Our Take: financial services regulatory update – June 28, 2024

Change remains a constant in financial services regulation. Read "our take" on the latest developments and what they mean.

Current topics – June 28, 2024

1. Supreme Court overturns Chevron deference and SEC administrative judgments

What happened? On June 28th, the Supreme Court voted 6-3 to overturn “Chevron deference,” a longstanding precedent that compelled federal courts to defer to administrative agencies’ interpretations of statutes that Congress directed the agency to administer.

In the majority opinion, Chief Justice John Roberts said Chevron "defies the command of" the law that governs federal administrative agencies (the Administrative Procedures Act) and "that the reviewing court - not the agency whose action it reviews - is to decide all relevant questions of law and interpret ... statutory provisions." However, he said that the decision does “not call into question prior cases that relied on the Chevron framework.”

Separately, in a June 27th decision, the Supreme Court voted 6-3 that the SEC’s use of in-house administrative courts to resolve certain enforcement disputes violates the Seventh Amendment right to a jury trial.

Our Take

A one-two punch against agency authority. Following a series of rulings over recent years that have limited agency powers,[1] this week’s decisions further erode regulatory agencies’ ability to regulate, supervise and enforce. While the SEC decision will make it more difficult and costly to bring enforcement actions, the Chevron ruling will have the most significant impact on the legal standing of rulemaking and related activities. Agencies will likely need to be more careful in drafting rules to, where possible, tie their expectations to specific statutory language. Crucially, they may now be more limited in their ability to respond to risks in areas not explicitly discussed in statutes, such as climate, digital assets and artificial intelligence. Meanwhile, non-U.S. regulators will continue to make advancements - effectively shifting the regulatory center of gravity to foreign jurisdictions and raising new strategic questions for U.S. firms with international exposure.

The doors open wider for litigation. In many industries, concerns with rulemaking have been traditionally addressed through the notice and comment process and lawsuits against regulators have been rare. However, in the financial services industry alone, there have been over 15 suits filed against regulators in the past 18 months and courts have ruled against agency authority even without the final Chevron decision in place.[2] Accordingly, the decision will likely only strengthen challenges currently in litigation, such as those against the SEC’s climate risk disclosure requirements, the banking agencies’ Community Reinvestment Act modernization, and the CFPB’s small business lending data collection rule. We will then likely see an increase in net-new litigation as firms and industry groups challenge agencies’ interpretations of broad or vague language that financial services agencies rely upon to take action, all of which could face judicial scrutiny following the decision:

  • “Unsafe and unsound.” Banking regulators have broad authority to regulate and supervise firms based on safety and soundness standards. Industry groups have commented that actions taken under this authority should “identify specific, demonstrably unsafe and unsound practices” and not contain “generic and conclusory assertions about ‘safety and soundness.’” 
  • Unfair, deceptive or abusive acts or practices (UDAAP).” The CFPB’s interpretation of its authority to enforce against UDAAP to include discriminatory conduct has already been challenged by industry groups.
  • Threat to financial stability.” The FSOC uses this term to determine whether to designate certain institutions or activities as “systemically important,” which would subject them to increased prudential standards and supervision.
  • “Convenience and needs of the community.” Under the Bank Merger Act, banking regulators are to evaluate the impact of the proposed merger on the “convenience and needs of the community.” Recently-proposed guidelines from the FDIC and OCC go beyond how this term has traditionally been applied.
  • “Business of banking.” The OCC has the authority to grant charters to institutions in the “business of banking,” a term that has already been subject to litigation regarding the agency’s ability to charter fintechs that do not take deposits. While granting charters to fintechs is not a priority of the current Administration, this term in the future will likely continue to see legal challenges as the business of banking expands along with technology.

Potential inconsistency across jurisdictions. The expected increase in litigation will likely create inconsistencies across jurisdictions as district and circuit courts reach different decisions around challenges to agency authority. For example, until the Supreme Court ultimately overturned a Fifth Circuit decision that had struck down the CFPB’s late fee rule under the argument that the agency’s funding structure is unconstitutional, the rule was struck down in Texas, Louisiana and Mississippi while remaining in place in the other 47 states. We expect to see a larger patchwork of regulatory standards as legal challenges weave through the courts, resulting in inconsistency that could remain indefinitely where cases do not reach the Supreme Court.

