The Problem Bank Mystery
Every quarter, the FDIC releases a Quarterly Banking Profile providing summary financial results for all FDIC-insured institutions. As part of this release, the FDIC also publishes a chart showing the number of “problem banks” in America, along with the aggregate total assets of those banks.
This past quarter, Professor Jeremy Kress noticed something interesting: while the total overall number of problem banks declined, the total assets of the banks on the list increased dramatically. This suggests that a large bank was recently added to the list.
In the above thread, Professor Kress offered some speculation about which bank it might be, and Claire Williams at the American Banker later published a helpful story headlined, “A big bank is in trouble, and no one knows which one or why.”
Based on publicly available information, I have a pretty good guess as to which one, and a pretty good guess as to why.
Context for the Problem Bank List
What is a Problem Bank? A problem bank is generally defined as a bank that has been assigned a rating of 4 or 5 under the U.S. banking regulators’ CAMELS ratings system. A bank’s CAMELS rating includes an overall composite rating, as well as component ratings based on Capital, Asset quality, Management, Earnings, Liquidity and Sensitivity to market risk. The composite rating is its own thing, not just an average of the component ratings, but typically it is the Management rating component that causes large banks the most difficulty and has an outsize effect on the bank’s composite rating. The Management rating evaluates the capability of the bank’s management and board in identifying, measuring monitoring and controlling risks. As such, it encompasses not only an evaluation of the skill of the bank’s managers (as a layperson might interpret it), but also an evaluation of a bank’s compliance systems, controls and risk management procedures. Accordingly, a bank that runs into supervisory trouble - particularly with respect to consumer compliance or BSA/AML issues - is likely to find its Management rating at risk of a downgrade.
How Big is the New Problem Bank? In his remarks on the release of the Quarterly Banking Profile, the FDIC’s Acting Chairman Martin Gruenberg explained that “the number of banks on the problem bank list declined by two from third quarter to 44 but problem bank assets increased from $50.6 billion to $170.2 billion.” That is all the detail the FDIC provides, but from this it is obviously easy enough to work out that the big new problem bank has around $115-$125 billion in total assets. (It is necessary to build in a degree of conservatism because although we know the net change in the number of problem banks, we don’t know exactly how many were removed and how many were added.)
How are Banks of this Size Regulated? The EGRRCPA is a 2018 law that decreased the stringency of some provisions of the 2010 Dodd-Frank Act. The merits of that decrease in stringency, and indeed the degree to which such a decrease occurred, are open to debate, but to oversimplify dramatically a key effect of the EGRRCPA was to free holding companies and their bank subsidiaries in the $50 billion to $100 billion asset range from certain regulations known as enhanced prudential standards or EPS. After the EGRRCPA was enacted, the Federal Reserve Board, FDIC and OCC adopted revised regulations that, in addition to freeing companies in the $50 billion to $100 billion range from EPS requirements, also “tailored” the EPS requirements applicable to bank holding companies and their bank subsidiaries with greater than $100 billion in assets. From the banking sector’s perspective, the benefits of this tailoring chiefly flowed to large regional banks, with the EPS regime for the largest, most systemically important firms effectively unchanged.1
A Neat Story, But Probably Wrong
The upshot of the above is that, if one is so motivated, they could tell a neat and tidy story here: the U.S. banking regulators loosened the standards for large regional banks, and now a large regional bank is in trouble.
I’m not sure that story exactly works here. Instead, the most plausible candidate for the mystery problem bank is a bank that has, from what I can tell, gone almost entirely unmentioned in the debate over regional bank regulation because it is not really a regional bank as traditionally understood. Moreover, its parent company is subject to less Federal Reserve Board supervision than the parent companies of much, much smaller banks.
My best guess as to the mystery problem bank is USAA Federal Savings Bank
Why?
First, the total assets line up well. As of December 31, 2021,2 USAA FSB had approximately $117.4 total assets, matching closely with the asset size range given above.3
Second, USAA FSB has been subject to a series of public enforcement actions in recent years. In October 2020, the OCC fined USAA FSB $85 million dollars for its “failure to implement and maintain an effective compliance risk management program and an effective information technology risk governance program.” According to the OCC these deficiencies, among other violations of the law, resulted in violations of the Military Lending Act and the Servicemembers Civil Relief Act. Then, in March 2022, the OCC again fined USAA FSB, this time levying a penalty of $60 million for “failure to establish and maintain an effective” BSA/AML program and for “fail[ing] to correct BSA/AML internal control problems that the OCC had previously identified.” The 2022 OCC fine was accompanied by a separate action brought by FinCEN, the Treasury Department’s financial crimes regulator, in which USAA FSB was fined $140 million. These sorts of persistent compliance failures,4 particularly as they relate to consumer matters and BSA/AML, are exactly the sort of thing that frequently lead to adverse consequences for a bank’s Management rating, as well as its overall composite CAMELS rating.
