An Irony in the Signature Bank Acquisition
Plus: CRO requirements, deciphering some of the recent leaks on SVB's supervisory status, and an idle thought on CSI
Flagstar Bank Acquires Most Deposits and Certain Assets of the Former Signature Bank
Earlier today the FDIC announced that Flagstar Bank, N.A., a wholly owned subsidiary of New York Community Bancorp, had agreed to acquire “substantially all deposits and certain loan portfolios” of Signature Bridge Bank, N.A.
What did NYCB get?
According to the FDIC’s press release, Flagstar Bank will be assuming “substantially all” of the bridge bank’s deposits. The FDIC did not explicitly put a number on this in its press release, noting only that at year-end 2022 Signature Bank had total deposits of $88.6 billion. The amount of deposits now at the bridge bank is lower.
In addition, Flagstar Bank purchased “about $38.4 billion” of the bridge bank’s assets, “including loans of $12.9 billion purchased at a discount of $2.7 billion.”
What did NYCB leave behind?
Left behind in the receivership are around $60 billion in other loans that the FDIC intends to try to dispose of later.
Also not assumed by Flagstar Bank were “approximately $4 billion of deposits related to the former Signature Bank’s digital banking business” for which, per the FDIC’s release, NYCB did not submit a bid. These deposits will be returned directly to customers.
I am not totally sure what to make of the use of the term “digital banking business” here as it does not appear to be a term Signature Bank itself used during its existence. The reasonable hypothesis, though, is that these are Signature’s crypto-related deposits.1 At year-end 2022, Signature bank reported $17.79 billion in “digital asset deposits,” but given events since December 31 it is plausible to think this number is much lower now. (Some might even be surprised it is still at $4 billion.)
As for why Flagstar Bank did not bid for the “digital banking business,” this also is not clear. Reuters had reported earlier this week, citing two sources, that “any buyer of Signature must agree to give up all the crypto business at the bank.” But an FDIC spokesperson later insisted to Reuters this was not the case, and even independent of an FDIC directive you can imagine several reasons why this might not be a business NYCB was enthusiastic about.2
What Did the FDIC Get?
In addition to whatever it will be able to generate from future sales of the remaining $60 billion loan portfolio, “the FDIC received equity appreciation rights in New York Community Bancorp, Inc., common stock with a potential value of up to $300 million.”
At the moment, the FDIC estimates that the total hit to the DIF will be around $2.5 billion.
The FDIC Now Okay With NYCB Doing M&A
One irony in Sunday night’s announcement is that NYCB spent much of 2021 and early 2022 trying to steer to the finish line another M&A transaction in which the FDIC was involved.
NYCB’s original plan when it announced the acquisition of Flagstar was to have Flagstar merge into NYCB’s New York-chartered savings bank. This would have required, among other things, a Bank Merger Act approval from the FDIC. For whatever reason, the transaction as originally envisioned by NYCB and Flagstar, according to a later OCC order, “did not result in [FDIC] approval.”
In light of the FDIC’s resistance, the parties wound up withdrawing their BMA application from FDIC review and restructuring the transaction such that Flagstar, FSB would first convert into a national bank and then merge with New York Community Bank, with Flagstar Bank, N.A. as the surviving bank. Structuring the deal this way meant no FDIC approval was required and that OCC approval would be required instead. This OCC approval was received in October 2022.
Neither the FDIC nor the parties involved have publicly explained exactly what happened with the FDIC’s review of the Flagstar-New York Community Bank merger, so it is not clear if the FDIC’s concern was with old Flagstar, old NYCB, or something else.
But in any case, we now have a sort of funny situation where the FDIC, though it was unwilling to approve an acquisition by NYCB last year of a bank with around $25 billion in total assets and around $17 billion in deposits,3 now in its role as failed bank M&A broker is facilitating a transaction that will result in NYCB making an even larger acquisition.
