Bank Supervision by Federal Regulators: Overview and Policy Issues

Bank Supervision by Federal Regulators:
December 28, 2020
Overview and Policy Issues
David W. Perkins
To identify and mitigate risks, bank regulators have the authority to monitor bank activities,
Specialist in
condition, and performance. Bank supervision creates certain benefits, including safer banks, a
Macroeconomic Policy
more stable financial system, compliance with consumer protection and fair lending laws, and

safeguards against money laundering and cyberattacks. However, it imposes certain costs on
banks, including the fees they pay to their supervisors and compliance costs, which can reduce

credit availability through the banking system.
All banks are supervised by a primary federal prudential regulator for “safety and soundness,” which is determined by a
bank’s charter type and whether the bank is a member of the Federal Reserve System. The federal prudential regulators are
the Federal Reserve (Fed), the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance
Corporation (FDIC). Banks are also supervised for compliance with consumer protection and fair lending laws. The
Consumer Financial Protection Bureau (CFPB) is generally the primary supervisor for consumer compliance for banks with
more than $10 billion, and the bank’s prudential supervisor is also the consumer compliance supervisor for banks with less
than $10 billion. Banks chartered at the state level are also supervised by state-level bank regulatory agencies. Parent
companies that own banks, called bank-holding companies, are supervised by the Federal Reserve. In addition, companies
that perform certain activities for banks by contract are also subject to bank regulator supervision.
Regulators have complementary tools to achieve their supervisory goals. On -site full scope examinations, monitoring and
specialty exams, and reporting requirements are all part of an ongoing, iterative process that allows regulators to evaluate
banks, the industry, and market trends. Bank regulators must conduct at least one full-scope, on-site examination of each
bank every 12 months (or 18 months if the bank has less than $3 billion in assets and meets other criteria). They also
periodically issue guidance documents to explain particular regulations and provide detail on how banks can comply. For
cases in which banks disagree with examination results, an appeals process is in place.
Policy questions related to bank supervision that Congress may consider include:
 whether supervision requirements are appropriately tailored across banks of different sizes and levels of
 how regulators responded to challenges raised by the COVID-19 pandemic and what expectations could be
placed on banks as the effects of the pandemic continue to unfold;
 whether the supervisory authority over companies that provide services to banks as currently implemented
is appropriately calibrated to the relationships between banks and technology service providers;
 whether the recent changes the OCC made to its Community Reinvestment Act (CRA; P.L. 95-128)
regulations fulfill congressional intent and whether the OCC’s lone implementation without the other
federal regulators will create inconsistent CRA regulation;
 whether certain guidance documents and examiners’ interpretation of them can result in banks having to
adhere to what are in effect regulations;
 whether Home Mortgage Disclosure Act (HMDA; P.L. 94-200) reporting requirements are appropriately
calibrated and how the small business loan reporting requirements mandated by the Dodd-Frank Wall
Street Reform and Consumer Protection Act (P.L. 111-203) could be implemented; and
 whether reviews of examination appeals should be more independent from regulators.
Because supervision produces important benefits but at a cost, there will likely always be questions about whether existing
supervision is effective and efficient. In addition, many laws and regulations related to supervision are decades old, raisin g
questions about whether these rules need updating, particularly in the face of technological changes in finance. Against this
backdrop, the COVID-19 pandemic suddenly injected a tremendous amount of uncertainty into the banking industry, and
supervision will play a central role in how banks deal with the pandemic’s effects. Given this, it is likely that Congress will
continue to consider bank supervision issues.
Congressional Research Service

link to page 4 link to page 5 link to page 5 link to page 6 link to page 7 link to page 7 link to page 8 link to page 9 link to page 9 link to page 10 link to page 12 link to page 12 link to page 12 link to page 13 link to page 14 link to page 15 link to page 15 link to page 16 link to page 16 link to page 17 link to page 18 link to page 18 link to page 19 link to page 20 link to page 21 link to page 23 link to page 23 link to page 23 link to page 24 link to page 25 link to page 27 link to page 28 link to page 29 link to page 6 link to page 11 link to page 29 Bank Supervision by Federal Regulators: Overview and Policy Issues

Introduction ................................................................................................................... 1
Overview of Bank Supervision.......................................................................................... 2
Bank Regulators ........................................................................................................ 2
Benefits of Supervision .............................................................................................. 3
Safety, Soundness, and Systemic Stability ................................................................ 4
Consumer Compliance and Community Reinvestment ............................................... 4
Money Laundering Prevention and Cybersecurity ..................................................... 5
Costs of Supervision .................................................................................................. 6
Fees, or “Assessments” ......................................................................................... 6
Compliance Costs................................................................................................. 7
Effects on Credit Allocation Decisions..................................................................... 9
Bank Supervision Requirements and Tools .................................................................... 9
Examinations....................................................................................................... 9
Ongoing Monitoring ........................................................................................... 10
Reporting Requirements ...................................................................................... 11
Guidance .......................................................................................................... 12
Appeals Process ................................................................................................. 12

Supervision Authority and Bank Service Providers ....................................................... 13
Selected Policy Issues .................................................................................................... 13
Tailoring of Requirements......................................................................................... 14
Supervisory Responses to COVID-19 ......................................................................... 15
Temporary Supervisory Changes .......................................................................... 15
COVID-19 Guidance Documents.......................................................................... 16
Supervision as COVID-19 Effects Continue to Unfold ............................................. 17
Regulations Implementing the CRA ........................................................................... 18
Bank Technology Service Providers Supervision .......................................................... 20
Core Service Providers........................................................................................ 20
Cloud Service Providers ...................................................................................... 20
Proposed Voluntary Certification Program for TSPs................................................. 21
Guidance Versus Rules ............................................................................................. 22
Fair Lending Data Reporting Requirements ................................................................. 24
Ombudsmen and the Appeals Process ......................................................................... 25
Outlook for Bank Supervision Issues................................................................................ 26

Figure 1. Which Agency Is a Bank’s Primary Supervisor? ..................................................... 3
Figure 2. Compliance Costs as a Percentage of Noninterest Expenses ..................................... 8

Author Information ....................................................................................................... 26

Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

In most industries in the United States, a company is general y not visited by federal examiners
checking to see that, among other things, the company is safely profitable, not overly exposed to
risks, wel -managed, and serving the needs of the community. For a bank, this is a regular
Federal bank supervision refers to the authority of certain agencies—the Federal Reserve (Fed),
the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Cooperation
(FDIC), and the Consumer Financial Protection Bureau (CFPB)—to monitor and examine banks,
impose reporting requirements, and recommend that banks take certain actions.2 The purpose of
this authority is to ensure that banks are operating in a safe and sound manner, to identify and
mitigate risks, and to check that banks are in compliance with applicable laws and regulations.3
As part of an examination, an examiner may recommend that a bank’s management and board of
directors take certain actions to comply with regulations and advise of possible consequences if
such action is not taken and noncompliance or a deterioration of the bank’s condition
subsequently occurs.4 The regulators often issue guidance documents recommending policies and
procedures to ensure compliance.5
Bank supervision creates certain benefits (e.g., safer banks and a more stable banking system,
more compliance with consumer protection laws and community reinvestment, and prevention of
certain crimes) but imposes certain costs (e.g., direct supervision costs, compliance costs, and
potential diversion of credit from certain market segments). As a result, Congress often considers
an array of issues related to whether aspects of bank supervision are effective and efficient.
This report provides background information on bank supervision and analyzes certain selected
policy issues. It begins with descriptions of the federal agencies that perform supervision, the
requirements and processes it entails, and the benefits and costs of bank supervision. The report
also examines the supervisory authority the agencies have over companies that provide certain
services for banks. It then discusses the following policy issues:
 whether supervision requirements are appropriately tailored across banks of
different sizes and levels of complexity;
 chal enges raised by the Coronavirus Disease 2019 (COVID-19) pandemic and
what expectations could be placed on banks as the effects of the pandemic
continue to unfold;

1 In general, this report uses the term bank to refer to (1) any FDIC-insured depository institution, including a
commercial bank, savings association, or insured depository with another charter typ e; and (2) a parent company that
owns a bank, called a bank holding company. Where making a distinction is necessary, the report specifies institution
2 When referring to these agencies collectively, this report uses the term bank regulators. Bank regulators have other
authorities to regulate, including rulemaking authority, enforcement authority, and resolution authority to take over and
shut down or sell off failing banks. T hese authorities are beyond the scope of this report. For more info rmation, see
CRS Report R44918, Who Regulates Whom ? An Overview of the U.S. Financial Regulatory Fram ework , by Marc
3 FDIC, Risk Management Manual of Examination Policies, last updated January 2020, p. 2,
4 FDIC, Risk Management Manual of Examination Policies, pp. 16-18.
5 For examples, see Federal Reserve, Supervision and Regulatory Letters,
Congressional Research Service

link to page 6 Bank Supervision by Federal Regulators: Overview and Policy Issues

 whether the supervisory authority over companies that provide services to banks
is appropriately calibrated for bank relationships with technology service
 whether the recent changes the OCC made to its Community Reinvestment Act
(CRA; P.L. 95-128) regulations fulfil congressional intent and whether the
OCC’s lone implementation without the other federal regulators wil create
chal enges;
 whether certain guidance documents and examiners’ interpretation of them can
lead to banks having to adhere to what are in effect regulations that have not gone
through the mandated rulemaking processes;
 whether Home Mortgage Disclosure Act (HMDA; P.L. 94-200) requirements are
appropriately calibrated and how the smal business loan reporting mandated by
the Dodd-Frank Wal Street Reform and Consumer Protection Act (Dodd-Frank
Act; P.L. 111-203) could be implemented; and
 whether reviews of examination appeals should be more independent from
regulatory agencies.
Overview of Bank Supervision
Bank Regulators
Which agency is the primary federal supervisor and for what type of supervision—either
prudential supervision, also cal ed “safety and soundness” supervision, or consumer
compliance—depends on a number of factors (as shown in Figure 1).6 These factors are (1)
whether the bank has a national or state charter;7 (2) if a state bank, whether it is a member of the
Federal Reserve System (FRS);8 and (3) whether the bank has more or less than $10 bil ion in
total assets.
The OCC is the primary prudential regulator for al national banks, which are required to be
members of the FRS (1,060 banks as of October 29, 2020).9 The Fed is the primary prudential
regulator of state banks that are members of the FRS (736 banks). The FDIC is the primary
prudential regulator of state banks that are not members of the FRS (3,242 banks). For banks with
assets of $10 bil ion or less, their primary prudential supervisors are also general y their consumer
compliance supervisors. The CFPB is general y the primary consumer compliance supervisor for
banks with more than $10 bil ion in assets.