Third, when you look at a list of the largest commercial banks in the United States as of December 31, 2021,5 none of the potential candidates appears to be a good fit. Of the handful of banks6 in the potential range, most have a clean recent public enforcement action history. Moreover, several of the banks in the right asset size ballpark are currently or have recently been involved in merger activity, either as the acquirer or the target. This is suggestive of a bank having a supervisory condition that, even if not perfect, is inconsistent with troubled bank status.7
An Incomplete Regulatory Framework for Federal Reserve Board-Supervised Insurance Organizations
If the above analysis is correct, I believe it weakens the argument made by some that the addition of the mystery bank to the list represents a sort of canary in the coal mine scenario, portending further troubles ahead for large regionals.
Of course, that is not to say that this is something to be entirely relaxed about.
From a regulatory perspective, USAA is an interesting case because its parent company is regarded as a depository institution holding company significantly engaged in insurance activities. Among other things, this means that, unlike most companies that own banks, USAA is not currently subject to bank regulatory capital requirements at the holding company level.8 (The Federal Reserve Board proposed capital requirements for such companies in 2019, but has not yet finalized the proposed rules.)
Even aside from the always contentious topic of capital regulation, supervision of insurance organizations that own banks is a sensitive issue for the Federal Reserve Board given that the regulation of insurance in the United States is generally left to the states, and that “[e]xisting statutes specifically require the Board to coordinate with, and to rely to the fullest extent possible on work by the state insurance regulators.”9
If one of the small handful10 of Federal Reserve Board-supervised insurance organizations does indeed control a problem bank, that would be an interesting wrinkle to the ongoing debate around how large (but not gigantic) banks and their holding companies should be regulated - or, in a worst case scenario, resolved.
Obligatory footnote: the EGRRCPA EPS changes were not the only regulatory changes made by Congress or the banking agencies during the Trump Administration, and other changes (including, yes, certain provisions of the EGRCCPA) did deliver benefits to the largest firms.
All data in this bullet is based on call report data, available here.
The match is even better if you add in USAA’s other banking subsidiary, USAA Savings Bank, which had $2.1 billion in total assets as of the same date. It is possible both USAA banking subsidiaries were added to the problem bank list, but there is no way to say for sure. And as detailed in the next paragraph, the public enforcement actions have all been with the larger bank.
In addition to the enforcement actions mentioned in the text, USAA also in 2019 was subject to an enforcement action brought by the CFPB concerning violations of the EFTA and Regulation E, as well as violations related to unauthorized deposit account reopening.
As a federal savings bank, USAA FSB is not included on this list, which may explain why its name has not been subject to public speculation like some other banks in the range.
Because the FDIC’s problem bank list is a list of banks, it captures only assets of the bank, not the entire consolidated organization of which the bank is a part. Thus, trying to solve the mystery (as I’ve seen some do) by looking at the list of large holding companies by assets is going to be misleading, particularly for more complex banking organizations with significant amounts of assets held outside of the bank.
In general, the U.S. banking regulators are unlikely to approve a merger application involving a bank with a CAMELS rating of 3, 4 or 5. Because banks know this in advance, a bank in this category will generally not agree to make an acquisition or agree to be acquired.
Of course, there are always exceptions and I think the weakest part of the argument in the text is that MUFG Union Bank in September 2021 became subject to an enforcement action with the OCC related to “longstanding technology and operational risk governance, technology risk assessments, internal controls, and staffing deficiencies.” But Union Bank’s total assets as of December 31, 2021 are a little high ($127 billion) to be plausible as the mystery bank, and I don’t think the timing of the enforcement action and the addition to the problem bank list fits as neatly as it does for USAA.
USAA and other organizations in a similar position would be quick to point out, correctly, that this does not mean that no part of the USAA organization is subject to capital requirements. USAA’s bank subsidiaries are subject to bank regulatory capital requirements adopted by the OCC, and the portions of the USAA organization engaged in insurance activities are also subject to capital requirements imposed by insurance regulators.
That quote comes from a proposal released by the Federal Reserve Board earlier this year setting out a proposed framework for the supervision of such organizations.
In 2019 when the capital rule for Federal Reserve Board-supervised insurance organizations was proposed only eight firms would have been subject to the rule. Since then two of those firms have exited the banking business, while another is pursuing a change of charter for its bank subsidiary that would mean the holding company would no longer be subject to Federal Reserve Board supervision.