Dodd-Frank and Federal Preemption: The End Result

calendar.jpgThe Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (the Act) dramatically changed the financial regulatory landscape with broader and more stringent consumer financial protection laws. But one area that the Act does not appear to have changed is National Bank Act (NBA) preemption of state consumer financial laws.

Federal preemption of state laws is important because preemption allows national banks to adhere to one set of federal consumer protection standards instead of 50 state standards.  The Dodd-Frank Act provides that the NBA preempts specified state consumer financial laws only if the state law:

  • discriminates against national banks;
  • “prevents or significantly interferes” with the exercise of a national bank’s powers “in accordance with the legal standard for preemption” set forth by the Supreme Court in Barnett Bank of Marion County, N.A. v. Nelson, 517 U.S. 25 (1996); or
  • is preempted by other federal law.

The second provision worried banks and caused much debate in Congress because consumer advocates sought in the legislative process to establish a new, higher standard for NBA preemption than prior to the Dodd-Frank Act. These concerns have been eased in the year since the Dodd-Frank preemption provisions became effective. Instead of heightening the preemption standard, the Office of the Comptroller of the Currency (OCC) and federal courts have generally interpreted the Act’s “prevents or significantly interferes” provision as merely clarifying the pre-existing preemption standard. 

The OCC is the federal agency charged with interpreting the Dodd-Frank preemption provisions and supervising national banks.  In a final rule issued in July of 2011, the OCC concluded that, “the Dodd-Frank Act does not create a new, stand-alone ‘prevents or significantly interferes’ preemption standard, but rather incorporates the conflict preemption legal standard and the reasoning that supports it in the Supreme Court’s Barnett decision.”  In other words, the Act did not work any meaningful change in the standard for NBA preemption.   

Importantly, most courts have thus far reached the same conclusion as the OCC.* Two district court opinions have included brief statements suggesting that Dodd-Frank may somehow have changed the NBA preemption standard, but neither of these courts ultimately made a definitive ruling on this basis.

In short, while it is still too early to say conclusively that the OCC’s view of the Dodd-Frank preemption provisions will prevail in the courts, the early signs are positive and consistent with the view that the Dodd-Frank Act did not change the NBA preemption standard.

* See, e.g., Baptista v. JP Morgan Chase, N.A., 640 F.3d 1194, 1197 (11th Cir. 2011) (treating the Act as having no effect on NBA preemption standards); U.S. Bank , N.A. v. Schipper, 812 F. Supp. 2d 963, 968 n.1 (S.D. Iowa 2011) (concluding that the Act “did not materially alter the standard for preemption the Court must apply”); Parks v. MBNA America Bank, N.A., 2012 WL 2345006 (Cal. June 21, 2012) (“In 2010, the Dodd-Frank Act codified the significant impair test articulated in Barnett Bank.”)

Audit Committee: Important Questions to Ask Regarding Your Strategic Plan

questions.jpgIt is obvious that the banking industry has undergone some dramatic changes over the past five years. The national and global economic crisis and the ongoing recovery have changed the playing field, making it more difficult for community banks to successfully operate with the same business plan as just a few years ago.

This new reality has made it increasingly important that audit committee members understand their institution’s strategic plan for the next three to five years so they can appropriately conduct their oversight role. This was a focus of my presentation at the Bank Director Audit Committee Conference in Chicago last month. After talking with audit committee members during a peer group exchange and throughout the general sessions, it was clear that some boards and management teams have gone to great lengths to make sure that they have developed a clear vision of the strategic plan and how their organization will adapt to the new environment, while other organizations have not yet turned their focus to the future.

With that in mind, there are a number of questions that audit committee members should be asking themselves, their board colleagues and their management teams:

What is our strategic plan?  It is increasing important that boards of directors and management teams have a clear direction as to the strategic focus and goals of their institution. Directors should determine with management the role that directors play in establishing the plan, measuring the institution’s progress with the plan and modifying the plan, as necessary.

How does our strategic plan affect our risk monitoring?  Different strategic goals may give rise to different risks and different risk management tools may be necessary. For instance, an institution that is focused on growth through acquisitions may have different risk thresholds and considerations than a company that is focused on steady, organic growth. These differences should be taken into account by the audit committee when approving the company’s internal audit plan and reviewing the internal audit reports.  

