This country-specific Q&A provides an overview to banking and finance laws and regulations that may occur in United States.
This Q&A is part of the global guide to Banking & Finance. For a full list of jurisdictional Q&As visit http://www.inhouselawyer.co.uk/practice-areas/banking-finance-2nd-edition/
What are the national authorities for banking regulation, supervision and resolution in your jurisdiction?
Regulation of banks in the US is divided between the federal government and the states, marked by a deep history and patchwork of federal legislation that has developed since 1863 and gradually eroded, but not extinguished, state authority. This dual responsibility, sometimes called ‘dual regulation,’ significantly complicates any effort to understand the regulation of banks in the US. Both because federal law is supreme in its area of competence and because of an extraordinary expansion of the scope of the federal regulation of banking that has occurred in response to episodic crises affecting depository institutions, federal law is today the most important element of dual regulation.
There are three federal banking regulators primarily responsible for supervising banking organizations in the US at the federal level: the Office of the Comptroller of the Currency, an independent division of the US Department of the Treasury (OCC); the Board of Governors of the Federal Reserve System (FRB), which is an independent agency and the central bank of the US; and the Federal Deposit Insurance Corporation, an independent agency that also is responsible for the insurance of deposits maintained by banking organizations (FDIC).
The Consumer Financial Protection Bureau (CFPB) was created by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank Act) with the objective of consolidating within a single agency consumer financial protection authority that had previously been dispersed across multiple financial regulators. The CFPB’s primary functions include issuing and amending regulations to implement various federal consumer financial protection statutes, pursuing enforcement actions under those laws and regulations, and developing consumer education initiatives.
There are essentially two kinds of commercial banking organizations in the US: national banks, which are chartered by the OCC under federal law, and state banks, which are chartered by the applicable state banking supervisor under state law. All national banks that accept deposits are required to have deposit insurance from the FDIC and to be members of the Federal Reserve System, which is administered by the FRB. All state banks that accept deposits are required to have deposit insurance from the FDIC. State banks may, with the permission of the FRB, become members of the Federal Reserve System. Other types of depository institutions include mutual and stock-form savings banks, credit unions and savings associations.
The principal federal supervisor of national banks is the OCC. The OCC has the power both to regulate and to examine the activities of national banks. Although national banks are subject to generally applicable state laws, national bank powers may not be expanded by the states and, because federal law is paramount, many state laws that purport to restrict the exercise of banking power have only limited effect on national banks. The states may not examine the general conduct of banking activities by national banks.
While the principal regulator of state banks is the appropriate state regulator, each FDIC-insured state bank also has a principal federal regulator. If a state bank is a member of the Federal Reserve System (such banks are referred to as ‘state member banks’), its principal federal regulator is the FRB. If an FDIC-insured state bank is not a member of the Federal Reserve System (such banks, which as a group tend to consist of smaller banking organizations, are called ‘state nonmember banks’), its principal federal regulator is the FDIC.
National banks and state member banks, as members of the Federal Reserve System, are subject to regulation under the Federal Reserve Act. The Federal Reserve System, comprised of twelve regional Reserve Banks, is subject to regulation and supervision by the FRB. Several provisions of the Federal Reserve Act relating to safety and soundness have been made applicable to state nonmember banks as well.
All FDIC-insured banks, state or national, are also subject to regulation by the FDIC to the extent necessary to protect the deposit insurance system.
As is described in greater detail in Question 22, the FDIC is primarily responsible for the resolution of banks under the Federal Deposit Insurance Act (FDIA) and systemically important banking organizations under the Orderly Liquidation Authority.
Bank Holding Company Regulation
Most larger banking organizations in the US are organized as banking holding companies, in which one or more banks and various permitted nonbank companies are held under a common holding company that is supervised and regulated by the FRB under the Bank Holding Company Act of 1956 (BHC Act).
Concern about the economic power of banking organizations, particularly when associated with general commercial activity, has been a continuing popular concern in the US. The BHC Act was enacted to help address concerns with respect to perceived increases in the concentration of financial resources in bank holding company systems, geographic expansion of bank holding companies that appeared to threaten state regulation and local control of financial institutions, and the affiliation of banks with nonbanking companies, which was believed to threaten credit allocation and other unsound and unfair banking practices.
