Banks' Securities Activities: Oversight Differs Depending on Activity and Regulator (Chapter Report, 09/21/95, GAO/GGD-95-214). Pursuant to a congressional request, GAO reviewed federal bank regulators' oversight of banks' securities activities, focusing on the: (1) extent to which banks provide and regulate securities brokerage services; (2) results of Federal Reserve inspections of bank holding company subsidiaries authorized to underwrite and deal in securities; and (3) Federal Deposit Insurance Corporation's (FDIC) regulation of bank subsidiaries that can underwrite and deal in securities. GAO found that: (1) about 22 percent of U.S. banks offered securities brokerage services to their customers in 1994; (2) the Securities and Exchange Commission (SEC) and the National Association of Securities Dealers (NASD) regulated the securities activities of 88 percent of these 2,400 banks by providing these services through broker dealers, while 287 banks provided bank-direct brokerage services; (3) federal bank regulators did not always review bank-direct brokerage operations routinely, but the regulators jointly issued new guidance and examination procedures in 1994 that emphasized these reviews; (4) securities activities can be overseen by different regulators depending on how the banks organize their securities activities, creating the potential for inconsistent oversight; (5) although Federal Reserve examiners usually met their inspection schedules, addressed inspection procedures, and tested securities subsidiaries for compliance with applicable firewalls, there were a few cases of insufficient documentation; and (6) FDIC had no centralized program to oversee the activities of the bona fide securities subsidiaries and had not fully prepared its examiners to examine securities activities, posing risks to affiliated banks. --------------------------- Indexing Terms ----------------------------- REPORTNUM: GGD-95-214 TITLE: Banks' Securities Activities: Oversight Differs Depending on Activity and Regulator DATE: 09/21/95 SUBJECT: Securities regulation Financial institutions Compliance Internal audits Brokerage industry Documentation Bank holding companies Banking law Internal controls Bank examination IDENTIFIER: BIF Bank Insurance Fund ************************************************************************** * This file contains an ASCII representation of the text of a GAO * * report. Delineations within the text indicating chapter titles, * * headings, and bullets are preserved. Major divisions and subdivisions * * of the text, such as Chapters, Sections, and Appendixes, are * * identified by double and single lines. The numbers on the right end * * of these lines indicate the position of each of the subsections in the * * document outline. These numbers do NOT correspond with the page * * numbers of the printed product. * * * * No attempt has been made to display graphic images, although figure * * captions are reproduced. Tables are included, but may not resemble * * those in the printed version. * * * * A printed copy of this report may be obtained from the GAO Document * * Distribution Facility by calling (202) 512-6000, by faxing your * * request to (301) 258-4066, or by writing to P.O. Box 6015, * * Gaithersburg, MD 20884-6015. We are unable to accept electronic orders * * for printed documents at this time. * ************************************************************************** Cover ================================================================ COVER Report to Congressional Requesters September 1995 BANKS' SECURITIES ACTIVITIES - OVERSIGHT DIFFERS DEPENDING ON ACTIVITY AND REGULATOR GAO/GGD-95-214 Banks' Securities Activities (233408) Abbreviations =============================================================== ABBREV BIF - Bank Insurance Fund CRD - Central Registration Depository FDIC - Federal Deposit Insurance Corporation FDICIA - Federal Deposit Insurance Corporation Improvement Act FRS - Federal Reserve System NASD - National Association of Securities Dealers OCC - Office of the Comptroller of the Currency SEC - Securities and Exchange Commission SIPC - Securities Investor Protection Corporation SRO - self-regulatory organization Letter =============================================================== LETTER B-259498 September 21, 1995 The Honorable John D. Dingell Ranking Minority Member Committee on Commerce House of Representatives The Honorable Edward J. Markey Ranking Minority Member Subcommittee on Telecommunications and Finance Committee on Commerce House of Representatives This report presents the results of our review of federal banking regulators' oversight of banks' securities activities. You requested that we report on the extent to which banks have expanded into securities activities. You also asked us to evaluate the status of federal banking regulators' programs for examining and enforcing compliance with regulatory safeguards intended to separate insured banking activities from securities activities and protect securities investors from unfair practices. This report recommends actions to improve bank regulators' oversight of bank securities activities. As agreed with you, unless you publicly release its contents earlier, we plan no further distribution of this report until 5 days from its issue date. At that time, we will provide copies to interested Members of Congress, appropriate committees, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Securities and Exchange Commission, the National Association of Securities Dealers, other interested parties, and the public. Major contributors to this report are listed in appendix X. If you have any questions, please