How is our relationship with the regulators?  It is crucial in today’s environment that your organization has a solid, respectful relationship with its regulators. As a director, you should be comfortable that your management team is responsive to the regulators’ questions and suggestions. Additionally, it is important that the directors can show the regulators that they are engaged in their oversight role and are exercising independent judgment. Directors should consider reviewing the lawsuits recently filed by the Federal Deposit Insurance Corporation against directors to understand some of the practices at other institutions that have led to potential director liability.

What is our current capital structure?  Regulators and investors place a heavy emphasis on capital levels and this will continue into the future. Basel III, the Dodd-Frank Act and the unspecified “regulatory expectation” will shape what future capital requirements will be for all institutions, regardless of size. Not only are there going to be higher capital requirements, but the components of capital will also change, with a clear bias toward more permanent common equity. Capital plays a key role in an institution’s strategic plan, and all directors should have a clear understanding of the following to help ensure that capital issues do not interfere with the company’s plan:

  • their institution’s current overall capital levels;
  • the different capital components and how their institution’s capital is comprised (levels of common capital vs. trust preferred, TARP preferred, subordinated debt, etc.);
  • how much capital will be needed in the future; and
  • how their institution can raise additional capital.

What is occurring with M&A in the industry? Are we going to participate?  Over the past 18 months, industry insiders have been indicating that a wave of consolidation is right around the corner. While the level of merger activity has remained somewhat muted, it is likely that there will be more activity in the near future. Directors should understand their institution’s M&A plan and how it fits within the company’s overall strategic plan. Whether or not the company is planning to be an active acquirer or is contemplating selling, it is important to understand the industry trends, what investors are looking for and what your competitors may be planning.  Additionally, it is important that all institutions have an understanding of what different opportunities exist within their market areas. Having such current knowledge will help ensure that the company can act quickly if the company’s circumstances change and participation in a strategic transaction is in its stockholders’ best interests.

When Doing “Less Badly” Isn’t Enough: Linking Regulation with Strategy in the Post Dodd-Frank Era

deloitte-doddfrank-wp.pngThe dual challenges of the regulatory and earnings environments present financial institutions with an opportunity to build a new model that may help them thrive in the coming years.

As they consider moving forward, how do institutions avoid reactive, haphazard, and uncoordinated sets of firefights as they respond to the new rules and regulations? Complexity can be overwhelming and compliance resources are often scattered and in short supply. If financial institutions want to stay ahead of both the regulations and the competition, if they aim to be stronger, safer, more focused, and able to generate acceptable returns for their shareholders, it may behoove them to consider adopting three concurrent strategies:

  • Create an enterprise-wide regulatory ‘air traffic controller’
  • Restructure the business
  • Increase transparency by creating world-class information management and analytical capabilities

For access to the full report from Deloitte, which provides perspective on the new regulatory environment, observations on how the industry is responding, and a three-point strategy for institutions to consider, click here.

What Regulators Want To See From Boards

audit12-regulators.jpgWhile there is much in the Dodd-Frank Act that doesn’t apply to banks under $10 billion in assets, directors at smaller banks should still be worried about other things—like how they’re viewed by their regulators, how they approach risk and how they discharge their responsibilities.

That was the message coming out of a regulatory panel at Bank Director’s Bank Audit Committee Conference last month in Chicago.


A supervisor at the Federal Reserve’s Division of Bank Supervision and Regulation, Pamela Martin, told the crowd that Dodd-Frank isn’t geared toward institutions below $10 billion in assets. As an example, she said that the Federal Reserve has no intention of requiring stress tests to community banks.

Dodd-Frank mandates that banks above $10 billion in assets establish a board level risk committee, and banks above $50 billion in assets must have both a risk committee and a chief risk officer.

“I would doubt we would be more stringent than what we’ve already proposed,’’ Martin said.

However, the newly created Consumer Financial Protection Bureau (CFPB), which was authorized by Dodd-Frank, will take complaints from consumers and businesses about all banks, not just big banks.

Charles Vice, the commissioner of the Kentucky Department of Financial Institutions, who also spoke on the panel, said some rulemaking by the CFPB will impact banks of all sizes, but he didn’t see the agency “having time to go after community banks” specifically.  


During the panel discussion, the regulators talked about the importance of enterprise risk management, and of taking a thorough approach to analyzing the bank’s risks and trying to anticipate future scenarios that could impact the bank.