Any company intending, directly or indirectly, to acquire control of a state or national bank must obtain the prior approval of the FRB under the BHC Act. Furthermore, any company that directly or indirectly controls a bank, must, with few exceptions, obtain approval of the FRB prior to acquiring more than 5% of any nonbanking company, and may acquire only companies that engage only in activities that are so closely related to banking as to be a proper incident thereto. Consequently, any company, including a foreign bank, acquiring a US bank is subject to significant federal regulation of its activities and investments in the US.
Data concerning regulated bank holding companies, banks and affiliates in the US is available from the National Information Center:
Which type of activities trigger the requirement of a banking license?
Banking consists, most importantly, of the power to accept deposits subject to payment by check or order. Commercial banking in the US generally consists of accepting deposits and making commercial loans, although not all deposit-taking banks (depository institutions) make commercial loans. Another activity central to banking activities is the power to exercise fiduciary powers, such as acting as trustee. While the term ‘bank’ technically covers both kinds of organizations, organizations that engage in only fiduciary activities and do not accept deposits are commonly referred to as nondepository trust companies. While most banks make ‘commercial’ and ‘consumer’ loans, lending is not a necessary marker of what it means to be a bank, there is no general regulation of lending, and many states regulate commercial lending as a standalone business only very lightly, if at all. Each state has independent power to define ‘banking activities’ for the purposes of state chartered banks.
Does your regulatory regime know different licenses for different banking services?
While each state offers slightly different features as part of its regulation of banking, under federal law banks may be chartered to engage in accepting deposits and engaging in fiduciary activities. There are also some more specialized licenses which may afford a licensee authority to engage in a more limited business, including (i) money transmitter licenses, which are required to accept and transmit payments or to sell items of value (which in some states may include cryptocurrency), and (ii) mortgage banking licenses, which are required to originate and service residential mortgage loans.
Does a banking license automatically permit certain other activities, e.g., broker dealer activities, payment services, issuance of e-money?
Banks have broad powers to engage in activities incidental to banking, including lending, discounting commercial paper and other financial assets, furnishing payment services, and providing advisory, transaction and settlement processing services. A bank with fiduciary authority may act as a trustee or personal representative of decedents.
While banks broadly have the power to act as custodians of securities and to provide advice with respect to investments in securities, they have only a limited authority to engage in the activity of effecting transactions in securities. The limitation on the combination of securities activities and banking were first adopted by the Glass-Steagall Act, which constituted part of the Banking Act of 1933. While key provisions of the Glass-Steagall Act have since been repealed, banks are still prohibited from engaging directly or indirectly (with limited exceptions through a separate fully-licensed broker-dealer subsidiary) in dealing in, or underwriting (as part of public offerings), securities other than certain federal and state government and quasi-government securities. Other securities-related activities are permitted subject only to fairly significant limitations.
Is there a “sandbox” or “license light” for specific activities?
Although there are many cases when the complexity of licensing regimes is tailored to the risk of the underlying activities, there are no special “sandbox” or “license light” provisions which would substantially exempt any activity from all financial or banking regulation. That said, a few agencies have proposed exemptive regimes in their specific spheres, though they remain in their nascent stages. For example, the CFPB announced in December 2018 a proposed “project sandbox” rule (the Sandbox) which would provide clarified and expedited pathways for approval and exemptive relief for financial companies from certain customer protection requirements, including provisions governing civil liability, disclosure, and information reporting requirements with respect to regulations on fair lending, consumer credit, and fund remittance systems. To the extent a final rule is adopted, it likely would not afford exemption from contrary state laws. The comment period for the proposed Sandbox rule officially ended on February 11, 2019, but it could still be many months before the agency issues a final rule.
Are there specific restrictions with respect to the issuance or custody of crypto currencies, such as a regulatory or voluntary moratorium?