call me at (202) 512-8678. James L. Bothwell Director, Financial Institutions and Markets Issues EXECUTIVE SUMMARY ============================================================ Chapter 0 PURPOSE ---------------------------------------------------------- Chapter 0:1 Numerous U.S. banks and bank holding companies are expanding into securities activities, including retail securities brokerage services (acting as an agent for buyers and sellers of securities), securities underwriting (publicly distributing new issues of securities), and securities dealing (trading securities as a principal in the secondary market). These securities activities can provide greater diversification and additional income for banks, a more competitive securities industry, and added convenience for bank customers. They may also pose additional risks to banks and new challenges to regulators. The adequacy of regulatory oversight of banks' securities activities concerned the Ranking Minority Member of the House Committee on Commerce and the Ranking Minority Member of the Subcommittee on Telecommunications and Finance, House Committee on Commerce. They asked GAO to determine the extent to which banks provide securities brokerage services and how these services are regulated; evaluate the completeness and results of Federal Reserve inspections of bank holding company subsidiaries that the agency authorizes to underwrite and deal in securities; and evaluate the Federal Deposit Insurance Corporation's (FDIC) regulation of bank subsidiaries that can underwrite and deal in securities. BACKGROUND ---------------------------------------------------------- Chapter 0:2 Congress passed the Glass-Steagall Act in 1933 in reaction to the banking crisis of the Great Depression. The act generally prohibits banks from underwriting and dealing in securities, except for "bank-eligible" securities. These are limited to securities offered and backed by the federal government and federally sponsored agencies, and certain state and local government securities. As banks have sought to expand their product lines, federal regulators have provided banks, through affiliated firms, limited authority to underwrite and deal in "bank-ineligible" securities. Banks subject to Glass-Steagall provisions may be chartered and regulated by one or more federal and state regulators. National banks are chartered and regulated by the Office of the Comptroller of the Currency (OCC). State-chartered and regulated banks are also regulated federally by the Federal Reserve if they choose to join the Federal Reserve System (FRS). If they do not join FRS, they are regulated by FDIC because they are federally insured. The Federal Reserve also regulates all bank holding companies. In addition to restricting activities within banks, Section 20 of the Glass-Steagall Act prohibits FRS-member banks, including all national banks, from affiliating with firms "principally engaged" in underwriting ineligible securities. The Federal Reserve interprets Section 20 of the act to allow bank holding companies to establish subsidiaries engaged in securities underwriting and dealing, as long as the subsidiary generates no more than 10 percent of its gross revenue from ineligible securities. The subsidiary's activities must also be considered closely related to banking. Bank holding companies must obtain Federal Reserve approval to establish underwriting and dealing subsidiaries, which are known as "Section 20 subsidiaries." In November 1994, OCC proposed to revise its rules so that subsidiaries of approved national banks could engage in activities impermissible for the parent bank, possibly including underwriting and dealing in ineligible securities. OCC is considering comments on the proposal. The Glass-Steagall Act does not prohibit subsidiaries of state-chartered non-FRS-member banks from engaging in securities activities. In 1984, FDIC issued regulations setting out conditions under which "bona fide subsidiaries" of these banks may underwrite ineligible securities. The Glass-Steagall Act also does not restrict bank securities brokerage activities, which may take place either within a bank or an affiliate. Generally, a firm that provides securities brokerage services (known as a broker-dealer) must register with and be regulated by the Securities and Exchange Commission (SEC). Banks, however, are exempted from SEC registration. Consequently, brokerage services provided directly by a bank are not subject to scrutiny by federal securities regulators. The bank exemption does not apply to separately incorporated bank affiliates. Generally, bank regulators supervise banking organizations to ensure their safety and soundness and compliance with banking laws. As part of their supervision, the regulators are to ensure that the banking organizations, including banks' securities affiliates, are adequately capitalized and comply with certain operating conditions and restrictions called "firewalls." Among other things, firewalls help insulate banks from credit relationships and intercompany transactions that pose risks to bank safety and soundness or potential conflicts of interest. Securities regulators examine and monitor the activities of broker-dealers for compliance with securities laws and regulations, including net capital rules. Much of this regulation is done through self-regulatory organizations (SROs) such as the National Association of Securities Dealers (NASD), which enforce rules of fair practice among their members. SEC evaluates the quality of SRO oversight in enforcing compliance with federal securities laws, including provisions related to preventing fraudulent and manipulative practices