Regulatory Implications
As of year-end 2022, New York Community Bancorp had around $90 billion in total assets. All else equal, tonight’s announced acquisition of assets from the former Signature Bank will push the company over the $100 billion threshold. Once the company’s total assets measured on a four-quarter rolling average basis are over that threshold, and after taking into account any applicable transition periods, the company will become subject to Category IV enhanced prudential standards - i.e., the somewhat tougher regulations that apply to most firms with between $100 billion and $250 billion in total assets.
By the time NYCB reaches that point, what it means to be subject to such Category IV standards may have changed.
The 2022 SVB Financial CRO Vacancy
SVB Financial Group spent a decent portion of 2022 without a Chief Risk Officer. From the company’s recently filed proxy materials:
Ms. Izurieta departed the Company on October 1, 2022. The Company initiated discussions with Ms. Izurieta about a transition from the Chief Risk Officer position in early 2022. Accordingly, the Company and Ms. Izurieta entered into a separation (without cause) agreement pursuant to which she ceased serving in her role as Chief Risk Officer as of April 29, 2022 and moved into a non-executive role focused on certain transition-related duties until October 1, 2022.
Last week, Bloomberg reported that this is being reviewed as part of the Federal Reserve Board’s probe into what happened at SVB Financial and at SVB.
Makes sense, but there was a quote at the end of the article I found sort of funny:
William Hill, a Miami-based banking lawyer, said the absence of a risk officer could prove viable grounds for legal claims. […] “The legal issue will be whether a bank of this size and in this particular segment of the market would usually have a risk officer and if that’s unusual and outside of the norm,” Hill said. “If most other banks in this circumstance would have a risk officer and this bank didn’t have one, that could be a breach of the duty of care.”
I am, thankfully, not a securities litigator, so I am not in a place to judge whether this would in fact serve as the basis for a claim as to a breach of the duty of care. But if that question does turn on whether other banking organizations in SVB’s position would have a Chief Risk Officer, the Federal Reserve Board’s Regulation YY provides a definitive answer.
Specifically, 12 CFR 252.22(b) requires all bank holding companies4 with total assets of $50 billion or more to "appoint a chief risk officer with experience in identifying, assessing, and managing risk exposures of large, complex financial firms." The CRO must then take responsibility for overseeing various processes and functions, and must report to the risk committee and to the firm's CEO.
These requirements existed in the Board’s original EPS regulations and, at least for firms above $50 billion, were retained without change as part of the 2018-19 tailoring exercise, as the Board believed the requirements “reflect standard risk management practices.”
SVB Financial has been above $50 billion in total assets for several years, and thus has for some time been required by Reg YY to have a CRO.
Neither the Board’s regulations nor, from what I can tell, any other guidance from the Board describe how long is acceptable to have the CRO role sit vacant. Obviously transition periods, gardening leaves, and so on mean that it is unrealistic to expect the CRO role to never be vacant, but the way that SVB Financial handled this particular transition does not seem like best practices. I’ll be curious to see if the Board’s upcoming report on what went wrong from a supervisory perspective provides any more detailed guidance or recommendations for other firms in this position.
SVB Financial’s Pre-Crash Supervisory Status
Late last week Hannah Levitt, Sridhar Natarajan and Saleha Mohsin at Bloomberg reported that in late 2021 the Federal Reserve Bank of San Francisco “appointed a more senior team of examiners to assess” SVB Financial and SVB, and that those examiners immediately began firing off supervisory criticisms.
The San Francisco Fed has a program for overseeing community and regional institutions, as well as a group trained to monitor big banks. As that one prepared to formally watch Silicon Valley Bank at the start of last year, examiners began sending the firm two types of warnings: [MRAs and MRIAs].
On Sunday, Jeanna Smialek at the New York Times followed up with an article providing a few more details:
In 2021, a Fed review of the growing bank found serious weaknesses in how it was handling key risks. Supervisors at the Federal Reserve Bank of San Francisco, which oversaw Silicon Valley Bank, issued six citations. Those warnings, known as “matters requiring attention” and “matters requiring immediate attention,” flagged that the firm was doing a bad job of ensuring that it would have enough easy-to-tap cash on hand in the event of trouble.
