Reading the Enforcement Action Tea Leaves
Plus, other items of note from recent bank and fintech securities filings
This is the latest in an ongoing series of posts with brief observations related to new or notable disclosures in annual reports or other filings by U.S. banks or fintech companies. As with previous posts in this series, the disclosures are being highlighted here merely because they are interesting, not necessarily because they are material or because anyone should draw any conclusions based upon them.
How Are Wells Fargo and Citigroup Doing?
Wells Fargo
Wells Fargo’s latest 10-K, filed Tuesday afternoon, generally did not have much to say about its progress in addressing its outstanding consent orders that had not already been said late last year or on January’s earnings call. For example, commentary about the recent December 2022 settlement with the CFPB was consistent with previous statements. (“The required actions related to many of these matters were already substantially complete at the time we entered into the consent order, and the consent order lays out a path to termination after the Company completes the remainder of the required actions.”)
The updated 10-K did make the below changes to the introduction to Wells Fargo’s discussion of its ongoing regulatory remediation efforts, but it might be stretching too far to read anything into these changes, even by the loose standards sometimes applied by this blog.
Citigroup
As of the close of business on Tuesday Citigroup, like many of its peers, has not yet filed its 10-K. The company did however on Tuesday afternoon file an 8-K describing the compensation which Citi’s CEO is due in light of the company’s 2022 performance.
I am not qualified to judge whether the headline numbers are fair, outrageous, or something in between. Instead, in the spirit of the regulatory tea leaf reading being done elsewhere in this post, it may be interesting to compare how last year’s CEO compensation 8-K addressed the consent orders and how this year’s did so.1
February 2022 8-K
In parallel with the strategic actions noted above, Citi has been focused on meeting the expectations of its regulators to address the Consent Orders entered into with the Federal Reserve Board and the Office of the Comptroller of the Currency in October 2020.
Citi’s plans to address the Consent Orders were submitted to both regulators in the third quarter of 2021, and Citi has been refining and executing on those plans.
This Year’s 8-K
In addition to the foregoing, an ongoing priority for Citi management is the remediation of the issues identified in the Consent Orders issued in 2020 by the Federal Reserve Board and the Office of the Comptroller of the Currency.
Citi provides both regulators on an ongoing basis information regarding its plans and progress, and continues to work constructively with the regulators to reflect their feedback on remediation efforts.
The Citi Board of Directors has determined that our plans are responsive to our objectives and that we continue to make progress on our execution.
The CFTC and SEC Continue Their Hunt for Rogue Messaging Practices
Still Pursuing Big Banks…
As Hannah Levitt at Bloomberg noticed, Wells Fargo’s 10-K also includes a note about a previously undisclosed SEC and CFTC investigation.
The United States Securities and Exchange Commission and the United States Commodity Futures Trading Commission have undertaken investigations regarding the Company’s compliance with records retention requirements relating to business communications sent over unapproved electronic messaging channels.
This tracks with recent reports that, having already fined a number of prominent broker-dealers and their affiliates, the SEC was looking to expand its probe to additional firms that have not yet paid up. The recent stories have been about hedge funds, but it makes sense that big banks like Wells Fargo with slightly smaller (but still significant) trading activities will also be expected to make a contribution to the U.S. Treasury.
… And Smaller Ones Too
What might be more interesting as a sign of how far the sweep is looking to extend is a similar disclosure, also new, in the 10-K filed by Stifel Financial last week.
SEC Investigation of Communications Recordkeeping
The Company has been contacted by the SEC in connection with an investigation of the Company’s compliance with records preservation requirements for off-channel communications relating to the broker-dealer or investment adviser business activities of the Company using personally owned communications devices and/or messaging platforms that have not been approved by the Company. At this time, based upon currently available information and review with outside counsel, the Company is not able to estimate the outcome of this matter, including the range of possible ultimate resolutions.
Stifel is a bank holding company with around $37 billion in total assets as of December 31, 2022. Stifel’s broker-dealer operations are more significant than those of similar BHCs of Stifel’s size, but even so I think this is another sign that the SEC is eager to find evidence of rogue messaging activity wherever it may be found.
More on Climate and ESG
A No Win Situation?
