offsite review processes in early 2018. Staff continued to test new tools, and by year-end 2019, we had increased the percentage of safety and soundness examination work completed offsite to 47 percent, an increase from the 2016 level of 32 percent.
The FDIC operated under mandatory telework until this past April, when we moved to the second phase of our Return to the Office Plan, or maximum telework. During this period, staff were permitted, but not required, to return to the office. On September 6, 2022, the FDIC was able to move to Phase 3 of its Return to the Office Plan. This hybrid work environment expanded flexibilities to all FDIC staff that were offered to our examination staff pre-pandemic, allowing staff to work from home when they did not need to be at a financial institution or in the office.
The FDIC conducted a limited number of in-person examination activities over the past two and a half years. In the current Phase 3 of operations, we have returned to having an in-person component for each safety and soundness and consumer compliance examination. In this hybrid work environment not every examination team member may work onsite at the bank. Some may work from the field office or from home. In designing this new approach, the FDIC drew from lessons learned from our work during mandatory and maximum telework as well as through internal reviews and consideration of responses to a request for information from the banking industry.
In conclusion, the banking industry enters this period of significant economic uncertainty and downside risk in a relatively strong position. It is well-capitalized, has ample liquidity, good credit quality, and is continuing to experience strong loan growth. In its supervisory work, the FDIC will be focused on asset exposures of the banks that could be vulnerabilities in an economic downturn, such as commercial real estate, and interest rate risk in a rising interest rate environment, including unrealized losses on investment securities held by banks.
The FDIC will also be focused on key policy initiatives on CRA, the financial risk of climate change, a review of the bank merger process, crypto-asset related financial risks, the Basel III capital rules, and maintaining a strong DIF in compliance with statutory requirements.
In addition, the FDIC will continue its work on other key priorities including supporting MDIs and CDFIs; fostering diversity, equity, inclusion, and accessibility in its workforce; addressing cybersecurity risk at FDIC-supervised institutions; and managing the FDIC’s return to the office.
1 See FDIC Quarterly Banking Profile: Second Quarter 2022 (September 8, 2022) available at https://www.fdic.gov/analysis/quarterly-banking-profile/.
2 See Federal Deposit Insurance Corporation Restoration Plan, 85 Fed. Reg. 59306 (published September 21, 2020).
3 See Federal Deposit Insurance Corporation Amended Restoration Plan, 87 Fed. Reg. 39518 (published July 1, 2022).
4 87 Fed. Reg. 64348 (published October 24, 2022).
5 Community Reinvestment Act of 1977, Pub. L. No. 95-128, title VIII, (1977).
6 Id. at Sec. 802.
7 See Joint Notice of Proposed Rulemaking: Community Reinvestment Act, 87 FR 33884 (published June 3, 2022), available at https://www.govinfo.gov/content/pkg/FR-2022-06-03/pdf/2022-10111.pdf.
8 Comment submission closed on August 5, 2022. Comments received on the proposed changes to the Community Reinvestment Act are available at https://www.regulations.gov/docket/OCC-2022-0002/comments.
9 See Intergovernmental Panel on Climate Change (2021; in press), "Summary for Policymakers," in V. Masson-Delmotte, P. Zhai, A. Pirani, S.L. Connors, C. Péan, S. Berger, N. Caud, Y. Chen, L. Goldfarb, M.I. Gomis, M. Huang, K. Leitzell, E. Lonnoy, J.B.R. Matthews, T.K. Maycock, T. Waterfield, O. Yelekçi, R. Yu, and B. Zhou, eds., Climate Change 2021: The Physical Science Basis. Contribution of Working Group I to the Sixth Assessment Report of the Intergovernmental Panel on Climate Change (Cambridge, United Kingdom: Cambridge University Press).
10 See Statement of Principles for Climate-Related Financial Risk Management for Large Financial Institutions, 87 Fed. Reg. 19507 (published April 4, 2022).
11 OCC Bulletin 2021-62, Risk Management: Principles for Climate-Related Financial Risk Management for Large Banks; Request for Feedback (December 16, 2021). https://www.occ.gov/news-issuances/bulletins/2021/bulletin-2021-62.html.
12 Comment submission closed on June 3, 2022. Comments received are available at https://www.fdic.gov/resources/regulations/federal-register-publications/2022/2022-statement-principles-climate-related-financial-risk-management-3064-za32.html.
13 Bank Merger Act, Pub. L. 86-463, 72 Stat. 129 (1960); Bank Merger Act Amendments of 1966, Pub. L. 89-356, (codified as amended at 12 U.S.C. 1828(c)(2018)), available at https://www.fdic.gov/regulations/laws/rules/1000-2000.html#1000sec.18c.
14 12 U.S.C. § 1828(c)(1) and (2).
15 12 U.S.C. § 1828(c)(5).
16 12 CFR part 303, available at https://www.fdic.gov/regulations/laws/rules/2000-250.html and 63 FR 44762, August 20, 1998, effective October 1, 1998; amended at 67 FR 48178, July 23, 2002; 67 FR 79278, December 27, 2002; and FDIC Statement of Policy on Bank Merger Transactions,73 FR 8871, February 15, 2008, available at https://www.fdic.gov/regulations/laws/rules/5000-1200.html. See also Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. 111-203, section 604(f), 124 Stat. 1376, 1602 (2010) (codified at 12 U.S.C. 1828(c)(5)), available at https://www.govinfo.gov/app/details/PLAW-111publ203.
