Speech
The New Era of Supervision: Progress to Date and the Road Ahead
October 29, 2014
Posted November 5, 2014
Sarah Dahlgren, Executive Vice President
Remarks at the New York Bankers Association's Annual Meeting, New York City
As prepared for delivery

Introduction
I would like to thank the New York Bankers Association for inviting me to speak today.  I appreciate the opportunity to address this group and to continue the dialogue that I've been having with many of you in various forums over the past several years.  As always, my remarks reflect my own views and not necessarily those of the Federal Reserve Bank of New York or the Federal Reserve System.

The last time I spoke to you in this setting was three years ago, when I spoke about the new era of supervision, modifications in our approach to supervision in response to lessons learned from the crisis, and the need to be better prepared for future crises.  I focused on the Framework for Supervision, which pushed for firms to be more resilient, less complex and better managed.  I also spoke about the structural changes that we made in our supervision area and our plans for the future.

Today, I will provide an update on the Framework and progress in addressing weaknesses identified through the crisis.  I will share some of the challenges we see in the road ahead as the industry continues to adapt to and implement necessary changes.  And then I'll finish with a brief discussion of two of the issues that keep me awake at night. 

Progress to Date
Three years ago, I encouraged you to acknowledge that it is impossible to predict the nature or timing of a future crisis event.  I posed a question about what a financial system better prepared to weather all storms would look like.  As financial institution supervisors and as leaders of financial institutions, we all knew we needed to be better prepared for crisis events, whatever their character, source or timing.  Since I made those remarks, a number of stress events have reinforced not only the need for continued substantive changes in firms, but also the benefits of the changes we have made so far. 

1. Starting first with what has been accomplished to make financial firms—and the system—more resilient today to future shocks. 

First, in the area of capital resiliency, as a result of both new bank capital standards and our new stress testing regime, bank capital levels and the quality of capital have increased significantly—and on some measures, nearly doubled from pre-crisis levels.  The banking system has more capital and, thus, a better ability to withstand stressful events when they arise.  At the same time, our supervisory focus on capital planning and management across firms has led to greater focus and attention on the internal processes that firms use to manage their capital, including the prudent distribution of capital to shareholders, whether through dividends or share buybacks. 

In the area of liquidity, again, new rules and regulations have raised both the absolute level of liquidity in firms and the quality of liquid assets (that is, assets that are readily accessible). This provides for a much stronger ability to manage through stress conditions.  As many firms learned in the depths of the crisis, what was once thought to be a liquid asset quickly became illiquid as markets seized up and normal outlets for converting assets to cash evaporated.  Further, our enhanced focus today on liquidity management across the range of firms we supervise has led to heightened management—and board of directors—attention to liquidity levels, liquidity risk management and liquidity stress testing. 

In addition, global supervisors have finalized rules—or are in the process of finalizing rules—in the areas of both capital and liquidity, including additional and more stringent rules for the largest, most systemically important firms.  For these firms, additional buffers will be required, as will stronger risk management practices.   

2. In addition to becoming more resilient, firms have made some progress in becoming less complex—although the progress is somewhat less measurable and less dramatic to date.

Firms have begun to take a hard look at their legal entity structures, including having identified and mapped material legal entities. This was a necessary first step for a lot of firms, which have begun the difficult task of making sense of their legal entity structures. This will be a focus of our future supervisory work on firms' preparedness for recovery and resolution planning.

Another positive step was recently made in the area of financial contracts—wherein 18 global firms recently agreed to sign a new ISDA Resolution Stay Protocol.  The Protocol will provide for a stay of certain early termination rights triggered by resolution proceedings.  The stay is intended to give jurisdictions time to orchestrate an orderly resolution of a troubled institution.  It will be important that firms adhere to the protocol and amend ISDA Master Agreements consistent with the terms of the protocol.  Firms should carry out a similar effort with respect to other types of financial contracts not covered through the protocol.