 “It doesn’t have to be these complex diagrams that consultants publish,’’ Martin said. “You need to understand the risks you’re taking and do something about it.”

Vice said that a small bank doesn’t necessarily need a chief risk officer. “Even if you don’t have a dedicated employee, at least your senior management and board should be looking at your risk and how to mitigate it and manage it,’’ he said.

Innovation and Risk

One potential area of risk is new business and investments.

Martin said she was concerned that banks had a lot of cash on their balance sheets and might invest in risky ways. She also is concerned whether banks understand new business lines or new geographic areas they might expand into.

“Why are you going into this market, or how are you going to make money and do you have the capital to support this new activity?” she said. “We’re paying attention to the fact that you’re in a low profitability environment. That’s not going to change anytime soon. Understand the risk you’re taking and how you will support the risk you’re taking.”


One of the ways that regulators assess the job that the board is doing is by reading committee minutes. Vice said his department’s pre-exam work includes reading audit committee minutes and reports.  His department will change the focus of the exam depending on the examiners’ comfort level with audit committee work, he said.

Regulators also look at the scope of the external audit. If it doesn’t look like internal or external audit work is robust enough, they’ll take a deeper look at the audit and whether the audit committee discussed results and had a game plan to deal with audit recommendations, Vice said.

Martin concurred that the Federal Reserve likes to see lots of discussion reflected in the audit committee minutes.

She said the bank isn’t downgraded for not having lots of discussion included in the minutes, but a robust discussion is an plus. If there are any issues uncovered in the audit, those ought to be addressed.

“We want the bank to identify the problems,’’ she said. “You don’t have to solve them immediately. You don’t necessarily have to solve them the next time the exam comes around, but we want to see progress.”

Resolution Planning: Lessons Learned

apple-a-day.jpgThis week, regulators released the public sections of the “living wills” of nine of the world’s largest financial institutions, plans that were submitted to the Federal Deposit Insurance Corp. and Federal Reserve Board and required by Section 165(d) of the Dodd-Frank Act. The first round of resolution plans marks an important step in Dodd-Frank compliance efforts, with more than 100 additional institutions facing a similar requirement before the end of 2013. [Editor’s note: The rule generally applies to bank holding companies with more than $50 billion in assets as well as systemically important non-bank financial services companies.]  As second- and third-round filers—whose respective deadlines are based on asset size—embark on this challenging but valuable task, they should keep in mind the following lessons learned from the first round: 

1. Understand the Key Players.  Resolution planning involves different groups whose input feeds into the ultimate work product.

  • The Resolution Plan Team—The project managers of the resolution planning process and their team run the process. The resolution plan team serves as an information aggregator, project driver and thought leader for the bank’s process. The team typically includes senior legal, treasury, and risk management executives, as well as project managers, outside advisors and data compilers.
  • The Front Office—The business people intimately familiar with each of the institution’s core business lines and critical operations are needed to provide the institutional knowledge at the crux of the plan, design resolution strategies, identify barriers or obstacles to resolution and develop assumptions.
  • The Regulators—The FDIC, Federal Reserve Board, and potentially other regulators can be expected to engage in frequent dialog with the resolution plan team as the plan is being developed.

2.  Allocate Sufficient Time and Resources.  Resolution planning is a new and time consuming process. Advance planning combined with an early start is an absolute must. For example, banks subject to the July 1, 2013 deadline should establish their teams, develop their process and select their advisors no later than September 2012 to allow for sufficient execution time.

3.  Develop Integrative Strategies.  The resolution plan team should hold a series of meetings with key front office leadership to learn from each other and develop integrative strategies that take into account the likely effects of insolvency proceedings on ongoing business operations. Initially, the team will educate others about resolution planning, while the front office team will educate the resolution plan team about their particular business functions. This should naturally evolve into an ongoing dialog to identify concerns and refine strategies as the process unfolds.

4. Frame Fundamental Assumptions.  A company must identify the fundamental assumptions underlying its plan. Through such assumptions, a company may focus the project by reducing the number of variables and mitigating those beyond its control.  Initial assumptions should be revisited at critical points throughout the process to ensure they remain valid as the resolution plan is developed.  

5. Identify Operational and Financial Commonalities.  Many business lines and operations have common assumptions, obstacles, interconnections and strategies. It is incumbent on the resolution plan team to identify these and develop a consistent approach.

