Bank Controls Lacking, Regulation Insufficient

By Curtis C. Verschoor, CMA

Significant losses by banks have demonstrated the need for improved risk management and internal controls to avoid past mistakes. To be successful, these changes require a stronger ethical culture, not more of the same regulatory actions that failed in the past.
You'd expect the internal controls employed within the banking industry to be stronger and more effective than those in any other industry. After all, depositors trust that funds held by their banks are always totally safe and readily available for withdrawal at any time. That's why banking institutions should have overarching objectives on good governance and effective control of risks, factors that depend on the strength of a bank's ethical culture; on avoiding conflicts of interest; and on minimizing the possibility of excessive self-serving risk taking. Recent announcements of huge losses by banks demonstrate that past regulatory efforts to ensure and attain these objectives have been ineffective and insufficient. What's needed is a stronger ethical climate.
In his letter in the Financial Stability Oversight Council (FSOC) 2011 Annual Report, Secretary of the Treasury, Tim Geithner, echoed the need for greater focus on ethical conduct by banks. The FSOC was created to analyze potential emerging threats to U.S. financial stability and to recommend solutions. In his letter, Geithner said, "A stable financial system cannot be maintained by regulation and oversight alone. Those in positions of leadership in the financial sector will need to establish and maintain much higher standards for integrity and a more sophisticated understanding of the risk inherent in the business of finance than prevailed before and during this crisis."
To maintain an environment of trust for depositors, banking has become one of the most highly regulated industries. The Federal Reserve, Treasury Department, Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) are among the federal organizations that provide direct oversight or auditing of almost every action banks take. Several regulatory agencies have adopted the strategy of housing bank examiners at the client banks' premises. The Federal Reserve Bank of New York plans to have approximately 300 regulators "embedded" at the premises of banks in its geographic area of responsibility ("The Regulator Down the Hall," The Wall Street Journal, June 20, 2011). The OCC also deploys field examiners on-site. You wonder how independent such personnel can be with only limited contact with their managerial supervisors while surrounded by client employees eager to convince the examiners of the virtues of all of the client's ways.
The reactions to past banking scandals have resulted in legislative remedies that were intended to prevent further massive losses resulting from fraud, greed, or just poor judgment. For example, the savings and loan scandals of the 1980s resulted in passage of the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA). Shortly thereafter, the cost of the many bailouts of institutions insured by the FDIC resulted in passage of the Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA). Spurred by new mandates for enhanced safety and soundness, the FDICIA initiated the rule that bank management must publicly assess – ¬and independent auditors must attest to – the effectiveness of internal controls over financial reporting. This requirement was extended to all large publicly held companies by the Sarbanes-Oxley Act of 2002.
The financial crisis of 2007-2009 demonstrated the many inadequacies present in the regulatory environment of banks as well as in their risk management and internal control structures. Through the "too-big-to-fail" doctrine, billions of taxpayers' dollars went toward emergency loan bailouts for banks to maintain their liquidity and avoid even greater catastrophes. In an extensive study of seven rescue programs, Bloomberg News reported that the massive amount of the Federal Reserve rescue effort reached a peak of $1.2 trillion and included many industrial and foreign as well as U.S. banks ("Wall Street Aristocracy Got $1.2 Trillion in Secret Loans," Bloomberg News, August 22, 2011). These efforts were "off budget," and their extent was publicly unknown at the time. The many initiatives undertaken by the Federal Reserve include the Term Auction Facility (TAF), swaps, Commercial Paper Funding Facility (CPFF), Term Asset-Backed Securities Loan Facility (TALF), Temporary Liquidity Guarantee Program (TLGP), Transaction Account Guarantee Program (TAGP), and the Debt Guarantee Program. According to Bloomberg News, these programs were "almost three times the size of the U.S. federal budget deficit [in 2008] and more than the total earnings of all federally insured banks in the United States for the decade through 2010." New transparency laws adopted in 2010 require the Federal Reserve to disclose borrowers after two years.
The fallout and real costs of the financial crisis are still being assessed several years after the crisis. For example, The Wall Street Journal reported on June 30, 2011, that Bank of America (BAC), N.A. took a massive $20.6 billion loss provision. This amount represents settlement of claims of $8.5 billion by investors in mortgage-backed securities, $5.5 billion for similar settlements in the future, and $6.6 billion for lawsuits and a write-down of the value of its mortgage servicing business. This reverses all of the pretax earnings BAC reported since early 2007. Analysts are projecting that costs for similar sour mortgage securities claims will amount to about $9 billion for JP Morgan Chase and $4 billion for Wells Fargo. Recognition of these losses has resulted in the failure of many small and medium-size banks that weren't "too big to fail."