The US federal government has not undertaken to restrict the issuance or custody of cryptocurrencies, although, as a result of the characterization of some crypto assets as securities or commodities under existing law, such products have become subject to complex regulatory frameworks that have practically restricted the offering of such interests in the US. In the US’s fragmented approach to financial regulation, when a cryptocurrency is classified as a commodity, as in the case of bitcoin and ether, it is subject to the US Commodity Exchange Act and certain aspects of the underlying market will be regulated by the US Commodity Futures Trading Commission (CFTC). When classified as a security, conduct with respect to such cryptocurrency will be subject to regulation by the US Securities Exchange Commission (SEC). Both agencies have brought a few enforcement actions with respect to cryptocurrency related violations of law, ranging from fraud to failing to register initial coin offerings under the US Securities Act of 1933. Neither the OCC nor the FRB have specifically restricted cryptocurrency activities nor engaged in enforcement with respect to cryptocurrencies. Many states (including, notably, New York, which requires a BitLicense) have subjected those involved in the business of selling or buying cryptocurrencies to various licensing regimes.
What is the general application process for bank licenses and what is the average timing?
Generally, bank charter applications take approximately six months to a year to be approved. The approval process for banks is detailed, with chartering agencies generally looking at financial pro formas, the qualification and character of proposed management and directors, the bank’s business plan, capital adequacy, convenience and needs to the communities to be served and other factors. If a de novo institution wishes to engage in trust activities, it often must separately apply for trust powers. State banks that wish to be members of the Federal Reserve System must apply to the FRB for such membership. Depository institutions also must apply to the FDIC for deposit insurance. Deposit insurance has proved a nearly insuperable obstacle to new depository institution applications in recent years, although the FDIC approved fifteen applications during 2018, double its rate from 2017, which may mark a long-term change in policy.
Is mere cross-border activity permissible? If yes, what are the requirements?
The US permits foreign banks to establish branches or agencies or to acquire businesses in the US—although the establishment of a branch, agency or commercial lending subsidiary in the US requires the prior approval of the FRB. The FRB also has oversight of the resulting US operations of a foreign bank. A foreign bank that has a branch, agency or commercial lending subsidiary in the US is treated for some purposes (including the establishment of nonbanking activities in the US) as a bank holding company subject to the BHC Act.
The FRB has primary federal authority over the international operations of US banks and, with the prior approval of the FRB, a national bank or state member bank may establish a foreign branch or invest in foreign banks or other entities through which the bank may engage in activities that constitute the customary conduct of a banking business abroad. The FDIC must approve such activities for state nonmember banks.
What legal entities can operate as banks? What legal forms are generally used to operate as banks?
Banks are generally specially chartered corporations, similar associations or limited liability companies. In most cases, they are chartered by the OCC, in the case of a national bank, or by a state banking regulator. As described above, an organizer or organizers of a bank may select a specific type of bank charter, and the bank is organized in corporate form as that type of institution.
What are the organizational requirements for banks, including with respect to corporate governance?
Banks are subject to corporate governance requirements similar to other corporations, though the specific requirements applicable to a given bank depend on its charter. Banking organizations are required to establish and maintain internal policies and processes sufficient to identify, measure and assess potential operational, legal, compliance and financial risks, including without limitation, asset quality, earnings, liquidity, cash flow and other elements of capital and liquidity positions. Consolidated oversight and risk management on a company-wide basis is expected, though there are some limitations on the supervision or management of separate legal entities.
Do any restrictions on remuneration policies apply?
The Dodd-Frank Act prohibits incentive-based payment arrangements that encourage inappropriate risks by certain financial institutions. The US federal banking agencies have proposed a rule to implement these limitations, which has not yet been finalized. There are also restrictions, in connection with failed financial institutions, on the operation of “golden parachute” plans, in which the former senior management benefits from certain kinds of financial arrangements established by the failed institution. Other limitations on compensation apply in certain other contexts as well, depending on the bank charter and the activities or person in question.
Has your jurisdiction implemented the Basel III framework with respect to regulatory capital? Are there any major deviations, e.g., with respect to certain categories of banks?
Yes, the US has implemented the Basel III framework with respect to regulatory capital. The Basel Committee on Banking Supervision assessed the US Basel III regulations and stated in its December 2014 report that it regards the US regulations implementing the Basel III framework to be largely compliant overall (though some deviations were identified). The US is scheduled next to be assessed in 2020.