6. Recognize Practical Limitations.  The resolution planning process simply cannot eliminate all systemic risk or provide a solution for every issue that may potentially cause a disruption to U.S. financial markets. When an impediment to resolvability needs to be addressed, the team should work diligently to find one or more practical mitigating measures (as opposed to an “ideal” solution).  Regulators recognize that there may be issues that cannot be solved at this point in time, including some outside of any one bank’s control, but they expect these issues to be identified nonetheless.

7. Facilitate Dynamic Discussions.  As resolution planning is still in its formative years, the plan may change and evolve, requiring lots of discussion and attention. It will evolve through both internal dialog (i.e., discussions between the resolution plan team and the front office) and external dialog (i.e., discussions between the firm and regulators), as well as regulators’ review of resolution plans.  These discussions are important to ensure that everyone, including the front office, remains consistent and current on evolving regulatory expectations.

The upside is there are no “right” answers and no prescribed solutions to any issue. Further, at least for the first round of resolution plan filers, regulators have suggested that no initial resolution plans will fail.

8. Blend Disclosure with Advocacy.  A resolution plan is necessarily part disclosure and part advocacy. Though banks are required to demonstrate that they are resolvable, a financial institution can also use its resolution plan to advocate preferred solutions to horizon issues and educate the regulators about their operations to facilitate future discussions on M&A transactions and new product lines.

9. Reflect and Improve. Firms should embrace resolution planning as a means to examine all aspects of the operation and, by doing so, identify means to improve efficiencies and reduce operational costs throughout the organization. This “forced introspection” can be equally useful to optimize risk management strategies on an entity-wide basis as different scenarios are considered.

Resolution planning is a new frontier for banks and regulators alike. Poor planning and execution can easily cause the process to become unduly burdensome, whereas advanced planning, lots of introspection, and the strategic blend of disclosure and advocacy can result in an efficient process that yields benefits to the institution beyond resolution planning. 

Volcker Rule: Hero or Villain?

With the Dodd-Frank Act’s Volcker rule coming into effect next month and placing limitations on big banks’ trading abilities, we asked bank attorneys across the country what they thought would really come from this change. Although many different possible scenarios were cited, it was almost unanimous that all the attorneys believe the Volcker rule is likely to cause more damage than good. From hurting the efficiency of our markets to heightening other risks and limiting diversification, one must wonder, is the Volcker rule really going to be a good thing for the health of the financial system? 

Will the Volcker rule achieve its intended goal of lowering the risk profile of large banks by prohibiting them from engaging in proprietary trading activities?

Chip-MacDonald.jpgThe Volcker rule is unlikely to achieve its intended goal because it is so difficult to distinguish proprietary trading from hedging and market-making. Banks are already limited by the types of instruments and securities they can trade in for their own account by Section 16 of the Glass-Steagall Act, which remains in effect as Section 24(7) of the National Bank Act. The most likely effect is that systemic risk may increase as market liquidity decreases, as banks and their affiliates maintain smaller securities inventories, consistent with the Volcker rule proposals. This could widen securities’ bid/ask price spreads, and make the markets less efficient. This will also have an adverse effect on smaller financial institutions which depend upon larger banks and their trading desks for their investment securities purchases and sales.

—Chip MacDonald, Jones Day

Douglas-McClintock.jpgRules are destined to be broken. Like so many well-intentioned laws and regulations, the Volcker rule might end up doing exactly the opposite of what is intended—that is, increasing the risk profiles of large banks, through hedging and other transactions with higher risks than old-fashioned proprietary trading activities. Can you identify any proprietary trading investments that have caused losses in the same ballpark as JPMorgan’s recently acknowledged losses or the hedge fund Long-Term Capital Management’s losses back in 1998? These losses illustrate that the financial marketplace can be a tough taskmaster when seemingly well-thought-out investment strategies, by some very smart traders, run into the ever-changing real world marketplace. No one has a lock on what will work best in the future financial marketplace, but savvy, conservative bankers with competent advisors usually do all right in the long-run.

—Doug McClintock, Sara Lenet, Alston & Bird

Heath-Tarbert.jpgI am generally skeptical of the Volcker rule’s purported benefits to bank safety and soundness. I think appropriate capital, leverage, and liquidity requirements—when combined with a robust risk management framework and culture inside each institution—will do far more to lower the risk profile of large banks. Moreover, the Volcker rule in its current form only compounds the problem by requiring regulators and market participants to make, in some cases, spurious distinctions between and among proprietary trading, market making and hedging. 