Congress unlikely to provide clarity anytime soon. In many cases it will be up to Congress to provide clear and specific details around the extent of agency authority in amendments to existing legislation as well as any new efforts. However, the narrowly-divided Congress has struggled to pass any bipartisan legislation and we do not anticipate that clarifying agency authority will be an exception. Notably, in significant “major questions doctrine” cases such as WV v. EPA, Congress has not shown an urgency or willingness to respond.

 

[1] Courts have expanded the use of the “major questions doctrine,” which states that outside “clear Congressional authorization” agencies do not have the authority to determine questions of substantial “economic or political magnitude.” In Kisor v. Wilkie, the Supreme Court limited “Auer deference,” a precedent similar to Chevron deference that compels courts to defer to agencies’ interpretations of their own regulations. In Selia Law v. CFPB, the Supreme Court found that the CFPB’s structure - a single director that could only be removed “for cause” - unconstitutionally violated separation of powers.

[2]  On June 5th, the Fifth Circuit Court of Appeals vacated an August 2023 SEC rule aimed at enhancing private fund investor protection, agreeing with the industry groups’ argument that the SEC did not have statutory authority to promulgate the rule.

2. FDIC finalizes resolution rule as largest banks get feedback

What happened? On June 20th, the FDIC finalized a rule to expand resolution planning requirements for covered insured depository institutions with at least $50 billion in total assets (CIDIs). Separately, on June 21, the Fed and FDIC jointly released feedback letters on the most recent global resolution plans submitted by the eight U.S. global systemically important banks (GSIBs) in July 2023.

What does the final CIDI resolution planning rule require? The final rule is substantially similar to the August 2023 proposal with the following key changes:

  • Modified filing cadence: The final rule requires most CIDIs to file a full resolution plan submission every three years, as opposed to the biennial cadence in the proposed rule, and to submit more limited “interim supplements” in the intervening years. An exception is made for CIDIs affiliated with GSIBs, which must file a full resolution submission every other year, alternating with those firms’ biennial global resolution plan submissions under Section 165(d) of the Dodd-Frank Act.
  • Approach to feedback: The final rule defines two levels of formal feedback that could be issued by the FDIC, including "material weakness," which would support a determination that the resolution plan is not credible and would require timely corrective actions, and "significant finding," a new, less-severe level introduced in the final rule which could lead to a material weakness if not remediated.

The final rule maintains the bifurcation of CIDIs into Group A (greater than $100b in assets) and Group B ($50-100b in assets) that was introduced in the proposed rule. The final rule also modifies and clarifies certain requirements, notably material change notification requirements, valuation analysis requirements for Group A CIDIs and franchise component analysis for Group B firms.

What feedback did the regulators provide to U.S. GSIBs? The agencies identified weaknesses, referred to as “shortcomings,” in four of the GSIBs’ 2023 resolution plans, all of which pertained to their ability to unwind derivatives and trading portfolios in resolution. Areas of concern included the incorporation of updated scenarios and assumptions in evaluating capital and liquidity needs, data reliability, and the ability to appropriately segment derivatives portfolios.

What’s next?

  • For CIDIs: The final rule will take effect on October 1, 2024, after which CIDIs will have at least 270 days (for Group A CIDIs) or one year (for Group B CIDIs) to file their next submissions. Group A and B CIDIs will be further divided into cohorts that will have different due dates for full resolution submissions and interim supplements. The FDIC indicated they will notify CIDIs of their respective due dates promptly following the adoption of the final rule.
  • For GSIBs: Each firm with identified shortcomings was asked to submit a description of key actions and expected remediation timeline by September 1st, 2024. They are expected to have addressed each shortcoming in advance of the July 1, 2025 deadline for their next global resolution plan submissions.