6 Broadly, safety and soundness supervision evaluates banks’ riskiness, and consumer compliance supervision checks
that banks are complying with consumer protection and fair lending laws and regulations.
7 An examination of the U.S. dual banking system featuring national and state charters is beyond the scope of this
report. For more information, see CRS Report R45081, Banking Law: An Overview of Federal Preem ption in the Dual
Banking System
, by Jay B. Sykes.
8 T he FRS is comprised of the Federal Reserve Board of Governors and 12 regional Federal Reserve banks. National
banks must, and state-chartered bank can, choose to become members of the system by holding stock in one of the 12
regional Federal Reserve banks. In this report, the term the Fed refers to the Board of Governors and the 12 regional
banks. FRS refers to the Fed and its member banks.
9 Counts provided here come from the FDIC’s Institution Directory search tool at
Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

Figure 1. Which Agency Is a Bank’s Primary Supervisor?

Source: CRS.
State agencies also supervise state banks with the Fed and the FDIC. In addition, the Fed
supervises al parent companies that own banks, cal ed bank-holding companies, regardless of
which agency supervises the bank subsidiary.
This system featuring numerous regulators at the state and federal level can present certain
chal enges. The agencies could implement inconsistent or overlapping supervision. Banks may
seek to be regulated by the agency they perceive to be most lax, and the agencies may have
incentives to be more lax in order to attract banks—from whom they collect fees, cal ed
assessments—to their regimes. To avoid such outcomes Congress created the Federal Financial
Institutions Examination Council (FFIEC) in the Financial Institutions Regulatory and Interest
Rate Control Act of 1978 (P.L. 95-630). The FFIEC “prescribes uniform principles and standards
for the federal examination of financial institutions” by the federal bank regulators and other
regulators and makes “recommendations to promote uniformity in the supervision of these
financial institutions … [and] to promote consistency in such examination and to insure
progressive and vigilant supervision.”10
Benefits of Supervision
Supervision produces a number of potential benefits, including increased safety and stability in
the banking industry and the financial system, better consumer compliance and community
reinvestment, reduced money laundering, and fewer cybersecurity breaches.

10 12 U.S.C. §3301. T he membership of the FFIEC consists of the Comptroller of the Currency, the chairman of the
Board of Directors of the FDIC, a governor of the Board of Governors of the FRS designated by the chairman of the
board, the director of the CFPB, the chairman of the National Credit Union Administration (NCUA) Board, and the
chairman of the State Liaison Committee (12 U.S.C. §3303).
Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

Safety, Soundness, and Systemic Stability
The central business of commercial banks is to convert deposits in saving and checking accounts
into loans and other credit. This credit intermediation generates tremendous economic benefits
and growth, because funds that would otherwise be sitting idle can instead be spent and invested.
However, it is inherently risky, because while banks are obligated to return deposits on short
notice, the credit banks extend to borrowers is paid back slowly over time. This mismatch can
lead to bank failures and, absent government guarantees, to depositors losing their savings. In
addition, some banks, especial y large banks, are also highly involved in numerous other financial
markets and activities that expose them to additional risks and make them important actors in the
financial system.
Because of the important role banks play in finance and the economy, the failure of a sufficiently
large number of banks or of a smal number (perhaps just one) of large banks can threaten the
stability of the whole financial system and real economy. In response, the government has
constructed “safety nets”—for example, making the Fed “a lender of last resort” for banks with
cash flow problems and the FDIC the federal insurer of deposits—to reduce the occurrence of
failures and protect against depositor losses. However, these safety nets expose the government
(and so, ultimately, the taxpayer) to losses and distort market incentives in a way that could
incentivize banks to take greater risks. To mitigate exposure and risk-taking, the government has
implemented safety and soundness regulations, cal ed prudential regulations, aimed at bringing
stability to individual banks and the banking system as a whole.
Supervision enables regulators to evaluate institutions for how safe they are and whether they are
complying with prudential regulations. In addition, it al ows them to monitor and evaluate the
industry as a whole and possibly to identify troubling industry-wide trends and rein in concerning
activity before it culminates in major losses and crises. Preventing bank failures and mitigating
financial crises and resulting economic contractions could lead to greater economic growth over
the long term. In addition, a regulatory regime in which banks are closely monitored and risk-
taking is constrained may create greater public trust in the banking system, leading more people
to deposit funds and take out bank loans, which could foster economic growth further.
Consumer Compliance and Community Reinvestment
Regulators also evaluate bank compliance with consumer protection and fair lending laws (cal ed
consumer compliance supervision). In addition, the CRA requires regulators to assess how wel
banks are meeting the needs of the communities in which they operate.
Broadly speaking, these laws are aimed at ensuring that banking industry activities result in fair
outcomes. Consumer protection refers to laws and regulations prohibiting banks and other lenders
from engaging in unfair, deceptive, or abusive acts and practices.11 For example, under the Dodd-
Frank Wal Street Reform and Consumer Protection Act (Dodd-Frank; P.L. 111-203), they
general y cannot take advantage of a consumer by not adequately informing him of the costs and
other terms and conditions of a loan.12 Fair lending laws prohibit lenders from discrimination
against borrowers of certain protected classes. For example, under the Equal Credit Opportunity

11 For more information on the regulation of consumer financial markets, see CRS Report R45813, An Overview of
Consum er Finance and Policy Issues
, by Cheryl R. Cooper.
12 12 U.S.C. §5531(d)(A)(2).
Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

Act (15 U.S.C. §§1691-1691f), a bank cannot deny a loan application or provide a loan under
more expensive terms if the applicant is a minority, a woman, or above a certain age.13
The CRA requires that regulators evaluate banks for how wel they meet the credit needs of the
entire community, including low- and moderate-income neighborhoods, in which they operate.14
The law was enacted with the aim of preventing “redlining,” a practice wherein a bank would
refuse to make home loans in certain low-income or minority neighborhoods (which the bank
would outline in red on its maps, hence the name).15 Banks are not subject to enforcement actions
(e.g., fines, legal y compel ed changes in behavior) for poor performance under the CRA, but
regulators do consider their performance when they apply to expand operations, such as by
merging with another bank.16 Thus, banks that hope to expand into new areas have an incentive to
perform wel on their CRA evaluations.
By evaluating banks for compliance and performance pursuant to these laws, supervision can
reduce unfairness, deception, abuse, and discrimination in bank lending and encourage bank
lending in low- and moderate-income areas. These are beneficial outcomes in their own right but
may also increase economic growth by improving public trust in and use of banks.
Money Laundering Prevention and Cybersecurity
Banks must comply with laws and regulations aimed at reducing certain crimes, including money
laundering and cybercrime. Supervision in these areas involves examination of banks’ internal
controls, policies, procedures, and information technology systems.
Banks face a number of requirements under the Bank Secrecy Act (P.L. 91-508) and anti-money
laundering regulations (collectively BSA/AML) designed to prevent criminals from using the
banking system to hold, process, and make seem legitimate their criminal proceeds.17 BSA/AML
compliance requires a bank, among other things, to verify their customers’ identities and to record
and report certain transactions with the Treasury Department’s Financial Crime Enforcement
Network. For example, a bank must file a suspicious activity report when it suspects that a
transaction may be related to criminal activity and a currency transaction report when it
processes a large currency transaction (general y over $10,000).18
Banks must general y establish BSA/AML policies and procedures and assign personnel to carry
them out. Bank examinations include an evaluation of how wel banks have established and are
maintaining these systems,19 and bank regulators have issued guidance describing certain features
bank BSA/AML compliance programs should general y have.20
Cybersecurity for banks has both safety and soundness and consumer protection implications. A
cyberattack can expose a bank to financial losses. For example, a denial-of-service attack—

13 15 U.S.C. §1691(a)(1).
14 12 U.S.C. §2903(a)(1).
15 OCC, Community Reinvestment Act, March 2014,
community-affairs/community-developments-fact-sheets/pub-fact -sheet-cra-reinvestment-act-mar-2014.pdf.
16 12 U.S.C. §2903(a)(1).
17 31 U.S.C §§5311 et seq. and 12 C.F.R. Part 21.
18 12 C.F.R. §21.11 and 31 C.F.R. §1010.330.
19 FFIEC, BSA/AML Examination Manual, February 27, 2015, pp. 5-6,
20 For example, see the Federal Reserve, OCC, FDIC, and NCUA, Joint Statement on Enforcement of BSA/AML
Requirem ents
, August 13, 2020,
Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

wherein the attacker directs so much internet traffic at a bank’s website that it gets overloaded—
prevents customers from doing business with the bank for a period of time and could undermine
public trust in it. From the safety and soundness perspective, cybersecurity is like physical
security: Banks must guard against the theft of assets and records regardless of whether it is
attempted by burglars cracking safes or hackers breaching cybersecurity. The consumer protection
element arises because cybercriminals often target bank customers’ sensitive personal
Accordingly, bank regulators require banks to protect themselves (such as under Section 39 of the
Federal Deposit Insurance Act [P.L. 81-797]) and their customers’ information (such as under
Sections 501 and 505(b) of the Graham-Leach-Bliley Act [P.L. 106-102]) by establishing
information security standards22 and evaluating banks’ systems in examinations.23 These not only
reduce the occurrence of successful cyberattacks but may also foster trust in the banking system.
By settings standards; issuing guidance; and evaluating banks’ policies, procedures, and systems
for preventing money laundering and successful cyberattacks, bank supervision aims to reduce
those bad outcomes and foster public trust in the banking system.
Costs of Supervision
Supervision has a number of potential costs that could reduce credit availability in general or in
specific market segments. These costs include the fees the regulators charge banks to fund their
supervision activities, the costs banks incur to ensure they are in compliance with al laws and
regulations, and an under-al ocation of credit and services to markets that banks think regulators
Fees, or “Assessments”
Regulators must employ examiners and other staff, pay for travel and lodging during on-site
exams, and purchase and maintain various equipment and software used in supervision activities.
The bank regulators are self-funded, independent agencies. The Fed, OCC, and FDIC cover the
direct costs of supervision, at least in part, by charging banks fees cal ed assessments.24 The
amount banks pay in these fees reduces the funds banks have available to lend and thus reduces
the amount of credit available to the economy. In addition, the Fed earns interest from the assets it
owns in order to implement monetary policy and collects fees from banks that use its payment

