BIP. Monticello Consulting Group

  • About Us
    • Home
    • Who We Are
    • What We Do
    • Leadership
    • Corporate Responsibility
    • Locations
  • Services
    • Digital Transformation
    • Change Management
    • Financial Services Advisory
    • Cyber Services
  • Careers
    • The BIP.Monticello Difference
    • A Day in the Life
    • Build Your Career
    • Your Career
    • Join Us
  • Case Studies & Insights
    • Case Studies
    • Insights
    • Global Perspectives
  • Brochure
  • Contact
    • Home
    • Who We Are
    • What We Do
    • Leadership
    • Corporate Responsibility
    • Locations
    • Digital Transformation
    • Change Management
    • Financial Services Advisory
    • Cyber Services
    • The BIP.Monticello Difference
    • A Day in the Life
    • Build Your Career
    • Your Career
    • Join Us
    • Case Studies
    • Insights
    • Global Perspectives
  • Brochure
  • Contact
bigstock_In_The_Library_5835710.jpg

Insights

  • All
  • Basel
  • Data
  • EMIR
  • IMM
  • Management Consulting
  • Regulatory Reform
  • Risk and COntrols
  • TECH
Ops+Res.jpg

Building Regulatory Resilience: A Deeper Look into Consent Orders & MRAs

Deepak Khurana April 20, 2021

A Brief History

The sheer mention of the term “Consent Order”[1] fills banking executives and board members of financial institutions with anxiety and regret. Consent Orders (CO) are binding legal orders issued by financial regulators that force receiving institutions to formally address significant violations of regulatory standards. Severe Enforcement Actions (EAs), such as COs against medium and large US institutions were a rarity prior to the onset of the financial crisis starting in 2008. This changed in the aftermath of the financial crisis when regulators levied large numbers of EAs against major banks. COs are usually accompanied by large Civil Money Penalties (CMP) and restitution payments and often have repercussions for senior management. According to a recent study, the largest US banks have incurred a total of close to $200 billion in fines and penalties over the past 20 years[2]. In many cases, C-suite executives are directly held accountable for COs because they severely undermine a bank’s reputational standing with clients, peer institutions, regulators, and employees.

Following the resolution of many COs issued during the 2011 – 2014 timeframe, regulators started to increasingly rely on Matters Requiring Attention (MRA)[3] notices as their primary tool to communicate examination findings. In contrast to formal EAs that are public and grounded on firm legal standards, MRAs are confidential and not formally enshrined in regulatory law. During 2013 – 2017 both the Federal Reserve (Fed) and the Office of the Comptroller of the Currency (OCC) liberally issued MRAs to address a wide range of findings. Most large US banks juggled hundreds of outstanding MRAs at some point in time.

Many of the criticisms contained in these notices were addressed to the banks’ Boards of Directors (BOD), even in instances where there was no obvious relevance to a firm’s financial condition, critical controls or risk management practices.  

It is fair to say that many banks struggled with the prioritization and resolution of the many MRAs they received during this time period. Perhaps in recognition of the challenges faced by BODs of large banks, the Fed issued its Proposed Guidance on Supervisory Expectation for Boards of Directors in August of 2017. The proposed guidance specifically stated that the Fed, going forward, would direct most MRA notices to senior management, except in cases involving corporate governance and in situations where senior management failed to take appropriate corrective actions. On February 26th, 2021, the Fed published its Supervisory Guidance on the Board of Directors’ Effectiveness[4]. The Supervisory Letter applies to bank holding companies (BHC) and savings and loan holding companies with total consolidated assets in excess of $100 billion. The SR empathizes the BODs role in enhancing banks’ “continued financial and operational strength and resilience” and focuses on goal setting and oversight responsibilities. While BODs continue to play an important role in overseeing the resolution of MRAs, they are no longer expected to directly remediate most of the underlying issues raised in the notices.

Ops Res 1.jpg

Why Do Banks Incur Consent Orders?

It is helpful to think of two distinct “flavors” of Consent Orders; i) systemic and ii) idiosyncratic. Systemic COs are issued near simultaneously to a number of market participants and target industry-wide failures to adhere to business conduct standards. Key examples include deceptive practices widely deployed across the mortgage industry, including robo-signing, defective foreclosures, and pushing prime-rate eligible borrowers towards sub-prime lending products. Similarly, a large number of large banks incurred regulatory sanctions and fines related to LIBOR-rigging and deceptive foreign exchange practices in 2011.  Although banks’ failures to adhere to fair and sound banking practices in those instances were significant, there was a certain comfort in that “everybody did it.”

