QUESTION
I am a Chief Compliance
Officer for a regional bank that has a large residential mortgage loan origination
platform and has its own and servicing portfolio. At any given time, we have
multiple examinations going on. An audit report from our regulator is requiring
us to implement certain procedural changes in our loan origination platform. One
if these changes to procedure is very costly and I want to find out if the
supervisory guidance stated in the audit is deemed mandatory as a matter of law.
Can you please explain how to evaluate supervisory guidance as it relates to regulatory
requirements?
ANSWER
This is a subject that has
been mulled over for many years. Recently, five federal agencies issued a joint
statement on the role of supervisory guidance as distinct from regulatory
requirements.[1]
The issuance is meant to provide a better understanding of supervisory
guidance.[2]
According to the joint
statement, supervisory guidance “does not have the force and effect of law” and
“the agencies do not take enforcement actions based on supervisory guidance.” Or,
to put it very bluntly, supervisory guidance is not law.
This is a very important
threshold, though some people think it is a distinction without a difference. Supervisory
guidance is supposed to outline an agency’s supervisory expectations or
priorities. Often this outline occurs in the context of expressing the agency’s
views regarding appropriate practices in a given subject area. Sometimes, the
agency is simply responding to industry requests for guidance. Supervisory
guidance also provides “examples of practices that the agencies generally
consider consistent with safety-and-soundness standards or other applicable
laws and regulations, including those designed to protect consumers.”
However, supervisory guidance
must be contrasted with regulations which “generally have the force and effect
of law [and] generally take effect only after the agency proposes the
regulation to the public and responds to comments on the proposal in a final
rulemaking document.”
You might think that
reaffirming the role of supervisory guidance would be welcomed by supervised
institutions, especially banks such as yours that have committed significant
resources to implementing the details of supervisory guidance. But, in actual practice,
areas that have not been subject to, and are not appropriate for, detailed
regulatory requirements have been addressed by extensive, and often specific, guidance
that has been viewed as stating inflexible requirements. And that
outcome is apparently implicit in your concerns.
My reading of the joint
statement is to view it as a clarifying explication for both supervised
institutions and also examiners, in the sense that an agency’s guidance needs
to be applied flexibly with the understanding that the ultimate goal is safety
and soundness, compliance with actual statutory and regulatory requirements,
and appropriate practices, rather than just the details of the guidance.
Notwithstanding this
clarification, supervisory guidance can and usually does lead into regulatory requirements.
To quote the issuance:
“[e]xaminers will not
criticize a supervised financial institution for a ‘violation’ of supervisory
guidance. Rather, any citations will be for violations of law, regulation, or
non-compliance with enforcement orders or other enforceable conditions.”
The joint statement sends a
signal to examiners that there may be situations where “examiners may reference
(including in writing) supervisory guidance to provide examples of safe and
sound conduct, appropriate consumer protection and risk management practices,
and other actions for addressing compliance with laws or regulations.”
I would be cautious about
assuming that a “bright line” defense is available, as it is really only available on a case-by-case
basis. For instance, the joint statement provides that the agencies “intend to limit the use
of numerical thresholds or other ‘bright-lines’ in describing expectations in
supervisory guidance.” According to the issuance, “where numerical thresholds
are used ... the thresholds [will be] exemplary only and not suggestive of
requirements.”
And be cautious also how you
handle a response to supervisory guidance. The issuance states that “examiners
will not criticize a supervised financial institution for a ‘violation’ of
supervisory guidance.” However, “any citations will be for violations of law,
regulation, or non-compliance with enforcement orders or other enforceable
conditions.” Although examiners may identify unsafe or unsound practices or
other deficiencies in risk management (viz., compliance risk), or other areas
that do not constitute violations of law or regulation, the regulators' attention will be toward ensuring that the supervisory guidance enunciates “safe
and sound conduct, appropriate consumer protection and risk management
practices, and other actions for addressing compliance with laws or
regulations.”
The reaffirmation of the role
of supervisory guidance as a means of communication with supervised
institutions is important to consider, but it is the case that field examiners will
continue to offer guidance in the examination process. In my view, when considering
the foregoing contrast between supervisory guidance and regulatory
requirements, it would be a good idea to work with a risk management firm like ours,
familiar with a regulator’s expectations as well as the relevant statutes, or
perhaps seek the advice of a competent attorney.
Jonathan Foxx
Managing Director
Lenders Compliance Group
[1] Board of
Governors of the Federal Reserve System in issuing the attached statement are
the Bureau of Consumer Financial Protection, Federal Deposit Insurance
Corporation, National Credit Union Administration, and Office of the
Comptroller of the Currency
[2] Interagency
Statement Clarifying the Role of Supervisory Guidance, SR 18-5 / CA 18-7, September 12, 2018. Quotes used are from this Interagency Statement.