21 For example, see Capital One, “Information on the Capital One Cyber Incident,” press release, September 23, 2019,; and Elizabeth Weise, “ JP Morgan Reveals Data Breach Affected 76 Million
Households,” USA Today, October 2, 2014,
22 12 C.F.R Appendix B to Part 30.
23 Federal Reserve, “Information T echnology Guidance,” November 10, 2020,
24 Each regulator has different funding methods. T he FDIC collects a single assessment from all FDIC insured
depositories to cover expenses, including supervision expenses, and fund the Deposit Insurance Fund, used to resolve
failed banks: see 12 U.S.C. §1817(b). T he OCC charges national banks assessments to meet its funding needs,
including to carry out supervision: see 12 U.S.C. §16. T he Fed collects assessments from bank holding companies and
savings and loan holding companies with $100 billion or more in total consolidated assets and from nonbank financial
companies designated as systemically important financial institutions equal to the expenses to carry out its supervision
and regulation of those companies: see 12 U.S.C. §248(s). T he CFPB is allocated money from the Federal Reserve’s
budget: see 12 U.S.C. §5497.
Congressional Research Service

link to page 11 Bank Supervision by Federal Regulators: Overview and Policy Issues

systems. The Fed remits any income above expenses to the Treasury Department’s general
budget.25 Thus, any money it spends on supervision reduces that remittance.
The FDIC’s 2020 budget al ocates $1.06 bil ion to supervision activities.26 The OCC’s 2019
annual report indicates that the agency spent $965 mil ion on supervision in FY2019.27 The Fed
spent a combined $1.84 bil ion on supervision according to its 2019 annual report.28 The CFPB
does not report expenditures on bank supervision specifical y but only on a broader category of
expenditures on supervision and enforcement, for which it budgeted $153 mil ion for FY2020.29
Compliance Costs
Banks also incur compliance costs, such as employee time dedicated to recordkeeping and
reporting, the purchase and maintenance computer systems and software used in compliance
activities, and paying outside contractors such as accountants to ensure compliance. These costs
can also reduce funds available for lending and thus reduce credit availability.
It is difficult for regulators and banks to disentangle specifical y which expenses are the direct
result of supervision.30 For example, many employees are not solely dedicated to compliance and
have many responsibilities related to running a bank’s business operations. Similarly, computers
and outside specialists also manage banks’ business activities.
A recent study by the Federal Reserve Bank of St. Louis used surveys from a sample of banks
with less than $10 bil ion in assets to estimate that those banks’ compliance costs were on average
7.2% of noninterest expenses. In addition, the study found that the percentage of noninterest
expense dedicated to compliance declined as banks got bigger but that this effect flattened out in
the biggest bank groups (Figure 2). For example, banks under $100 mil ion dedicated 9.8%
noninterest expense to compliance, while banks between $1 bil ion and $10 bil ion dedicated

25 12 U.S.C. §290.
26 FDIC, Proposed 2020 FDIC Operating Budget, June 8, 2020, Exhibit 6,
27 OCC, 2019 Annual Report, p. 37,
28 Federal Reserve, Annual Report—2019, Federal Reserve System Budgets, July 28, 2020, T ables 3 and 9,
29 CFPB, Fiscal Year 2020: Annual Performance Plan and Report, and Budget Overview, February 2020, p. 13,
30 FDIC, Community Bank Study, Appendix B, December 2020,
31 Drew Dahl et al., Compliance Costs, Economies of Scale and Compliance Performance, Federal Reserve Bank of St.
Louis, Community Bank Research and Outreach, July 2018, p. 8,
Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

Figure 2. Compliance Costs as a Percentage of Noninterest Expenses

Source: Drew Dahl et al., Compliance Costs, Economies of Scale and Compliance Performance, Federal Reserve Bank
of St. Louis, Community Bank Research and Outreach, July 2018.
Smal banks are subject to less regulation and supervision than are big banks, so this
measurement suggests that compliance costs are subject to economies of scale—that is, as a bank
gets bigger it becomes more efficient at compliance. The results of other studies have a wide
range of estimates, although indicators of economies of scale in compliance (sometimes with a
leveling off among the largest banks) are common.
The St. Louis Federal Reserve results are consistent with earlier findings on compliance costs,
although the percentages are near the lower end of the range of estimates.32 Thus, applying the
results from that study to data on noninterest expenses can produce an estimate of total
compliance costs, albeit one at the low end of the range. Assuming compliance costs are 7% of
total noninterest expenses at community banks (which were $15.4 bil ion in the second quarter of
2020) and 5% at noncommunity banks ($106.9 bil ion total noninterest expenses), the sum of
compliance costs would be over $6.4 bil ion in the quarter.33 This would annualize to almost
$25.7 bil ion a year. However, considering the higher measured costs from other studies, the true
cost may be twice as large as this estimate or more.

32 Dahl et al., Compliance Costs, Economies of Scale and Compliance Performance, p. 6.
33 T otal noninterest expenses from FDIC, Quarterly Banking Profile, Second Quarter 2020, August 25, 2020,; CRS calculations.
Congressional Research Service

link to page 25 link to page 25 Bank Supervision by Federal Regulators: Overview and Policy Issues

Effects on Credit Allocation Decisions
A more indirect cost to supervision is its potential to affect bank decisions about which market
segments to lend to. This could reduce credit to certain segments, leading to a less efficient
al ocation of credit. Banks may factor in how they think examiners wil assess certain loans
instead of making credit decisions based entirely on economic and business considerations. For
example, banks may be hesitant to make loans in a higher-risk market segment even if the
expected returns on the loans justify the risk, because they worry those loans wil draw regulatory
scrutiny. As a result, the argument goes, banks would over-al ocate available funds to markets
perceived to be favored by regulators and under-al ocate to those perceived to be disfavored.
However, recal that government-backed bank safety nets may cause banks, absent prudential
regulations and supervision, to be overly risky. The extent to which supervision corrects toward
risk-appropriate market segments or overcorrects causing misal ocations is subject to debate.
The recent history of deposit advances and other short-term, smal -dollar loans suggest that this is
not a purely hypothetical situation. Before 2013, many banks offered deposit advanc es—smal ,
short-term loans made to existing bank customers that are repaid when the customers deposit their
next paychecks—to meet unexpected expenses, such as car repairs or medical bil s. However, in
that year the Fed, FDIC, and OCC issued a guidance on how these relatively expensive products
may present consumer compliance, reputational, and operational risks.34 Subsequently, most
banks stopped offering deposit advances. Banks and observers asserted that this was the result of
banks interpreting the guidance as a warning against offering such products.35 This series of
events is also an example of how guidance can act, in effect, like a rule without the agencies
having to put it through the mandated rulemaking processes, as discussed in the “Guidance
Versus Rules” section below.
Bank Supervision Requirements and Tools
Regulators have complementary tools to achieve their supervisory goals. Examinations,
monitoring, and reporting requirements are al part of an ongoing, iterative process that al ows
regulators to evaluate banks, the industry, and market trends. Regulators also periodical y issue
guidance documents to explain particular regulations and provide detail on how banks can
comply. For cases in which banks disagree with examination results, regulators have established
appeals processes.
Regulators are general y required to conduct at least one full-scope, on-site examination of a bank
every 12 months.36 However, banks that (1) have less than $3 bil ion in assets, (2) meet capital
requirements necessary to be considered wel -capitalized, and (3) were most recently found to be

34 OCC, “Guidance on Supervisory Concerns and Expectations Regarding Deposit Advance Products,” 78 Federal
70624, November 26, 2013; FDIC, “ Guidance on Supervisory Concerns and Expectations Regarding Deposit
Advance Products,” 78 Federal Register 70552, November 26, 2013; and Federal Reserve, Statement on Deposit
Advance Products
, CA 13-7, April 25, 2013,
07attachment.pdf. For more information about the short-term, small-dollar loan market, see CRS Report R45979,
Financial Inclusion and Credit Access Policy Issues, by Cheryl R. Cooper.
35 Danielle Douglas, “Wells Fargo, U.S. Bank to End Deposit Advance Loans, Citing T ougher Regulation,”
Washington Post, January 17, 2014,
36 12 U.S.C. §1820(d)(1).
Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

wel managed and in “outstanding” condition (banks under $200 mil ion in assets can be in
“good” condition), among other conditions, can be examined every 18 months.37
Regulators make efforts to coordinate exams and evaluate as many aspects of bank operations as
possible so that a single full-scope exam is the only on-site visit by regulators in the 12- or 18-
month cycle, especial y for smal , simple banks in good condition.38 However, if a bank is larger
or more complex or has issues its regulator thinks need more attention, the regulator may perform
additional examinations during the cycle. These may only be targeted examinations, which focus
on a particular product, activity, or risk, or specialty area examinations, which relate to consumer
compliance, CRA evaluation, BSA/AML requirements, and information technology security.39
Examinations involve an evaluation of bank practices and performance. Examiners objectively
confirm whether a bank meets regulatory requirements and subjectively judge whether a bank
satisfies regulatory goals. Bank examiners assign banks confidential ratings based on the Uniform
Financial Institutions Ratings System, wherein the banks receive ratings from 1 (best) to 5 (worst)
across six “CAMELS” components—capital adequacy, asset quality, management, earnings,
liquidity, and sensitivity to market risk—and a composite rating based on al those components.40
A bank’s CAMELS rating can affect a bank in a number of ways, including how much a bank
must pay for FDIC insurance and how often it is examined in the future.41 Bad ratings can result
in informal agreements that the bank make certain changes or formal enforcement actions.42
Ongoing Monitoring
In between examinations, bank regulators continual y monitor bank practices and performance.
This can be done off site and often involves analysis of information that banks send to the
regulators as part of existing reporting requirements, which are discussed in the following section.
In addition, regulators may request that additional information be sent. Examiners may also
confirm that banks are undertaking any actions that had been agreed to in previous exams.43
For the largest, most complex bank organizations, this ongoing monitoring can involve significant
resources and attention. For example, staff from the regulatory agencies are permanently placed
on site at certain large bank offices, and some regulators have work units and policies dedicated
specifical y to large bank supervision.44

