Opportunity Amidst the Chaos: Rethinking the How of Financial Regulation

Jonah Crane is a Partner at Klaros Group and provides strategic advice to financial institutions and financial technology companies, from small startups to Fortune 100 banks. He is also a member of the CFTC’s Technology Advisory Committee and the Advisory Board of the Digital Dollar Project, as well as Regulator in Residence at the FinTech Innovation Lab in New York. Jonah previously served as a Senior Advisor and Deputy Assistant Secretary in the U.S. Treasury Department, and as an advisor to U.S. Senator Chuck Schumer.

Presidential transitions typically generate obsessive coverage of the ways in which policy preferences and priorities will change. Will capital requirements go up or down by a few basis points? Will limits on overdrafts or payday loans be rolled back? Call it the “what” of financial regulation. 

But observers give far less attention to the “how” of financial regulation: Are regulators doing a good job on their assigned tasks? I would argue this is the harder, but more important, question. Harder because no one campaigns on improving the day-to-day operations of agencies (it’s not very sexy!) and projects to overhaul agency operations will necessarily extend beyond the tenure of any administration, providing little incentive to start. More important because, regardless of our disagreements over what the government should do, we all agree that if the government is doing something it should do it well.

A Crisis

This transition has played to script in many ways. Regarding financial regulation, Washington generally expects Republican administrations to be more laissez faire and Democratic administrations more hawkish in protecting consumers and investors. True to form, Trump is expected to take a more hands-off approach to regulating crypto, is slashing the staff at the Consumer Financial Protection Bureau (CFPB), and roiling the prudential regulators to make them more “efficient” (i.e. less burdensome on industry). Biden regulators will have a number of their proposals–and even final rules–rolled back. 

But this time is different in some important ways. First, the so-called Department of Government Efficiency (DOGE) has focused attention like never before on ways big and small that the government is spending money. Second, the all-out assault on the CFPB is unprecedented. Finally, the broader attempts to reshape the Administrative State–slashing staff, putting independent regulators under the thumb of the White House, possibly executing some kind of de facto consolidation of regulatory agencies–are creating a world in which the rules might only apply if the White House agrees.

I am as sober as anyone about those threats, and my optimism is entirely conditional on our institutions surviving this deeply uncertain time. Both the Courts and Congress (don’t laugh) must recognize the broader stakes. 

Even so, this is a unique opportunity to rethink how we do financial regulation and match it to the 21st-century financial markets. How can I see opportunity in the lawless gutting of a consumer protection agency and the apparent willful disregard of the laws set by Congress? I want competitive financial markets that can innovate to meet the needs of a modern economy, and I believe effective regulation is critical to achieving those goals. I’m also painfully aware that we have fallen far too short of excellence for far too long. 

I propose we use this moment as an opportunity to rethink the how of financial regulation.^[1] In defending the very existence of the institutions Congress established, we can also imagine how they may be rebuilt and reformed to better achieve their goals.

An Opportunity

Since the 2008 financial crisis, both political parties have engaged in regulatory tug-of-war, each attempting to advance its policy agenda and reflexively roll back whatever gains the other team had achieved. This is to be expected, as the parties will generally have different regulatory philosophies and priorities. 

But advancing effective policy in a complex, rapidly evolving sector requires functioning regulatory agencies with the skills, technological capabilities, and incentives to set and pursue priorities. So, those of us who believe in the importance of effective regulation must find a way. 

Where should we start? There are three broad areas in which we need to make significant progress to develop regulatory and supervisory capacity fit for the 21st century. 

Upskilling the Regulators: People and Tech 

“Personnel is policy” is a Washington D.C. truism for a reason. It follows that if you want technologically enabled regulators, you need technologists in-house at the agencies. 

Financial regulators could rely on outsourcing, like the Department of Defense, but they should recognize that DoD has struggled to successfully leverage contractors to acquire new technologies. Regulators still need in-house expertise to coordinate and direct the contractors – and it’s no secret that the agencies have struggled to even identify, let alone hire, qualified leaders for their innovation efforts, focusing their hiring efforts on data analysis rather than hard technical skills.