—Heath Tarbert, Weil, Gotshal & Manges LLP

Gregory-Lyons.jpgCertainly the Volcker rule will restrain bank proprietary activities, and any reduction of activities reduces risk profiles to a degree. However, after a point, protection turns to paralysis. Years after Dodd-Frank, there still has been no evidence that proprietary trading contributed to the financial crisis, and the rules could put U.S. banks at a competitive disadvantage, particularly with respect to their worldwide operations.

 —Greg Lyons, Debevoise & Plimpton

Peter-Weinstock.jpgIt is too early to determine the ultimate scope of the Volcker rule.  Regardless of the ultimate shape of the Volcker rule, the real key is whether financial institutions can set appropriate risk tolerances, monitor adherence and stay within them. The leaders of the bank regulatory agencies recently were questioned by the Senate Banking Committee in the aftermath of the JPMorgan Chase & Co. $2 billion-plus trading losses. The regulators were unanimous that risk neither should be nor could be removed from banking. The focus on hyper- technical rules, such as those promulgated in draft form to enforce the Volcker rule, rather than on risk management principles and practices, is misplaced.

—Peter Weinstock, Hunton & Williams

Mark-Nuccio.jpgBy completely taking away proprietary trading and investment in and sponsorship of private equity, hedge and other similar private funds, the Volcker rule inappropriately concentrates investment and other risk in other activities and asset classes, all of which have run into calamities in the past. For example, subprime lending is not barred by the Volcker rule. We will not be well-served in the long run by having the largest and most sophisticated U.S. financial institutions become one or two-trick ponies. That said, the Volcker rule is upon us and, in the absence of final regulations, we are spending lots of time with clients developing conformance plans with our divining rods.

—Mark Nuccio, Ropes & Gray

Debate: How Will the CFPB Impact Banks?

As the Consumer Financial Protection Bureau gets underway, compiling data and taking complaints, there is still a large amount of uncertainty about the impact on banks. Although technically only supervising banks with more than $10 billion in assets, the ripple effect in this industry is what worries smaller banks. We asked legal experts in the field what they thought the most immediate effect would be for banks. Many lawyers believe the CFPB will impact banks in a big way, and may reduce lending and the availability of credit across the board. 

What is the most immediate effect that the Consumer Financial Protection Bureau will have on banks?

geiringer.jpgThe most immediate effect that the CFPB will have for banks over the $10 billion threshold is that their compliance examinations will now be conducted by an agency whose mission is based solely on consumer protection.  For banks under the $10-billion asset threshold, the primary potential impact is that the CFPB will promulgate consumer protection regulations for these smaller banks, even though it will not generally examine them.  This may create a disconnect in the CFPB’s understanding of smaller institutions and exacerbate the current one-size-fits-all compliance approach about which community banks have expressed concern.  In addition, all banks should be prepared to respond to postings on the CFPB’s website, which prominently invites the public to “submit a complaint” about their financial institutions.

—John Geiringer, Barack Ferrazzano Kirschbaum & Nagelberg LLP

charles_washburn.jpgBanks and other insured depository institutions with total assets of more than $10 billion and their affiliates are serving as guinea pigs as the CFPB develops its examination staff, standards and procedures. Banks that have gone or are currently going through CFPB compliance examinations have reported that the experience is very challenging. Accordingly, large banks need to double check the effectiveness of their compliance function before the CFPB comes calling.

—Chuck Washburn, Manatt, Phelps & Phillips, LLP

John-Gorman.jpgThe cost and compliance burden [of the new CFPB] will put a damper on consumer lending, but it will be more pronounced with respect to banks with assets in excess of $10 billion.  It is already happening.  Almost by necessity, the CFPB is taking or will take a one-size-fits-all approach to regulation, such that the problems associated with the worst and least regulated entities are presumed to be the industry norm, and all participants’ conduct will have to comport with a regulatory reaction that is based on the lowest common denominator.  When the CFPB issues rulemaking, the bank regulators, who will police the conduct of the under-$10-billion banks, will not want to be viewed as lax enforcers.  The cost and risk of lending will increase for all banks.  That will result is less lending.