While these are positive steps, the feedback provided to the industry this summer after our review of the 2013 resolution plans for the largest firms suggested that quite a bit of work remains ahead on rationalizing legal entity structures, as well as in other areas, particularly:

  • Developing a top-tier holding company structure that supports resolvability;
  • Establishing robust service level agreements and contingency arrangements to ensure ongoing provision of critical services among material affiliates and between material entities and third parties; and
  • Demonstrating the ability to produce, on a timely basis, reliable information about a material entity related to financial condition, financial and operational interconnectedness, and third-party commitments and contracts. 

3. In the third area of our Framework—better managed —we have seen progress on several fronts, although this area remains very much a work in progress.

Considering that a firm's leadership, including the board of directors and the senior management, is ultimately responsible for the culture of the firm, and culture is a dynamic element that firms should always strive to improve, I see the work in the area of better managed as requiring on-going, sustained attention.  It is impossible to achieve "perfection" in an area of art like management.  I think it's also important to acknowledge that cultures within individual firms ultimately play a role in defining the culture of the industry.  We have seen progress in this area over the past few years with some firms hiring outside experts, engaging in cultural diagnostic work and implementing programs that focus on improving ethics, behaviors and internal culture. 

We've also seen progress in our direct engagement with boards of directors—and we've seen this across institutions of all sizes.  When we, as supervisors, first began requiring deeper engagement with directors and senior leaders, the reactions varied, with an initial wariness of the purpose.  In fact, directors were often accompanied by a compliance or regulatory relations liaison during our early interactions with them.  Over time, though, as senior leaders and board members recognized the advantages of this level of engagement, the process has been smoother and our exchanges are becoming more engaging and direct (and few if any "escorts" are present during our interactions now).  While the level of engagement varies across firms, in general, we are seeing boards being more active in asking questions, providing oversight of management and engaging with supervisors.  We, in turn, have deeper insight into decision making dynamics at the board and c-suite level, including the how and why of decision making on key strategic issues.  Regular communications also encourage early and proactive surfacing of issues.

In addition, we've seen good progress in recruiting additional directors to complement current skills on the board—better positioning the board to engage with the senior management team in a productive and appropriately challenging way. 

Before turning to the road ahead, I wanted to pause and recognize two things.  First, it's clear that progress has been made across the industry in a number of areas—particularly in making firms and the system more resilient through improvements in capital and liquidity, as well as enhancements in risk management, including capital planning and stress testing across the range of risks firms face.  But, in the remaining two areas of the Framework– less complex and better managed—I think it's safe to say that despite the fact that firms are addressing a number of outstanding issues, these areas continue to present challenges in reaching the desired end state.

As I'm sure you would agree, we collectively still have quite a bit of work to do to fully implement the changes required under new rules and regulations.  While it is important to take stock of the changes made over the past few years—first, to assess the impact of those changes, both intended an unintended; and, second, to understand the contours of the "new" financial system operating under a plethora of new rules and regulations, both national and global in nature—we must acknowledge that some of the changes necessary have yet to be fully implemented.  We must continue to devote sufficient attention and resources to complete the efforts.  And, firms and supervisors will continue to face challenges and competing demands as we press ahead on reform efforts in the coming months and years. 

The Road Ahead
Looking ahead, we see a number of challenges that firms are facing, and I thought I'd take a couple of minutes to share with you some broad themes that we see emerging.  The list is not exhaustive or overly detailed—as I'm sure you will recognize—but I think it captures some of the issues that are—and should be—more "top-of-mind" for many of you.     

1. Engagement of Boards and Senior Management:  While management is clearly on the hook to develop and implement necessary changes, and despite the tremendous progress made in board engagement over the past few years, some firms are still struggling to set the appropriate level of engagement with their boards. The challenge for these firms is finding the right balance and having a clearer understanding of the roles and responsibilities of boards of directors.

Based on our experiences with increased engagement with boards, a number of lessons can be applied to engagement between senior management and boards, including the importance of:  

  • Trust and credibility;
  • The qualifications and experience of board members;
  • Board leadership and in setting the right tone; and
  • The right composition of members. 