37 12 U.S.C. §1820(d)(4). T he 18-month examination cycle option asset threshold was raised to $3 billion from $1
billion pursuant to Section 210 of the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA;
P.L. 115-174).
38 OCC, Comptroller’s Handbook: Examination Process, September 2019, p. 15,
39 OCC, Comptroller’s Handbook: Examination Process, September 2019, p. 16.
40 FDIC, Uniform Financial Institutions Rating System , Statement of Policy, January 6, 1997,
41 Federal Reserve and FDIC, “Request for Information on Application of the Uniform Financial Institutions Ratings
System,” 84 Federal Register 58385, October 31, 2019; and FDIC, Deposit Insurance Assessments, FDIC Assessment
Rates, July 14, 2017,
42 Federal Reserve and FDIC, “Request for Information on Application of the Uniform Financial Institutions Ratings
43 OCC, Comptroller’s Handbook: Examination Process, pp. 12-16, 39.
44 For example, see OCC, Large Bank Supervision Locations,
large-bank-supervision/index-large-bank-supervision-locations.html; and Federal Reserve, Large Institution
Supervision Coordinating Com m ittee
Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

Reporting Requirements
On a regular basis, banks are required to submit certain information to regulators. Reporting this
information requires a bank to dedicate resources to complete the task. For example, a bank
employee or employees dedicate time to fil ing out forms, and in many cases banks purchase
computer software to make meeting reporting requirements faster and easier. Reporting
requirements are varied, but two prominent requirements are the Report of Condition and Income
(referred to as the call report) and HMDA mortgage loan and mortgage application reporting.45
Al banks must submit a cal report at the end of every financial quarter of the year. The cal
report is comprised of a number of schedules that give a detailed accounting of bank income,
expenses, assets, liabilities, and capital, among other variables that describe a bank’s condition.
There are three variations of the cal report of varying specificity and detail. Large, complex
banks submit the most detailed and smal simple banks the least.46 As of June 30, 2020, the most
detailed version was 91 pages long and contained 27 schedules, while the least detailed version
was 65 pages long and contained 19 schedules.47
HMDA was original y enacted in 197548 and requires most lenders, including most banks, to
report data on their mortgage applications and loans. Regulators use the data to assist in (1)
“determining whether financial institutions are serving the housing needs of their communities;”
(2) “distributing public-sector investments so as to attract private investment to areas where it is
needed;” and (3) “identifying possible discriminatory lending patterns.”49 Under HMDA, banks
must general y record and report to regulators the number and amount of mortgage loans made
and applications received, certain applicant characteristics—such as income level, race, age, and
gender—and certain loan characteristics such as interest rate and fees charged.50
Stress-Testing and Living Wil s: Large Bank Rules Involving Reporting
Under Section 165 of Dodd-Frank (P.L. 111-203), as amended by EGRRCPA (P.L. 115-174), banks with more than
$250 bil ion in assets are subject to certain additional prudential regulation. (The Fed has the authority to impose
certain of these regulations on banks with between $100 bil ion and $250 bil ion in assets.) Some of these rules
have reporting components. Specifical y, bank holding companies must report certain data as part of Fed stress-

45 T his report does not cover certain reporting requirements facing a broader set of companies and administered by
other agencies. For example, like many financial institutions, banks face requirements t o report certain transactions to
the Financial Crime Enforcement Network at the T reasury Department. For more information, see CRS In Focus
IF11064, Introduction to Financial Services: Anti-Money Laundering Regulation, by Rena S. Miller and Liana W.
Rosen. In addition, publicly traded banks have reporting requirements administered by the SEC. For more information,
see CRS In Focus IF11256, SEC Securities Disclosure: Background and Policy Issues, by Eva Su.
46 T he longest version, known as the FFIEC 031, is filed by banks that either (1) have domestic and foreign offices, (2)
have only domestic offices but more than $100 billion of assets, or (3) are classified as an “ advanced approaches” bank
due to size or complexity. T he middle version, FFIEC 041, is filed by banks that have only domestic offices, have less
than $100 billion of assets, are not an advanced approaches bank, and do not qualify for the shortest form. T hat is
FFIEC 051, filed by banks with less than $5 billion of assets that do not have to file the 041 for risk -based criteria. In a
June 2019 rulemaking, the asset threshold for FFIEC 051 was raised from $1 billion to $3 billion, and ce rtain line items
were made required only in the second and fourth quarters pursuant to Section 205 of the EGRRCPA. See Federal
Reserve, OCC, and FDIC, “Reduced Reporting for Covered Depository Institutions,” 84 Federal Register 29039-
29041, June 21, 2020.
47 FFIEC, Consolidated Reports of Condition and Income for a Bank with Domestic and Foreign Offices—FFIEC 051,
September 30, 2020,
48 P.L. 94-200.
49 FFIEC, “HMDA: Background and Purpose,”
50 12 U.S.C. §2803.
Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

testing and submit a plan for how they can be resolved through bankruptcy were they to fail, sometimes cal ed a
“living wil .” A detailed examination can be found in CRS Report R45711, Enhanced Prudential Regulation of Large
, by Marc Labonte.
Bank regulators often issue nonbinding guidance providing explanations on how to adhere to
particular regulations. To take a recent example, the bank regulators issued a joint statement on
August 13, 2020 (which updates earlier guidance), describing examples of when they would issue
a cease-and-desist order for failing to comply with BSA/AML requirements.51 In addition,
regulators issue guidance advising banks about how they view changes to market conditions or
practices. For example, regulators have issued a number of guidance documents in response to the
COVID-19 pandemic advising banks how they should continue to service customers and treat
loans that are nonperforming because of the pandemic.52
Guidance in supervision can subtly influence regulatory burden by changing banks’
understanding and expectations related to how rules should be complied with and how regulators
wil enforce those rules.
Appeals Process
When examiners determine that some aspect of a bank’s condition or compliance is deficient and
needs to be changed, they may make a material supervisory determination (MSD). These can
include a CAMELS rating downgrade, which in turn may result in an increased FDIC insurance
assessment.53 Or an MSD may require a bank to increase its loss reserves or reclassify the status
of certain loans. In addition, an MSD could portend a formal enforcement action.54
Banks may disagree with an examiner’s determination. Often, disputes are resolved informal y
through discussion between the bank and the examiner. However, the bank regulators are required
to maintain certain formal, independent appeals processes for supervisory findings. For example,
under the Riegle Community Development and Regulatory Improvement Act (P.L. 103-325),
each agency must appoint an independent ombudsman and maintain regulatory safeguards to
prevent retaliation against a bank that disputes the examination findings.55 Each agency’s
ombudsman’s exact role varies, but they general y facilitate the resolution of disagreements over
examination results.

51 Federal Reserve, OCC, FDIC, and NCUA, Joint Statement on Enforcement of Bank Secrecy Act/Anti-Money
Laundering Requirem ents
, August 13, 2020,
52 For example, see Federal Reserve, OCC, FDIC, and NCUA, Joint Statement on Additional Loan Accommodations
Related to COVID-19
, August 13, 2020,
Statement_for_Loans_Nearing_the_End_of_Relief_Period.pdf .
53 FDIC, Deposit Insurance Assessments, FDIC Assessment Rates, July 14, 2017,
54 Julie Andersen Hill, “When Bank Examiners Get It Wrong: Financial Institution Appeals of Material Supervisory
Determinations,” Washington University Law Review, vol. 92, no. 5 (2015), pp. 1103-1106.
55 12 U.S.C. §4806.
Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

Supervision Authority and Bank Service Providers
Bank regulators also have authorities over certain companies that perform services for banks by
contract. In recent years, these authorities have come under scrutiny as banks increasingly rely on
technology service providers (TSPs). The Bank Service Company Act (P.L. 87-856) directs the
bank regulators to treat al activities performed by contract as if they were performed by the bank
and grants them the authority to examine and regulate these third-party vendors that provide
services to banks,56 including check and deposit sorting and posting, statement preparation,
notices, bookkeeping, and accounting.57 In addition, Section 501 of the Gramm-Leach-Bliley Act
(P.L. 106-102) requires federal agencies to establish appropriate standards for financial
institutions to protect customer information. Pursuant to that law, the bank regulators have issued
interagency guidance indicating that banks have to ensure that third-party vendors maintain
appropriate security measures.58
Companies known as core software providers or bank core processors sel and maintain the
digital technology that banks use to perform their “core” activities, such as processing payments
and other transactions, recording digital information, complying with regulatory reporting
requirements, and developing interfaces for customer accounts. The costs of these services may
be less than the staffing and investment costs of developing and maintaining the information
technology in-house.59 Some of the companies have been active for decades.60
Another industry segment is cloud service providers. Some have jokingly referred to cloud
computing as “someone else’s computer.”61 While this is a facetious characterization, it does
succinctly describe the core tenet of the technology. Users of cloud computing transfer their
information from a resource (e.g., hard drives, servers, and networks) that they own to one that
they lease. One of the benefits of cloud computing is that it relieves users from having to buy,
develop, and maintain technical resources. Instead, users pay the cloud service providers, who
specialize in building and managing such resource infrastructures.
Selected Policy Issues
Because supervision plays such a prominent role in the regulation of the banking industry,
regulator supervisory authorities and practices are the subject of a variety of policy questions. The