Compensation is certainly a challenge: Most public sector workers make less than they could in private sector roles. But building systems to operate at scale is a challenge many engineers are likely to find attractive – as are other technologists, if they feel they are part of the agency’s mission. But therein lies a chicken-and-egg problem: Unless and until the job of regulation is much more technology-enabled, career opportunities for computer scientists and engineers are less attractive at regulatory agencies than elsewhere.

Bank regulators have a plethora of opportunities to better leverage technology to be more effective in their jobs. To state just a few:

• Bank regulators rely mostly on call report data to assess trends and risks across the banking system. Call reports provide only quarterly snapshots of bank balance sheets and income statements and are submitted up to 45 days after the quarter-end. Trump’s first FDIC chair, Jelena McWilliams, launched a project to modernize regulatory reporting, but it stalled when the FDIC backtracked on its innovation agenda under Chair Gruenberg.

• The regulators still conduct supervisory exams in the same manner they have for decades: Examiners review and summarize hundreds or even thousands of pages of documents, then conduct interviews with management teams that are largely designed to corroborate or interrogate the documentary findings. Surely AI can review and summarize documents, freeing examiners up to spend more time identifying and probing the key issues?

• Perhaps no area of financial regulation provides as much opportunity for a complete overhaul as our financial crime-fighting regime. U.S. banks alone spend $25-$50 billion every year on the Bank Secrecy Act – and studies have found that we capture less than 1% percent of laundered money and that “compliance costs exceed recovered criminal funds more than a hundred times over.” 

It’s not like the regulators are unaware of these challenges, or haven’t made some attempts to leverage technology. But those efforts amount to incremental improvements in process efficiency. 

FINRA, the self-regulatory agency for the securities market, may be a model to emulate in this regard. FINRA has long employed AI models to detect potentially fraudulent or manipulative trading patterns and has become quite effective at identifying spoofing and other illegal trading activities.

Focusing on What Matters: Prioritization and Accountability

A consensus is emerging that the supervisory process has become excessively compliance-oriented, leading supervisors to miss the forest for the trees. Most (in)famously, Silicon Valley Bank had 31 outstanding supervisory findings (i.e., issues identified as in need of remediation) but interest rate risk “was not viewed as a material risk … until late 2022,” even though “the firm repeatedly breach[ed] its internal risk limits for long-term risk exposure over several years.” In fact, of the 31 supervisory findings, only six involved liquidity risk management and only one addressed interest rate risk. 

Prioritizing check-the-box compliance matters and banks’ governance processes is easier than taking a view on what risks might actually take the bank down. 

In a refreshingly candid speech, then-Acting Comptroller Michael Hsu highlighted how the “asymmetric” incentives faced by supervisors – i.e., effective supervision goes largely unnoticed while failures bring public wrath – “can result in supervisors seeking safety in closely adhering to preapproved checklists and processes rather than exercising judgment and discretion.” Hsu called for a renewed focus on risk-based supervision, which means moving away from “check-the-box supervision” and “focus[ing] supervisory attention where it is needed most.” 

This is no small task: As Hsu pointed out, non-financial risks like cybersecurity are increasingly important in banking. But check-the-box supervision has led us to a place where examiners spent 25,000 hours on scheduled supervisory activities at Silicon Valley Bank in 2022 and still missed the nuclear bomb in the haystack.

Effective prioritization will require agency senior leadership in Washington to make the agency’s supervisory priorities clear. The biggest challenge to supervisory prioritization is political–back to the asymmetric incentives discussed above. Making this transition will require forging a level of political consensus that will provide a measure of reprieve for supervisory misses in non-priority areas.