and protecting investors from such practices. RESULTS IN BRIEF ---------------------------------------------------------- Chapter 0:3 About 22 percent of U.S. banks offered securities brokerage services to their customers in 1994. SEC and NASD regulated the securities activities of 88 percent of these 2,400 banks because they provided these services through registered broker-dealers or through third-party arrangements with registered broker-dealers. However, 287 banks provided these services on bank premises exclusively through bank employees. These bank-direct brokerage operations were subject to regulation by federal bank regulators and were exempted from regulation by SEC and NASD. GAO found that federal bank regulators did not always review bank-direct brokerage operations as part of routine bank examinations. However, in 1994 bank regulators jointly issued new guidance and examination procedures that placed increased emphasis on such reviews. Because some bank securities activities are overseen by securities regulators while others are overseen by bank regulators, the potential exists for inconsistent oversight of these activities. This potential for inconsistent oversight has not been much of a problem so far, because most banks provide securities services in affiliates that are regulated primarily by securities regulators. While the regulators have coordinated their exams, among other things, providing consistent securities oversight, no matter where in an organization these activities are done, would be enhanced by increased cooperation, coordination, and sharing of regulatory expertise among bank and securities regulators. As of November 1994, the Federal Reserve had 35 Section 20 securities subsidiaries to examine for compliance with firewall requirements. GAO found that FRS examiners usually met their inspection schedules, addressed the inspection objectives and procedures outlined in FRS guidance, and, in general, comprehensively reviewed or tested for compliance with applicable firewalls. However, GAO found a few cases where full compliance with all firewalls could not be assured or was not documented. Specifically, for 2 of the 14 subsidiary examinations that GAO reviewed, neither Federal Reserve examiners nor the bank internal auditors, whose work the examiners can rely upon, had reviewed or tested all applicable firewall procedures. Also, in two of the four FRS districts GAO visited, examiners had not always provided sufficient documentation to determine whether they had reviewed or tested applicable firewall procedures, especially when examiners relied on internal auditors. Unlike the Federal Reserve, FDIC had no centralized program to oversee the activities of the bona fide securities subsidiaries of state-chartered banks, and did not know how many such subsidiaries were actually operating. FDIC also had not fully prepared its examiners to examine securities activities because it had not provided training and had no examination guidelines. In some cases, FDIC examiners were confused about when subsidiaries needed to obtain the bona fide designation. As a result, FDIC had little assurance about the risks these subsidiaries' activities pose to affiliated banks. GAO'S ANALYSIS ---------------------------------------------------------- Chapter 0:4 BANK SECURITIES BROKERAGE ACTIVITIES RAISE REGULATORY ISSUES -------------------------------------------------------- Chapter 0:4.1 About 2,400 banks--22 percent of nearly 11,100 banks nationwide--offered retail securities brokerage services, according to the results of GAO's survey of banks. Of those 2,400 banks, most (88 percent) provided the services through registered brokerage subsidiaries or through arrangements with nonaffiliated registered securities broker-dealers. The remaining 287 banks, about 12 percent, provided direct brokerage services. According to survey responses, these banks had limited their services to discount brokerage, in which the employees of these banks took customers' orders but did not make buy and sell recommendations. Because the securities laws exempt banks from SEC registration and regulation, the securities activities of the 287 banks that GAO estimated provide direct brokerage services are regulated by bank regulators. GAO's review of regulatory examinations of 40 of these banks, completed during 1992 through mid-1994, showed that bank regulators had not reviewed the brokerage operations of 29, or 72 percent, of the sampled banks. Bank regulators have since taken steps intended to improve the oversight of banks' direct brokerage operations. In 1994, bank regulators issued a joint policy statement to banks on the sale of nondeposit investment products, such as mutual funds, stocks, and bonds. Each regulator also issued examination guidance for reviews of bank-direct brokerage operations. Bank and securities regulators have also acted to coordinate examinations of most bank brokerage activities, but other regulatory issues need to be addressed to ensure consistent regulation of all bank brokerage activities. In January 1995, all three banking regulators and NASD reached a formal agreement to coordinate examinations of bank-affiliated broker-dealers and share examination findings and workpapers. However, this agreement did not address bank-direct brokerage operations because they are not subject to SEC and NASD regulation. Also, bank and securities regulators' guidance and proposed rules under which bank brokerages are expected to operate are not consistent, and not all regulatory procedures used by securities regulators are available to bank regulators. The lack of consistent regulatory standards for