JPMorgan’s massive spending on controls underlines “aggressive” relations with regulators
By Henry Engler, Compliance Complete
NEW YORK, Sept. 24 (Thomson Reuters Accelus) – What was once a more consultative relationship between JPMorgan and its regulators has turned into an environment of aggressive demands to reshape the banking giant, say bankers.
With news the largest U.S. bank has settled one set of charges for $920 million and is bracing for more legal and regulatory scrutiny in the coming weeks and months, insiders say the most noticeable change has been the regulators’ use of “consent orders” to enforce wholesale changes across the institution’s risk management controls and systems.
“It is an increasingly aggressive environment with the regulators. All of the things they would like to see as a wish list are getting increasingly formalized legally,” said one senior banker. “It now becomes a must have, a must do.”
In an internal memo to employees this week, JPMorgan’s CEO Jamie Dimon noted that “we have dedicated more than $750 million to address several of our consent orders and assigned close to 5,000 people to ensure we meet or exceed all that is expected of us.” Among the consent orders the bank has to comply with, the “London Whale” $6.2 billion loss and deficiencies in its AML monitoring and systems are the most prominent.
The bank has said that, in total, it would spend $1.5 billion on managing risk and complying with regulations and plans to add $2.5 billion to its litigation reserves in the second half of the year in a push to fix its control problems.
On Thursday, the bank agreed to pay $920 million in penalties in two countries to settle some of its potential liabilities from it “London Whale” losses last year, according to terms made public by regulators. The penalties include $300 million to the U.S. Office of the Comptroller of the Currency, $200 million to the Federal Reserve, $200 million to the U.S. Securities and Exchange Commission and 137.6 million pounds ($219.74 million) to the UK’s Financial Conduct Authority.
The Federal Reserve and other regulators, such as the Office of the Comptroller of the Currency (OCC), have typically issued MRAs (Matters Requiring Attention) in the supervisory process when bank practices deviate from sound risk management principles. For more urgent matters, regulators can resort to an MRIA – Matters Requiring Immediate Attention.
As a supervisory letter from the Fed’s Board of Governors clarified earlier this year:
“MRIAs arising from an examination, inspection, or any other supervisory activity are matters of significant importance and urgency that the Federal Reserve requires banking organizations to address immediately and include: (1) matters that have the potential to pose significant risk to the safety and soundness of the banking organization; and (2) matters that represent significant noncompliance with applicable laws or regulations.”
Most recently, for large banks, MRAs have been centered in credit-risk-related issues (36 percent), operational risk (16 percent), BSA/AML (14 percent), consumer compliance (10 percent), and internal controls (8 percent), according to the 2013 Semiannual Risk Perspective survey by the OCC.
But an increased use of consent orders signifies a shift that some say is prompted by repeated instances of cases where there is a breakdown of internal controls, particularly at some of the largest institutions. While regulators may have previously felt that the MRA approach would be sufficient, they now believe there is a need to take a tougher stance.
“In the past, when something was on the fence you could go either way; the definite trend now is to go formal,” said Julie Williams, managing director at Promontory Financial Group, and former chief counsel at the OCC. “I think that is the product of increasing instances of sensitive and concerning operational issues where regulators decide that it is necessary and appropriate to go with a formal response.”
Some industry observers also point to public criticism of regulators for not having been sufficiently tough with banks in the past, and that the rise of consent orders may be an effort to deflect those perceptions.
London Whale case opens the door
In JPMorgan’s case, bankers say that the loss within the Chief Investment Unit (CIO) has also given regulators the ammunition to call for sweeping changes across the organization, not only in the area of the bank where the controls broke down.
“If you have a point of vulnerability such as the London Whale it’s a point of entry to allow you to ask for a huge wish list,” said a banker familiar with the bank’s engagement with regulators.
The OCC’s consent order regarding the CIO included deficiencies in the unit’s oversight and governance of credit derivatives trading, risk management, valuation control processes, internal audit processes and model risk management practices. But in the OCC’s required actions, the consent order included language to specify that the bank must remediate the deficiencies and processes wherever such trading activities occur – not only in the CIO.
What regulators have often found is that a failure in one part of the institution was not specific to that unit or business, but systemic across businesses. As SEC Co-Director of Enforcement, George Canellos, said on Thursday, with regard to the $200 million penalty handed down to JPMorgan: “Today’s action makes clear that JPMorgan’s control breakdowns went far beyond the CIO trading book.”
Substance versus process
Whether regulatory demands to develop new, effective risk management systems and models will ultimately lead to better risk oversight remains an open question, argue some observers. While having better information and systems are important, risk management at the end of the day still relies heavily on human judgment. What you ultimately do with the information is what counts.
“The risk, of course, is that there is confusion between substance and process on the part of the regulators,” said another banker. “The irony to me is that if it was 2004 or 2003, and you had a handful of treasurers around and you asked who has the best risk reporting and metrics, I hate to say, it’s probably Lehman Brothers.”
(This article was produced by the Compliance Complete service of Thomson Reuters Accelus. Compliance Complete provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Accelus compliance news on Twitter: @GRC_Accelus)