56 12 U.S.C. §1867.
57 12 U.S.C. §1863.
58 For example, see the following releases: NCUA, Evaluating Third Party Relationships, Letter No.: 07-CU-13,
December 2007; FDIC, Guidance for Managing Third-Party Risk, FIL-44-2008, June 6, 2008; FFIEC, “ Financial
Regulators Release Guidance for the Supervision of T echnology Service Providers,” press release, October 31, 2012,; FDIC, Technology Outsourcing: Informational Tools for Com m unity
, FIL-13-2014, April 7, 2014; FDIC Office of Inspector General, Technology Service Provider Contracts with
FDIC-Supervised Institutions
, Report No. EVAL-17-004, February 2017; and NCUA Office of Inspector General,
Audit of the NCUA Inform ation Technology Exam ination Program ’s Oversight of Credit Union Cybersecurity
Program s
, Report No OIG-17-08, September 28, 2017.
59 See Anna Murray, “In-Sourcing vs. Outsourcing T ech Roles: Is Your T ech Staff ‘Steady State’ or ‘Project T ype’?,”
Banking Exchange, November 10, 2017,
60 Amber Seitz, Surveying the Core Processing Landscape: Banking Industry Keeps an Eye on the Horizon Amidst
, Wisconsin Banker Association, August 28, 2019,
61 David C. Brock, “Someone Else’s Computer: T he Prehistory of Cloud Computing,” IEEE Spectrum, August 31,
Congressional Research Service

link to page 10 Bank Supervision by Federal Regulators: Overview and Policy Issues

numerous supervision-related issues range from general and long-standing (e.g., whether or not
the frequency and scope involved in examination and reporting are appropriately balanced) to
relatively new and specific (e.g., how bank examiners wil assess loans impaired in the aftermath
of the COVID-19 pandemic). This section wil discuss certain prominent supervision issues that
may attract congressional attention.
Tailoring of Requirements
One area of debate related to supervision involve questions of calibration: How can requirements
be applied so that supervision is not too lax and al owing excessive risks but not too stringent and
imposing unnecessary costs? In many cases, the answers might depend on the characteristics of
individual banks.
The benefits of supervising large, complex, interconnected banks may be greater compared to
smal , simple banks. A large bank can individual y pose risks to the entire financial system if it
were to fail, while a smal bank does not. Further, large bank noncompliance with consumer
protection and fair lending laws could harm mil ions of consumers, while far fewer would be
affected by a smal bank’s noncompliance.
Meanwhile, the costs of supervising large institutions may be smal er relative to bank size. As
mentioned in the “Compliance Costs” section, smal banks have disproportionately higher
compliance costs, whereas larger banks benefit from economies of scale. As a bank gets bigger its
compliance costs increase by a smal er proportion. In addition, some observers assert that smal
banks are important sources of credit for smal , local borrowers that large banks might not
serve.62 If this is the case, then the reduction in credit resulting from supervision costs might
occur in market segments with fewer alternatives.
Thus, there is a general consensus that supervision should be less stringent for smal banks than
for large banks, and many aspects of supervision are already more lenient for smal banks. For
example, certain smal banks are eligible for less frequent examination, can fil out shorter cal
reports, and do not have the CFPB as a primary federal regulator. However, calibration and
degree of tailoring are matters of debate: At what size or complexity should a bank become more
closely supervised and in which aspects of their supervision?
For instance, Section 205 of EGRRCPA directed the bank regulators to shorten the cal report that
banks with assets under $5 bil ion file in the first and third quarter of the year. In June 2019, the
regulatory agencies issued a final rule pursuant to the provision, raising the threshold for banks
permitted to file the shortest form of the cal report to $5 bil ion and removing certain line items
from the first and third quarter requirements.63 Bank industry groups asserted that the reduction
was insufficient given the intent of the law, arguing that the rule would not meaningfully reduce
the reporting burden on smal banks, such as those that could already file the shortest form of the
cal report.64 In response, the regulators have asserted that they need the information required in
the proposed cal report “to effectively monitor the safety and soundness of institutions and the

62 Raphael Bostic and Michael Johnson, “How to Keep Community Banks T hriving,” American Banker, January 15,
63 Federal Reserve, OCC, and FDIC, “Reduced Reporting for Covered Depository Institutions,” 84 Federal Register
29039-29044, June 21, 2019.
64 Independent Community Bankers of America, “Call Report Final Rule Fails to Meet Intent of Congress,” press
release, June 17, 2020, -final-rule-fails-to-meet-
intent -of-congress.
Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

financial system, as wel as to monitor compliance with consumer financial protection laws and
Another example is CFPB supervision of banks. Before Dodd-Frank, the Fed, OCC, and FDIC
supervised banks for both safety and soundness and consumer compliance. Congress created the
CFPB in response to assertions that this dual mandate restricted the regulators’ incentive or
ability to effectively monitor and curtail questionable consumer lending practices leading up to
the 2008 financial crisis. Critics of the CFPB assert that certain banks subject to its supervision
(e.g., those over but near the $10 bil ion threshold) face unnecessarily onerous examinations, and
they cal for raising the $10 bil ion threshold or returning consumer compliance supervision to the
primary regulator.66 Proponents of the CFPB argue that these changes could lead to
inappropriately lax consumer compliance supervision, similar to what was in place before the
financial crisis.67
Supervisory Responses to COVID-19
The 2019 novel coronavirus disease (COVID-19) pandemic led to the closure of mil ions of
businesses and to tens of mil ions of workers losing their jobs, which significantly reduced
borrowers’ ability to make repayments on their bank loans. Missed payments puts stress on
banks. In addition, absent any response from regulators, restrictions on travel and working
indoors create chal enges related to banks meeting their supervisory obligations. This section
examines supervisory issues related to the COVID-19 pandemic. For a broad examination of
COVID-19 effects on banks and related policymaker responses, see CRS Report R46422,
COVID-19 and the Banking Industry: Risks and Policy Responses, coordinated by David W.
Temporary Supervisory Changes
COVID-19 has presented logistical chal enges both to banks in fulfil ing their reporting
obligations and to regulators in carrying out supervision operations. Bank employees may be
restricted from regularly going to work on bank premises. This could hinder their ability to file
required reports. Similarly, bank employees and contractors may have found it difficult to
complete tasks remotely. Regulator staff also face chal enges, particularly in traveling to and
performing on-site examinations.
Regulators have responded to these chal enges by temporarily changing supervision policies and
priorities and delaying reporting deadlines and implementation dates. These actions included:
 On March 24, 2020, the Fed temporarily shifted its focus from examination to
monitoring in order to better understand “the chal enges and risks that the current
environment presents.”68 The Fed announced on June 15, 2020, that it would

65 Federal Reserve, OCC, and FDIC, “Reduced Reporting for Covered Depository Institutions,” 84 Federal Register
29043, June 21, 2019.
66 U.S. Congress, House Committee on Financial Services, Bureau of Consumer Financial Protection Examination and
Reporting Threshold Act of 2017
, report to accompany H.R. 3072, 115th Cong., 1st sess., November 21, 2017, H.Rept.
115-420, pp. 1-3.
67 U.S. Congress, House Committee on Financial Services, Bureau of Consumer Financial Protection Examination and
Reporting Threshold Act of 2017
, report to accompany H.R. 3072, 115th Cong., 1st sess., November 21, 2017, H.Rept.
115-420, pp. 14-15.
68 Federal Reserve, “Federal Reserve Statement on Supervisory Activities,” March 24, 2020,
Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

resume examination activities, though it anticipated it would conduct exams off
site until conditions improve.69
 On March 25, the bank regulators jointly announced a 30-day deadline extension
for filing the first quarter cal reports.70 On March 26, the Fed announced a 30-
day grace period for bank holding companies with less than $5 bil ion in assets
for filing a similar form.71
 On March 26, the CFPB announced that it would not cite in an examination or
take enforcement actions against certain financial institutions that did not submit
certain required information or data until further notice. This included the
quarterly HMDA data and information required under certain Truth in Lending
Act (P.L. 90-321) regulations.72
 On March 27, the bank regulators jointly announced that banks could delay the
adoption of a new accounting standard for estimating future losses, cal ed the
current expected credit loss standard, for up to two years. This is in addition to
the existing three-year implementation schedule.73 This delay was longer than the
one mandated by Section 4014 of the CARES Act enacted on the same day.
COVID-19 Guidance Documents
Once it was clear that COVID-19 was a global pandemic with far-reaching economic
implications, regulators began providing guidance on how to address chal enges and serve
affected customers.74 In early March 2020, banking regulators encouraged financial institutions to
work with customers in COVID-19-affected areas. Throughout the month, the regulators clarified
the ways they wanted financial institutions to address consumer concerns and began providing
more incentives for doing so. For example, regulators announced that any “prudent efforts to
modify terms of existing loans for affected customers would not be subject to supervisory
criticism”—in other words, efforts to help customers would not face the type of safety and
soundness concerns that might otherwise be raised in bank examinations in normal times.75
Additional y, the federal regulators began encouraging financial institutions to offer smal -dollar
loans to consumers and businesses affected by COVID-19 to help meet customers’ needs.76

69 Federal Reserve, “Federal Reserve Board Announces It Will Resume Examination Activities for All Banks, After
Previously Announcing a Reduced Focus on Exam Activity in Light of the Coronavirus Response ,” press release, June
15, 2020,
70 OCC, “Consolidated Reports of Condition and Income: 30-Day Grace Period for the March 31, 2020, Call Report
Date,” press release, March 25, 2020,
71 Federal Reserve, “Federal Reserve Offers Regulatory Reporting Relief to Small Financial Institutions Affected by
the Coronavirus,” press release, March 26, 2020,
72 CFPB, “CFPB Provides Flexibility During COVID-19 Pandemic,” press release, March 26, 2020,
73 Federal Reserve, OCC, and FDIC, “Agencies Announce T wo Actions to Support Lending to Households and
Businesses,” press release, March 27, 2020,
74 For more on policy options for financial services companies responding to customers affected by COVID -19, see
CRS Insight IN11244, COVID-19: The Financial Industry and Consum ers Struggling to Pay Bills, by Cheryl R.
Cooper; and CRS Insight IN11550, COVID-19: Consum er Debt Relief During the Pandem ic, by Cheryl R. Cooper.
75 For instance, see FDIC, “Regulatory Relief: Working with Customers Affected by Coronavirus,” March 13, 2020,
76 Federal Reserve, CFPB, FDIC, NCUA, and OCC, “Joint Press Release: Federal agencies Encourage Banks, Savings
Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