Are there any requirements with respect to the leverage ratio?
Currently, US federally-chartered banks must maintain a leverage ratio of at least 4 percent. Large, internationally active banking organizations—generally those with at least $250 billion in total consolidated assets or at least $10 billion in total on-balance sheet foreign exposure—are also subject to a supplementary leverage ratio of 3 percent. Bank holding companies with more than $700 billion in consolidated total assets or more than $10 trillion in assets under custody must meet an enhanced supplementary leverage ratio that is 2 percentage points greater than the supplementary leverage ratio. In November of 2018, the FRB proposed a new rule for Prudential Standards for Large Bank Holding Companies and Savings and Loan Holding Companies which would adjust the above thresholds (for US banks and banking organizations – the proposed rule is not applicable to intermediate holding companies, subsidiary depositary institutions, or federal branches or agencies of foreign banking organizations). If finalized, the new rule would raise the thresholds for the supplementary leverage ratio, such that banks with total consolidated assets of less than $100 billion would not be subject to any leverage ratio requirements. The rule is still in the comment process as of the date of this publication.
What liquidity requirements apply? Has your jurisdiction implemented the Basel III liquidity requirements, including regarding LCR and NSFR?
The US has implemented Liquidity Coverage Ratio requirements applicable to large banking organizations. In 2014, the US banking agency jointly adopted a final rule implementing a “liquidity coverage ratio” (LCR) applicable to large, internationally active banking organizations, certain designated nonbank financial companies, and certain consolidated subsidiary depositary institutions thereof (LCR Rule). The LCR Rule is expressly patterned on the international standard established by the Basel Committee, albeit with some adjustments to reflect the unique characteristics of the US market and US regulatory scheme. Thus, the LCR Rule imposes a somewhat more stringent requirement than the Basel Committee’s framework. In broad strokes, the LCR Rule requires subject entities to maintain a minimum LCR, defined as the ratio of unencumbered “high-quality liquid assets” (HQLA) to “total net cash outflows,” over a prospective period of 30 calendar days, a form of standardized stress test scenario. The question posed by the LCR Rule to subject institutions is as follows: Assuming that cash outflows over the coming period are large and cash inflows are weak, does the bank have sufficient readily liquefiable assets to weather the storm?
Depending on the size and activities of the subject entity, the LCR Rule imposes two distinct requirements, referred to herein as the “Full LCR,” applicable to large, internationally active banking organizations, and the “Modified LCR,” applicable to other large bank or savings and loan holding companies that in the Agencies’ view pose less severe systemic risks. The LCR Rule became effective on January 1, 2015.
In 2016, the US banking agencies invited comment on a proposed rule to implement a net stable funding ratio (NSFR) requirement. The proposed NSFR rule would establish a quantitative metric to measure and help ensure the stability of the funding profile of a banking organization over a one-year time horizon. The US banking agencies have not yet adopted a final NSFR regulation.
In 2018, the US federal banking regulators proposed a new rule to implement adjustments to the risk-weighted liquidity and capital requirements for large US banking organizations as described above in response to Question 13. The proposed rule has not yet been adopted.
Do banks have to publish their financial statements? Is there interim reporting and, if so, in which intervals?
Every national bank, state member bank, insured state nonmember bank and savings association is required to file quarterly Consolidated Reports of Condition and Income (Call Reports). Certain Call Report data are generally available to the public, though several items on the Call Reports are confidential. Reports submitted by US banks can be obtained from the following site:
Does consolidated supervision of a bank exist in your jurisdiction? If so, what are the consequences?
The BHC Act requires the FRB to supervise all domestic bank holding companies on a consolidated basis, encompassing the parent company and all subsidiaries, which allows the FRB to understand the organization’s structure, activities, resources and risks and address deficiencies more efficiently. Under the International Banking Act of 1978, the FRB is also responsible for the oversight and supervision of the US operations of foreign banking institutions with a US banking presence (including institutions that meet the definition of “qualifying foreign banking organizations,” the bulk of whose banking operations are located offshore). Consolidated supervision means not only that the FRB views the organizations it regulates comprehensively, but that subject organizations are charged to maintain comprehensive oversight and management of their aggregate risk exposures and identify concentrations quickly and accurately at the bank group level, across business lines and between legal entities. In the case of a bank that is not part of a bank holding company, the bank and all of its subsidiaries are subject to consolidated supervision by the bank’s primary federal regulator.
