Summary

GAO has long held the position that financial regulators can benefit from improved information sharing. As regulators are faced with the challenges of overseeing a myriad of financial products, along with the individuals and organizations that develop and sell them, information sharing among regulators serves as a key defense against fraud and market abuses. However, our system of financial regulation is fragmented and, in many cases, isolated among numerous federal and state financial regulators overseeing the securities, insurance, and banking industries. While there has been a greater effort to improve communication in recent years, the routine sharing of information between the regulators of the three major financial industries--securities, insurance, and banking--continues to be a source of concern. At Congress' request, we have issued reports and testimonies in recent years discussing the benefits of improved sharing of criminal and regulatory information and the consequences of failing to adequately share such information. This report focuses on three areas where greater attention is needed to improve information-sharing capabilities among financial services regulators. First, we highlight the need for insurance regulators to have more consistent access to the Federal Bureau of Investigation (FBI) nationwide criminal history data. Second, we discuss the importance of sharing regulatory enforcement data as a tool to prevent the migration of undesirable people, or rogues, from one industry to another. Third, we present the results of new work assessing the regulatory oversight structures for certain hybrid financial products and the extent to which regulators share consumer complaint data that may be relevant to multiple regulators in a routine, systematic fashion. Finally, we highlight challenges to improving information sharing among financial regulators.

Financial regulators face challenges in accessing and sharing information relevant to their oversight responsibilities, including information related to criminal history data, regulatory enforcement actions, and consumer complaints. Specifically, we found that many state insurance regulators, unlike their counterparts in the banking, securities, and futures industries, continue to lack the legal authority to access the FBI's nationwide criminal history data. According to information obtained from state regulators and the FBI, fewer than one-third of the states have taken actions that current federal law requires for them to have such authority. Consequently, regulators in other states cannot be sure that they are protecting insurance consumers from fraud by keeping individuals previously convicted of serious criminal behavior out of the business of insurance. We also found that financial regulators generally did not have ready access to all relevant data related to regulatory enforcement actions taken against individuals or firms. Regulatory data are maintained by the various financial regulators on separate information systems and are not always readily accessible by one another, particularly by regulators across different financial industries. If the regulatory history of applicants cannot be readily accessed, financial regulators are hampered in their ability to detect and prevent an unsuitable individual, or rogue, from migrating from one financial services industry to another. Similarly, our recent work shows that many financial regulators do not share relevant consumer complaint data among themselves on certain hybrid products in a routine, systematic fashion. The different regulatory structures that are involved in the oversight of hybrid products and the array of systems used to capture complaints about them create challenges for regulators and consumers for resolving problems that can arise in the marketplace. We found that the regulatory oversight structure associated with certain hybrid financial products can vary considerably, depending on the product and where it is sold. Moreover, the regulatory structure can change over time. Often multiple regulators can have an oversight interest in a particular hybrid financial product. In such an environment, it can be difficult for consumers to determine which organization should receive a complaint. Furthermore, once a complaint is received, it may be relevant to another regulator, either because it may not have reached the most appropriate regulator or because the complaint information could be of interest to multiple regulators. However, many financial regulators do not share consumer complaint data with one another in a routine, systematic fashion. Consequently, particularly in the case of hybrid financial products, regulators may be unable to resolve individual complaints because complaints have been directed to the "wrong" regulator, or, because of a lack of complete information, an individual regulator may not be able to fully assess the magnitude of problems affecting certain companies or products. While financial regulators generally support better sharing of regulatory information, they also cited some concerns and barriers. These generally centered around protecting confidential regulatory information from public disclosure, as opposed to technological issues. Consequently, options or proposals for improving information-sharing capabilities or tools among financial regulators need to address concerns about sharing and protecting different types of regulatory data that have varying degrees of sensitivity. We encourage efforts to achieve improved information sharing, balancing a regulator's "need to know" with the appropriate protections on the information, so that financial regulators can better prevent the migration of rogues and respond more effectively to problems that may surface in the marketplace.