Being the primary regulator for 2,200 federally chartered commercial banks, including many of the country’s largest institutions, will always garner you plenty of attention in the nation’s capital. But the stage lights grew even hotter for Comptroller of the Currency John D. Hawke Jr. last June when he was forced to concede during congressional testimony that his agency’s supervision of Washington, D.C.-based Riggs National Bank had been highly lax. Riggs, which provided banking services to a number of foreign embassies in town, had for several years failed to comply with federal anti-money-laundering regulations. Specifically, Riggs failed to file suspicious activity reports under the Bank Secrecy Act on tens of millions of dollars in transactions by diplomats from Saudi Arabia and Equatorial Guinea.
Although these violations go back to at least 1997, according to the OCC’s own admission, the fat didn’t fall into the fire until the fall of 2002 when press reports suggested that money in a Riggs account controlled by the wife of the Saudi ambassador to the United States may have ended up in the hands of the 9/11 terrorists. It was a humbling moment when Hawke was forced to tell Congress last year that, “It is clear to me that there was a failure of supervision.” It was also a frank admission of accountability in a city where buck-passing has become an art form.
For the 71-year-old Hawke, Riggs has been a rare misstep in a career spent at the epicenter of financial services in Washington. He began his five-year term as comptroller in October 1999 after spending three and a half years as under secretary of the Treasury for Domestic Finance, where his portfolio included the development of policy and legislation for financial institutions, debt management, and capital markets. Prior to that he spent 30 years at the Washington law firm of Arnold & Porter where he ran the financial institutions practice, although he left for three years in the mid-1970s to serve as general counsel to the board of governors at the Federal Reserve. From 1987 to his departure in 1995, Hawke also served as Arnold & Porter’s chairman. In other words, his is a long and distinguished career spent covering most of the bases worth covering for a bank attorney in Washington. Hawke’s term ends in October of this year, although he can remain in office until a successor is appointed. Given that 2004 is a presidential election year, the changeover probably won’t occur until 2005.
Hawke has also been deeply involved in developing new risk-based capital guidelines under the auspices of the Basel Committee on Banking Supervision. Although the so-called Basel II rules won’t go into effect in the U.S. for another two to three years, and will only apply to the largest banks, Hawke has serious concerns about their complexity. He also worries about bank directors’ ability to protect themselves from liability coming out of such corporate governance debacles as the Enron and WorldCom affairs. In both instances, large U.S. banks helped the miscreants engage in deceptive transactions. Recently, Bank Director Senior Editor Jack Milligan interviewed Hawke in his spacious and brightly lit office at the OCC’s headquarters in Washington.
The OCC has been criticized for failing to correct long-standing deficiencies in Riggs National Bank’s compliance with anti-money-laundering regulations. How is the agency responding to that situation?
First of all, we take the Bank Secrecy Act and USA Patriot Act very seriously. They’re enormously important statutes. I also think it’s fair to say that after 9/11, there were significant changes in attitudes about the importance of these laws both with [federal government] agencies and on [Capitol] Hill. Just to give you an example, when the banking agencies proposed the Know Your Customer rule in 1998, there was a tremendously hostile reaction on the Hill, and the message was, “Don’t even think about doing something like that again.” I must say I agreed with them. I took office the day after that regulation was proposed, and I led the retreat. After 9/11, it was totally different. The Patriot Act embodied things that Congress had shown a great aversion to in the not-too-distant past. So everybody’s attitude changed because of that horrible event.
As to Riggs, I reviewed our supervisory record going back to 1997, and it was clear to me that it was a failure of supervision. We gave Riggs too much time to do things that we noted should be done. It’s not like we were missing things in Riggs’ compliance with the law. We saw improvements that needed to be made, [but] we were too tolerant. We gave them too much time; we didn’t get tough enough, early enough. And we didn’t adequately assess the risk that was involved with the embassy business they were conducting.
Would it be fair to say that the risks of the embassy banking business were viewed much differently post-9/11 than they would have been viewed pre-9/11?
In my conversations with bankers, the Bank Secrecy Act and USA Patriot Act are, from a compliance standpoint, the two laws bankers complain about most.
It’s a tough challenge and there are a couple of aspects worth noting. One, banks historically have traded on the confidentiality of the customer relationship, but there’s a whole new ethic that has developed. Now you are expected to know where your customers are getting their funds from and know where [those funds] are going. You’ve got to understand the profile of your customer and make sure the customer is who he says he is. And two, I think there’s a sense of frustration on the part of bankers that they file all the necessary reports but don’t see a lot of tangible results. They feelu00e2u20ac”in many cases rightfully sou00e2u20ac”that they’re going through a lot of work and it isn’t paying off. There are a lot of reasons for that; many of the suspicious transaction reports that they file are entirely appropriate in that there is suspicious, if not illegal, activity going on. But because of extraneous factors like sentencing guidelines, some U.S.[district] attorneys are reluctant to pursue criminal investigations because the penalties called for in the guidelines don’t warrant the investment of prosecutorial energy. There’s a lot of petty stuff that goes on that may be criminal and may be improper but law enforcement has to balance its priorities as well, and that reinforces the sense of frustration that bankers have.