What reporting and/or approval requirements apply to the acquisition of shareholdings in, or control of, banks?
There are no reporting or approval requirements that apply to the acquisition of shareholdings in banks, unless such a shareholding gives the acquiror (or a group of which the acquiror is part) ‘control’ or a controlling influence with respect to such bank or bank holding company. If a company seeks to acquire ‘control’ of a bank, it must be approved by the FRB under the BHC Act. If an individual (or group of persons acting together in concert) seeks to acquire ‘control’ of a bank without the use of an intervening corporate entity, it must be approved by the principal regulator(s) of the bank under the Change in Bank Control Act or similar state laws.
With some variation among laws, ‘control’ of a bank generally means ownership, control or power to vote (whether individually, or as a part of group) 25% or more of the outstanding shares of any class of the bank’s voting securities or the power, directly or indirectly, to direct the management or policies of the bank, although in some cases “control” may be deemed to arise through a small shareholding. Generally speaking, a person acquiring more than 10% of the voting shares of a bank or bank holding company should consider consultation with the applicable US banking agency to determine whether, in the view of the agency, the acquiror has thereby acquired ‘control’ of the bank or bank holding company. In the case of state banks, the respective states also have change of control provisions.
Does your regulatory regime impose conditions for eligible owners of banks (e.g., with respect to major participations)?
As stated in response to Question 17, only shareholders that will have ‘control’ of a bank must be approved. When approving applications for shareholders to acquire ‘control’ of a bank, the appropriate bank regulatory agency or agencies will review certain factors, such as (i) competitive factors; (ii) financial condition of the person(s) or company seeking to acquire control of the bank; (iii) competence, experience and integrity of the acquiring person(s) or company; and (iv) other information necessary to determine if there is risk to depositors or the FDIC’s Deposit Insurance fund if the person(s) or company obtains control of the bank. In the case of a company that acquires control of a bank, the company will become subject to the BHC Act and be subject to comprehensive regulation and consolidated capital rules.
Are there specific restrictions on foreign shareholdings in banks?
No; not at the Federal level. If a foreign (or any other) shareholder will obtain ‘control’ of a US bank, approval is required under the BHC Act or Change in Bank Control Act, as applicable. See our response to Question 17.
Is there a special regime for domestic and/or globally systemically important banks?
Yes. Large financial institutions generally pose the greatest risk to the financial system due to their size, complexity and interconnectedness, and they are accordingly subject to heightened regulation in the US. The largest and most complex bank holding companies and nonbank financial companies designated by the US Financial Stability Oversight Council as ‘systemically important’ (systemically important financial institutions or SIFIs) are subject to FRB supervision and significantly heightened prudential requirements.
Institutions with total consolidated assets of at least $50 billion that have not been designated as ‘systemically important’ are subject to some heightened expectations to a lesser degree than institutions that have received the designation. Foreign banking organizations with consolidated US assets in excess of $50 billion (other than as part of their branch or agency) are required to have an intermediate bank holding company that holds their US assets subject to comprehensive US supervision. The threshold for US banking organizations may rise to $100 billion in 2019, should the proposed FRB rule noted in response to Questions 13 and 14 be adopted as proposed.
What are the sanctions the regulator(s) can order in the case of a violation of banking regulations?
The different federal and state bank regulatory agencies may take a variety of formal and informal enforcement actions against institutions they supervise and related individuals, which also depend on the nature of the violation. These enforcement actions include, among others, cease and desist orders, written agreements, orders assessing civil money penalties, removal and prohibition orders with respect to natural persons, commitments, board resolutions and memoranda of understanding. The authority of bank regulatory agencies to take such actions is quite broad and is exercised pursuant to an administrative scheme that requires no court involvement. In extreme cases, violators may be subject to criminal prosecution and penalties.