Exhibit 1: Regulatory Resilience Framework

Exhibit 1: Regulatory Resilience Framework

The same excuse cannot be used when banks are issued COs for failures specific to their institution. In recent years, several large US banks have incurred COs for violations ranging from defrauding a sovereign wealth fund, persistent shortcomings in compliance and risk management practices, and widespread abuses of retail consumers. Arguably, all of these COs could have been avoided through a combination of strong management oversight and effective compliance frameworks.

Building Regulatory Resilience

Given the many negative repercussions related to COs, senior management and BODs should place emphasis on strong preventative measures. This section will focus on the key proactive steps banks can take to minimize the chances of adversary regulatory actions:

Culture.png

Banking executives have an obligation to “lead by example.” While this may be an overused phrase, corporate history is filled with anecdotes of rank-and-file employees copying questionable behaviors of top executives. Banks where executives place personal compensation and shareholder returns above healthy client relationships and sound risk management practices are placing their institutions in jeopardy. Setting unrealistic profitability targets sends the wrong signals and inevitably results in risky and potentially illegal banking practices down the road.

All professionals across a banking organization need to understand risk tolerance guidelines and have a clear understanding of their personal roles and responsibilities. Risk-taking is inherent in many banking activities, however, it is critical that all employees adhere to prescribed risk tolerances and related limits. Clear BOD-articulated risk parameters need to be clearly communicated to capital markets and lending professionals to prevent excessive, non-approved risk-taking activities.

Lastly, banking executives should deploy a proactive attitude in remediating known shortcomings. In too many instances in recent history, banks have ignored lingering issues that eventually exploded into much larger problems. Executives need to encourage employees to self-identify shortcomings with risk and compliance implications and deploy sufficient funding and resources to address material issues in a timely manner. Senior managers who assume ownership and have the skills to permanently fix known problems are key to a bank’s ongoing viability.

Knowledge.png

Regulatory information issued by the various US agencies can be difficult to decipher for individuals without a deep compliance or specialized legal background. Although US banks are assigned a primary regulator based on their specific organizational structure, assets size and business activities, many regulations and laws issued by other agencies may apply as well. Maintaining a roster of experienced legal and compliance professionals who understand the applicability and nuances of specific regulations are essential to all large banking entities.

 Understanding regulatory trends should not be the exclusive domain of lawyers and compliance professionals. BOD members and senior executives should have a solid working knowledge of pending regulations and related compliance requirements. There are several periodic publications that are useful in providing senior executives and BOD members with the requisite knowledge to effectively oversee their bank’s regulatory initiatives. For example, the bi-annual Federal Reserve Supervision and Regulation Report provides an excellent summary that covers i) Banking System Conditions; ii) Regulatory Developments; and iii) Supervisory Developments. Similarly, the Financial Stability Board (FSB) and the Basel Committee on Banking Supervision (BCBS) publish periodic guidance and reports on regulatory implementation progress that provide comprehensive overviews of regulatory trends from a global perspective.

Senior executives should also utilize their industry networks to stay informed on examination activities at institutions of similar size and engaged in comparable business activities. Oftentimes, banking examiners will review and assess the same business areas and functions at large banks in a sequential fashion. While it is important to respect boundaries around privileged information, peers are often willing to share insights into their recent interactions with regulators on a confidential basis. Similarly, executives at industry associations may be in a position to provide additional intelligence on recent regulatory actions.

Risk.png

Risk management, compliance, and audit are the central control functions that ensure that the entire bank operates within BOD-articulated risk tolerances. In recent years, many banks placed increased responsibility for risk management decisions onto the 1st Line-of-Defense (LOD). The 1st LOD generally includes capital markets and loan underwriting business units that are directly responsible for risk-taking activities. The 2nd LOD consists of risk management and compliance functions that are increasingly assuming an oversight and control function to ensure adherence with both internal and regulatory standards. Regardless of the specific alignment of 1st and 2nd LOD functions within a particular bank, it is essential to move away from the “ticking-the-box” mindset that has prevailed at many institutions for too long. Employees should be challenged to collaborate, assume responsibility, and demonstrate their problem-solving skills.

The role of the 3rd LOD Audit function has gained importance in recent years. Audit executives need to have a strong understanding of regulatory trends and provide clear expectations to both executive management and business unit leads. Audits that include subject matter experts are much more likely to result in positive changes and transparent findings when compared to internal examinations where specialized 3rd LOD knowledge is absent. Successful audit functions will clearly articulate the goals of their examinations and will stay away from clear of “fishing expeditions.” While it is critical to maintaining independence between 1st/2nd/3rd LOD functions, this should not preclude professionals from working in a collaborative fashion.

