Regulators Redefine Bank Safety: Balancing Oversight & Innovation

Federal financial regulators are embarking on a significant overhaul of their supervisory framework, aiming to redefine the threshold at which a bank’s operations transition from prudent to “unsafe or unsound.” This proactive initiative, spearheaded by the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC), seeks to introduce greater clarity and certainty into the processes of bank supervision and enforcement. The joint notice of proposed rulemaking, issued on October 7, marks a pivotal moment, as it proposes the first-ever codification of what constitutes an “unsafe or unsound practice” under Section 8 of the Federal Deposit Insurance Act.

Defining "Unsafe or Unsound Practice" with Materiality in Focus

Historically, the interpretation of what constitutes an unsafe or unsound practice has often been subjective, leading to potential inconsistencies in enforcement. The proposed rule aims to rectify this by providing a clear, statutory definition. As outlined in a joint bulletin, an unsafe or unsound practice is defined as any action “contrary to generally accepted standards of prudent operation” which, “if continued, is likely to materially harm the financial condition of the institution or present a material risk of loss to the Deposit Insurance Fund.” This definition introduces a crucial element of materiality, ensuring that supervisory attention is directed towards issues with genuine, significant financial implications rather than minor infractions or procedural oversights.

Prioritizing Substantive Risks Over Minor Deficiencies

A core objective of this rulemaking is to shift the supervisory focus towards material financial risks, explicitly de-emphasizing concerns related to policies, processes, documentation, and other non-financial risks that pose only minor harm. This means future examinations will concentrate on issues that could meaningfully impact a bank’s capital adequacy, liquidity position, or earnings stability. The regulators’ intent is to prevent the "proliferation of supervisory criticisms for immaterial procedural, documentation or other deficiencies," thereby ensuring that both bank management and examiners can concentrate their efforts on threats that genuinely jeopardize an institution’s financial health.

The proposal reflects critical lessons learned from recent bank failures, where institutions with seemingly robust compliance files nonetheless faced abrupt liquidity crises. It also underscores the growing recognition of how operational exposures can significantly undermine safety and soundness. For instance, the agencies highlight that “critical infrastructure or cybersecurity deficiencies that are so severe as to, if continued, be likely to result in a material disruption” could now meet the threshold for an unsafe practice. This acknowledgement brings modern financial risks, particularly those stemming from an increasingly digital operating environment, firmly into the regulatory spotlight.

Streamlining Supervisory Feedback: The New MRA Framework

Another significant aspect of the proposed rule involves the unification and elevation of standards for supervisory feedback. Currently, the OCC issues Matters Requiring Attention (MRAs), while the FDIC uses Matters Requiring Board Attention (MRBAs). The new framework will standardize this process, allowing an examiner to issue an MRA only if a practice “could reasonably be expected to, under current or reasonably foreseeable conditions, materially harm the financial condition of the institution or present a material risk of loss…” This elevated standard is designed to ensure that MRAs are reserved for significant issues, preventing an overload of immaterial findings that can divert resources and attention.

Importantly, both agencies have stated their commitment to tailoring MRAs based on the institution’s size and complexity. This proportional approach recognizes that what constitutes “material harm” for a large, complex financial institution may differ significantly for a smaller community bank. Consequently, a finding of material harm for a community bank would necessitate a proportionally larger impact relative to its capital or liquidity base. As the notice clarifies, “[F]inding an unsafe or unsound practice would be a much higher bar for a community bank than for a larger institution.” This tiered approach aims to ensure fairness and appropriateness in supervision across the diverse banking landscape.

Alleviating Burden and Fostering Innovation

This rulemaking aligns seamlessly with broader efforts by the OCC to alleviate regulatory burden, particularly for community banks. By emphasizing proportional oversight, the agencies hope to reduce redundant documentation requests and expedite the closure of MRAs once issues have been effectively remediated. The FDIC, complementing this approach, has indicated its intention to limit penalty-bearing actions to circumstances where a genuine and material risk truly exists. In essence, regulators are not loosening supervision but rather realigning it, ensuring that enforcement activities are directly correlated with actual financial exposure and systemic risk.

The modernization of oversight also comes at a crucial juncture as banks and FinTech companies re-evaluate their collaborative strategies. Research indicates a growing preference among FinTechs to partner with credit unions over national banks, often driven by the appeal of local knowledge and more flexible compliance frameworks. As regulatory oversight becomes clearer and more explicitly focused on material risks, banks may find it easier to pilot innovative new services with vetted FinTech partners. This clarity could encourage collaboration in areas such as payments, embedded lending, and digital identity, without the apprehension that exploratory efforts might inadvertently be classified as unsafe. By refining definitions and focusing on substantive risks, the OCC and FDIC are poised to foster an environment conducive to innovation, allowing banks to strategically allocate resources towards measurable risks like liquidity and cybersecurity, while simultaneously exploring new solutions that enhance resilience and transaction trust.

Looking Ahead: Public Engagement and Industry Implications

The agencies have opened a 60-day public comment period following the publication of the proposal in the Federal Register, inviting feedback on critical aspects such as the quantification of “material harm” and the integration of cyber-risk metrics into the final rule. For the banking industry, the implications are substantial: clearer guardrails for compliance, a more focused supervisory approach, and potentially a wider runway for responsible innovation. This rulemaking represents a thoughtful evolution in regulatory philosophy, seeking to balance the imperative of bank safety and soundness with the dynamic needs of a rapidly innovating financial sector.