bank-related and nonbank-related brokerages could result in confused investors, ambiguous sales practice standards, and inconsistent oversight of sales representatives. Bank regulators have provided new guidance and examination procedures and are working to improve their oversight of bank-direct brokerage operations. Nevertheless, providing consistent securities oversight, no matter where in an organization these activities are done, would be enhanced by ongoing cooperation, coordination, and sharing of regulatory expertise among bank and securities regulators. FEDERAL RESERVE INSPECTIONS USUALLY ASSESS COMPLIANCE WITH ALL APPLICABLE FIREWALLS -------------------------------------------------------- Chapter 0:4.2 The Federal Reserve's policy is to inspect the firewall procedures of underwriting subsidiaries either before approving their underwriting and dealing activities or during initial inspections after approval, depending upon the type of underwriting powers sought. Approved subsidiaries underwrote $59 billion of securities in 1993. As of November 1994, 35 subsidiaries were operating with Federal Reserve approval to underwrite and deal in certain bank-ineligible securities. Federal Reserve examiners may rely upon annual reviews by the bank holding company internal auditors to assess subsidiaries' compliance with firewall requirements. The examiners may also do their own annual evaluations of firewall compliance by subsidiaries during bank holding company inspections. The Federal Reserve is also to routinely monitor the activities and financial status of the subsidiaries. Although the Federal Reserve's inspections GAO reviewed usually addressed all applicable firewalls, in two instances Federal Reserve examiners and bank holding company internal auditors did not review all applicable firewalls. For example, in a 1993 inspection of a large underwriting subsidiary, neither Federal Reserve examiners nor internal auditors reviewed firewalls that restricted credit extensions to the underwriting subsidiary and its clients and customers or that prohibited intercompany transactions and transfers of assets between the subsidiary and affiliated insured banks. The Federal Reserve inspections also did not always document the extent to which examiners or internal auditors had tested firewalls. For example, in GAO's review of the annual inspections of six subsidiaries, examiners said they relied on the internal auditors' review and tests and did some selective review and tests themselves, but the review and testing was not always documented in workpapers. In these instances, inspection supervisors' reviews would have been needed to ensure that all firewalls were examined and work was properly documented in work papers. The Federal Reserve has imposed few sanctions for firewall noncompliance. However, it has acted to correct identified compliance-related deficiencies through inspection close-out meetings with bank officials and required correspondence from the banks on actions taken to correct deficiencies. FDIC HAD NO PROGRAM TO ASSESS RISKS POSED BY SECURITIES ACTIVITIES -------------------------------------------------------- Chapter 0:4.3 FDIC requires state-chartered non-FRS-member banks that establish or acquire bona fide subsidiaries to underwrite and deal in securities to file notices with FDIC regional directors. FDIC then is to examine the parent banking organizations and the subsidiaries for compliance with FDIC regulations. Unlike the Federal Reserve, FDIC has no centralized system to oversee the securities activities of bank subsidiaries. Such a system could help FDIC to identify banks that own operating subsidiaries and assess the subsidiaries' financial condition, compliance with firewall restrictions, and the overall risks the subsidiaries might pose to insured banks and the Bank Insurance Fund. FDIC could not provide accurate data on the number of banks that were using authority granted under FDIC regulations. FDIC officials said that underwriting and dealing in securities were more common among larger banking organizations than among the state-chartered nonmember banks it supervises. FDIC officials said that examiners could identify any bona fide subsidiaries that should be subject to its regulatory provisions through the examination process. However, in 3 of 13 examinations GAO reviewed, FDIC examiners were confused about the applicability of these provisions and had to seek a legal determination from the FDIC regional headquarters about a subsidiary's status. As of September 1994, FDIC had no formal examiner training program that focused on oversight of securities activities of state nonmember banks and their subsidiaries. Without a program to identify and routinely review the securities activities and the financial condition and performance of bank securities subsidiaries that are under FDIC's jurisdiction, FDIC cannot fully assess the risks the underwriting and dealing activities of bank subsidiaries pose to insured banks and the Bank Insurance Fund. RECOMMENDATIONS ---------------------------------------------------------- Chapter 0:5 GAO is making the following recommendations: The Federal Reserve, FDIC, OCC, SEC, and NASD should work together to develop and implement an approach for regulating bank-direct securities activities that provides consistent and effective standards for investor protection, while ensuring bank safety and soundness. The Chairman of the Board of Governors of the Federal Reserve System should ensure that either Federal Reserve examiners or internal auditors review and test all applicable firewalls at least once annually and appropriately document the work performed. The