In brief: banking regulatory framework in USA

Regulatory framework

What are the principal governmental and regulatory policies that govern the banking sector?

Given their importance to the US economy, banking organisations are among the most highly regulated institutions in the United States. Broadly speaking, governmental and regulatory policies have two areas of focus:

• the safety and soundness of the banking organisations themselves; and
• promoting economic and social objectives, including the separation of banking and commerce.

As to the first area, banking organisations are subject to a wide range of laws, regulations and policies that limit their activities. While a typical US corporation can engage in any activity that is not prohibited by law, a banking organisation may only engage in activities permitted by the banking laws. In addition, banking organisations must maintain minimum capital and liquidity levels.

As to the second area, banking organisations are, among other things, subject to:

• activities restrictions intended to distinguish between permissible banking activities and impermissible commercial ones;
• a wide range of consumer protection laws designed to ensure non-discriminatory access to banking services; and
• stringent anti-money laundering requirements to facilitate government identification of illegal financial activity.

Moreover, given their unique role as a financial bridge between the government and customers, banking organisations also facilitate the government’s transmission of monetary policy.

Because the application and interpretation of banking law in the United States is largely delegated to administrative agencies through regulation, guidance and policies, bank regulators have a significant impact on the bank regulatory landscape, leading to the common saying 'personnel is policy'. The shift away from a deregulatory approach under the Trump administration could have a significant impact on the direction of bank regulation and oversight in the coming years.

What are the defining characteristics of a bank to be caught by the banking laws and regulations? Is non-bank fintech regulated differently?

For the purposes of the current US bank regulatory regime, a bank is generally defined using a hybrid approach that includes any entity that functions as a bank by making commercial loans and taking demand deposits or that engages in specialised banking activity, such as taking deposits insured by the Federal Deposit Insurance Corporation (FDIC). Entities that have a banking charter (entities engaged in such activities are required to obtain a banking charter) are also covered under the definition of a bank. This approach is often referred to as an entity-based regulatory approach. However, in recent years, fintech (non-bank) companies have encroached on many services that traditionally were the exclusive domain of banks, such as lending. Such companies generally would not be subject to banking laws unless they engage in activities that require a banking charter.

The extent to which the range of banking laws applies to a particular banking organisation depends in part on the nature of its charter. For example, limited purpose state trust companies without FDIC insurance are typically subject to a relatively limited number of banking laws in their chartering state. On the other hand, FDIC-insured, full-service state or federally chartered banks are subject to a wide array of federal (and potentially state) regulations.

Fintech companies currently engage in a wide array of activities that were formerly exclusively performed by banks, such as retail and commercial lending and payment services. Because they often do not have bank charters, they are not subject to the typical range of banking laws. However, they may be subject to the relevant laws and licensing requirements of the states in which they have customers, which can impose significant burdens on their operations.

Do the rules vary depending on the size or complexity of the banking institution?

Yes. The 2008 financial crisis resulted in the Dodd–Frank Wall Street Reform and Consumer Protection Act (the Dodd–Frank Act), which sought to create meaningful differences in the capital, liquidity and oversight expectations of banking organisations depending on their size and complexity. While imposing the most stringent requirements on the largest US banking organisations, the Dodd–Frank Act generally imposed significantly enhanced burdens on banking organisations with over US$50 billion in assets (deemed to be systemically important).   

In 2018, the Federal Reserve Board (FRB) led an effort to further tailor these enhanced burdens to more accurately reflect the size and complexity of banking organisations. This tailoring framework was developed in response to the Economic Growth, Regulatory Relief and Consumer Protection Act of 2018, which mandated certain prudential standards for banking organisations with US$250 billion or more in assets and allowed the tailored application of these prudential standards for banking organisations with US$100 billion or more in assets. The FRB’s revised rules, which became effective at the end of 2019, divided banking organisations with US$100 billion or more in assets into four categories, with Category 1 firms being subject to the most stringent requirements and uncategorised firms the least stringent, as laid out below.

• Category 1: US global systemically important banks (G-SIBs).
• Category 2: firms that are not US G-SIBs that have greater than or equal to US$700 billion in total consolidated assets, or greater than or equal to US$100 billion in total consolidated assets and US$75 billion or more in cross-jurisdictional activity.
• Category 3: firms not in Category 1 or 2 that have greater than or equal to US$250 billion in total consolidated assets, or greater than or equal to US$100 billion in total consolidated assets and US$75 billion or more in any of the three following risk-based indicators:
  • weighted short-term wholesale funding;
  • non-bank assets; or
  • off-balance sheet exposure.
• Category 4: firms not in Category 1, 2 or 3 that have greater than or equal to US$100 billion in total consolidated assets.

Summarise the primary statutes and regulations that govern the banking industry.

The specific laws and regulations applicable to a particular banking organisation will depend principally on its charter, activities and size. Among the most significant federal statutes that govern the banking industry are the following.

