The FDIC takes a hard look in the mirror
A post-mortem on supervision for the now-defunct First Republic bank.
Welcome to Fintech Horror – whoops, I mean Fintech Compliance Chronicles! As you’ll notice, we have a new name and while it might take some getting used to, we took a break last week to plot and plan for what’s next, so stay tuned after the article to hear what’s coming and what you can expect in our new era!
As for this week, I want to thank Kiah Lau Haslett for highlighting a somewhat overlooked report issued by the FDIC last week. She did a fantastic Twitter thread diving into this, asking some good questions that certainly gave me pause about what it was the regulators were trying to say. So inspired by Kiah, I was compelled to do my own deep dive particularly given how much our coverage of all things SVB and bank collapses dominated these pages earlier this year.
What’s this report?
Taking a trip back to spring, you’ll probably recall that after Silicon Valley Bank, Signature Bank, and Silvergate Bank’s collapses in March, there was a bit of a moment to pause and take a breather for the financial services industry before the California Department of Financial Protection and Innovation broke the “silence” in May, to shut down First Republic Bank with the FDIC as the receiver. We shared our thoughts at the time here, so if you’re looking for some preliminary background on what happened, you can check that out (or re-read it to get a refresher). However, what we didn’t mention was that immediately in the wake of the failure, the FDIC Chief Risk Officer commissioned an internal review of the FDIC’s own actions with regards to First Republic - a post-mortem of sorts. This report is the result of that post-mortem, with some really interesting details and perspectives.
Given the benefit of time having passed, what did the FDIC find regarding First Republic and why it failed?
The FDIC noted that First Republic collapsing had to do with three high level points: 1) Loss of Market confidence (as evidenced by the stock) 2) Loss of Depositor confidence (as evidenced by the panicked withdrawals) and 3) The general environment and contagion, started by SVB and Silvergate back in March. While noting that the bank was historically well run, responsive to regulators, growing consistently and implementing controls in response to identified risks, none of these good practices could patch the bank’s ultimate vulnerability to interest rate changes and contagion. In particular, the practices that did not help the situation - that set the stage for this collapse throughout 2021 and 2022 - were the rapid growth environment and resulting loan and funding concentrations that seemed to remain unchecked/unresolved even while being identified by late 2022, along with over-reliance on uninsured deposits and depositor loyalty, and as noted earlier, the inability to mitigate interest rate risk. There were a number of disturbing parallels with SVB that were noted by the FDIC in its post-mortem - the high level of uninsured deposits, substantial differences in fair value of loans vs loan book values (aka the “unrealized loss issue”), the same geographic market and venture capital clients, and many others.
In terms of sequence of events, there’s nothing new that we don’t already know, but the FDIC gives us a good summary. It notes that post-SVB, there was immediate liquidity stress due to significant uninsured deposit outflow, and because of this continuous withdrawal demand that continued into April there was continued borrowing in turn from the Federal Home Loan Bank and the Federal Reserve Discount Window - two tools that can be used by depository institutions to shore up liquidity but certainly not to the extent that First Republic was using it. Along with this, 11 major banks tried to help out by making a total $30 billion investment. Despite all this assistance, the Q1 earnings call happened on April 23 and to say it was the nail in the coffin would be an understatement. The call was a 12 minute run of prepared remarks, no questions and the market responded accordingly with the stock price completely tanking and the deposit outflows that had stabilized resuming at an even faster pace. Five days later, the FDIC lowered its rating for the bank to the lowest possible level - “problem status” - which effectively ended the borrowing it had been doing from the Fed and the FHLB - and after the weekend passed, on Monday May 1 the California DFPI had seen enough and shut the bank down.
What was the FDIC’s exam process and were there any gaps in it?
This section of the report talking about the exam process is the juiciest, where the FDIC reviews the work it did over the years and is fairly honest about where it missed the mark. In terms of what it was doing regularly and well, it cites the fact that there was a continuous exam cycle led by the regional and field offices and supported by FDIC HQ. The FDIC also notes it met with the CEO Mike Roffler quarterly, which is a key component of good governance (ongoing dialogue with the regulators). The exams conducted generally resulted in positive outcomes, with a few identified “SR Letters” (Supervision and Regulatory Letters) and opportunities for improvement but certainly nothing that would have raised any alarm bells. The exam ratings were assigned to components of a bank known as CAMELS - Capital, Asset Quality, Management, Earnings, Liquidity, and Sensitivity to Market Risk, and all of these were rated as either strong or adequate.