Firms should not underestimate the importance of the chairman or lead director, or the roles of the committee chairs.  The board has the responsibilities to provide the appropriate level of oversight and to be prepared to hold senior management accountable for their running of the firm.  You don't want board members so involved that they need to approve every policy and procedure.  You do want them to be involved enough that they understand the organization, they are providing the right level of oversight and guidance, and they share a sense of responsibility for the actions of the firm.

2. Resources:  In terms of talent, we see firms struggling to recruit and retain sufficient expertise in some areas, with firms competing for the talent needed to implement new standards and to address identified resource gaps.  We also understand the challenges firms are having with filling many difficult leadership roles, such as risk management and compliance positions, where demand is higher than the supply of talented candidates.

With regard to general population of eligible candidates, hiring managers must be willing to look closer at the 25 to 40-year-old cohort that makes up much of the workforce in the industry.  There needs to be a better understanding of:  1) what incents and motivates them; and 2) why they fail to make long-term commitments to firms.  The high turnover rates in financial services can be attributed in part to the competitive nature of the industry, the financial incentives to move, and the lack of repercussions for bad behavior.  But, more importantly, the demographics of the workforce may also playing an important role.  According to a report from the U.S. Department of Labor's Bureau of Labor Statistics, the median tenure of workers ages 25 to 34 is only three years—less than a third of the tenure among people aged 55 to 64 years old.1  And, according a Future Workplace "Multiple Generations@Work" survey, 91 percent of "millennials" (that is, a person born between 1977 and 1997) expect to stay in a job for less than three years.

Job-hopping can speed career advancement.  Getting a promotion in the process of changing jobs allows employees to avoid the "dues paying" that can keep workers in a painfully slow rise up the corporate ladder.  Job hopping can also lead to greater job fulfillment.  A 2012 survey by Net Impact2 found that 88 percent of all workers considered "positive culture" important or essential to their dream job, and 86 percent said the same for work they found "interesting." The same survey found that millennials are the least satisfied in their careers.

I also recognize that firms are no longer just competing with others in the financial sector for talent.  With skills that can be adapted across multiple industries, the talent pool that was once specialized for financial firms is now spread thin. This puts pressure on the firms and gives talented workers the advantage of being selective in their roles.  They demand more from hiring managers and sense other opportunities out there if they're not satisfied.

As I said to a group of foreign firms a few weeks ago, all firms, regardless of size, need to keep this information in mind and get better at planning in advance, ensuring their recruiting efforts are providing a steady stream of qualified candidates, and looking for opportunities to move people around within the organization, particularly between the front office and control functions, to develop more well-rounded professionals.  This is likely to mean more aggressive, creative and targeted searches and a commitment to ongoing training.  As the competitive landscape and regulatory requirements change, firms will need to find the right balance between hiring new talent with specific expertise and training current staff to keep them up to speed and capitalize on institutional knowledge.

3. Continuing to Build Resilience—Stress Testing and Risk Management:  No, I am not suggesting that all firms, regardless of size, are going to be required to participate in CCAR.  However, I believe that incorporating the motivating principles behind stress testing into your planning—namely thinking about the many ways that tomorrow could be different from today and what that could mean for your business—is at the heart of managing your risk and your business with foresight and prudence.  Sound risk management demands a thorough understanding of the organization's full risk profile today and how it could evolve tomorrow.  We expect banking organizations of all types and sizes to have the capacity to analyze the potential impact of adverse outcomes on their financial condition. 

Stress testing can be a means to carry out such analysis. Certain portions of existing supervisory guidance—which cover capital planning and management of funding and liquidity risks—discuss using stress testing or addressing potential adverse outcomes in order to enhance risk management practices. This guidance is applied commensurate with an organization's size, complexity and risk profile. For example:

  • Community banks—those with below $10 billion in assets—are not expected to conduct the type of stress testing required or expected of larger banking organizations, as indicated in recent rulemakings, proposals and guidance.   A community bank may still employ certain other types of simpler stress testing to augment their risk management—as many community banks have been doing for some time. 
  • In contrast, regional banks—which are typically those with assets between $10 and $50 billion—are indeed required to conduct a company-run stress test on an annual basis.  Still, regional banks are not subject to many other stress testing requirements imposed on larger firms, such as going through a supervisory stress test or conducting an additional stress test each year.  Moreover, our reviews of those company-run stress tests are focused primarily on the quality of the processes those firms employ and not necessarily the results.  Our goal with regional banks is to ensure that managers at those firms recognize their vulnerabilities and develop appropriate mitigation strategies to enhance their resilience.