Similar to a few other new risk factors included by banks this reporting season, JPMorgan Chase & Co.’s 10-K, filed Tuesday, features an updated risk factor about the push-and-pull in the United States and in various other jurisdictions around climate and ESG.
JPMorgan Chase's business and results of operations may also be adversely affected by actions or initiatives by national, state or local governmental authorities that:
seek to discourage financial institutions from doing business with companies engaged in certain industries, or conversely, to penalize financial institutions that elect not to do business with such companies, or
mandate specific business practices that companies operating in the relevant jurisdiction must adopt.
JPM says this could lead to a damned if you do, damned if you don’t situation.
Because governmental policies in one jurisdiction may differ or conflict with those in other jurisdictions, JPMorgan Chase may face negative consequences regardless of the course of action it takes or elects not to take, including:
restrictions or prohibitions on doing business within a particular jurisdiction, or with governmental entities in a jurisdiction
the threat of enforcement actions, including under antitrust or other anti-competition laws, rules and regulations, and
harm to its reputation arising from public criticism, including from politicians, activists and other stakeholders.
Smaller Banks and Climate Risk
JPM is the largest bank holding company or savings and loan holding company in the United States. A little further down the list, slotting in at #129 as of September 30, 2022, is Sandy Spring Bancorp, a firm with total assets of around $14 billion.
Sandy Spring, like many of its larger counterparts, included in this year’s 10-K a new risk factor about climate change, saying it could “have a material adverse impact on us and our clients.”
After brief paragraphs defining physical risks and transition risks and explaining how each set of risks could result in adverse impacts, the company concludes the new risk factor with the following paragraph.
We intend to enhance our governance of climate change-related risks and integrate climate considerations into our risk governance framework. Nonetheless, the risks associated with climate change are rapidly changing and evolving, making them difficult to assess due to limited data and other uncertainties. We could experience increased expenses resulting from strategic planning, litigation, and technology and market changes, and reputational harm as a result of negative public sentiment, regulatory scrutiny, and reduced investor and stakeholder confidence due to our response to climate change and our climate change strategy, which, in turn, could have a material negative impact on our business, results of operations, and financial condition.
In comments on the federal banking regulators’ proposed climate risk guidance, community banks have warned, not entirely without justification, about the possibility that climate-related financial risk management policies, rules or guidance, although designed for very large banks, will ultimately “trickle down to community banks.”
It would not be right to use this one disclosure from one banking organization (not even technically a community bank2 and, depending how you look at it, arguably not even all that small of a bank3) to draw any broad conclusions. But to the extent other banks of similar size to Sandy Spring determine that similar enhancements to climate risk governance are necessary, I think you will probably see people try to spin the causation argument both ways.
That is, some groups might say these sorts of disclosures are evidence of the trickle down effect that they were warning about, and that small banks are doing this only (or primarily) because they feel pressure from their federal banking regulator(s). On the other hand, you could also argue, fairly, that small banks are doing this because they do genuinely believe these risks to be real and because their shareholders and other stakeholders do genuinely care about this sort of thing.4
Coinbase
Finally, Coinbase’s 10-K filed on Tuesday included a few things that I thought were fun or interesting.
Will the 2024 Election be the Crypto Election?
In last year’s 10-K Coinbase said at the outset of the Government Regulation section that the company “play[s] a leadership role in driving innovative industry-wide solutions to comply with new regulations.”
The new 10-K ... does not say that.5
This is sort of a cheap shot. Even though this sentence about driving innovative industry wide compliance solutions is no more, on the company’s earnings call earlier today management made clear they intend to continue to try to lead the charge toward what they see as more sensible crypto policies.
Brian Armstrong:
I've been spending a lot of time in D.C. I was just there last week, actually. And I'd say policy is my top priority for this year. […] I think the folks that I spoke with, they also realize that the U.S. is a little bit behind right now. The EU has already kind of passed comprehensive crypto legislation. They're looking at others like in the U.K., Singapore, et cetera, that are moving on this dimension and seeing what they can take and put in their bill. So I'm spending more time in D.C.