Another form of prioritization that is gaining increased attention, and that becomes more achievable with the use of data and technology, is “outcomes-based” regulation. By measuring outcomes, banks and their supervisors can assess whether regulatory objectives are being met without obsessing over process and documentation. Some areas of regulation – such as fair lending – are inherently outcome-oriented (loan approvals are either disproportionately skewed on the basis of prohibited class characteristics or not). Yet our compliance regime for fair lending is focused on documented policies and processes, with audit trails showing compliance with those policies and processes. Testing is just one small piece. 

A shift toward outcomes-based regulation would require achieving consensus on regulatory objectives and developing quantitative ways to measure those objectives. But doing so would have the added benefit of bringing a great deal more transparency to the question of what regulators actually expect.

Fostering Innovation: Testing and Learning

Finally, regulation must be more adaptable. The pace of technological change in financial services has accelerated in the digital age and appears unlikely to slow down any time soon. Not that long ago, there was broad consensus that fintech presented real opportunities to improve financial services for the better.

Perhaps ironically, the CFPB has been one of the most forward-thinking and tech-enabled regulators, likely due in part to its status as the youngest regulatory agency. The Bureau was the first U.S. regulator to launch an innovation office. In 2012, under President Obama’s first CFPB director, Richard Cordray, the Bureau created Project Catalyst to provide a forum for engagement with companies trying to innovate consumer finance.

Under Trump, the Bureau created processes to facilitate experimentation: its own versions of regulatory “sandboxes” that were being adopted in various forms around the world. By this time, perhaps because these initiatives were championed by the Trump Administration, advocacy groups and some Democrats began to turn on innovation offices and fintech in general. Biden CFPB director Rohit Chopra later reorganized the Office of Innovation (de-emphasizing innovation) and rescinded the Bureau’s sandbox policies, replacing them on his way out with a no-action letter (NAL) policy so restrictive as to be a transparent effort to prevent its being useful. (For example, one condition to issuing any NAL is that the innovation must be truly novel, not just a marginal improvement on existing products. But the Bureau also refuses to grant first-mover advantage, so it will only issue NALs to groups, not individual firms. Riddle me that, Batman.)

Similarly, under Chair Jelena McWilliams, the FDIC launched a new Office of Innovation – FDiTech – to promote innovation at the agency and across the banking sector, and hired its first chief innovation officer. The office provided a forum for engagement, and also set out a program designed to modernize bank supervision. Among other things, the FDIC hosted “tech sprints”: hackathon-like exercises designed to produce prototype solutions to specific problem statements. One such tech sprint was a “competition to help develop a new and innovative approach to financial reporting, particularly for community banks.” But, as with the CFPB, Biden’s regulators shuttered most of the innovation initiatives, and progress on modernizing bank reporting – which, as noted above, is really low-hanging fruit! – has stalled.

The Alliance for Innovative Regulation is hosting a tech sprint this week focused on bank-fintech partnerships. Several regulators are participating–if they have not yet been fired. The desire among agency staff to engage with the innovation community, and to modernize regulation and supervision, is palpable. They just need the right legal frameworks and tone at the top to begin making a real difference.

Others will surely have more creative ideas than those described above (which already have people at each of the agencies working on them). Still, with a few exceptions, agency leaders simply have not made improving the effectiveness of regulation and supervision a top priority.

If you’re serious about effective regulation, put those ideas on the table. The current policy environment is nothing if not unpredictable, so who knows when opportunities will arise to effect change? Fortune favors the prepared – so let’s build a new financial regulatory agenda, focused on the how.

The opinions shared in this article are the author’s own and do not reflect the views of any organization they are affiliated with.

^[1]  With this paper, I am taking obvious and unabashed inspiration from Jennifer Pahlka and Andrew Greenway’s recent Niskanen Center paper on state capacity.

Open Banker curates and shares policy perspectives in the evolving landscape of financial services for free.

If an idea matters, you’ll find it here. If you find an idea here, it matters. 

Interested in contributing to Open Banker? Send us an email at [email protected].