These initiatives reflect the regulators’ view that efforts to help customers “serve the long-term
interests of communities and the financial system when conducted with appropriate management
oversight and are consistent with safe and sound banking practices and applicable laws, including
consumer protection laws.”77
Another consequence of COVID-19 is its effect on low- and moderate-income (LMI) areas.
Building off their guidance to ensure that financial institutions are able to continue working with
customers, regulators began providing new incentives for institutions to help LMI customers.
Banking institutions can often receive CRA credits for meeting customer cash and financial needs
during major disasters in adversely affected communities, even in those where the bank does not
primarily accept deposits.78 In March, the Fed, FDIC, and OCC issued a joint statement declaring
“that financial institutions wil receive CRA consideration for community development
Supervision as COVID-19 Effects Continue to Unfold
It is highly uncertain how the COVID-19 pandemic and the policy responses to it wil affect the
banking industry. Bankers and regulators general y can, due to their experience and through
historical analysis, fairly accurately predict losses on loan portfolios that might occur during and
after a typical recession. In this case, bankers and examiners may have a shared understanding of
how banks should account for losses, how perilous a bank’s condition may or may not be, and
what are the best actions a bank can take given the situation. However, the speed, breadth, and
depth of the pandemic’s effects on the economy are unprecedented.
In addition, certain policy responses to the pandemic—such the CARES Act Section 4013
requirement to al ow lenders to account for troubled debt restructurings differently and the
Section 4022 requirement to grant forbearances to certain mortgages for up to one year—mean
that bank losses and recovery of value on nonperforming loans wil unfold differently than under
normal circumstances.80 Given these uncertainties and deviations from norms, bankers and
regulators may disagree over bank conditions and what the appropriate response to changing
conditions should be.
On June 23, 2020, the bank regulators issued interagency guidance to their examiners in an effort
to address those chal enges and establish supervision standards related to COVID-19
considerations. The statement accompanying the guidance noted:
The four federal [bank regulatory] agencies in conjunction with the state bank and credit
union regulators today issued examiner guidance to promote consistency and flexibility in

Associations and Credit Unions to Offer Responsible Small-Dollar Loans to Consumers and Small Businesses Affected
by COVID-19,” press release, March 26, 2020,
77 FDIC, “FDIC Statement on Financial Institutions Working with Customers Affected by the Coronavirus and
Regulators and Supervisory Assistance,” March 13, 2020,
78 FDIC, Disaster Relief and the Community Reinvestment Act, July 2013,
79 Federal Reserve, FDIC, and OCC, “Joint Statement on CRA Consideration for Activities in Response to COVID -
19,” March 19, 2020,
80 For more information on these CARES act provisions, see CRS Insight IN11318, The CARES Act (P.L. 116-136):
Provisions Designed to Help Banks and Credit Unions
, by David W. Perkins, Raj Gnanarajah, and Darryl E. Getter;
and CRS Insight IN11334, Mortgage Provisions in the Coronavirus Aid, Relief, and Econom ic Security (CARES) Act ,
by Katie Jones and Andrew P. Scott .
Congressional Research Service

link to page 7 Bank Supervision by Federal Regulators: Overview and Policy Issues

the supervision and examination of financial institutions affected by the COVID-19
pandemic…. The interagency guidance instructs examiners to consider the unique,
evolving, and potentially long-term nature of the issues confronting institutions due to the
COVID-19 pandemic and to exercise appropriate flexibility in their supervisory response.81
Regulations Implementing the CRA
As discussed in the “Consumer Compliance and Community Reinvestment” section above, the
CRA encourages banks to meet the credit needs of LMI neighborhoods82 by requiring regulators
to evaluate how wel a bank is meeting credit needs in the community and consider those
evaluations when a bank applies to expand operations.83
The CRA does not specify how banks can “meet the credit needs” of a community or what areas
should be considered a bank’s “community.” Instead, it leaves it to the Fed, OCC, and FDIC to
implement regulations to carry out the purposes of the act.84 One critique of the CRA regulation is
that the standards on which banks are judged are not transparent and objective. Community
advocates also criticize the current system of evaluation. They note that a very high proportion of
banks—almost 99 percent in 201985—get a Satisfactory or Outstanding rating, despite the
continued under-al ocation, in their view, of credit to LMI and minority neighborhoods.86
Another issue is the decreasing importance of physical bank office locations. When the CRA was
enacted in 1977 and for years afterward, banking was carried out almost entirely at physical
offices. People brought checks and cash for deposit and applied for loans in person. Thus, a
bank’s community was clearly a geographic area determined by where those offices were located.
In recent years, however, banking is increasingly done over the internet. Some banks offer only
online products and have no physical branches. This has led some to contend that basing CRA
evaluations on geographic factors may produce inaccurate evaluations for certain banks.87
While there is general agreement that CRA regulations need to be updated, there is lack of
consensus over how. This apparently extends to the bank regulators themselves, as they have not
moved forward in unison using joint rulemaking. The three implementing bank regulators have
al at least begun the process of changing CRA regulations, but the OCC is the only one to have
issued a final new rule.

81 Federal Reserve, OCC, FDIC, CFPB, NCUA, and State Financial Regulators, “Federal and State Regulatory
Agencies Issue Examiner Guidance for Assessing Safety and Soundness Considering the Effect of the COVID -19
Pandemic on Financial Institutions,” press release, June 23, 2020,
82 For more on the CRA (P.L. 95-128), see CRS Report R43661, The Effectiveness of the Community Reinvestment Act,
by Darryl E. Getter.
83 12 U.S.C. §2903.
84 12 U.S.C. §2905.
85 CRS analysis of data available at FFIEC, Interagency CRA Rating Search,
86 Bruce Mitchell and Juan Franco, HOLC “Redlining” Maps: The Persistent Structure of Segregation and Economic
, National Community Reinvestment Coalition, March 20, 2018,
87 For example, see comment letter from Krista Shonk, Vice President, Center for Regulatory Compliance, American
Bankers Association, to OCC, Legislative and Regulatory Activities Division, November 15, 2018, pp. 16-23, -letter/cl-cra20181115.pdf.
Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

On August 28, 2018, the OCC announced that it would publish an advanced notice of proposed
rulemaking in the Federal Register.88 The notice requested comments about CRA evaluation and
was issued by the OCC alone.89 After receiving over 1,500 comments, the OCC issued a notice of
proposed rulemaking on January 9, 2020, this time jointly with the FDIC.90 The rule proposed to
clarify and expand the set of activities that would qualify for CRA credit, expand the geographic
area where activities would count toward CRA evaluation, and increase reliance on quantitative
measures in evaluation. The two agencies jointly extended the comment period on the proposal
on February 26.91 On June 5, the OCC finalized its new rule on its own without the FDIC.92 To
date, the FDIC has not issued any additional rulemakings.93 On September 21, 2020, the Fed
announced it would issue its own advanced notice of proposed rulemaking for a new CRA
The agencies’ recent CRA rulemaking efforts have elicited mixed reactions. A number of
consumer and community advocacy and civil rights groups argue that expanding CRA qualifying
activities and other changes wil make it easier for banks to achieve good CRA ratings while
directing less credit to LMI neighborhoods, making them inconsistent with congressional intent.95
State bank regulators, community advocacy groups, and bank industry associations argue that
three agencies implementing changes in separate processes risks having the CRA applied
differently across bank types. This could create practical and legal problems for banks and
regulators and contravenes the widely accepted principle that regulation general y should be
consistent for al banks.96
Bank industry associations general y favor actions to increase the objectivity, transparency, and
simplicity of the evaluation methodology. However, they took issue with aspects of the OCC’s
new rule, including its recordkeeping requirements and the costs of changing their compliance to
a new system.97

88 OCC, “OCC Seeks Comments on Modernizing Community Reinvest ment Act Regulations,” press release, August
28, 2018,
89 OCC, “Reforming the Community Reinvestment Act Regulatory Framework,” 83 Federal Register, 45053-45059,
September 5, 2018.
90 OCC and FDIC, “Community Reinvestment Act Regulations,” 85 Federal Register 1204-1206, January 9, 2020.
91 OCC and FDIC, “Community Reinvestment Act Regulations: Extension of Comment Period,” 85 Federal Register
10996, February 26, 2020.
92 OCC, “Community Reinvestment Act Regulations,” 85 Federal Register 34734, June 5, 2020.
93 CRS search of Federal Register and FDIC press releases.
94 Federal Reserve, “Federal Reserve Board Issues Advance Notice of Proposed Rulemaking on an Approach to
Modernize Regulations T hat Implement the Community Reinvestment Act,” press release, September 21, 2020,
95 Americans for Financial Reform et al., “ Joint Letter: Letter Opposing OCC/FDIC Proposed Changes to Weaken the
Community Reinvestment Act ,” April 8, 2020,
96 For example, see John Ryan, “ CSBS Letter: Community Investment Act Regulation,” Conference of State Bank
Supervisors, April 8, 2020,
97 Bank Policy Institute, Community Reinvestment Act Regulations, comment letter, April 8, 2020; and American
Bankers Association, Com m unity Reinvestm ent Act Regulations, comment letter, April 8, 2020.
Congressional Research Service

link to page 16 Bank Supervision by Federal Regulators: Overview and Policy Issues

Bank Technology Service Providers Supervision
As discussed in the “Supervision Authority and Bank Service Providers” section, bank regulators
treat certain activities performed by contract as if they were performed by the bank itself and have
supervisory authority over certain bank service providers. While the regulator authorities help
ensure that banks are safe and sound and complying with applicable law, banks and technology
company proponents argue that aspects of these regulations hinder banks and TSPs from entering
into beneficial arrangements. Broadly speaking, policy debates in this area involve questions of
whether the regulations that apply to banks and their TSPs are appropriately balanced to foster the
benefits of technology while mitigating the risks. Policymakers have also examined issues
specific to the types of TSPs and possible changes to existing regulation.
Core Service Providers
Bank proponents and new financial technology (or fintech) firms have voiced concerns that
certain market characteristics and current regulations are stifling innovation and leaving banks
without access to the latest, most effective technology. In recent years, they have asserted that
existing core processors have not been responsive to banks’ needs as technology’s role in
delivering banking services to customers has rapidly increased.98 One possible reason is the high
cost of switching core processors, particularly in cases where bank legacy systems were initial y
put in place years or decades ago and then updated and added onto in a patchwork way.99 Another
reason may be a high degree of market concentration. According to one industry analysis, the
three largest core providers—Fiserv, Jack Henry, and FIS—have an estimated 66% market share
of core processing services.100 In addition, some banks assert that the bank regulators view new
technology warily, which makes banks hesitant to switch to new fintech firms, who might have
little experience with regulatory compliance.101 Bank proponents argue that if the market structure
were more competitive, the large firms in this industry would have a greater incentive to develop
more innovative banking products.102
Cloud Service Providers
Exercising supervisory authority over cloud service providers can present chal enges to bank
regulators. At least initial y, the regulators may be unfamiliar with the cloud service industry, and
cloud service providers may not be familiar with what is expected during bank-like examinations.
The former could lead to bank regulators not knowing what should be involved in the
examination of a service provider, potential y resulting in ineffective or overly burdensome
supervision. Cloud service providers, for their part, may be hesitant to take on bank clients due to
the added compliance requirements, potential y making a beneficial service less available or more
costly for banks.