4. Structure and Culture:  The final area, or challenge, I wanted to touch on is organizational structure and culture.  Firms need to ensure that business strategy, organizational structure and desired culture are aligned to successfully operate in a fast-paced, ever-changing world.  Whether you are a small community bank or a large global institution, you need to be agile enough to act quickly without risking the integrity of your structure and culture.

I will touch on culture again a little later.

In the short term, these are issues that we see as "top-of-mind" in terms of challenges and should continue to be areas of focus for firms.  I thought I would close out today with thoughts on two areas.  At times I have described these as being on my list of "things that keep me awake at night," and I think it's fair to say that these two issues continue to be near the top of that list.  They are: information technology and culture.   

What Keeps Me Awake at Night

1. Information Technology

My first issue is a topic that I had the opportunity to address with many of you earlier this year: the broad area of information technology, which has a few dimensions to it. 

The first dimension won't surprise you or your boards: cybersecurity.  I'm sure I don't have to explain too much why this keeps me awake at night.  Suffice it to say that as I think about the kinds of risks that might cause the next crisis, cybersecurity is the one that worries me the most. 

The worry is not focused solely on the financial sector.  This is much bigger than just banks.  It includes many other sectors, most notably, the retail sector.  In particular, cyber threats pose a potentially systemic risk to financial stability through the disruption or corruption of critical payment, clearing and settlement systems and related data.  A big question we need to think about is how firms, big and small, can protect themselves from these risks.

As I have noted in the past, all of us face quite a bit of work ahead on the cybersecurity front.  Importantly for us, as supervisors, we must determine the best areas of focus given our perspective and the range of skills that we can bring to the topic.  For example, in the near-term we are continuing supervisory plans related to cyber security work at the complex financial institutions.  We are also identifying "core" expectations for smaller firms so that they, too, can take appropriate measures to harden their defenses. 

We are also undertaking concentrated work to: develop a better understanding of vulnerabilities and emerging practices: develop an approach to enhanced communications around cyber events, and revisit supervisory guidance in this area.  The initial work will require a deeper assessment of the interconnectedness of firms and the prioritization of critical operations.  We will be working with all of you to do that.  Once we all have a better understanding of the areas of risk, we all need to focus on timely and centralized communications across all firms.  Finally, while there is a lot of guidance in this area, we recognize that we need to review our supervisory approach and our tools to ensure we are in the best position to understand and assess vulnerabilities.  This step is critical so that we can make timely and informed decisions that enhance the effectiveness of our supervisory framework for cybersecurity.

I think we've done a reasonable job in developing rules and regulations to ensure firms are prepared to withstand the other types of shocks we have experienced in the past.  But, cyber adds an element to planning for the next crisis that goes beyond what additional capital and liquidity, for example, can provide to the system. 

The topic is a daunting one, but one that we have to address in the very near-term.  It is an area that will continue to warrant attention and will require a level of coordination and collaboration between the public and private sectors.  In many respects, I think we are all in this one together.

The second dimension is legacy:  There is still so much "clean-up" to do to fix longstanding technology and data issues that have built up over the years.  The investments necessary are long-term and the fixes, in many cases, will take multiple years to execute.  A number of firms have sound programs in place to address these longstanding issues, but continued strong project management and tenacity are crucial.  I see commitment to this basic "blocking and tackling" as essential to financial institutions continuing to be competitive—and relevant—in the digital world. 

