Summary

Examinations by federal banking regulators are intended to assess the safety and the soundness of banks and identify conditions that may require prompt action to remedy unsafe and unsound banking practices. In recent years, banking regulators have begun emphasizing an institution's internal control systems and the way it manages and controls its risks, rather than determining whether a bank was operating in a safe and sound manner at a specific point in time. This evolution to a risk-focused approach responds to rapid changes in the banking industry and the speed with which an institution's risk profile can change. This approach is particularly important because, in recent years, major consolidations have produced several large, complex banking organizations with diverse risks and sophisticated risk-management systems. This trend can be expected to continue as the result of recent landmark legislation that allows banks, securities firms, and insurance companies to acquire one another. This report studies the risk-focused approaches used by the Federal Reserve and the Office of the Comptroller of the Currency (OCC). GAO (1) describes the general characteristics of the regulators' risk-based approach to examinations of large, complex banks, explaining how they differ from past examination practices; (2) compares the implementation of the risk-focused approaches of the Fed and OCC; and (3) identifies the challenges faced by both agencies as they continue to implement their examination programs for large, complex banks.

GAO noted that: (1) the Federal Reserve and OCC's risk-focused approaches to supervising large, complex banking organizations are evolving with changes intended to strengthen oversight of these entities; (2) their effectiveness will depend on the expertise and independence of examiners, and the regulators' ability to maintain an awareness of industrywide risk in an institution-specific examination program; (3) transaction review and testing under the risk-focused approach is intended to validate the use and effectiveness of internal control and other risk-management systems; (4) examination activities now focus on risk assessments along business lines, which often cross bank charters, and the processes used to manage and control the attendant risks; (5) under a risk-focused approach, activities judged to pose the highest risk to an institution receive the most scrutiny by examiners; (6) this approach relies on examiner judgment and results in certain bank operations receiving less scrutiny than others; (7) examiners monitor and assess a bank's financial condition and risk-management systems through the review of a variety of management reports and meetings with key bank officials, documenting the areas they select for review and including their rationale for selecting those areas; (8) examiners conduct examinations to assess a bank's internal control and risk-management systems; (9) the Federal Reserve and the OCC differ in how they implement their risk-focused examinations programs for large, complex banks; (10) OCC's large bank supervision program is centrally managed from its headquarters and has achieved a degree of uniformity in its use of examiners who are located at the bank throughout the year and conduct ongoing monitoring and examinations, and report to one of three deputy comptrollers located in Washington D.C.; (11) the Federal Reserve's program is implemented through a less centralized system of Reserve Banks and has less uniformity in its ongoing monitoring and examinations, with sometimes differing staffing arrangements in place for each bank; and (12) regulators face a number of challenges in implementing examination programs for large, complex banks, including: (a) identifying the aspects of bank operations where examiner's attention should be concentrated; (b) maintaining an awareness of industrywide risk in an institution-specific examination program; (c) ensuring risk assessments are not overly influenced by the bank's risk-management systems on which they must rely; and (d) maintaining sufficient staffing numbers and expertise.