17 Request for Information and Comment on Rules, Regulations, Guidance, and Statements of Policy Regarding Bank Merger Transactions, 87 Fed. Reg. 18740 (published March 31, 2022).
18 Comments received are available at https://www.fdic.gov/resources/regulations/federal-register-publications/2022/2022-rfi-rules-regulations-statements-of-policy-regarding-bank-merger-transactions-3064-za31.html.
19 The impact of COVID-19 on cryptocurrency markets: A network analysis based on mutual information, available at https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0259869.
20 Financial Stability Oversight Council Report on Digital Asset Financial Stability Risks and Regulation 2022, available at https://home.treasury.gov/system/files/261/FSOC-Digital-Assets-Report-2022.pdf.
21 Federal Deposit Insurance Corporation, Financial Institution Letter 16-2022: Notification of Engaging in Crypto-Related Activities, FDIC (April 7, 2022) available at https://www.fdic.gov/news/financial-institution-letters/2022/fil22016.html.
22 See OCC, Interpretive Letter 1179 (November 18, 2021); Federal Reserve SR 22-6 / CA 22-6: Engagement in Crypto-Asset-Related Activities by Federal Reserve-Supervised Banking Organizations (August 16, 2022).
23 Notifications under the FIL and knowledge of engagement or potential engagement that we learn through the supervisory process is confidential supervisory information, but we are aware of approximately 80 FDIC-supervised institutions that are engaging in or are interested in engaging in crypto-asset activities, and approximately two dozen that appear to be actively engaged in activities described in the FIL. The FDIC is providing various types of supervisory feedback, depending upon the activity involved, the status of the activity (active or planned), and the institution’s risk management framework, among other things.
24 See, https://www.washingtonpost.com/business/2022/07/06/voyager-bankruptcy-three-arrows/, https://www.washingtonpost.com/business/2022/07/13/crypto-bankruptcy-celsius-depositors/.
25 See “FDIC and Federal Reserve Board issue letter demanding Voyager Digital cease and desist from making false or misleading representations of deposit insurance status,” July 28, 2022, available at https://www.federalreserve.gov/newsevents/pressreleases/bcreg20220728a.htm and “FDIC Issues Cease and Desist Letters to Five Companies For Making Crypto-Related False or Misleading Representations about Deposit Insurance,” August 19, 2022, available at https://www.fdic.gov/news/press-releases/2022/pr22060.html.
26 See Advisory to FDIC-Insured Institutions Regarding Deposit Insurance and Dealings with Crypto Companies, FIL-35-2022 (July 29, 2022), available at https://www.fdic.gov/news/financial-institution-letters/2022/fil22035.html.
27 Remarks of FDIC Acting Chairman Gruenberg at the Brookings Institution on the Prudential Regulation of Crypto-Assets, October 20, 2002, https://www.fdic.gov/news/speeches/2022/spoct2022.html.
27 See Basel III, International Framework for Banks, available at https://www.bis.org/bcbs/basel3.htm.
28 See FDIC Press Release, PR-65-2022, Agencies Reaffirm Commitment to Basel III Standards (September 9, 2022) available at https://www.fdic.gov/news/press-releases/2022/pr22065.html.
30 See Section 308 of the Financial Institutions Reform, Recovery, and Enforcement Act of 1989, Pub. L. 101-73, title III, § 308. Aug 9, 1989, as amended by Pub. L. 11-203, title III, § 367(4), July 21, 201, 124 Stat. 1556, codified at 12 U.S.C. 1463 note.
31 See FDIC, Minority Depository Institutions: Structure, Performance, and Social Impact, available at https://www.fdic.gov/regulations/resources/minority/2019-mdi-study/full.pdf.
32 FDIC Financial Institution Letter, FIL-24-2022, Minority Depository Institution (MDI) Designation (May 19, 2022) available at https://www.fdic.gov/news/financial-institution-letters/2022/fil22024.html.
33 See FDIC, Investing in the Future of Mission-Driven Banks: A Guide to Facilitating New Partnerships, available at https://www.fdic.gov/regulations/resources/minority/mission-driven/guide.html.
34 See FDIC, Mission-Driven Bank Fund webpage, available at https://www.fdic.gov/regulations/resources/minority/mission-driven/index.html.
35 See FDIC, Federal Bank Regulators Issue Rule Supporting Treasury’s Investments in Minority Depository Institutions and Community Development Financial Institutions, available at https://www.fdic.gov/news/press-releases/2021/pr21018.html.
36 The agency’s corporate strategy is outlined in the FDIC Diversity, Equity and Inclusion; 2021-2023 Strategic Plan, available at https://www.fdic.gov/about/diversity/pdf/dei2021.pdf.
37 See FDIC 2022 Annual Performance Plan, pg. 92.
38 See Final Interagency Policy Statement Establishing Joint Standards for Assessing the Diversity Policies and Practices of Entities Regulated by the Agencies, 80 Fed. Reg. 33016 (June 10, 2015).
39 See FDIC, “2022 Report on Cybersecurity and Resilience,” available at https://www.fdic.gov/regulations/resources/cybersecurity/2022-cybersecurity-financial-system-resilience-report.pdf.