The feedback letters also specified two topics for the Targeted Information Request to be addressed in the GSIBs’ 2025 submissions, including how continuity of critical operations could be supported in scenarios where capital and liquidity resources are below projected needs and analysis of actions by foreign authorities required for the resolution strategy. The agencies also highlighted their intention to conduct additional capabilities testing for the 2025 submission and engage with filers on the scope and focus areas prior to the deadline. Future plan evaluations will place emphasis on firms’ assurance frameworks, which FDIC Chairman Gruenberg noted in his statement will include more granular reviews of internal testing results. 

Our Take

Raising the bar for CIDI resolution. The CIDI final rule codifies significantly heightened expectations for resolution planning and will require most CIDIs to meaningfully enhance their capabilities. After the FDIC observed a number of challenges around readiness and preparation during last year’s bank failures, the ability to demonstrate that “you can do what you say you can do” has become a primary focus. Key capabilities to demonstrate include the ability to populate a virtual data room with data and information needed to support the marketing and sale of CIDI components within a short timeframe, and, for Group A CIDIs, the ability to produce valuation estimates to support the FDIC’s determination of least costly resolution options. Group B CIDIs face a particularly large lift, as they have not been required to submit resolution plans since at least 2018.[1] The rule emphasizes that ongoing engagement with the FDIC, including capabilities testing, will be a key aspect of the FDIC’s evaluation of firms’ resolvability. This reflects an overall shift by the agency to a “show, don’t tell” approach where firms need to demonstrate the ongoing ability to produce data and information within the timeframes needed to support resolution. While the final rule requires most CIDIs to file full resolution submissions only every three years, the annual interim supplements and ongoing engagement with the FDIC will still require considerable effort to prepare and coordinate. If they have not already, firms should objectively evaluate their budgets, resource capacity and skillsets to ensure they are positioned to build and sustain resolution capabilities. With the first submissions likely due in 2025, at least for Group A CIDIs, the time to prepare is limited.

GSIBs still on the hook. The feedback provided to U.S. GSIBs on their global resolution plans demonstrates the agencies’ continued focus on the reliability and flexibility of data and analytical capabilities to support a feasible single point of entry (SPOE) resolution strategy. The GSIBs should expect the agencies to continue to test their ability to produce information supporting estimates of capital and liquidity needs under different conditions and with limited lead time, simulating the constraints of a real-life resolution scenario. The GSIBs will also need to continue to enhance their internal capabilities testing frameworks, incorporating appropriate involvement from the second and third lines of defense as well as escalation of any identified capability limitations. Finally, the Targeted Information Request topic related to continuity of critical operations may require a much deeper analysis of potential contingency options as firms typically assume sufficient capital and liquidity in their plans. Firms will need to thoughtfully examine their critical operations and identify what is needed to preserve core functions.

 

[1] Since the imposition of a moratorium on IDI resolution plans in 2018 (the moratorium was lifted for IDIs with over $100 billion in assets in 2021), IDIs with between $50 billion and $100 billion in assets have not needed to submit resolution plans.

3. Fed releases stress test results

What happened? On June 26th, the Fed released the results of its 2024 Dodd-Frank Act Stress Test (DFAST). All 31 banks that participated in this year’s test remained above their risk-based minimum capital requirements. Under the severely adverse scenario, the firms’ aggregate common equity tier 1 (CET1) capital ratio fell from 12.7% in Q4 2023 to a minimum of 9.9%, well above the required minimum.[1]

What changed from last year? Relative to last year’s annual stress tests, aggregate capital depletion increased by 0.24%. The average capital depletion increased most for foreign banks (1.8%), followed by U.S. G-SIBs (0.8%) and regional banks (0.4%). 

Relative to last year’s severely adverse scenario, this year featured a larger decline in long-term interest rates (3.7% vs 3.25%) and equity prices (55% vs 45%). The scenarios were otherwise largely similar, leading the Fed to note that “the scenario was not a major contributor to the year-over-year change in results.” Instead, it cites 1) increases in credit card balances and higher delinquencies, 2) riskier corporate credit portfolios with higher projected losses, and 3) decline in banks’ non-interest net revenue.

