Posted by: David Schneier
bcp, business continuity, business continuity plan, compliance, Dodd-Frank, FDIC, GLBA, NCUA, regulations, regulatory, Regulatory Compliance, too big too fail
Ever since Dodd-Frank legislation first started rolling down the turnpike towards the banking industry I’ve been reading and listening to all manner of rhetoric about how none of it’s going to solve any problems, that it’s going to impede the business of banking and force money to be deposited and invested outside of the borders of the U.S.A. And to be fair, most of what has been enacted seems more to be a nuisance rather than a solution.
So with the ratifying of the most recent bit of the legislation by the FDIC last month I’m all the more curious to see how the industry reacts. For those of you who don’t know what it is I’m referring to it’s Section 165(d) – the new law that requires banks with non-banking assets in excess of $50B to draft a plan that would in effect put its sponsoring institution out of business in a neat and orderly fashion. Or rather, as I’ve come to think of it, it’s a Business Continuity Plan of a whole ‘nother color (or perhaps it’s simply a Business Discontinuity Plan – BDP).
Think about what this law requires. Banks that are in-scope for this now have to draft a plan that would allow regulators to step in and break off the various spokes of the wheel and either sell things off or shut them down in a way that is as minimally disruptive to the financial system as is possible. What I don’t understand about this is how would that even be possible?
You’d have to make an awful lot of assumptions to even draft such a plan. In 2007 when the banks started spiraling out of control you would have thought the very first thing to do was to divest themselves of the root cause of the problem, their consumer loan portfolio and primarily their mortgage business. But who was buying that pile of rotting paper for anything other than pretend money (how’d Countrywide make out playing that market)? So documenting in a plan that you’d sell off your various units assumes that there’s a market looking to buy them and you can’t really count on that, can you? The truth of the matter is all you can really lay down on paper is a very high-level approach that specifies how each segment of the business needs to be evaluated to determine what if any value it possesses and than shop it to the market and see if there’s a buyer. But how is that any different then how a business is dissolved in bankruptcy? And we already have all sorts of laws on the books to guide that process.
How do you even test such a plan? In order for this legislation to deliver on its promise the regulators would need to know that the plan would work somewhere close to as it’s designed to if ever it was needed. How can you possibly step through it and know for sure? Wouldn’t the various markets need to participate as well and how reliable would that be? Wouldn’t everyone need to pretend that it was real? Say Citi, would you be willing to buy BoA’s commercial loan portfolio and if so, how much would you be willing to pay for it? If I’m Citi I’m thinking make the pretend offer high because it’s not binding and if a once in a lifetime disaster occurs again we can totally low-ball on the real offer if it ever comes to that. So how reliable is that test?
But here’s the thing that keeps tap-tap-tapping away at the back of my mind – those who have to comply are the same institutions who can’t successfully design, implement and support a viable business continuity plan and that’s something they’ve had years to perfect and still haven’t even come close to doing. And they’ve actually had disruptions where they needed to rely on these plans and still haven’t quite gotten them done right. If they can’t successfully design a viable BCP when that’s something they’ve often enough desperately needed how are they supposed to design a viable plan to dissolve their business relying entirely on speculation and imagination? Seriously, was the lack of such a plan one of the the primary reasons that the banking behemoths weren’t allowed to fail or was it simply our leadership being fearful that if a Citi or Chase went belly-up the economy might never recover?
Lewis Black loves to poke fun at the whole banking mess and about how banks were instructed by Capital Hill shortly after things got ugly to make sure that before making a loan they needed to be certain the person has the financial wherewithal to repay it. He suggested that the next piece of direction should have been to remind the banking leaders to breath occasionally because it was about as simplistic and obvious. Well perhaps the lawmakers should have kept things simple here as well. Rather than require a BDP, let the FDIC oversee things as they have for many, many years and shepherd a failing institution through the various stages of liquidation finding suitable buyers for the pieces that are worth selling off or that need to be absorbed. Sure the bigger institutions would present some issues and complexities that would require a certain degree of creative thinking but isn’t that better than trying to rely on a plan that was conceived of pure speculation and whimsy?
The real problem wasn’t that any of the monster banks couldn’t fail, it was that they weren’t allowed to. Even if any of them had something drafted that specified how they should be dismantled the government wouldn’t have let it happen. Much like a financial institution tends to look at their BCP well after the disruption occurred (happens all the time) I suspect a BDP would serve in much the same capacity. And if I was an examiner and was going to hold the feet of one of my institutions to the fire for something I’d rather they focus on having an actual, honest-to-goodness BCP that would help them navigate the next hurricane, earthquake, blizzard, blackout, etcetera rather than preparing for something that may never happen again.