Stopping at an MRA/MRIA

As discussed earlier, recent regulatory guidelines should alleviate some of the issues large banks experienced with their MRA remediations in recent years. However, banks will only succeed in addressing future MRAs in a consistent and expedient manner if they put the appropriate resources in place to thoroughly analyze the underlying issue and develop comprehensive remediation plans. It is important that banks fully address their MRAs and tackle underlying issues in a prioritized fashion. Banks should encourage employees that are tasked with MRA remediation to assume ownership and develop practical solutions that permanently address the underlying issues. While it is important to understand the root causes the triggered an MRA, prolonged discussions on who might be at fault for incurring the regulatory criticism tend to be counterproductive and should be curtailed by senior management.

Banks should focus on developing a systemic process for logging, prioritizing, assigning ownership, and tracking the resolution of MRAs. Summary dashboards are an effective way to communicate progress to senior stakeholders on a periodic basis. In recent history, several large banks incurred Consent Orders for issues that originated with an MRA that was seemingly resolved. Banks should implement a robust documentation process of the underlying issues raised within an MRA and require detailed information regarding the steps taken to address the shortcomings identified by regulators. The final closure of all MRAs should require the approval of senior executives following the “review and challenge” of all required documentation.

When It All Fails

All.jpg

Given the public nature of Severe EAs, overall scrutiny of a bank’s reaction to a Consent Order will be greatly magnified. Institutions will find themselves in the unenviable position where they need to restore confidence from both external and internal stakeholders. Oftentimes, a bank’s CEO will be asked to assume direct responsibility and resign his or her position to clear the slate for a successor.

The remediation of COs is both costly and disruptive. There is no magic formula to address the inevitable public scrutiny and even sophisticated public relation (PR) efforts will go so far. However, sensible communication efforts, followed up by strong and decisive action are the only viable option to confront COs. Banks should seek to leverage the existing processes to remediate MRAs but will need to significantly enhance their efforts in light of the much more serious challenges posed by COs.

Given the existential threat posed by a CO, bank executives are often forced to dedicate a majority of their time and effort to implement the actions spelled out in the underlying legal document. It is crucial for banks to assemble a team of highly seasoned managers that have the skills to develop strong implementation plans and restore trust vis-à-vis regulators. Any major missteps along this process will draw additional scrutiny, which is unhelpful in an ongoing crisis situation.

Grden.jpg

About Monticello

Monticello Consulting Group is a management consulting firm supporting the financial services industry through deep knowledge and expertise in digital transformation, change management, and financial services advisory. Our understanding of the competitive forces reshaping business models in capital markets, lending, payments, and digital banking are proven enablers that help our clients remain in compliance with regulations, innovate to be more competitive, and gain market share in new and existing businesses. Monticello leverages its financial services advisory capabilities with extensive experience assisting clients and C-suite executives with the resolution of MRAs and COs to guide its clients with the remediation of pending regulatory findings with confidence and resilience.


[1] Cease and Desist Orders (commonly referred to as Consent Orders) are public, injunction-type legal orders

[2] Better Markets – 2021 Fact Sheet Report

[3] Matters Requiring Immediate Attention (MRIA) are escalated variations of MRAs. The terms are used interchangeably throughout this paper.

[4] Supervisory Letter (SR) 21-3 /CA 21-1 The Fed - SR 21-3 / CA 21-1 : Supervisory Guidance on Board of Directors' Effectiveness (federalreserve.gov)

TagsOpsCOE
  • Insights
  • Older
  • Newer
linkedin facebook instagram-unauth twitter-unauth
  • Privacy Policy
  • Press Kit
  • Events

2023 BIP.MONTICELLO      |     ALL RIGHTS RESERVED ©

It is BIP.Monticello’s policy to provide equal employment opportunities to all individuals based on job-related qualifications and ability to perform a job, without regard to age, gender, gender identity, sexual orientation, race, color, religion, creed, national origin, disability, genetic information, veteran status, citizenship or marital status, and to maintain a non-discriminatory environment free from intimidation, harassment or bias based upon these grounds.

BIP. Monticello Consulting Group

Monticello Consulting Group is a trusted management consulting firm servicing clients in the global financial services industry. Our mission is simple—to provide exceptional management consulting services by focusing on three core principles for our clients: value creation, superior execution, and uncompromising integrity.
linkedin facebook instagram-unauth twitter-unauth