• The Federal Reserve Act (FRA) establishes the Federal Reserve System as the central banking system of the United States responsible for managing the supply of money and providing oversight to its member banks.
• The Federal Deposit Insurance Act establishes the basic authority for the operation of the FDIC, including the Deposit Insurance Fund as well as the oversight and regulation of insured depository institutions.
• The Home Owners’ Loan Act sets out requirements for federal savings associations (thrifts), and savings and loan holding companies (SLHCs).
• The Bank Holding Company Act of 1956 grants the FRB regulation and supervision over companies that control a bank (bank holding companies (BHCs)).
• The National Bank Act establishes the national banking system and the chartering and regulation of national banks by the Office of the Comptroller of the Currency (OCC).
• The International Banking Act of 1978 establishes that foreign banking organisations (FBOs) with operations in the United States are subject to regulation by US banking regulators.
• The Dodd–Frank Act significantly reformed the financial regulatory system after the Great Recession. The Dodd–Frank Act establishes the Consumer Financial Protection Bureau (CFPB) to focus on consumer and investor protections.
• The Community Reinvestment Act of 1977 requires banks to lend to the moderate and low-income residents of their service area.
• The banking laws of each of the 50 states.

Certain key FRB regulations promulgated under these acts include the following.

• Regulation Q sets minimum capital requirements and capital adequacy standards for state-chartered banks that are members of the Federal Reserve System (member banks and BHCs).
• Regulation K governs the international banking operations of US banking organisations and US operations of FBOs.
• Regulation Y and Regulation LL describe various requirements for BHCs and SLHCs, including transactions for which BHCs and SLHCs must seek and receive FRB approval.
• Regulation W provides rules for the types of transactions that can occur between a member bank (or a US branch or agency of an FBO) and its affiliates.
• Regulation YY establishes enhanced prudential standards for certain large BHCs and FBOs.
• Regulation VV restricts proprietary trading and investments or certain other relationships with hedge funds and private equity funds.
• Regulation O regulates the credit extensions that a member bank can offer its executive officers, principal shareholders and directors.

In many cases, the OCC and the FDIC have published parallel regulations that cover the entities that they regulate.

Which regulatory authorities are primarily responsible for overseeing banks?

Unlike many other countries, the United States has several types of banking organisations, and several federal and state bank regulatory agencies that oversee them.

National banks and federal savings associations are subject to primary supervision by the OCC. State banks and trust companies are subject to the supervision and regulation of their chartering state, and often are subject to oversight at the federal level by either the FRB (if they are member banks) or the FDIC (if they are not). The FRB is the primary regulator for BHCs and SLHCs. Federally insured credit unions are supervised by the National Credit Union Administration. The CFPB, which has a primary focus on the protection of consumers and enforcement of consumer protection laws, also has examination authority over banks with assets of US$10 billion or more.

Describe the extent to which deposits are insured by the government. Describe the extent to which the government has taken an ownership interest in the banking sector and intends to maintain, increase or decrease that interest.

FDIC deposit insurance, which is backed by the full faith and credit of the US government, insures up to US$250,000 per depositor, per FDIC-insured bank, per ownership category.

As a general matter, the US government does not seek to maintain ownership interests in the banking sector. Nonetheless, the US government has taken an ownership interest in the banking sector through various programmes during periods of financial difficulty. Most notably, in 2008, the Treasury established the Capital Purchase Program under the Troubled Asset Relief Program, which purchased over US$200 billion in shares in over 700 financial institutions to recapitalise the banking system. These programmes subsequently wound down and the US government exited its investments.

Which legal and regulatory limitations apply to transactions between a bank and its affiliates? What constitutes an ‘affiliate’ for this purpose? Briefly describe the range of permissible and prohibited activities for financial institutions and whether there have been any changes to how those activities are classified.

Sections 23A and 23B of the FRA and FRB Regulation W promulgated thereunder are designed to ensure that banks are protected in their dealings with affiliates. The types of transactions covered include:

• extensions of credit by the member bank (or US branch or agency of an FBO) to its affiliates;
• purchases of affiliate assets by the bank; and
• certain other credit transactions.

Unless an exemption applies, banks may engage in these types of covered transactions with their affiliates only if:

• the aggregate amount of the covered transactions of the bank or branch with any one affiliate does not exceed 10 per cent of the capital stock and surplus of the bank or branch; and
• the aggregate amount of covered transactions of the bank or branch with all affiliates does not exceed 20 per cent of the capital stock and surplus of the bank or branch.

In addition, credit transactions are subject to collateral requirements and virtually all transactions with affiliates – including service contracts – must be on arm’s-length terms to the bank. An affiliate for these purposes includes, among others, any company:

• that controls the bank or thrift;
• that is under common control with the bank or thrift;
• with a majority of interlocking directors with a bank or thrift; or
• that is sponsored or advised by a bank or thrift.

What are the principal regulatory challenges facing the banking industry?