Chairman of FDIC should establish a program to identify and routinely review the securities activities and the financial condition and performance of bona fide subsidiaries under FDIC's jurisdiction to assess the overall risks posed by the activities on federally insured banks and ensure compliance with firewalls. The program should provide FDIC examiners guidance and training on how to examine bank and bank subsidiary securities activities. AGENCY COMMENTS ---------------------------------------------------------- Chapter 0:6 The Federal Reserve, FDIC, OCC, SEC, and NASD provided written comments on a draft of this report. These comments are presented and evaluated in chapters 2, 3, and 4. The bank regulators commented that they have already begun efforts to coordinate regulation of bank brokerage activities with securities regulators. The securities regulators agreed to participate in cooperative efforts but believe that a system of functional regulation, in which each entity is regulated according to the particular activities that it undertakes, would provide a more effective and efficient regulatory structure. The Federal Reserve commented that it would promptly address GAO's findings on firewall compliance. It intends to reiterate to examiners the need to fully inspect and document Section 20 companies' compliance with firewalls. FDIC disagreed with GAO over the benefits of centralized monitoring of the securities activities and financial performance of bona fide subsidiaries of insured banks. FDIC commented that a centralized program would create a burdensome reporting process while supervision of those institutions would still fall on regional personnel. FDIC said that it is considering the scope and type of examiner training necessary for bank securities activities. FDIC also disagreed with GAO over the need for a program to assess the risks securities activities of bona fide subsidiaries may pose to insured banks and ensure compliance with regulatory firewalls. It said that such a program would create a burdensome reporting process. GAO disagrees with FDIC's views. GAO believes that as a regulator of federally insured banks, FDIC is responsible for knowing of and supervising activities that may pose risks to those banks. A program to identify and monitor the securities activities of those banks' securities subsidiaries could improve FDIC's oversight immediately at little extra cost. Also, because FDIC already requires banks to notify it of subsidiaries' securities activities and has regional supervision programs in place and because securities subsidiaries' financial data are available from reports required by securities SROs, a centralized program should not impose added regulatory or reporting burden on banks. INTRODUCTION ============================================================ Chapter 1 Since the mid-1980s, banks have been expanding into securities activities by providing retail brokerage services--buying and selling securities for customers, which may involve making buy and sell recommendations--and underwriting and dealing in securities.\1 These securities activities can provide additional income for banks and convenience for bank customers, and they can foster a more competitive securities industry. However, without proper management, including internal controls, and appropriate regulatory oversight, banking organizations that conduct such securities activities may be subject to a heightened risk of financial losses that, if large enough, could undermine public trust in the banking system. Also, without proper oversight of the securities activities, investors may not be adequately protected from fraudulent and unfair sales practices. As a result of concerns of and issues raised by the Ranking Minority Member of the House Committee on Commerce and the Ranking Minority Member of the Subcommittee on Telecommunications and Finance, House Committee on Commerce, about the expansion of banks into securities activities, we reviewed federal bank regulators' procedures and processes for examination and supervision of bank securities activities. -------------------- \1 Underwriting is the public distribution of new issues of securities; dealing refers to the business of holding oneself out to the public as being willing to make a secondary market in a security by offering to buy and sell securities as principal. BACKGROUND ---------------------------------------------------------- Chapter 1:1 Banks' expansion into securities activities presents legal and financial risks to federally insured banks. How these risks are managed and overseen depends on how the banks are chartered and regulated and on how they are organized to do business. It also depends on the securities activities the banks undertake, which may be limited by federal law and regulation. SECURITIES ACTIVITIES CAN POSE LEGAL AND FINANCIAL RISKS TO INSURED BANKS -------------------------------------------------------- Chapter 1:1.1 Generally, the types and degree of risk that securities activities present to banking organizations vary by type of activity. Discount brokerage activities, in which the broker only takes orders and executes trades for customers who make their own investment decisions, pose little risk. Full-service brokerage activities, in which the broker also provides investment recommendations, can pose legal and financial risk, because the broker--including, for example, a federally insured bank whose employees provide investment advice--can be held liable for a customer's financial losses if those losses result from fraudulent or unsuitable investment recommendations. Underwriting and dealing activities