I am a Chief Compliance Officer for a regional bank that has a large residential mortgage loan origination platform and has its own and servicing portfolio. At any given time, we have multiple examinations going on. An audit report from our regulator is requiring us to implement certain procedural changes in our loan origination platform. One if these changes to procedure is very costly and I want to find out if the supervisory guidance stated in the audit is deemed mandatory as a matter of law. Can you please explain how to evaluate supervisory guidance as it relates to regulatory requirements?
This is a subject that has been mulled over for many years. Recently, five federal agencies issued a joint statement on the role of supervisory guidance as distinct from regulatory requirements. The issuance is meant to provide a better understanding of supervisory guidance.
According to the joint statement, supervisory guidance “does not have the force and effect of law” and “the agencies do not take enforcement actions based on supervisory guidance.” Or, to put it very bluntly, supervisory guidance is not law.
This is a very important threshold, though some people think it is a distinction without a difference. Supervisory guidance is supposed to outline an agency’s supervisory expectations or priorities. Often this outline occurs in the context of expressing the agency’s views regarding appropriate practices in a given subject area. Sometimes, the agency is simply responding to industry requests for guidance. Supervisory guidance also provides “examples of practices that the agencies generally consider consistent with safety-and-soundness standards or other applicable laws and regulations, including those designed to protect consumers.”
However, supervisory guidance must be contrasted with regulations which “generally have the force and effect of law [and] generally take effect only after the agency proposes the regulation to the public and responds to comments on the proposal in a final rulemaking document.”
You might think that reaffirming the role of supervisory guidance would be welcomed by supervised institutions, especially banks such as yours that have committed significant resources to implementing the details of supervisory guidance. But, in actual practice, areas that have not been subject to, and are not appropriate for, detailed regulatory requirements have been addressed by extensive, and often specific, guidance that has been viewed as stating inflexible requirements. And that outcome is apparently implicit in your concerns.
My reading of the joint statement is to view it as a clarifying explication for both supervised institutions and also examiners, in the sense that an agency’s guidance needs to be applied flexibly with the understanding that the ultimate goal is safety and soundness, compliance with actual statutory and regulatory requirements, and appropriate practices, rather than just the details of the guidance.
Notwithstanding this clarification, supervisory guidance can and usually does lead into regulatory requirements. To quote the issuance:
“[e]xaminers will not criticize a supervised financial institution for a ‘violation’ of supervisory guidance. Rather, any citations will be for violations of law, regulation, or non-compliance with enforcement orders or other enforceable conditions.”
The joint statement sends a signal to examiners that there may be situations where “examiners may reference (including in writing) supervisory guidance to provide examples of safe and sound conduct, appropriate consumer protection and risk management practices, and other actions for addressing compliance with laws or regulations.”
I would be cautious about assuming that a “bright line” defense is available, as it is really only available on a case-by-case basis. For instance, the joint statement provides that the agencies “intend to limit the use of numerical thresholds or other ‘bright-lines’ in describing expectations in supervisory guidance.” According to the issuance, “where numerical thresholds are used ... the thresholds [will be] exemplary only and not suggestive of requirements.”
And be cautious also how you handle a response to supervisory guidance. The issuance states that “examiners will not criticize a supervised financial institution for a ‘violation’ of supervisory guidance.” However, “any citations will be for violations of law, regulation, or non-compliance with enforcement orders or other enforceable conditions.” Although examiners may identify unsafe or unsound practices or other deficiencies in risk management (viz., compliance risk), or other areas that do not constitute violations of law or regulation, the regulators' attention will be toward ensuring that the supervisory guidance enunciates “safe and sound conduct, appropriate consumer protection and risk management practices, and other actions for addressing compliance with laws or regulations.”
The reaffirmation of the role of supervisory guidance as a means of communication with supervised institutions is important to consider, but it is the case that field examiners will continue to offer guidance in the examination process. In my view, when considering the foregoing contrast between supervisory guidance and regulatory requirements, it would be a good idea to work with a risk management firm like ours, familiar with a regulator’s expectations as well as the relevant statutes, or perhaps seek the advice of a competent attorney.
Lenders Compliance Group
 Board of Governors of the Federal Reserve System in issuing the attached statement are the Bureau of Consumer Financial Protection, Federal Deposit Insurance Corporation, National Credit Union Administration, and Office of the Comptroller of the Currency
 Interagency Statement Clarifying the Role of Supervisory Guidance, SR 18-5 / CA 18-7, September 12, 2018. Quotes used are from this Interagency Statement.