But the bank did not fix its vulnerabilities. By July 2022, Silicon Valley Bank was in a full supervisory review — getting a more careful look — and was ultimately rated deficient for governance and controls. It was placed under a set of restrictions that prevented it from growing through acquisitions. Last autumn, staff members from the San Francisco Fed met with senior leaders at the firm to talk about their ability to gain access to enough cash in a crisis and possible exposure to losses as interest rates rose.
The authors of these articles do not put things in the typical bank regulatory terms and that obviously makes sense because only nerds care about this sort of thing. But this is a blog written by nerds, so here is how I read between the lines on this reporting from a bank regulatory perspective:
As hypothesized in a previous post, SVB Financial apparently had a rough time dealing with increased supervisory expectations as it transitioned from the CBO/RBO supervisory portfolio to the LFI supervisory portfolio (i.e., the group of banks with $100 billion or more in total assets).5
The Board’s LFI rating system rates firms across three components - Capital, Liquidity, and Governance and Controls.6 Ratings for each component are assigned on a four-factor scale, ranging in descending order from Broadly Meets Expectations, to Conditionally Meets Expectations, to Deficient-1 to Deficient-2.
The statement in the NYT article that the company had received a deficient rating for Governance and Controls means that, according to the LFI rating system, deficiencies in SVB Financial’s governance and controls “put the firm’s prospects for remaining safe and sound through a range of conditions at significant risk.”7
Further, SVB Financial must have been, in the assessment of its regulators, “unable to remediate these deficiencies in the normal course of business, [such that] remediation would typically require a material change to the firm’s business model or financial profile, or its governance, risk management or internal control structures or practices.”
The LFI ratings system includes “a strong presumption” that a firm assigned a Deficient-1 rating “will be subject to an informal or formal enforcement action by the Federal Reserve.”
Consistent with this, I read the NYT’s reference to “a set of restrictions that prevented [SVB Financial] from growing through acquisitions” as a strong hint that the company was subject to a 4(m) agreement.8
See also the LFI rating system, which says that “A firm rated ‘Deficient-1’ for any rating component would not be considered ‘well managed,’ which would subject the firm to various consequences.”
The NYT article reports that the Federal Reserve Board’s upcoming review will look at, among other things, “whether supervisors believed they had authority to escalate the issue, and if they raised the problems to the level of the Federal Reserve Board.”
As I have written previously, I am unsure about but still open to the argument that there was a shift in supervisory approach driven by Trump-era financial regulators that wound up making a difference here. And I continue to think it is reasonable for the Board’s review to focus on whether supervisors were unduly inhibited from supervising, or whether front-line supervisors tried to be more assertive but were stonewalled by more senior figures.
On the other hand, while acknowledging the significant caveat that the above reporting seems to be based in part on information from leakers engaged in a CYA effort, I am not sure the supervisory approach as it has been described so far indicates anything different here than what was typical, even before the VCS Quarles era of supervision. Of course, maybe that in itself is the problem.
A Re-Re-Think of CSI?
For several years now, several people much smarter than me have been fighting what I have considered the good fight against an overbroad application of the concept of confidential supervisory information.
For example, here is Peter Conti-Brown in 2019:
Sean [Vanatta] and I are concluding a four-year project writing the history of bank supervision, from the Civil War to the changes wrought in supervision after the Dodd-Frank Act, forthcoming from Harvard University Press. A primary source of our frustrations has been a tortured legal doctrine that protects, with criminal penalties, “confidential supervisory information” from disclosure, often without regard to its historical value or relevance to modern debates. In this essay, I write about the flawed and complex legal basis for withholding supervisory information, and explain steps banking regulators and Congress can take to relax those restrictions for better accountability of the financial system without great sacrifice to the deliberations between banks and bank supervisors.
Along similar lines, see this comment letter from Aaron Klein in 2020 calling for the release, with an appropriate lag if necessary, of banks’ CAMELS ratings.