– John Gorman, Luse Gorman Pomerenk & Schick, PC 

Mark-Chorazak.jpgWith uncertainty over how the Bureau’s approach to supervision and enforcement and its priorities will evolve during the next several years, an important task for banks, regardless of asset size, has been to establish good working relationships with Bureau staff. For larger banks with assets over $10 billion, such relationship building is critical in light of the Bureau’s exclusive examination authority and primary enforcement authority for compliance with federal consumer financial laws. However, smaller banks with assets of less than $10 billion also have an incentive to build a solid reputation with Bureau staff. Although it has no examination and enforcement authority over smaller banks, the Bureau may participate in examinations conducted by the prudential banking regulators (“on a sampling basis”), refer enforcement actions and require reports from these institutions.

—Mark Chorazak, Simpson Thacher & Bartlett LLP

Peter-Weinstock.jpgRegardless of whether the Consumer Financial Protection Bureau (“CFPB”) has supervisory authority over a financial institution or not, its presence, seemingly atop the regulatory pantheon, will mean increased costs on financial institutions and reduced availability of credit.  It is too early to say how the CFPB will maintain a balance between regulation and cost of compliance, on one hand, and availability of reasonably priced credit, on the other hand.  Recent indications do not look good for financial institutions or credit availability.  A classic example is the CFPB’s statements regarding unfair, deceptive, abusive acts and practices (UDAAP).  The CFPB has indicated that a financial institution needs to evaluate whether a proposed customer, such as an elderly customer, understands all of a product’s terms.  The consequences for financial institutions that are out of compliance with issues such as UDAAP are quite severe.  Financial institutions will err on the side of not making certain loans, rather than expose themselves to losses.

– Peter Weinstock, Hunton & Williams, LLP

John-ReVeal.jpgBanks with more than $10 billion in assets also are already undergoing CFPB compliance examinations.  Even those banks that believed they were fully prepared have been surprised by the scope and duration of these examinations.  The pre-examination information requests alone often exceed in scope what bankers would face in an entire examination cycle that included all aspects of compliance and safety and soundness. Banks with less than $10 billion [in assets] are not subject to the direct compliance examination authority of the CFPB, but will still incur significant costs.  First, the CFPB has the primary responsibility for developing and implementing new consumer protection regulations.  These costs will come in the future, but banks of all sizes will need to contend with these new regulations. 

—John ReVeal, Bryan Cave

Coming To Grips With Risk And Regulation

audit12-ballroom.jpgNow that the worst of the financial crisis is behind them, bank boards might think they can finally breathe a sigh of relief. Except that they can’t. More than 350 people attending the Bank Director Audit Committee Conference June 7-8 in Chicago learned about the new challenges facing audit committees this year—from new regulations regarding risk and compensation, to the struggle that many banks face trying to build capital and grow revenue and earnings in a difficult economic environment. Participants also received instruction on how to identify and root out large-scale internal fraud, one of the worst threats to the bank’s survival, as well as an update on trends in liability and insurance for bank directors.

“The conversation has shifted,” said Robert Fleetwood, a bank attorney with Barack Ferrazzano Kirschbaum & Nagelberg LLP in Chicago, who spoke at the conference. “Now, it’s more of a ‘thank God we survived.’ Once you can label yourself a survivor, you can think about the next three to five years.”

Several directors spoke at the conference about their challenges and solutions at a wide range of banks, from the Bank of Tennessee in Kingsport with just $650 million in assets to $20-billion asset SVB Financial Group in Santa Clara, California, which has offices in China, India and the United Kingdom. 

Regulation and capital will be huge areas of concerns during the next few years, as most of the rules coming out of the Dodd-Frank Act haven’t been finalized yet. Plus, many banks still lack sufficient capital to acquire other institutions. Risk management will be an area of heightened focus for regulators and banks, the vast majority of which don’t have a separate risk committee. As part of that, even though stress testing is only required for banks above $10 billion in assets, the Federal Deposit Insurance Corp. this month published a guide to stress testing for community banks.

However, Pamela Martin, a senior supervisory financial analyst in the supervision division of the Federal Reserve, tried to calm worries at the conference about increased regulation and pressure to comply with rules designed only for the bigger banks.

“Dodd-Frank is really geared at the largest institutions and it’s not designed for community banks,’’ she said. “We have no intention of applying this to community banks, including stress tests.”

Speakers at the conference also talked about how to handle risk on the audit committee and ferret out fraud.