And that's the third dimension that concerns me:  the competitive landscape for financial institutions in the digital world.  As more and more non-financial entities are entering the financial arena, I worry that financial firms may lack the agility and ability to compete at the level that they need to—particularly with the added complexities (and likely constraints) of regulation.  At the end of the day, will financial firms be able to compete in the same way—or will these largely unregulated players be the future of our financial system? 

2. Culture

My final topic today is culture—a complex topic that we all know it is an important one.  Before I get into this in detail, I want to stress that "culture" is very different from "risk culture."  You can have a strong risk culture within your firm, but still have cultural issues.  The culture I am talking about today is broader and deeper.

There seems to be a general acceptance that there needs to be changes to the overall culture in the financial services industry, as well as improvements to cultures within individual firms.  However there continues to be a lot of mixed views around how the changes can and should be initiated and implemented.  The interconnectedness of the industry has resulted in the public viewing the industry as "one."  Therefore, I believe to address the tarnished reputation of the industry as a whole in a credible and sustainable way, firms must be willing to address it with a unified front. 

Culture is a bit of a nebulous concept that tends to go unattended.  Accepting that cultural change is a necessity, not a "nice to do," is the first step in a long road that will require the participation of management, boards and every employee on your payroll.

The culture within the organization will guide the behavior of employees, particularly when there are shades of gray.  Therefore, if organizational values and norms conflict with the rules or guidance you are required to follow, the organization is headed for trouble.  The failure to understand the purpose of a law or regulation may lead one to adopt an overly technical or game-like approach to compliance.  Left uncorrected, this type of compliance arbitrage can fester and lead to micro-cultures lacking in respect for law.  The recent enforcement actions addressing sanctions violations offer prime examples of this unfortunate and costly phenomenon.

Last week we hosted a workshop on "Reforming Culture and Behavior in the Financial Services Industry" at our offices downtown.  Based on the discussions among panelists and attendees, it was evident that industry participants have taken onboard the directive that cultural and behavioral change is needed in the industry.  A number of firms have begun to implement programs that are at various stages of depth, breadth and maturity.  There were a few key themes that emerged that I want to share with you today:

  • The role of regulation:  There was a lot of discussion on the potential role of regulators and the public sector in developing and maintaining appropriate cultures at financial firms.  While some voiced the opinion that regulators must play a role, others clearly indicated that trying to regulate something as dynamic and amorphous as culture would be counterproductive and would overstep the purview of regulators.  I tend to agree.  Of course, regulation is one thing; supervision is another.  Culture may not be amenable to official rulemaking, but it falls squarely within a banking supervisor's responsibility for financial stability.  Financial institutions should expect greater supervisory attention to culture.
  • Industry-led effort vs. first mover:  Using the United Kingdom's Banking Standards Review Council as an example, we believe that meaningful change will require an industry-wide effort.  At the same time, the "first mover" issue fostered a general sense of skepticism around whether any firm would be willing to take on the risk of implementing a compensation structure, for example, that was dramatically different from others in the industry.  Also, as an industry, there must be a willingness to listen to the critics when developing solutions.  So the industry clearly has a way to go on this front.
  • Employee base:  There was much discussion around the population that makes up the majority of the workforce in the industry.  As I said earlier when I spoke about resources, there needs to be a better understanding of this demographic.  The current environment of high turnover can lead to a lack of loyalty to a firm, less concern about how behaviors will be perceived and a disproportionate focus on financial compensation.
  • Measuring success:  Clear metrics are needed to measure behavior if culture is to be included in performance assessments and discretionary compensation.  All firms measure risk, but culture is a very different type of risk.  Even if measured to a higher confidence interval than other risks (99+ %) it still means you have some bad apples.  This problem doesn't go away with fewer people, so, regardless of your size, you can't ignore the importance of culture.

So, as we move forward and the industry ramps up its efforts to address this issue, I see a number of considerations that must be incorporated into the solutions. They are in three main categories: management, operations and employees.

