As the Office of the Comptroller of the Currency enters its third year without a confirmed comptroller, the overseer of all national banks and federal savings associations is continuing a multi-year decline in the scope of its enforcement actions. In terms of raw totals, the OCC issued as many administrative orders and compliance agreements in 2022 as it did in 2021. But a closer look at the enforcement orders issued by the OCC and available on Bloomberg Law shows that the number of distinct institutions—and especially the number of large banks—targeted by the office fell in 2022, reflecting an ongoing, and unexplained, downward trend.
The OCC is charged with enforcing safe and sound banking practices, which can cover issues as diverse as consumer data breaches, excessively risky loans, and tellers stealing from the cash drawer. The OCC also enforces the application of other laws—such as the Bank Secrecy Act and the Flood Disaster Protection Act—to the institutions it supervises.
In 2022, the OCC issued 43 enforcement actions, the same as in 2021 and down from 71 actions in 2020.
Each OCC enforcement action is targeted against either an institution or a specific individual within that institution. If all actions against individuals, regardless of institution, were removed from the yearly totals, one finds that the number of institutional actions actually dropped sharply in 2022, following slower declines in the prior two years. The number of institutional actions for 2022, 11, was half of 2021’s total of institutional actions, and 15 fewer than in 2019.
Multiple individual actions referencing a single institution do occur. For example, if a large national bank has four branches where a teller was caught stealing from the cash drawer, those would be four separate individual actions—but none against the bank directly.
Violations also can result in multiple OCC actions against a single institution. For an institutional example, sometimes the OCC provides simultaneous but separate enforcement orders for mandating compliance programs and civil monetary penalties relating to the same violation.
Focusing only on the number of discrete banks named in OCC actions, there has been a steady decrease from 44 unique banks in 2019 to 27 banks last year. In short, the OCC has engaged in enforcement against fewer banks.
Furthermore, the decline in OCC enforcement actions against banks is really a decline in actions against big banks. Dividing OCC-regulated institutions into large banks and small banks reveals that large banks make up a declining share of total actions.
In 2019, the 44 distinct financial institutions that received enforcement orders were nearly evenly split between 21 institutions with more than $10 billion in assets and 23 with less than $10 billion. While the number of the smaller banks has stayed relatively stable over the ensuing years, the number of larger institutions has declined more rapidly. As a result, 2022 saw only eight large banks implicated in OCC enforcement actions, compared with 19 smaller banks.
Why the Decline, and When Will It End?
Last year was the most notable in a trend of decreasing enforcement. In 2022, the OCC found violations at fewer banks, targeted fewer large banks, and engaged in fewer institutional actions than in any of the previous three years.
It’s not clear what has caused this decline. While the last Senate-confirmed comptroller resigned in May 2020, Acting Comptroller Michael J. Hsu has been active in policy activities, making at least seven speeches about the OCC’s policy since August 2021 and participating on the board of the Federal Deposit Insurance Corporation. So it does not appear that the decline in enforcement is due to the OCC being officially rudderless.
It is possible that the pandemic had some effect, disrupting banking operations and/or enforcement operations to the point where fewer violations are now being committed—or at least detected.
The reason could also be technological. It’s possible that the trend in risks to bank safety and soundness has changed from more traditional, looked-for violations to as-yet-undiscovered forms of misfeasance and malfeasance involving digital assets. The recent cascade of failures in the crypto industry has caused regulators worldwide to bring more scrutiny to crypto and greater awareness to the particular vulnerabilities to banks, and it may turn investigations that once seemed like fishing expeditions into now-necessary diligence.
2023 has already shown regulators more aggressive in the crypto space. On Feb. 23, the Federal Reserve, the FDIC, and the OCC reminded banking organizations that the regulators consider digital assets particularly risky, in line with expected Basel Committee on Banking Supervision guidance. Furthermore, investigations of suspicious banking arrangements with crypto firms such as FTX-implicated Silvergate Bank’s Silvergate Exchange Network have only just begun.
These new developments in digital assets regulation could presage a reversal of the declining trend in OCC enforcement actions in 2023 or 2024.
—With assistance from Web Arnold.
Bloomberg Law subscribers can find related content on our Fintech Compliance resource and our Financial Technology Developments Tracker.
If you’re reading this on the Bloomberg Terminal, please run BLAW OUT <GO> in order to access the hyperlinked content, or click here to view the web version of this article.