Klein made a similar recommendation in an op-ed last week:
Improving Fed governance is important but insufficient. Bank regulators guard their supervisory reports from the public, so we never know what conditions the banks are in or whether the regulators are doing a good job. Bank regulators should make these reports known as CAMELS public so that we can all judge both how the banks are doing and how well the agencies are supervising them. Learning what grade the SF Fed gave SVB would go a long way to understanding how badly they mis-supervised the bank.
At one point not so long ago I would have found myself nodding along vigorously to these sorts of arguments, particularly because I always found unconvincing the counterargument that increased CSI disclosure could lead to bank runs or other financial instability.
I still think this is probably where I come down, but I feel compelled to admit here that the events of the past few weeks have planted a seed of doubt.
Obviously SVB’s depositors have some … unique qualities from which we should not extrapolate too much. At the same time, if it is easier than ever for very online retail depositors to quickly move deposits to another banks, and if, as HFSC Chair McHenry says, SVB was really the first Twitter-fueled bank run, I now wonder if there is something to the argument that adding details on supervisory ratings to the already often toxic information mix could exacerbate stability concerns.
Is It A Crime to Say Mean Things About a Bank?
In light of recent actions by certain VCs, a reader suggested that I write about so-called bank libel laws, such as Section 1327 of the California Financial Code. This law contemplates up to one year in prison for anyone who “willfully and knowingly makes, circulates, or transmits to another or others, any statement or rumor, written, printed, or by word of mouth, which is untrue in fact and is directly or by inference derogatory to the financial condition or affects the solvency or financial standing of any bank doing business in this state, or who knowingly counsels, aids, procures, or induces another to start, transmit, or circulate any such statement or rumor.”
Similar laws are on the books in other many states, although from what I can tell they have rarely been enforced. And when people have tried to enforce Section 1327 in California, at least one intermediate appellate court has found the statute facially unconstitutional.9
Still, I agree that it would be interesting to write further about how various states have applied, or not, these sorts of laws, and I hope to do so later this week. I suspect this is something some readers have thought about more than I have, so if you know of anything helpful on this topic, I’d appreciate hearing about it.
Thanks for reading! Thoughts, challenges, criticisms are always welcome at bankregblog@gmail.com
This was later confirmed to Bloomberg by an FDIC spokesperson.
For one thing, recall that as a condition to the OCC approval of the Flagstar-New York Community Bank merger discussed later in this post the surviving bank is being required to divest certain crypto-related holdings unless the OCC determines such holdings are permissible. Further, the resulting bank, like all national banks, must “submit a written request for supervisory non-objection pursuant to OCC Interpretive Letter 1179 if it is engaged in any crypto-asset, distributed ledger, or stablecoin activities addressed in OCC Interpretive Letters 1170, 1172, or 1174.”
This is data for Flagstar FSB as of September 30, 2022.
There are equivalent(ish) requirements for savings and loan holding companies and for the U.S. operations of foreign banking organizations.
This is not to say that this is the first time these issues were noticed: on Sunday night the WSJ had a report saying that even when SVB Financial was supervised as a regional banking organization its examiners had identified issues in 2019.
Technically the first two components are called Capital Planning and Positions and Liquidity Risk Management and Positions.
I am assuming here that the firm received a Deficient-1 rating, rather than being immediately assigned a Deficient-2 rating.
As the Board explains:
In addition, under section 4(m) of the Bank Holding Company Act (BHC Act) of 1956, a financial holding company (FHC) or its depository institution that no longer meets FHC requirements because they are no longer well capitalized or well managed must enter into an agreement acceptable to the Federal Reserve to meet the requirements for FHC status. Other than as stipulated in the agreement, until it is again well capitalized and well managed, the FHC may not engage in any new section 4(k) activities or acquire control or shares of any company engaged in any activity under section 4(k) of the BHC Act without the prior written approval of the Board.
In addition to the 2012 California case cited in the text above, in poking around briefly this afternoon I found a 2022 case in which a bank brought an action based on a similar provision of Texas law. The court determined that the statute in question does not provide for a private right of action, and so did not need to reach any constitutional issues.