98 Will Hernandez, “CICBA’s Community Banking Fintech Accelerator Comes with Warning to Core Providers,”
November 1, 2018,
99 Will Hernandez, “Can Core Providers and Small Banks Settle Grievances in 2019?,” American Banker, December
28, 2018,
100 Christine Barry and David Albertazzi, AIM Evaluation: The Leading Providers of U.S. Core Banking Systems, Aite,
February 2019, p. 37,
101 Hernandez, “Can Core Providers and Small Banks Settle Grievances in 2019?”
102 See Penny Crosman, “Can Big Four Core Banking Vendors Oligopoly Be Broken?,” American Banker, October 7,
Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

The Fed’s April 2019 examination of Amazon Web Service (AWS), Amazon’s unit that provides
cloud services, anecdotal y il ustrates the chal enges in this area. As reported, AWS was wary of
the examination process, and when Fed examiners asked for additional information, “the
company balked, demanding to first see details about how its data would be stored and used, and
who would have access and for how long.”103 As cloud service providers continue to take on bank
clients, their obligations to and relationship with bank regulators wil likely continue to be
Another issue is that the cloud service industry, like the core service industry, is highly
concentrated. According to one widely cited industry study, AWS controlled almost 48% of the
global market for one type of cloud service in 2018, and Microsoft had over a 15% market
share.104 Certain characteristics of the industry, such as strong economies of scale and the
necessity of large initial investment, suggest that it could natural y remain highly concentrated.105
In addition to usual concerns related to anticompetitive pricing and practices that market
concentration can generate in any industry, concentration in the bank cloud service industry could
also pose a systemic risk to financial stability. Since there are only a smal number of large
providers, many banks may use the same provider, so an incident at one of the main providers
could affect numerous firms simultaneously and so potential y disrupt large portions of the entire
financial system. Large, systemical y important banks are reportedly moving significant portions
of their operations onto cloud services, which could exacerbate the effects of disruption at a cloud
service provider.106 One particular breach of AWS il ustrates this point. Al egedly, a hacker who
had previously worked at AWS targeted Capital One’s data stored on AWS’s cloud. The attack
successfully breached AWS’s safeguards, compromising the personal data of over 100 mil ion
Proposed Voluntary Certification Program for TSPs
Some observers have suggested reducing the burdens related to banks entering into contracts with
TSPs that have a good track record in regulatory compliance.108 One idea is a regulator-provided
list of vendors that meet certain technical specifications.109 This list could be an informative
guidance document that does not change bank third-party due diligence requirements, or it could
include a “safe harbor” protection, wherein banks that use approved TSPs are presumed to be in

103 Liz Hoffman, Dana Mattioli, and Ryan T racy, “Fed Examined Amazon’s Cloud in New Scrutiny for T ech,” Wall
Street Journal
, August 1, 2019,
104 Gartner, “Gartner Says Worldwide IaaS Public Cloud Services Market Grew 31.3% in 2018,” press release, July 29,
services-market -grew-31point3-percent-in-2018.
105 Kamila Benzina, “Cloud Infrastructure-as-a-Service as an Essential Facility: Market Structure, Competition, and the
Need for Industry and Regulatory Solutions,” Berkeley Technology Law Journal, vol. 34, no. 1 (2019), pp. 133-134.
106 Benzina, “Cloud Infrastructure-as-a-Service as an Essential Facility,” pp. 134-138.
107 Nicole Hong, Liz Hoffman, and Anna Maria Andriotis, “Capital One Reports Data Breach Affecting 100 Million
Customers, Applicants,” Wall Street Journal, July 30, 2019,
108 For example, see Anna Hrushka, “ FDIC’s Regulatory Framework ‘Ripe for Revisiting,’ Chair McWilliams Says,”
Banking Dive, October 23, 2019,
109 T here are examples of the regulators doing this in other contexts. For instance, the FDIC provides a list of software
vendors that sell products to file the call report electronically. See FDIC, “ Important Information for New Call Report
Filers,” April 29, 2019,
Congressional Research Service

link to page 15 link to page 15 Bank Supervision by Federal Regulators: Overview and Policy Issues

compliance. The criteria that could qualify a TSP could take on any number and combination of
metrics, from the number and duration of banks successfully served to past examination results or
the qualifications of TSP executives and managers.
On July 20, 2020, the FDIC announced it was considering such a program and requesting input
from the public about the possibility of setting standards and establishing a voluntary certification
program for TSPs and other third-party service providers. The announcement stated that it wanted
to assess the potential to reduce regulatory and operation uncertainty facing banks when
deploying new technology and entering into arrangements with fintechs.110
Such a program could encourage innovative and beneficial technology in the banking industry.
However, this could result in banks becoming lax in their due diligence and entering into
arrangements that expose them to operational risk.
Guidance Versus Rules
As described in the “Guidance” section, regulators issue guidance documents explaining to banks
how they view a particular rule. These documents do not establish enforceable regulations.
Congress has granted many federal agencies the authority to issue regulations that carry the force
of law, but to issue a regulation agencies must follow a set of procedures and requirements
developed by Congress and various Presidents over the last 60-70 years.111 For example, a
regulation can be issued only if the agency follows the Administrative Procedure Act’s (P.L. 79-
404) requirements, including the notice-and-comment process and other relevant requirements.112
After a regulation has been issued, Congress can overturn it under the Congressional Review Act
(P.L. 104-121, Title II, Subtitle E) by passing a joint resolution of disapproval in both chambers
using the act’s expedited procedures. If the joint resolution is signed by the President, or if
Congress overrides the President’s veto, the rule is taken out of effect, and the agency is
prohibited from issuing a rule in “substantial y the same form.”113
However, in recent years, banks have asserted that certain guidance documents have established
rules without going through the mandated rulemaking processes, as bank management might feel
compel ed to adhere to the guidance recommendations, even though it is not violating a rule,
because it fears an adverse exam finding. For example, after a 2013 guidance about deposit
advances was issued, many banks subsequently stopped offering the product, as discussed in the
“Guidance” section. Arguably, banks may have done this because they interpreted the guidance as
a warning against the product.
Another example is the bank regulators’ jointly issued 2013 update to guidance about leveraged
—that is, lending to highly indebted companies—which described their “expectations for
the sound risk management of leveraged lending activities.”114 Subsequently, banks asserted that

110 FDIC, “FDIC Seeks Input on Voluntary Certification Program to Promote New T echnologies,” press release, July
20, 2020,
111 For a detailed examination of the federal rulemaking process, see CRS Report RL32240, The Federal Rulemaking
Process: An Overview
, coordinated by Maeve P. Carey.
112 5 U.S.C. §§551 et seq. T he Administrative Procedure Act contains some exceptions to the notice-and-comment
requirements for rulemaking. For more information, see CRS In Focus IF10003, An Overview of Federal Regulations
and the Rulem aking Process
, by Maeve P. Carey.
113 For a detailed examination of the Congressional Review Act, see CRS Report R43992, The Congressional Review
Act (CRA): Frequently Asked Questions
, by Maeve P. Carey and Christopher M. Davis.
114 Federal Reserve, FDIC, and OCC, Interagency Guidance on Leveraged Lending, March 21, 2013,
Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

following the guidance constrained them from making sound loans and that examiners enforced
the guidance as if it were a binding regulation.115
In 2017, the Government Accountability Office (GAO) concluded that the guidance was a rule
subject to CRA review.116 Following GAO’s determination, the bank regulators reportedly
indicated that they would seek further feedback on the guidance.117 Federal Reserve Chairman
Jerome Powel stated at a February 27, 2018, hearing that the Fed had emphasized to its bank
supervisors that the guidance was nonbinding.118 Then-Comptroller of the Currency Joseph Ot ing
reportedly stated in 2018 that the guidance provides flexibility for leveraged loans that do not
meet its criteria—provided that banks operate in a safe and sound manner.119 Because the bank
regulators appeared to believe that the document did not meet the CRA’s definition of rule, they
did not submit it to Congress.120 To date, no changes have been made to the guidance, and no
joint resolution of disapproval under the CRA was introduced. CRS has been unable to locate a
submission of the guidance to Congress following the GAO finding that it was required under the
Subsequent to these and other debates about how guidance was being used and interpreted, the
regulators issued a policy statement in September 2018 to clarify the difference between guidance
and rules. It noted that “law or regulation has the force and effect of law. Unlike a law or
regulation, supervisory guidance does not have the force and effect of law, and the agencies do
not take enforcement actions based on supervisory guidance.”122 In October 2020, the bank
regulators proposed codifying the policy statement in regulation.123