Historically, the banking industry has faced regulatory pressures from outside the regulatory perimeter as firms with a commercial presence enter into more direct competition with regulated banking organisations. Pressures also arise from the inside as banking organisations innovate and evolve in ways that may not be suited for existing regulatory frameworks. In recent years, fintech companies have struggled with significant compliance burdens as they try to situate themselves in the regulatory spectrum. Because these businesses are not subject to fintech-specific rules, licensing, registration and other regulatory requirements may apply to fintech companies at both the federal and state levels. The number and complexity of regulations that may apply have drawn criticism as having a potential chilling effect on innovation and growth.

Some regulators have sought to address these burdens. For example, the OCC created and defended in court a special purpose national bank charter for fintech companies that offer bank products and services. In 2020, the CFPB issued an advanced notice of proposed rule-making regarding the implementation of section 1033 of the Dodd–Frank Act, which provides for consumer access to financial records. In 2021, President Biden issued an executive order encouraging the CFPB to facilitate, in its rule-making, the portability of consumer financial transaction data so that consumers can more easily switch financial institutions and use new, innovative financial products.

Regulators have also been active in policing innovation. California’s Department of Financial Protection and Innovation entered into a settlement agreement with Chime Financial, Inc for the fintech company's failure to comply with banking regulations. Cryptocurrency companies especially have faced regulatory and enforcement scrutiny from the Commodity Futures Trading Commission, the Securities and Exchange Commission (SEC), the Internal Revenue Service, the OCC, the Financial Crimes Enforcement Network and others as the growth of blockchain and digital asset technologies accelerate. In addition, in January 2021, Congress enacted the Anti-Money Laundering Act of 2020 that, among other measures, amended Bank Secrecy Act definitions and money transmitter registration requirements to expressly encompass 'value that substitutes for currency'.

In addition, the shifting political landscape can also have a significant impact on the state and direction of bank regulation. For example, Biden administration appointees and nominees have indicated a desire for more expansive regulation around regulatory capital, climate change, cryptoassets, and bank mergers and acquisitions (M&A).

Are banks subject to consumer protection rules?

US banking organisations are subject to extensive consumer protection rules at both the federal and state levels, regardless of their chartering authority. At the federal level, banking organisations with assets in excess of US$10 billion, as well as their affiliates, are generally subject to examination by the CFPB (with authority for certain regulatory frameworks retained by the primary federal bank regulators, including the OCC, the FRB or the FDIC), while those with assets of US$10 billion or less are subject to examination by their respective primary federal bank, with respect to the following consumer protection rules:

• fair lending (Equal Credit Opportunity Act, Fair Housing Act);
• consumer credit (Truth in Lending Act, Fair Credit Reporting Act, Military Lending Act, Servicemembers’ Civil Relief Act);
• payday lending, vehicle title loans and high-cost instalment loans fall under the Dodd–Frank Act’s authority to regulate unfair, deceptive or abusive acts or practices (UDAAP);
• mortgage disclosures (Home Mortgage Disclosure Act, Real Estate Settlement Procedures Act);
• deposits, checks, and collections (Truth in Savings Act);
• electronic fund transfers and prepaid cards (Electronic Fund Transfers Act, CARD Act);
• data privacy falls under the privacy provisions of the Gramm–Leach–Bliley Act;
• debt collection (Fair Debt Collection Practices Act); and
• any other act or practice that may be deemed to be ‘unfair’, ‘deceptive’, or ‘abusive’ in accordance with the Dodd–Frank Act’s UDAAP requirements.

As noted above, states may also impose their own consumer protection laws – including for those topics outlined above – although they are subject to federal pre-emption unless state requirements provide more protection to consumers. Additionally, banking organisations are generally subject to the usury laws of their respective home states, although interstate banks may be permitted to utilise the usury laws of host states under certain circumstances.

In what ways do you anticipate the legal and regulatory policy changing over the next few years?

In 2021, the Biden administration made a number of significant appointments to the banking agencies, including Rohit Chopra as CFPB director and Gary Gensler as chair of the SEC. However, several key positions – including Comptroller of the Currency and FRB Vice Chair for Supervision – remain to be filled. In addition, at the end of 2021, FDIC chair Jelena McWilliams announced her resignation, creating another significant vacancy to be filled by President Biden and likely leaving the FDIC in the control of Democratic appointees.

This new leadership will drive the priorities for legal and regulatory policy over the next few years. The agencies have already indicated key areas of focus, including climate, cryptoassets, cybersecurity, national security, money laundering, consumer protection and bank M&A (including the impact that such activities have on low- and moderate-income communities). These leaders have also indicated their intention to review existing capital and liquidity requirements, risk management procedures, disclosure requirements, and other areas. With respect to enforcement, the regulators are expected to take a tougher stance on the regulation of the largest banks. Particularly after FDIC chair McWilliams’ departure, it will be much easier for the Biden administration’s appointees to advance the administration’s interagency regulatory and enforcement agenda around these key areas of focus.

This shift in leadership and priorities is expected to have a significant impact on the regulatory challenges facing banks, and their ability to expand and engage in new activities. For example, prior to the 2020 election, many regional banks announced fintech acquisitions to compete with larger firms. The Biden administration’s focus on bank M&A may have the effect of slowing this trend.

Law stated date

Give the date on which the information above is accurate.

January 2022.