However, the problems stemmed from the bank’s ultimate inability to mitigate interest rate risk, with the faulty idea of assuming continual growth which would result in consistent loan volume at normal interest rates. Obviously, inflation and the Fed’s interest hike philosophy kicked in and this all was thrown into flux. The FDIC noted some of its key gaps as follows:
They didn’t consider the possibility of increasing interest rates and how it would impact the bank, particularly with its heavily concentrated setup and assumptions of constant growth and low-cost funding.
Not enough effective challenge to mitigate interest rate risk, which seemed to be a reality as early as March 2022, although the examiners noted they would have probably faced pushback given rates were still low up until that point.
The examiners admitted that in August 2022, they did identify what they deemed inadequate interest rate risk scenario planning that breached board-approved parameters - however, they chose not to take action or investigate further. They didn’t learn until a few months later in November that the board chose not to respond to this breach, and when quizzed as to why this was not called out, the response was essentially the exam equivalent of “testing for the current quarter was complete and the report for Q4 was being finalized” - the claim was that this would have been called out in Q1, but obviously by that point the SVB drama had begun and it was too little, too late. To me, this is the biggest gap because it suggests the examiners could have used more dynamic reporting (i.e. issuing an SR or downgrading any of the CAMELS components) but they chose not to utilize them.
Despite the heavy concentration risk, in the FDIC’s final rating of the “L” (liquidity) component, they actually upgraded it from “2” to “1” (adequate to strong). This is wild as it would have been quite apparent that there was a high amount of uninsured deposits (which ultimately led to the bank’s collapse).
Administratively, the FDIC noted that getting more perspectives outside the dedicated exam team could have helped change the outcome - as the dedicated team was regionally-based, they didn’t really involve headquarters or branch examiners that could have given insight on more horizontal and industry-wide risks that they didn’t have.
In another administrative gap, staffing also came into question, as the review period for the examiners is 4 years and during this time, the bank doubled in size while the exam hours went down by 11%. There were more dedicated team absences that occurred during this time, and a really small number of examiners assigned to the dedicated team that had large financial institution exam experience.
What is the takeaway from this?
It’s easy to play Monday morning quarterback, but this honest admission of its own shortcomings is a moment of humility from the FDIC, which based on my personal experience tends to play catch up with the Fed, OCC and CFPB in terms of its sophistication but has a hard time admitting it. However, the real takeaway from this is the signaling that there’s going to be a much harder stance from the regulators going forward. And as we talked about in our previous edition of the newsletter, the Fed is already off to the races. So I would expect to see the same from the FDIC, which plays just as key of a role in bank supervision and in ensuring the soundness of the banking system.
Programming Update
Hopefully you enjoyed today’s content. As promised, given the name change and passing the big 1K milestone, I wanted to start to hype up some of the new things you’ll be seeing in these parts soon. Rather than dump it all on you at once, I thought it’d be better to reveal a little bit at a time. So, our first major announcement:
We will be publishing our newsletter TWICE a week - Wednesday and Friday at noon EST!
Starting next week, every Wednesday at noon, you’ll get the Fintech Compliance Chronicles (ex-Horror Stories) that you’ve come to know and love. But every Friday at noon starting next week, you’ll also be getting the Weekly Fintech Compliance Event Roundup! Many of you initially started following the first incarnation of this newsletter back in 2021 when it used to be called “Fintech Events Roundup.” It was something I tried during the days when I was sitting at home amidst the pandemic, with the ambitious goal of trying to report on/list every single webinar, Clubhouse chat, or conference that had to do with all things fintech. While we’ll probably never get back to that level of coverage given how much of it aimed to cover online events and we are in a post-pandemic world, I did feel that sharing good podcast coverage of Fintech Compliance-related topics, along with upcoming events with a fintech compliance specific slant, would certainly be worth checking out.
So enjoy! And keep your eyes peeled because there’s definitely more to come as we take things to the next level here.