There has been a lot of discussion on Capitol Hill about taking money-laundering enforcement out of the banking agencies and putting it in a separate enforcement apparatus. What is your view on that?
First of all, it’s important to understand just what it is we do. It is not our mandate to find money laundering or to prosecute it; our job is to make sure that banks are filing the right reports, that they have the right kind of control systems, that they have adequate compliance systems, that they have trained people. These are exactly the same sort of skills we use in determining a bank’s compliance in other areas. So I think the responsibilities we presently have are completely consistent with the work the bank examiners are trained to do, and I don’t see any advantage to shifting that to someone else. I think there can be better coordination between law enforcement and bank supervisionu00e2u20ac”more of a two-way street in terms of exchanging informationu00e2u20ac”but I don’t see any value in breaking out what bank examiners are presently doing and putting that responsibility with another cadre of people who essentially would be replicating the skills of bank examiners.
You’ve been heavily involved in the development of the new capital guidelines under the so-called Basel II initiative. How will that affect the U.S. banking industry?
I’ve been involved in it for five and a half years now. It has been a tremendously interesting process. First of all, the underlying concept of Basel II is something that is very hard to argue with. If you’re going to have a system of risk-based capital, then the [present Basel regime] that was put into place back in the 1980s really needed to be [modernized]. It purported to be a risk-based capital system but was only very grossly related to risk and was easy to game. The art and science of risk measurement has changed radically since those days. The objective of Basel II was to revamp the approach to risk-based capital and make it much more risk sensitive and consistent with the state of the art today. Having said that, what the committee came up with is an enormously complex product, and every time I make that point people say, “Well, we live in a complex world.” But this is far more complex than even a complex world would dictate, and I think that reflects the fact that people from other banking cultures wanted extremely detailed rules because their systems of supervision are far less intrusive than ours. They wanted every contingency spelled out, every loophole blocked; so we ended up with an enormously complex product.
The upside is we’re only going to apply Basel II to a dozen or so of the very largest, most sophisticated banks [in the U.S.], and I think those banks are, for the most part, up to the challenge of dealing with it. The vast number of smaller banks are not going to be subject to Basel II; they’ll continue to operate under the old capital rules, although we might fine-tune the old capital requirements for them. We haven’t seen any great value in changing the rules for them [since] they tend to be better capitalized than large banks.
My understanding is that Basel II will rely on the banks themselves, using very sophisticated models, to determine what their own capital should be for different businesses.
There’s a danger in oversimplifying here. A lot of people have had the reaction that Basel II is just going to turn over the chicken coop to the fox. There’s a substantial amount of input that the banks themselves will have. They will be using their risk management systems and modelsu00e2u20ac”although our people are going to have to validate those modelsu00e2u20ac”and they will be using data that they’ve accumulated over a period of years. In other words, banks will be providing input into the methodology established by the supervisory agency for calculating capital. But they will not be determining their own capital requirements because the regulators will be looking at each part of the [process] along the way. They’ll be looking at the banks’ models, at their data, at their estimates of the probability of default used in the banks’ own risk-rating systems.
Is there a logical connection between what regulators are trying to accomplish with Basel II and the holistic approach to risk managementu00e2u20ac”looking at it on an enterprisewide basisu00e2u20ac”that many banks have started to adopt?
Yes, I think Basel II is an attempt to bring the process of determining capital in line with best practices. One of the concerns that many of us have had about Basel II is that we may be behind the curve; Basel II may be putting in concrete an approach to capital determination that is actually behind the state of the art as it exists today because banks are continuing to move forward in the whole science of risk measurement. When governments get together and bless a particular methodological approach to capital, they may be setting in concrete something that is already out of date.
What are some of the big challenges facing bank directors today?
How do CEOs and bank directors protect themselves against the kinds of risks we’ve seen coming home to roost in the banking system? The kinds of huge exposures in terms of liability and litigation costs coming out of Enron or WorldComu00e2u20ac”any of these huge cases where things happened down in the middle levels of banks that didn’t really represent bank policy and caused a huge blow to the reputation of the institution and tremendous impact on the value of the companies? I’ve been thinking a lot about this lately because as I look at the large institutions in particular, I think they are exceedingly well managed. The largest banks in the country do a fantastic job of managing very complex businesses. How does someone sitting at the top of one of those organizations protect themselves against overreaching by people [lower down] in the institution, particularly against the background of the kinds of incentives that are [being] held out? Management wants people in the organization to go out and hustle, to develop new customers and products, and to satisfy the needs of customers. When you get hotshots out there on the firing line seeing what the competition is doing, they want to beat the competition. Everybody wants to get out there and fight to satisfy the needs of customers. That’s frequently the context in which institutions get into trouble; somebody goes too far. How do you instill a culture in an organization to prevent that conflict? I think that’s a real challenge.