“If I served on a bank board, I would want to know someone served as [the chief risk officer],” said James Shreiner, a senior executive vice president at Fulton Financial Corp, a $16.5-billion bank holding company based in Lancaster, Pennsylvania. “They might have 10 other jobs that they do but [banks] need to have someone who is responsible for risk and not have that be someone responsible for the revenue side.”

Knowing what the bank’s risks are, including the potential for fraud inside and outside the bank, is a particular focus for audit committee members.

“People are more willing to take a risk. Profits are down. Loans are down,’’ said Wynne Baker, the head of the banking practice at KraftCPAs in Nashville. “You want to be in business five years from now and so you want to make sure you have the right tone at the top.”

What will JPMorgan’s trading goof mean for regulation?

jamie-dimon.jpgMuch has been made of the trading mishap at JPMorgan Chase & Co.’s London office, resulting in current estimates of a $3 billion loss to the company or more. But what is at stake here is not so much JPMorgan’s financial health, which doesn’t appear in question, but future regulation of the financial sector.

JPMorgan CEO Jamie Dimon has been arguing publicly against certain kinds of regulation, including the Volcker rule, which would limit proprietary trading by the big banks.

“I think it’s unnecessary, especially when you add it on top of all the other [regulation],’’ Dimon reiterated this week before a U.S. Senate committee, where he spent two hours explaining his company’s trading mistake.

Welcome to the new age, where big banks will have to answer questions not just from their shareholders and customers, but from Congress as to what went wrong with their business and who knew what, and when.

Critics are using JPMorgan’s trading loss, which occurred in the division that invests customer deposits, to argue the Volcker rule ought to be strict and tough on banks.

Regulators have missed 67 percent of their rulemaking deadlines in implementing the Dodd-Frank Act, according to the Davis Polk law firm. Much remains to be written that will affect companies such as JPMorgan and smaller banks as well.

That’s why the public charades are so interesting.

“In the political world, it’s going to be hard for regulators to embrace a looser process rather than a stricter process,’’ says Harold P. Reichwald, a partner in Los Angeles at the law firm Manatt, Phelps & Phillips. “This incident with JPMorgan will have the effect of creating a heightened sensitivity on the part of regulators to pressure the banks they regulate to have a more formal approach to risk management.”

Michael Klausner, a professor with the Rock Center for Corporate Governance at Stanford University, thinks the JPMorgan trading loss really shouldn’t be a regulatory concern.

“Even if you had a 50 times greater hit to capital, you’d still not have a systemic event,’’ he says. “As a policy matter, what we worry about is a systemic event, or what would have an impact on other banks.”

JPMorgan says its capital levels remain strong and it will be profitable in the second quarter, despite the loss.

Klausner says that you can make the argument that the trading loss is serious enough threaten the CEO’s job and the value of the company’s stock, but as a regulatory matter, “it’s trivial.”

But nowadays, banks such as JPMorgan are addressing their business activities to a much wider audience than shareholders.

Among Dimon’s details about what went wrong with the risk management process at the chief investment office (CIO):

  • CIO’s strategy for reducing the synthetic credit portfolio [e.g. credit default swaps] was poorly conceived and vetted. The strategy was not carefully analyzed or subjected to rigorous stress testing within CIO and was not reviewed outside CIO.
  • In hindsight, CIO’s traders did not have the requisite understanding of the risks they took. When the positions began to experience losses in March and early April, they incorrectly concluded that those losses were the result of anomalous and temporary market movements, and therefore were likely to reverse themselves.
  • Personnel in key control roles in CIO were in transition and risk control functions were generally ineffective in challenging the judgment of CIO’s trading personnel. Risk committee structures and processes in CIO were not as formal or robust as they should have been.
  • CIO, particularly the synthetic credit portfolio, should have gotten more scrutiny from both senior management and the firm-wide risk control function.

Dimon detailed the company’s response to the “incident,” which included replacing much of its top investment management team and chief risk officer for the division. It also included establishing a new risk committee just for the chief investment office.

Sen. Charles Schumer, D-New York, asked Dimon during the hearing why the risk committee of the board missed what was happening in the trading office.

“Some questions have been raised about the oversight of your risk committee,’’ he said. “Why didn’t it do its job?”

Dimon said if management didn’t catch it, then the risk committee couldn’t.  That sounds reasonable, but now the risk committee must find out why it wasn’t learning about the risks that the bank was taking. Dimon said the bank will learn from its mistake. So the question is now: What will regulators make of it?