generally pose greater financial risk because the underwriter or dealer may incur losses in the principal amount (face value) of securities being underwritten or held. BANKS ARE CHARTERED AND REGULATED BY FEDERAL AND STATE AUTHORITIES -------------------------------------------------------- Chapter 1:1.2 A bank's power to engage in securities activities comes from the government authority that charters the bank. In the case of a national bank, the chartering authority is the Office of the Comptroller of the Currency (OCC). OCC, as the primary regulator, establishes the regulations under which national banks operate. State authorities charter state banks. A state bank's authority to engage in securities activities is established by the state banking agency and governed by state law. Two other federal agencies also have bank regulatory responsibilities.\2 The Board of Governors of the Federal Reserve System is the primary federal regulator of bank holding companies\3 and those state-chartered banks that choose to become members of the Federal Reserve System (FRS). The Federal Deposit Insurance Corporation (FDIC) is the primary federal regulator of state-chartered banks that have federally insured deposits and are not members of the Federal Reserve System. FDIC also administers the Bank Insurance Fund (BIF), which provides deposit insurance for banks. Because of this role, FDIC has back-up regulatory authority over all insured banks. The primary goal of federal bank regulators is to work toward improving and maintaining the safety and soundness of banks to help safeguard the financial system and protect depositors and other customers. Regulators adopt policies and regulations and examine the banks under their jurisdiction for soundness and compliance with these policies and regulations. The Federal Reserve also inspects bank holding companies to ascertain their financial strength and to determine the consequences of transactions between the parent bank holding company, its nonbanking subsidiaries, and the subsidiary banks. -------------------- \2 The Office of Thrift Supervision and the National Credit Union Administration also regulate depository institutions, respectively, thrifts and credit unions. Their activities were not within the scope of our work because it was limited to securities activities of commercial banks. \3 A bank holding company is a company that controls one or more banks. A company controls a bank if it owns, controls, or has power to vote 25 percent or more of the voting stock of a bank, controls the election of a majority of the bank's directors, or exercises a controlling influence over the bank's management or policies. A bank holding company structure allows nonbank subsidiaries to engage in a variety of nonbanking activities that are considered closely related to banking functions. The largest bank in a bank holding company is typically referred to as the lead bank and often holds most of the company's assets. Although the Federal Reserve is responsible for inspecting all bank holding companies, OCC or FDIC, respectively, would be responsible for regulating the lead bank if it is a nationally chartered bank or a state-chartered bank that is not a member of the Federal Reserve System. BANK AND SECURITIES REGULATORS OVERSEE VARIOUS BANK SECURITIES ACTIVITIES -------------------------------------------------------- Chapter 1:1.3 Bank regulators and securities regulators both play a role in regulating the securities activities of banks; the specific roles they play depend on both the activities and the way banks organize those activities. Brokerage services, for example, may be regulated by bank or securities regulators depending upon the method the bank uses to provide these services. Also, both bank regulators and securities regulators are responsible for overseeing various aspects of the underwriting and dealing activities of banking organization subsidiaries. The Securities Act of 1933 and the Securities Exchange Act of 1934 are the basis for securities regulation in the United States. Under the 1934 act, firms engaged in brokering or dealing securities, including bank securities affiliates, must register as broker-dealers.\4 The Securities and Exchange Commission (SEC) is the federal agency responsible for securities regulation. SEC achieves its mission, in part, through self-regulatory organizations (SROs) like the National Association of Securities Dealers (NASD) and the New York Stock Exchange.\5 Basically, SEC and SROs adopt rules and regulations that the broker-dealers must follow to protect securities investors and provide for the maintenance of fair and orderly markets. Securities rules and regulations require companies providing brokerage services to have adequate capital to protect investors from the losses of broker-dealers. Such companies are also required to implement procedures to protect investors from unfair sales practices. The inability of registered broker-dealers to meet obligations to retail customers--that is, to restore the funds in retail customers' accounts if the broker-dealers go out of business--is insured against by the Securities Investor Protection Corporation (SIPC).