What were the results of the Fed’s exploratory analysis? This year also introduced an “exploratory analysis” with four separate hypothetical elements - two concerning funding stress resulting in rapid repricing of deposits for all banks and two including a market shock featuring the failure of large hedge funds. Under the funding stress scenarios, all of the large banks would remain above minimum capital requirements, with overall declines of 2.7% and 1.1%, respectively. Under the two trading book stresses, which included the failure of five large hedge funds under different market conditions, the largest and most complex banks are projected to lose between $70 billion and $85 billion.

What’s next? The banks are able to announce their estimated stress capital buffers (SCBs)[2] beginning on June 28th and the Fed will announce official results in August.

Our Take

All banks remained well-capitalized under stress but may still face higher capital requirements. This year’s stress results continue the trend of the last several years with banks subject to DFAST remaining well capitalized and able to lend through severe stress, including under the new exploratory scenarios. The exploratory scenarios will not impact firms’ capital requirements but will inform the Fed’s understanding of systemic risk, and support risk-management decision-making at the individual firm level leading to further discussions around exposure concentrations and vulnerabilities. Regarding the DFAST results, the increase in capital depletion could result in higher SCBs and therefore capital requirements for certain banks. This will be used to support arguments against the anticipated capital requirement increase in Basel III endgame, particularly the angle that the proposal is duplicative of risks covered by stress testing.

For more, see Basel III endgame: Assessing the bigger picture

 

[1] The required minimum CET1 capital ratio is 4.5% to be considered well-capitalized, and the average GSIB surcharge for US GSIB in 2022 was 2.3%.

[2] The stress test results no longer include discussion of the Fed’s Comprehensive Capital Analysis and Review (CCAR), as there is no potential for a quantitative or qualitative objection from the Fed. Instead, firms’ capital requirements include the SCB, which represents Fed-modeled start-to-trough stressed capital depletions plus four quarters of planned dividends for each bank.

4. Treasury proposes new outbound investment review program

What happened? On June 21st, the Treasury Department proposed regulations for a new outbound investment review program. The proposed program seeks to monitor and potentially block new investment in sensitive economic sectors of “countries of concern” and builds upon the proposed program framework announced by the Biden Administration last August, including Executive Order 14105.

What are the key elements? The proposed outbound investment review program includes specific prohibitions and mandatory notifications aimed at limiting U.S. firms’ ability to invest in three product categories: 1) semiconductors, 2) quantum technology, and 3) artificial intelligence – in named “countries of concern.”  It specifies that a U.S. person has knowledge of a covered transaction if they have: “...(1) actual knowledge that a fact or circumstance exists or is substantially certain to occur; (2) an awareness of a high probability of a fact or circumstance’s existence or future occurrence; (3) reason to know of a fact or circumstance’s existence.”

  • Covered categories of transactions include: Acquisition of an equity interest or contingent equity interest; certain debt financing that is convertible to an equity interest or that afford certain rights to the lender; the conversion of a contingent equity interest; a greenfield investment or other corporate expansion; a joint venture; and certain investments as a limited partner (“LP”) or equivalent in a non-U.S. person pooled fund.
  • Exceptions include: Publicly traded securities; certain LP investments in a venture capital fund; private equity fund, and pooled investment funds;buyouts of country of concern ownership; intracompany transactions; binding commitments entered into prior to the release of the ANPRM on August 9, 2023; and certain syndicated debt financings.

What changed from previous issuances? In contrast to its August 2023 Advance Notice of Proposed Rulemaking (ANPRM), Treasury refined the implementation approach by modifying the scope of coverage, further defining the “knowledge standard,” and elaborating on expectations for a U.S. person to conduct reasonable due diligence prior to executing a transaction - noting that they may be found liable for engaging in a restricted transaction if they fail to due so. The formal proposal also includes a new exception for transactions involving persons of third countries that have their own outbound investment program or other similar policies.