What is the resolution regime for banks?
The process for resolving failing depository institutions is different than the process applicable to other businesses. Depository institutions are not subject to general federal bankruptcy laws. Instead, a failing depository institution is subject to receivership (or conservatorship, in very rare cases), and the FDIC will serve as receiver in an administrative proceeding under the provisions of the FDIA. Generally, the FDIC as receiver is expected to maximize the return on the assets of the failed institution and minimize losses to the FDIC’s Deposit Insurance Fund that may result from the failure. The FDIC’s primary goals are to provide depositors with access to their insured deposits quickly and to handle the resolution in the least costly manner. The two basic methods for resolving failing institutions are (1) a purchase and assumption transaction between the FDIC, in its capacity as receiver, and a healthy financial institution in which the healthy financial institution purchases some or all of the assets and assumes some of the liabilities of the failed institution (including insured deposits) or (2) a deposit payoff where the FDIC, as insurer, pays all of the insured depositors of the failed financial institution up to applicable deposit insurance limits.
Holding companies of depository institutions are usually subject to the general federal bankruptcy laws, with the exception of those designated as SIFIs. These situations are often complicated because the subsidiary depository institution is typically the cause of the holding company’s insolvency, and the holding company and depository institution are subject to different resolution regimes.
The US supplemented its existing banking organization insolvency regime to address the insolvency of failing SIFIs under the Orderly Liquidation Authority (OLA) provisions of Title II of the Dodd-Frank Act. The OLA provides an alternative to bankruptcy or other applicable liquidation proceeding, in which the FDIC acts as receiver to carry out the resolution of the various entities within a SIFI organization on a consolidated basis, including non-bank entities, such as insurance companies and broker-dealers (with some special procedures applicable to the latter).
How are client’s assets and cash deposits protected?
Deposits maintained with US branches of insured depository institutions are insured by the FDIC up to the maximum deposit insurance amount, which is $250,000 per depositor, per FDIC-insured institution, per ownership category. In addition, deposits are treated as a preferred unsecured claim senior to general claims of creditors.
Except for funds that have been self-deposited, which are deposits treated as described in the previous paragraph, financial assets held with a bank as trustee or custodian in safekeeping are not subject to claims of the bank’s creditors.
Does your jurisdiction know a bail-in tool in bank resolution and which liabilities are covered?
US law does not provide for a ‘bail-in tool’.
Is there a requirement for banks to hold gone concern capital (“TLAC”)?
The FRB issued a Final Rule in 2017 that requires top-tier US bank holding companies identified by the FRB as US global systemically important banking organizations (G-SIBs) and US intermediate holding companies of foreign G-SIBs with at least $50 billion in consolidated US non-branch or agency assets to maintain minimum ratios of TLAC (generally consisting of Tier 1 capital and eligible long-term debt) and separate eligible long-term debt (among other requirements) by January 1, 2019. TLAC is required to be held by such entities and be available to absorb losses and free resources for key financial subsidiaries in the consolidated organization.
In your view, what are the recent trends in bank regulation in your jurisdiction?
After several years of post-crisis regulatory reform and related implementation by banking organizations organized or operating in the US, there is now increased focus on ensuring that policies, procedures and systems work efficiently and effectively. Banking organizations are seeking to streamline, simplify and centralize their policies, procedures and systems, where possible, so they work operationally and allow the banking organization to identify and minimize risk across the organization and to simplify the challenges to successful resolution in the event of insolvency.
Growing concerns with respect to cyber attacks and information technology breaches suggest that there will be no relaxation in regulatory scrutiny with respect to those areas. Finally, there has been an increased discussion of a need for an adjustment of the countercyclical capital buffer requirements for banks, though no rulemaking has yet materialized.
What do you believe to be the biggest threat to the success of the financial sector in your jurisdiction?
Regulatory measures that inhibit the role of banks as providers of liquidity and emergency access to the central bank discount window risk introducing greater brittleness to the US financial system and to increase the cost of liquidity in ways that may ultimately increase the likelihood of future crises.