115 Bill Nelson, Jeremy Newell, and Greg Bear, “ Why Leveraged Lending Guidance Is Far More Important, and Far
More Misguided, T han Advertised,” Bank Policy Institute, November 14, 2017,
lending-guidance-is-far-more-important -and-far-more-misguided-than-advertised/. One study found that the 2013
guidance did not reduce banks’ leveraged lending but that a 2014 clarification to the guidance did. See Sooji Kim,
Matthew C. Plosser, and João A. C. Santos, Macroprudential Policy and the Revolving Door of Risk: Lessons from
Leveraged Lending Guidance
, Federal Reserve Bank of New York, May 2017,
116 Susan A. Poling, General Counsel, GAO, letter to Senator Pat T oomey, October 19, 2017,
117 Jonathan Schwarzberg and Davide Scigliuzzo, “Exclusive: U.S. Regulators Offer Congress Olive Bran ch on Loans,”
Reuters, December 7, 2017,
offer-congress-olive-branch-on-loans-idUSKBN1E12NT .
118 U.S. Congress, House Committee on Financial Services, Monetary Policy and the State of the Economy, 115th
Cong., 2nd sess., February 27, 2019, H.Rept. 115-76 (Washington: GPO, 2018), pp. 14-15.
119 Jonathan Schwarzberg, “OCC Head Says Leveraged Lending Guidance Needs No Revisions,” Reuters, May 24,
idUSL2N1SV24T .
120 Poling, letter to T oomey.
121 For more information, see CRS Report R45248, The Congressional Review Act: Determining Which “Rules” Must
Be Subm itted to Congress
, by Valerie C. Brannon and Maeve P. Carey ; and CRS In Focus IF11096, The Congressional
Review Act: Defining a “Rule” and Overturning a Rule an Agency Did Not Submit to Congress
, by Maeve P. Carey
and Valerie C. Brannon.
CRS attempted to identify a record of the guidance having been submitted under the CRA following the GAO opinion
by searching through the “ Executive Communications” portion of the Congressional Record and did not identify such a
record. T he Parliamentarian and one or more of the issuing agencies may be able to provide more definitive
information on whether it was submitted. Furthermore, the agencies not submitting the guidance did not necessarily
preclude Congress from using the CRA to overturn it.
122 Federal Reserve, OCC, FDIC, CFPB, and NCUA. Interagency Statement Clarifying the Role of Supervisory
, September 11, 2018,
123 Federal Reserve, OCC, FDIC, CFPB, and NCUA, “Agencies Propose Regulation on the Role of Supervisory
Congressional Research Service

link to page 14 Bank Supervision by Federal Regulators: Overview and Policy Issues

Fair Lending Data Reporting Requirements
As discussed in the “Reporting Requirements” section, the HMDA requires most lenders—
including most banks—to report data on their mortgage business, including applicant income
level, race, age, and gender.124 Section 1094 of the Dodd-Frank Act, as enacted, required lenders
to collect additional data pursuant to HMDA, including points and fees payable at origination,
certain information about the interest rate, and the value of property pledged as collateral.125
In addition, Section 1071 of the Dodd-Frank Act amended the Equal Credit Opportunity Act (15
U.S.C. §§1691-1691f) to require lenders to report data to the CFPB on their smal business loans
and loan applications, including the race, sex, and ethnicity of the principal owners, “to facilitate
enforcement of fair lending laws and enable communities, governmental entities, and creditors to
identify business and community development needs and opportunities of women-owned,
minority-owned, and smal businesses.”126 The CFPB is in the process of implementing
regulations pursuant to this law.
In recent years, matters on which banks needed to report HMDA data and what that data includes
have been the subject of legislation, rulemaking, and debate. Under the 2015 CFPB rule,
depository lenders generally had to comply with HMDA reporting requirements if they had more
assets than an inflation-adjusted threshold (adjusted to $47 mil ion in 2020),127 originated at least
25 close-end mortgage loans or at least 100 open-end mortgage loans in each of the previous two
years, and satisfied other criteria.128 Since then the regulation has been modified a number of
times by enacted legislation and rulemaking.
In 2018, Section 104 of EGRRCPA (P.L. 115-174) exempted many depository lenders from most
of the HMDA requirements that were added by Dodd-Frank.129 Depositories that have originated
fewer than 500 closed-end mortgage loans in each of the preceding two years qualify for reduced
reporting on those loans, and lenders originating fewer than 500 open-end lines of credit in each
of the preceding two years qualify for reduced reporting on those loans, provided they achieve
certain CRA compliance scores.130 In the most recent rulemaking in May 2020, the CFPB raised
the home purchase loan exemption threshold for al HMDA reporting requirements for
depositories from 25 to 100.131 The debate underlying al these issues involves balancing the
reduction in costs when more banks are exempted or report less data against the reduction in the
regulators’ ability to fulfil the purpose of HMDA. Particularly in rural communities with smal er
and fewer operating banks, this trade-off can sometimes be more stark, as exemptions can limit

Guidance,” press release, October 29, 2020,
124 12 U.S.C. §2803(b)(4).
125 P.L. 111-203, Title X, subtitle H, §1094, July 21, 2010, 124 Stat. 2097-2098.
126 15 U.S.C. §1691c-2.
127 CFPB, “Home Mortgage Disclosure (Regulation C) Adjustment to Asset -Size Exemption T hreshold,” 84 Federal
69993-69995, December 20, 2019.
128 CFPB, New Rule Summary: Home Mortgage Disclosure (Regulation C), October 15, 2015, p. 2, In addition, nondepository
lenders must comply if they meet certain criteria based on originations and other criteria. See 12 C.F.R. §1003.2.
129 Regulation pursuant to Section 1094 of P.L. 111-203 was fully effective on January 1, 2018. See CFPB, “Home
Mortgage Disclosure (Regulation C),” 80 Federal Register 208, October 28, 2015.
130 P.L. 115-174, Title II, §201, May 24, 2018, 132 Stat. 1300-1301.
131 CFPB, “Home Mortgage Disclosure (Regulation C),” 85 Federal Register 28364, May 12, 2020.
Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

regulators’ ability to determine whether the banking system is meeting the needs of the
Though Dodd-Frank was enacted in July 2010, the CFPB has to date not issued finalized
regulations implementing the Section 1071 smal business loan reporting requirements. The
CFPB had taken certain actions in recent years that were part of the rulemaking process,
including holding a public hearing and releasing a white paper in May 2017 and holding a
symposium in November 2019.132 However, some advocacy groups al eged that the agency was
improperly delaying implementing a regulation in violation of the Administrative Procedure Act.
In May 2019, some of those groups filed a lawsuit against the CFPB seeking an order requiring
the agency to implement regulation promptly.133 In February 2020, the CFPB agreed to a
settlement with the plaintiffs requiring the CFPB to meet certain deadlines in carrying out the
rulemaking and submit status updates.134 Pursuant to that agreement, the CFPB issued an outline
of proposals under consideration for public comment in September 2020.135
Ombudsmen and the Appeals Process
Some observers have characterized the regulators’ appeals process as one in which the regulatory
agencies play the role of both reviewer and adjudicator and are unlikely to admit that a mistake
had been made in the original exam. Thus, they assert that reviewers with more independence
from the agencies would be better positioned to appropriately adjudicate disputes.136 Opponents
view additional ombudsmen or reviewers as redundant, as they would not have specialized
knowledge of the supervisory process undertaken at each bank (which inherently involves
examiner discretion on a bank-by-bank basis). Furthermore, they argue that shifting the appeals
process away from the bank regulators could undermine supervisors’ ability to promote banks’
safety and soundness.137
On August 21, 2020, the FDIC announced that it was requesting comments on a proposed change
to its review process that aims to increase the independence of its appeals reviewers. Currently, a
bank can first appeal an MSD to the appropriate FDIC division director and then to the FDIC’s
Supervision Appeal Review Committee (SARC). The SARC currently has three members: an
inside FDIC board member and a deputy or assistant from two other inside board members.138
The FDIC proposes to replace the SARC with an independent Office of Supervision Appeals,

132 CFPB, Small Business Advisory Review Panel for CFPB Small Business Lending Data Collection Rulemaking:
Outline of Proposals and Alternatives Considered, September 15, 2020,
133 Alan S. Kaplinsky, “CFPB and Plaintiffs Enter into Settlement of Lawsuit Alleging Wrongful Delay in Section 1071
Implementation,” Ballard Spahr Consumer Finance Monitor, March 2, 2020, -alleging-
134 Kaplinsky, “CFPB and Plaintiffs Enter into Settlement of Lawsuit.”
135 CFPB, Small Business Advisory Review Panel for CFPB Small Business Lending Data Collection Rulemaking .
136 Letter from Camden R. Fine, President and CEO, Independent Community Bankers of America, to Representative
Jeb Hensarling and Representative Maxine Waters, December 12, 2017, -source/icba/
137 U.S. Congress, House Committee on Financial Services, Financial Institutions Examination Fairness and Reform
, 115th Cong., 2nd sess., H.Rept. 115-589, pp. 25-26.
138 FDIC, “ Appeals of Material Supervisory Determinations: Guidelines and Decisions,” July 25, 2017,
Congressional Research Service

Bank Supervision by Federal Regulators: Overview and Policy Issues

which would be staffed by people with experience in bank examination and supervision but not
from within the FDIC.139
Outlook for Bank Supervision Issues
Policy issues related to bank supervision are likely to remain highly visible. Because supervision
produces important benefits but at a cost, there wil likely always be questions about whether
existing supervision is effective and efficient. In addition, many laws and regulations related to
supervision are decades old, raising questions about whether, particularly in the face of
technological changes in finance, these rules need updates. Against this backdrop, the COVID-19
pandemic suddenly injected a tremendous amount of uncertainty into the banking industry, and
supervision wil play a central role in how banks deal with the pandemic’s effects. Given this, it is
unsurprising that several recent and current rulemakings are aimed at amending bank supervision.
It is likely, then, that Congress wil continue to consider bank supervision issues.

Author Information

David W. Perkins

Specialist in Macroeconomic Policy

This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan
shared staff to congressional committees and Members of Congress. It operates solely at the behest of and
under the direction of Congress. Information in a CRS Report should n ot be relied upon for purposes other
than public understanding of information that has been provided by CRS to Members of Congress in
connection with CRS’s institutional role. CRS Reports, as a work of the United States Government, are not
subject to copyright protection in the United States. Any CRS Report may be reproduced and distributed in
its entirety without permission from CRS. However, as a CRS Report may include copyrighted images or
material from a third party, you may need to obtain the permission of the copyright holder if you wish to
copy or otherwise use copyrighted material.

139 FDIC, “"FDIC Proposes Changes to Its Supervisory Appeals Process,” press release, October 16, 2020,
Congressional Research Service
R46648 · VERSION 1 · NEW