Should the $10 Billion Threshold For Risk Committees Be Lowered?

Dodd-Frank requires banks and thrifts with more than $10 billion in assets to have a separate risk committee. But what about smaller institutions? There is talk now that having a separate risk committee is a best practice for smaller banks, or will become a regulatory requirement in the future. But should it? Most of a panel of Bank Director legal experts agreed that one-size does not fit all in the rule-making world, and according to many, it is not the asset size of the bank that matters, but rather the complexity.  

Should the Federal Reserve lower the threshold for banks that are required to have a standing risk committee of the board below the current floor of $10 billion? If yes, what should the new threshold be and why? If no, why is the current threshold adequate?

Lee-Meyerson.jpgNo.  The operations of smaller banking organizations and community banks with less than $10 billion in assets did not contribute to the financial crisis and were not the focus of reform under Dodd-Frank.  Congress was, quite rightly, concerned that such institutions not be treated in the same manner as their larger, more complex cousins.  In a number of areas, such as the Durbin Amendment, the authority of the Consumer Financial Protection Bureau, stress testing and Federal Deposit Insurance Corp.  deposit insurance reforms, Congress sought to avoid burdening smaller banks with unnecessary additional compliance costs.  Accordingly, the decision whether to form a standing risk committee for a smaller bank should continue to be made by each institution based on its own particular situation, complexity and governance structure.

 —Lee Meyerson, Simpson Thacher & Bartlett

Peter-Weinstock.jpgFor most financial institutions, including those at asset totals approaching or even exceeding $10 billion in assets, a specialized risk committee is redundant to the board’s role.  After all, job one for every board is oversee management and see that plans are in place to address risk to the financial institution.  The nine categories of risk described by the Office of the Comptroller of the Currency is a good place to start. Simply put, directors should be hypersensitive to the institution’s risk profile and sources of risk.

—Peter Weinstock, Hunton Williams

G-Rozansky.jpgThe current rule—coupled with the existing authority of the U.S. bank supervisors to make suggestions and/or require that changes be made on a case-by-case basis—should be adequate. Institutions with less than $10 billion in assets, however, should be accorded appropriate latitude in determining whether or not a standing risk committee of the board is the best means to achieve this imperative. Institutions in this category typically offer less complex products (lending, deposit, foreign exchange) and do not generally pose the same types of systemic risks as large, complex institutions.

—Gregg Rozansky, Shearman Sterling

Horn_Charles.jpgTo some extent this is a moot question because the statutory threshold for publicly-traded Bank Holding Companies is $10 Billion.   Every bank should have at least a subcommittee of directors that is responsible for enterprise risk management issues and activities, since managing risk is a basic bank director obligation.  The charter and mandate of this subcommittee will vary widely according to bank size and complexity; for small banks, the tasks of this subcommittee won’t be onerous. The threshold for a formal standing risk committee otherwise is an arbitrary — and secondary — decision in the risk management process; there really is no threshold that absolutely makes sense.

– Charles Horn, Morrison Foerster

Douglas-McClintock.jpgStanding risk committees are an important and a useful tool to identify risks, but a regulatory mandate at the $10 billion level seems more than sufficient.  Such committees are part of the board of directors, which board is ultimately responsible for the bank’s risk portfolio, and the banks themselves have better knowledge as to when such a standing committee should be required.   The asset size of the bank is less important than the degree of complexity of the bank’s business practices.  Smaller banks can, and many probably should, establish standing risk committees depending upon their business practices, lending portfolios, loan-to-value characteristics, capital levels, complex investments, credit extensions and hedging activities.

—Doug McClintock, Alston + Bird

John-ReVeal.jpgTo the extent that a smaller bank’s activities are such that a standing risk committee might be appropriate, this can best be decided by the bank’s board or by the bank examiner with direct knowledge of the institution. Requiring all banks to maintain the same risk management systems will only add unnecessary financial burdens on smaller banks and lead to more bank failures.  This is not the way to minimize the systemic failures that standing risk committees are intended to avoid.  It is important that bank regulators ensure that every bank maintains appropriate risk management systems for its size and business model and otherwise operates in a safe and sound manner.  It is not necessary, however, to apply a one-size-fits-all standard from on high.

—John ReVeal, Bryan Cave