The aggregate amount of mortgage-related losses at Freddie Mac and Fannie Mae still haven't been revealed and could be considerable. In late 2009, these government-sponsored enterprises (GSEs) quietly received Christmas Eve gifts of "unlimited" financial aid and approval to continue growing their bloated portfolios of risky mortgage investments to $1.62 trillion. Because the federal government chose to accept only a 79.9 percent ownership stake in the GSEs in return for the "unlimited" bailout guarantee, it kept the financial results of these entities "off budget" so they continue to avoid congressional scrutiny as part of the annual federal budget process. On September 1, 2011, The New York Times reported that the two GSEs had some $118 billion in shaky mortgage assets and planned to sue a dozen big banks for compensation for expected losses ("U.S. Is Set to Sue a Dozen Big Banks Over Mortgages," The New York Times, September 1, 2011).
Geithner's letter in the FSOC Annual Report contains numerous disclaimers of why the regulatory approach adopted by the Dodd-Frank Act (DFA) may not be successful:
  • "A significant number of independent agencies are responsible for specific aspects of the challenge of promoting financial stability . . . "
  • " . . . identifying and mitigating potential threats to the stability of the financial system . . . is an inherently difficult exercise."
  • "Actions taken to preemptively mitigate threats may appear at the time to be more dangerous than the problems they are designed to address."
  • "We cannot predict the precise threats that may face the financial system."
  • "We need to recognize that policy and regulation will often be behind the curve of innovation."
  • "The challenge of maintaining a stable financial system is exacerbated by the difficulty of balancing the benefits of regulation against the costs of excessively restraining prudent risk-taking behavior."
  • "[Our approach] requires an ongoing focus on incentives within the financial system that might create or exacerbate vulnerabilities."
But the most difficult task facing regulators – as well as the management and boards of directors of financial institutions – is the burden of more accurately measuring the nature of risks taken by individual firms and how those risks might affect the entire system. The financial crisis demonstrated how ineffective the credit rating agencies were in evaluating the quality of individual financial products. The DFA takes great pains in eliminating all of the legal requirements for banks to rely on credit ratings in assessing their safety and soundness, but the law doesn't suggest any feasible alternative.
Because the financial services industry has vocally threatened to rescind major portions of the DFA after the next general election, it's too early to tell whether added regulation will truly be the answer to effective protection of the banking industry. It's possible that these events could have been prevented had banks introduced improved risk management, better internal controls, and a stronger ethical culture. But does anyone know how to make sure such actions take place?
Warren Buffett has announced a $5 billion bailout of BAC. The real questions then seem to be: Is this sufficient for BAC? Are Buffett's pockets deep enough to rescue other banks? As indicated by Geithner, ethical controls – such as increased integrity on the part of banking management – are required to truly ensure avoiding another round of huge losses in the future.
Curtis C. Verschoor, CMA, is a member of the Institute of Management Accountants (IMA) Committee on Ethics. He is Emeritus Ledger and Quill Research Professor at the School of Accountancy and MIS and an honorary Senior Wicklander Research Fellow in the Institute for Business and Professional Ethics, both at DePaul University, Chicago. He is also a Research Scholar in the Center for Business Ethics at Bentley University, Waltham, Massachusetts. His e-mail address is
For guidance in applying the IMA Statement of Ethical Professional Practice to your ethical dilemma, contact the IMA Ethics Helpline at (800) 245-1383 in the United States or Canada. In other countries, dial the AT&T USADirect Access Number then (800) 245-1383.
©2011 by the Institute of Management Accountants (IMA®). Reprinted with permission.

You may like these other stories...

Regulators struggle with conflicts in credit ratings and auditsThe Public Company Accounting Oversight Board (PCAOB), which was created by the Sarbanes-Oxley Act in 2002, released its third annual report on audits of...
Regulatory compliance, risk management and cost-cutting are the big heartburn issues for finance execs in the C-suite. Yet financial planning and analysis—a key antacid—is insufficient.That's just one of the...
A review of Financial Accounting Standards Board (FASB) guidance on share-based payment transactions found that the 2004 standard achieves its purpose and provides useful information to investors and other users of financial...

Already a member? log in here.

Upcoming CPE Webinars

Aug 26
This webcast will include discussions of recently issued, commonly-applicable Accounting Standards Updates for non-public, non-governmental entities.
Aug 28
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.
Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.
Sep 11
This webcast will include discussions of commonly-applicable Clarified Auditing Standards for audits of non-public, non-governmental entities.