What’s next? Comments are due by August 4th, 2024.

Our Take

While the U.S. currently has an inbound investment screening program, this proposal would institute new formal restrictions on outbound investments. Firms involved with semiconductors, quantum technology, and artificial intelligence would have new legal liability if proper due diligence measures are not taken. To prepare for final rule implementation, firms should assess the strength of their due diligence programs, capabilities, technology, and resources. In order to prepare for the final program, firms should prioritize the following activities over the coming months:

  • Inventory planned investments to identify potentially covered transactions.
  • Assess the ability of the compliance program to facilitate review of proposed investments.
  • Develop and implement mitigation strategies and controls for scenarios when covered transactions are identified.

In addition, firms that do not have sufficient in-house national security, cyber and privacy expertise should consider enlisting specialists to assist in developing proposed risk mitigation strategies, including technology-enabled monitoring solutions.

5. On our radar

These notable developments hit our radar recently:

  • OCC issues semi-annual risk perspective. On June 18th, the OCC issued its spring 2024 Semi-Annual Risk Perspective. The OCC highlighted credit, market, operational, and compliance risks as the key risk themes in the report. Credit risk is noted as rising as compared to last year with office and multifamily loans, particularly those with interest-only terms, set to refinance over the next three years. As it did in its previous risk perspective, the OCC continues to describe operational risk as “elevated” with a new focus on check and wire transfer fraud and increased payment fraud incidents.  The report also provides an update on the OCC’s work regarding climate-related risk, noting that it is in the early stage of analyzing insurance affordability and availability challenges.
  • Interagency final rule on quality control of automated valuation models. On June 20th, the OCC, Treasury, Fed, FDIC NCUA, CFPB, the Federal Housing Finance Agency (FHFA) issued a final rule implementing quality control (QC) standards mandated by the Dodd-Frank Act for the use of automated valuation models (AVMs) by mortgage originators and secondary market issuers in determining the collateral worth of a mortgage secured by a consumer’s principal dwelling. For more on the impact to firms using AVMs, see Our Take on the proposal.
  • CFTC approves four comparability determinations. On June 25th, the CFTC approved four comparability determinations and related comparability orders granting conditional substituted compliance in connection with the CFTC’s capital and financial reporting requirements to certain CFTC-registered nonbank swap dealers organized and domiciled in Japan, Mexico, the European Union (France and Germany), or the United Kingdom. The determinations are effective once they are published in the Federal Register.
  • OCC proposes revised recovery planning standards. On June 24th, the OCC issued a notice of proposed rulemaking to revise its recovery planning guidelines. The proposal would expand recovery planning guidelines to apply to banks with at least $100 billion in assets, incorporate a testing standard for recovery plans, and clarify the role of non-financial risk (including operational and strategic risk) in recovery planning. Comments must be received 30 days after publication in the Federal Register.
  • FDIC culture updates. On June 28th, the FDIC announced important updates regarding the ongoing work to improve the agency’s workplace culture following an independent review of allegations of sexual harassment and other interpersonal misconduct. The agency approved the creation of two new independent offices reporting directly to the Board: an Office of Professional Conduct and an Office of Equal Employment Opportunity. The FDIC also updated relevant policies and issued RFPs for an Independent Transformation Monitor and an Expert Third-Party as per the Special Review Committee’s report.
  • Agencies propose AML and terrorism program requirements. On June 20th, the OCC, Fed, FDIC and NCUA proposed a rule that would amend the requirements that each agency has issued for its BSA, AML and CFT programs. The amendments are intended to align with changes that are being concurrently proposed by the Financial Crimes Enforcement Network (FinCEN) as a result of the Anti-Money Laundering Act of 2020. Comments must be received within 60 days of publication in the Federal Register.
  • CFPB extends compliance dates for small business lending rule. On June 25th, the CFPB issued an interim final rule to extend compliance deadlines by 290 days for the small business lending rule which is representative of the time elapsed between the Texas court’s first issuance of a stay last year and the Supreme Court’s decision in CFPB v. CFSA last month.
Follow us