On September 11, five of the leading U.S. financial regulatory agencies — the Federal Reserve Board, the Bureau of Consumer Financial Protection, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency – issued a joint interagency statement explaining the role of supervisory guidance for regulated institutions. The agencies stated that they were issuing this statement “to explain the role of supervisory guidance and to describe the agencies’ approach to supervisory guidance.”
First, the interagency statement explained the difference between supervisory guidance and laws or regulations:
The agencies issue various types of supervisory guidance, including interagency statements, advisories, bulletins, policy statements, questions and answers, and frequently asked questions, to their respective supervised institutions. A law or regulation has the force and effect of law.1 Unlike a law or regulation, supervisory guidance does not have the force and effect of law, and the agencies do not take enforcement actions based on supervisory guidance. Rather, supervisory guidance outlines the agencies’ supervisory expectations or priorities and articulates the agencies’ general views regarding appropriate practices for a given subject area. (Citation omitted.)
On this point it added, that “[s]upervisory guidance often provides examples of practices that the agencies generally consider consistent with safety-and-soundness standards or other applicable laws and regulations, including those designed to protect consumers.”
Second, the statement declared that the agencies “are clarifying” five policies and practices related to supervisory guidance. The key points for those five policies and practices are as follows:
- Numerical Thresholds: “The agencies intend to limit the use of numerical thresholds or other ‘bright-lines’ in describing expectations in supervisory guidance. Where numerical thresholds are used, the agencies intend to clarify that the thresholds are exemplary only and not suggestive of requirements. The agencies will continue to use numerical thresholds to tailor, and otherwise make clear, the applicability of supervisory guidance or programs to supervised institutions, and as required by statute.”
- Violations: “Examiners will not criticize a supervised financial institution for a ‘violation’ of supervisory guidance. Rather, any citations will be for violations of law, regulation, or non-compliance with enforcement orders or other enforceable conditions. During examinations and other supervisory activities, examiners may identify unsafe or unsound practices or other deficiencies in risk management, including compliance risk management, or other areas that do not constitute violations of law or regulation. In some situations, examiners may reference (including in writing) supervisory guidance to provide examples of safe and sound conduct, appropriate consumer protection and risk management practices, and other actions for addressing compliance with laws or regulations.”
- Public Comment: “The agencies also have at times sought, and may continue to seek, public comment on supervisory guidance. Seeking public comment on supervisory guidance does not mean that the guidance is intended to be a regulation or have the force and effect of law.”
- Multiple Documents: “The agencies will aim to reduce the issuance of multiple supervisory guidance documents on the same topic and will generally limit such multiple issuances going forward.”
- Future Guidance: “The agencies will continue efforts to make the role of supervisory guidance clear in their communications to examiners and to supervised financial institutions, and encourage supervised institutions with questions about this statement or any applicable supervisory guidance to discuss the questions with their appropriate agency contact.”
Note: In general, the interagency statement can be considered a welcome reminder of the broad principles in the Administrative Procedure Act (APA). Subsection 553(b) of the APA generally requires that federal agencies must follow the formal notice-and-comment process for substantive rulemaking, but makes an exception for “interpretative rules [or] general statements of policy.” In practice, the line between substantive rules and interpretative rules or policy statements has been not only imprecise but subject to varying degrees of erosion. As indicated in a recent post in the Regulatory Review, for a federal agency that has designs on expanding its power and influence, it is an understandable temptation to set standards that it wishes to enforce by issuing “guidance” documents that can be issued or revised on the agency’s timetable, rather than by submitting to the more time-consuming and cumbersome APA notice-and-comment process.
To the extent that the statement reminds both the participating agencies and regulated entities about the APA’s substantive-interpretative distinction, and reflects those agencies’ aspirational promises about maintaining the line between substantive and interpretative rules, it certainly does no harm and may do some good for the financial sector. At the same time, financial-firm compliance officers should expect that in the short term, regulatory agencies are not likely to revise their existing compliance-related guidance in any substantial respect, and will continue to expect firms to hew closely to such guidance.
In addition, a leading law firm recently noted that financial regulators may able to use their “guidance” as the basis for finding “safety and soundness” violations without calling that guidance a “rule”:
[A]lthough examination staff may no longer state a finding that a bank “violated” guidance or interpretive rule, they are not precluded from finding that a bank violated the governing statute or interpretive rule, and citing to the guidance to detail what the agency believes a statute or rule requires. Failure to follow agency guidance is not in and of itself a violation of law, but for an industry such as the banking industry, which is governed by amorphous “safety and soundness” obligations, departing from agency guidance may nevertheless pose a risk of being deemed an unsafe or unsound banking practice.
That risk is not limited to civil enforcement. A prime example of this is the FCPA Corporate Enforcement Policy that the U.S. Department of Justice issued in November 2017. As Deputy Attorney General Rod Rosenstein stated last November, the Policy “specifies some of the hallmarks of an effective compliance and ethics program. Examples include fostering a culture of compliance; dedicating sufficient resources to compliance activities; and ensuring that experienced compliance personnel have appropriate access to management and to the board.” Rosenstein added that “companies are free to choose not to comply with the FCPA Corporate Enforcement Policy. A company needs to adhere to the policy only if it wants the Department’s prosecutors to follow the policy’s guidelines.”
That statement is too clever by half. A declaration that a company is “free” not to comply with the Policy, at the risk of facing potentially massive FCPA criminal penalties and other enforcement measures, sounds remarkably like “guidance” that in fact establishes substantive conduct requirements, even if those requirements are vague and amorphous (e.g., “fostering a culture of compliance”). Nonetheless, compliance officers can expect that the interagency statement will have no effect on the Department’s application of the FCPA Corporate Enforcement Policy, which is now being applied in a much broader range of white-collar crime matters.