\6 Securities regulators examine and monitor the broker-dealers' activities for compliance with securities laws and regulations. SEC also evaluates the quality of SRO oversight in enforcing compliance with federal securities laws and SRO rules, including provisions related to preventing fraudulent and manipulative practices and protecting investors from such practices. -------------------- \4 Broker-dealers combine the function of brokers and dealers. Brokers are agents who handle public orders to buy and sell securities. Dealers are principals who buy and sell securities for their own accounts and at their own risk. \5 We have reported in the past on SEC and SRO regulation of the securities industry and broker-dealers in general, which include registered securities affiliates of banking organizations. In those reports we recommended various actions needed to improve regulatory oversight of securities markets and broker-dealers and better protect investors. See, for example, Securities Industry: Strengthening Sales Practice Oversight (GAO/GGD-91-52, Apr. 25, 1991); Securities Investor Protection: The Regulatory Framework Has Minimized SIPC's Losses (GAO/GGD-92-109, Sep. 28, 1992); Penny Stocks: Regulatory Actions to Reduce Potential for Fraud and Abuse (GAO/GGD-93-59, Feb. 3, 1993); and Securities Markets: Actions Needed to Better Protect Investors Against Unscrupulous Brokers (GAO/GGD-94-208, Sep. 14, 1994). \6 SIPC, a private, nonprofit membership corporation established by Congress in 1970, provides certain financial protections to the customers of failed U.S. broker-dealers. In 1992 we reported that SIPC had been successful at protecting investors and noted that SIPC's success was derived from SEC's and SROs' diligent oversight of the securities industry. See Securities Investor Protection: The Regulatory Framework Has Minimized SIPC's Losses (GAO/GGD-92-109, Sep. 28, 1992). BROKERAGE ACTIVITIES MAY BE REGULATED BY SECURITIES OR BANK REGULATORS ------------------------------------------------------ Chapter 1:1.3.1 As shown in table 1.1, securities regulators are responsible for regulating a bank's brokerage services when a bank provides these services to its customers through (1) a registered securities brokerage affiliate; or (2) an arrangement with an unaffiliated registered third-party broker-dealer, whether the services are provided on or off bank premises. When these services are provided on the bank's premises by bank employees or through a bank affiliate, bank regulators may examine the brokerage activities. Bank regulators have no direct authority over unaffiliated, third-party broker-dealers, even when they operate on bank premises. However, the federal banking agencies' "Interagency Statement on Retail Sales of Nondeposit Investment Products," February 15, 1994, requires that a bank's agreement with a third-party broker-dealer authorize the appropriate banking agency to have access to all records of the third-party broker as are necessary or appropriate to evaluate whether the third-party broker is complying with the terms of its agreement. Bank regulators generally address safety and soundness concerns and compliance with applicable laws, regulations, and supervisory guidance, while securities regulators generally address investor protection concerns and compliance with securities laws and regulations. Banks that exclusively use their own employees, rather than an affiliated company, to provide securities brokerage services to retail customers are exempt from registration and regulation as broker-dealers under the 1934 securities exchange act. The exemption means that these activities are outside the normal securities regulatory framework. However, the antifraud provisions of the federal securities laws still apply. Further, banking regulations require banks providing such direct securities brokerage services to keep records and provide customers confirmations of securities transactions. Also, the securities brokerage activities of these banks are not SIPC-insured, unless the bank customers are also identified as customers of an SEC-registered broker-dealer through which the bank places customers' orders for execution. Table 1.1 Bank Methods of Providing Retail Brokerage Services and Resulting Regulatory Responsibilities Method Regulatory responsibility ---------------------------------- ---------------------------------- Off bank premises, either through Securities regulators. Bank registered securities brokerage regulators also can examine affiliate or an arrangement with activities of bank affiliates. an unaffiliated registered third- party broker-dealer. On bank premises through a Bank and securities regulators. registered securities brokerage affiliate. On bank premises through a third- Securities regulators. Bank party arrangement with an regulators have no direct unaffiliated registered broker- authority over unaffiliated dealer. broker-dealers. A bank's agreement with an unaffiliated broker- dealer is required to provide regulators access to records of the unaffiliated broker-dealer. On bank premises through bank's Bank regulators. own employees. ---------------------------------------------------------------------- Source: GAO Analysis AFFILIATES THAT UNDERWRITE AND DEAL IN SECURITIES ARE REGULATED BY BOTH BANK AND SECURITIES REGULATORS ------------------------------------------------------ Chapter 1:1.3.2 Banking organizations' securities underwriting and dealing activities are subject to regulation by both bank and securities regulators. Bank regulations require that a bank holding company and its subsidiaries that underwrite and deal in securities meet certain financial conditions and have regulatory limitations called firewalls in place and functioning to protect insured banks and bank customers from any possible losses of an underwriting affiliate. Bank regulators examine the underwriting subsidiaries for both their overall financial condition and compliance with firewalls. Securities regulators oversee and examine the same subsidiaries for compliance with securities laws and SEC and SRO regulations and rules. Firewalls are policies and