Well, how can directors accomplish that?
There are a number of things that can be done. Having a strong internal audit function and a strong and involved audit committee is very important, and the Sarbanes-Oxley Act underscores that. So, too, is having a strong external audit function that is solely providing auditing and is not conflicted by a desire to sell other services to the institution. Having state-of-the-art control and risk management systems in the institution is crucial, as is having an atmosphere that encourages frank and free discussion of problems instead of containment of problems. Encouraging the free and open discussion of issues is very important. I think having solid and experienced outside directors who are encouraged to express their views is also important. Too often, directors are chosen just because they happen to be cronies of the CEO. You may find this more in small banks where you’ve got a less formal system and a single dominant shareholder who’s not interested in having a strong cadre of outsiders. I think that’s shortsighted. Having strong internal and external legal advisers who are encouraged to express their views and are not conflicted or inhibited [is also important]. When I was in private practice, I used to have clients say, “Don’t tell me what I can’t do. Tell me how I can do what I want to do.” Well, sometimes it’s important to listen to your lawyers tell you what you can’t do.
Furthermore, having a cooperative and productive relationship with your supervisors is important. One thing I’ve come to recognize is that the best bank managers, in large and small banks, are those who appreciate the value of good supervision and know how to work with supervisors instead of fighting the process. Good supervision can be another form of an early warning system. It can provide boards and CEOs with information about problems that are brewing that might not come to the surface in the ordinary course of things.
Above all, the one thing banks ought to strive for is a culture that imbues in everybody the precept that the bank’s reputation cannot be put at risk for any particular customer. No matter how important it is to serve customers and expand the business, do not cross the line where the institution’s reputation is going to be in danger because that puts everybody at risku00e2u20ac”shareholders, directors, and everybody else. I think creating that kind of culture is the most important thing.
Does that most naturally flow from the board, or does it most naturally flow from the CEO?
I think the CEO has to be the transmission belt for that kind of culture, and it’s not enough just to make empty statements. Twenty-five years ago there was a very prominent figure who came into government after being head of a major conglomerate. This was in the era of so-called questionable payments, and when it turned out that this company was making questionable payments all over the worldu00e2u20ac”bribes, not to put too fine a point on itu00e2u20ac”he said, “Well, I’m shocked. I told them not to do things like that.” I could just hear him saying, “You shouldn’t do these things.” Well, it’s not enough just to tell guys who are trying to sell products in competition with the French and the Italians and everybody else around the world not to do it. It’s got to [go] much deeper into the culture than simply a lecture from the CEO.
Do you think that most outside directorsu00e2u20ac”people who are not coming from a banking backgroundu00e2u20ac”are competent in terms of their understanding of the industry?
I don’t think the independent directors need to be experts in every aspect of a bank’s operations. For example, you’ve got very sophisticated banks that are engaged in highly complex derivatives transactions, and I wouldn’t expect the average directoru00e2u20ac”or even a director who is a sophisticated CEO of his own nonbanking companyu00e2u20ac”to understand all of the ramifications of a derivatives business. But they should know the kinds of questions they need to ask to give them satisfaction that the bank’s management understands what it’s doing, that [the institution has] the right kind of controls and risk management processes in place. Ultimately that’s what the function of independent directors isu00e2u20ac”to ask questions to ensure that the bank’s managers are taking the right kinds of steps to protect the institution.
Do you encourage nationally chartered banks to educate their directors, to make sure they understand the sum and substance of what they’re doing?
We’ve done a lot of outreach. We have put out a couple of publications [for directors], and last year we had board chairmen, audit committee chairmen, and chief risk managers for banks in for a seminar. There were a lot of independent directors at that meeting and the dynamic was tremendous. Not only did they listen to what we were saying but when they started talking among themselves, it [became] a wonderful networking kind of exercise because these outside directors were comparing notes with one another.
There was a time when some bank CEOs got very nervous about regulators speaking directly to directors. But I think CEOs have come to realize that having good, well-educated, savvy directors is really in their own interest, and rather than try to stand in the way of communications, a good manager encourages it. I say good managers because when I was in private practice, I had a situation where the guy who was running the institution was a dominant figure, he was obstructing communications between the agency and his directors, and he turned out to be the cause of a lot of the institution’s problems. Once a direct line of communication was established between the directors and the agency, things changed very rapidly. Directors got the message that this guy was the problem, and the bank ended up on a completely different course. If I were a director and I heard a bank manager say after a meeting with the regulators, “Those guys don’t know what they’re talking about, they’ve never run a bank,” to me that would be a warning sign. If I were a director and heard that coming out of the CEO, it would raise significant concerns on my part.