Regarding management, we need leadership from top.  Firms must have a clearly articulated statement of purpose that aligns with the firm's business strategy and risk appetite.  The business model must be simple enough that it can be shared with employees and understood at every level.  Senior managers must lead by example, present a unified front and set the tone.  The job of the leader is to encourage and foster the good and squash the bad.  While many argue that it takes just "one bad apple," firms must accept that it is rarely just one and that they always need to be focused on identifying the potential problems and addressing them early and quickly before they become outsized.

Boards, whether as a whole or through a sub-committee, need to set direction and expectations on culture and behavior, and measure and monitor progress over time.  Boards also need to hold senior management accountable for building and sustaining the appropriate culture and fostering the desired behaviors over time.  Senior management must in turn hold employees accountable for their actions. 

Within the category of operations, I envision the development of industry standards on culture and behavior, enhanced communications, both within firms and across the industry, and clarification around success metrics.  It's important to realize that "one size does not fit all" when it comes to solutions and metrics.  Employees should know what behaviors are expected from them and how their actions will be measured.  The purpose, strategy and business plan need to be communicated to every level of the organization.  It should be clear to employees how their work aligns with the purpose and strategy and how they contribute to the overall success of the firm.

Finally, within the employee category, the remedies need to cover the entire employment cycle, from recruitment and onboarding to performance management, compensation and promotion.  I have already spoken about the importance of hiring practices, so I don't need to repeat myself here.  It goes without saying that to be successful in strengthening hiring practices, you need to incorporate a process where you assess whether candidates are a strong fit with the desired culture of the organization and develop indoctrination programs whereby new employees are educated on strategy and vision, as well as the behaviors that are not tolerated.  The goal is to convince all employees of three points.  First, good behavior protects them as well as the firm.  Second, all employees share the consequences of poor conduct.  Third, it is therefore the responsibility of each employee root out bad behavior.

The industry also needs to consider a mechanism to stop movement of "bad apples" from firm to firm.  The current situation not only facilitates movement, but in many cases rewards it.  By allowing employees to jump from firm to firm, the impact of unethical behavior is systemic and cannot be contained within one firm or a small section of the industry.  We must address this challenge.

Once employees are on board, performance management should play a greater role, both in compensation decision-making, which needs to be simplified and diversified, and in the promotion process. The process should reflect a better balance between production and controls, by focusing not on "what" was accomplished but "how" it was accomplished.  Repercussions are necessary for employees that do not behave in a manner that is desirable.

I said that leadership must come from the top.  But that doesn't mean that you can't drive the culture from throughout the organization in the form of "culture carriers"—employees who are well connected, respected and can be effective in making your culture "go viral."

Cultural change is not just a "flavor of the month."  It is a long-term commitment to changing a firm and an industry.  It will take time.  And, once you feel you've achieved what you originally set out to achieve, you will likely have raised the bar and will need to reset your goals.  Building and maintaining a strong culture in a firm is an ongoing effort, not a "one and done" initiative. 

Conclusion
Will our list of "to dos" ever end?  Probably not.  Will our list of "worries" get shorter?  Unlikely in the current environment. 

We live in an ever-changing environment where speed and agility are of the essence.  Demands from customers change, expectations from shareholders change, and the regulatory landscape you work within will continue to evolve to keep pace.  Constant change—and commitment to evolution—is not a choice.  It is a necessity to remain relevant and provide a safe, sound and accessible financial sector that also contributes to the health, vitality and dynamic growth of our economy.

Overall, we want smooth, efficient markets that support global growth.  We want to continue to reduce the systemic risk posed by firms that are large, complex and interconnected.  We want to ensure fair access to credit for all.  And we want a strong, resilient, safe financial system.  Our challenge is how to balance all of these "wants."  As we strive to find the balance, it is important that we continue to have productive engagements with you, the industry.  We need honest, frank and educated discussions.  And we need to work together to gain a better understanding of our shared goals and how to get there. 


1 Employee Tenure in 2014 pdf

2 Talent Report: What Workers Want in 2012 pdf

By continuing to use our site, you agree to our Terms of Use and Privacy Statement. You can learn more about how we use cookies by reviewing our Privacy Statement.   Close