Paul Grewal:
Coinbase, we have a 10-year plus record of regulatory compliance engagement, and we remain committed to working with regulators to develop solutions that are sensible, that put consumers first and protect them and ultimately help to grow the crypto economy. We are in constant conversation with all of these regulators and, of course, the policymakers as well, particularly in D.C. In those conversations, our agenda is very clear. Regulators should follow the standard course and undertake public rule-making that will give clarity, not just to the industry and to consumers but, of course, investors as well.
Armstrong also went on to make a prediction that honestly I find pretty hard to believe.
So I think we need to really make it clear that -- let's say, in the upcoming election in 2024, for instance, that this is going to be a big issue, I think, for a lot of voters. Crypto is now used by 1 in 5 households in the United States, and it's becoming a pretty powerful lobby and a constituent.
On the other hand, given the issues that the 2024 election is likely to focus on, I suppose we could do worse than a debate about crypto policy.6
The “2022 Events”
The new 10-K uses no fewer than twenty times the new term “2022 Events,” defined near the outset of the 10-K as follows.
The failure of several prominent crypto trading venues and lending platforms, such as FTX, Celsius Networks, Voyager and Three Arrows Capital, in 2022 (the “2022 Events”) has impacted and may continue to impact the broader cryptoeconomy.
Then throughout the rest of the 10-K Coinbase warns that these 2022 Events could have all sorts of consequences. For instance:
“The failures of risk management and other control functions at other companies that played a role in the 2022 Events could accelerate an existing regulatory trend toward stricter oversight of crypto asset platforms and the cryptoeconomy.”
“In addition, as a result of the myriad of regulations, the risks of crypto assets generally, or the adverse reputational impact of the 2022 Events on our industry, financial institutions in the United States and globally may decide to not provide, or be prohibited from providing, account, custody, or other financial services to us or the cryptoeconomy generally.”
“While we have procedures in place to manage our credit risk, such as conducting due diligence on our customers and running stress test simulations to monitor and manage exposures, including any exposures resulting from loans collateralized with crypto assets, we remain subject to risks associated with our borrowers’ creditworthiness and our approval process. Such risks are heightened following the 2022 Events.”
Changes to Key Business Metrics
Coinbase also included in its 10-K a note that it has decided to make changes in its reporting of certain metrics. In particular, “beginning with our Quarterly Report on Form 10-Q for the three months ending March 31, 2023, we do not plan to report Verified Users as a key business metric in our future periodic filings.”7
Coinbase explains:
[W]e do not believe this metric, which is an indicator of the scale of our platform, provides meaningful information related to our business performance. Verified Users do not track user activities leading to revenue generation and, as a result, are not indicative of our overall performance, including with respect to our revenue and operating results and, therefore, we believe that this metric no longer provides valuable insight into our business performance.
Thanks for reading! Thoughts, challenges, criticisms are always welcome at bankregblog@gmail.com
I’ve broken this out into paragraphs, but otherwise it is verbatim.
Typically community banks are thought of as those with $10 billion or less in total assets, but the definitions can be a little loose.
As mentioned above, Sandy Spring was the 129th largest BHC or SLHC as of September 30, 2022, and is a tiny fraction of the size of the very largest holding companies. On the other hand, there are more than 3500 BHCs or SLHCs in the United States, so from that relative perspective #129 does not look all that small.
You can still argue about how much they care, of course. Enough to really want to see Scope 3 reporting from large firms?
The last sentence about the Crypto Rating Council shows up as a deletion here but it was moved in substantially the same form to a later place in the 10-K. Note, though, that it is now accompanied by a second sentence saying, “We also evaluate all other products and services prior to launch under U.S. federal and applicable international securities laws.”
I feel silly for even typing this, but given that the former president is on the record as saying “I am not a fan of Bitcoin and other Cryptocurrencies, which are not money, and whose value is highly volatile and based on thin air…” if there is indeed a crypto constituency out there in the Republican primary perhaps someone will try to exploit it.
In its most recent 10-Q, Coinbase had indicated this was a possibility:
Given that crypto markets and our revenue sources continue to evolve rapidly, we believe there may be an opportunity to evolve our key business metrics disclosures to better align with business performance. This re-evaluation of our key business metrics may include changes to or the elimination of certain metrics. Based on this evaluation, we may determine to change or eliminate some of our current key business metrics in future filings we make with the SEC.