GAO: Regulators' Oversight of Large Financial Institutions is Lacking
New Report Faults Agencies for Failing to Assess Risk Management Systems Federal financial regulators are lacking in their ability to assess large, complex institutions' risk management systems. This is the key finding of a new report by the Government Accountability Office (GAO).GAO's analysis points to inadequate risk management institutions as one of the causes of global financial crisis that began in the U.S., including Bear Stearn's collapse and sale to JP Morgan Chase, the Lehman Brothers failure, Merrill Lynch's acquisition by Bank of America, as well as Goldman Sachs and Morgan Stanley becoming bank holding companies.
The failure of large institutions to properly identify and manage risks raises questions about corporate governance, as well as the regulators' oversight of those institutions' risk management systems, the report states.
What the GAO Investigated
GAO set out to review three things:
Banking and securities regulators use a variety of tools to identify areas of risk and assess how large, complex financial institutions manage their risks, the GAO says. The regulators, including the Federal Reserve, Office of the Comptroller of the Currency (OCC), the Office of Thrift Supervision (OTS) and securities regulators Securities and Exchange Commission (SEC), and the Financial Industry Regulatory Authority (FIRA), have different approaches to oversee risk management practices. The Federal Deposit Insurance Corporation (FDIC) was not included in this report because it does not examine large, complex institutions.
In the report, the GAO states banking examiners are assigned to continuously monitor a single institution, where they engage in targeted and horizontal examinations and assess risks and the quality of institutions' risk management systems.
What GAO Found
The SEC and FINRA identify areas of high risk by aggregating information from examiners and officials on areas of concern across broker-dealers and by monitoring institutions. SEC and FINRA conduct discrete targeted and horizontal examinations. The GAO found banking regulators focused on safety and soundness, while SEC and FINRA tended to focus on compliance with securities rules and laws. All regulators have specific tools for effecting change when they identify weaknesses in risk management at institutions they oversee.
In reviewing the examination materials, GAO found:
The GAO sees some aspects of the regulatory system may have hindered regulators' oversight of risk management.
First, it says no regulator systematically looks across institutions to identify factors that could affect the overall financial system. While regulators periodically conducted horizontal examinations on stress testing, credit risk practices, and risk management for securitized mortgage products, they did not consistently use the results to identify potential systemic risks.
Second, primary bank and functional regulators' oversee risk management at the level of the legal entity within a holding company, while large entities manage risk on an enterprise-wide basis or by business lines that cut across legal entities. In turn, the GAO sees the regulators may have only a limited view of institutions' risk management or their responsibilities, and activities may overlap with those of holding company regulators.