procedures that separate the activities of banks from their affiliated companies that underwrite and deal in securities. These devices are meant to insulate insured banks from any possible losses of the underwriting affiliate. Firewalls also serve to minimize conflicts of interest. BANKS ARE NOT PROHIBITED FROM PROVIDING RETAIL BROKERAGE SERVICES -------------------------------------------------------- Chapter 1:1.4 Banks have never been prohibited by federal law or regulation from providing customers with retail securities brokerage services and associated investment advisory services. Nevertheless, bank retail brokerages did not become common until after the mid-1980s, when OCC issued a statement that generally granted national banks approval to provide retail brokerage services. The Federal Reserve also issued a statement approving bank holding companies' provision of retail brokerage services. After these statements were issued, banks began to request and receive approval from the regulators to provide retail brokerage services. At the time of our review, banks' retail securities brokerage services included the buying and selling of securities, such as stocks, bonds, and mutual funds, which bank regulators refer to as "nondeposit investment products." BANKING ORGANIZATIONS CAN UNDERWRITE AND DEAL IN SECURITIES ONLY UNDER CERTAIN CONDITIONS -------------------------------------------------------- Chapter 1:1.5 The Banking Act of 1933, commonly known as the Glass-Steagall Act, restricts banks and bank-affiliated companies in many underwriting and dealing activities. The act allows banks and companies affiliated with a bank\7 to underwrite and deal in certain types of securities known as bank-eligible securities. These include U.S. government and federally sponsored agency securities and general obligation bonds of states and municipalities. Underwriting and dealing in other types of securities--known as bank-ineligible securities--are subject to specific restrictions. The Glass-Steagall Act was enacted in reaction to the banking crisis of the Great Depression, during which many banks failed and customers lost confidence in the banking system. Basically, the act separates commercial and investment banking in an effort to enhance the safety and soundness of commercial banking and protect bank customers from potential conflict-of-interest abuses and other inequities.\8 The Glass-Steagall Act prohibits banks from underwriting and dealing in bank-ineligible securities--that is, municipal revenue bonds, private mortgage-backed securities, commercial paper, asset-backed securities, and corporate equity and debt securities (stocks and bonds). More specifically: Section 16 of the act prohibits a national bank from underwriting and dealing in bank-ineligible securities. Section 20 of the act prohibits a Federal Reserve member bank from becoming affiliated with any company that is "principally engaged" in the underwriting, sale, or distribution of bank-ineligible securities. Section 21 of the act prohibits any person or company engaged in the business of underwriting, selling, and distributing bank-ineligible securities from engaging in the business of receiving deposits. Section 32 of the act governs interlocking relationships by prohibiting directors, officers, or employees of member banks from serving as directors, officers, or employees of any institution primarily engaged in underwriting and dealing in securities. The Federal Reserve Act subjects state-chartered banks that belong to the Federal Reserve System to the same underwriting and dealing restrictions as national banks. Although Section 21 of the Glass-Steagall Act in effect prohibits state-chartered banks that are not FRS members from directly underwriting and dealing, they are not subject to Glass-Steagall restrictions on affiliations and, if not prohibited by state law, may affiliate with securities firms. However, bank holding companies that own state nonmember banks must obtain the Federal Reserve's approval under the Bank Holding Company Act before acquiring any underwriting subsidiary. Until recently, OCC interpreted the restrictions on national bank securities activities to apply to both banks and any subsidiary of the bank. OCC, however, changed this interpretation in November 1994, when it submitted a proposal to revise its rules governing corporate applications. The proposal would set up a process for OCC to consider applications from individual national banks to pursue new activities, including securities underwriting, through establishment of operating subsidiaries. OCC formerly prohibited bank subsidiaries from activities impermissible for the parent banks. According to OCC, applications would be considered on a case-by-case basis. OCC is considering comments on the proposal. -------------------- \7 A bank becomes affiliated with a securities underwriting firm when (1) the company that owns the bank also owns the securities firm, (2) the securities firm owns the bank, or (3) the securities firm is a subsidiary of the bank. \8 An example of an inequity that could result if banks were allowed unrestricted securities activities would be banks' favoring loan requests of customers and clients of their securities business over those of other bank customers. SECTION 20 SUBSIDIARIES ------------------------------------------------------ Chapter 1:1.5.1 In addition to restricting activities within banks, Section 20 of the Glass-Steagall Act prohibits Federal Reserve member banks--all national banks and state banks that choose to become members--from affiliating with an institution principally engaged in underwriting securities. The Federal Reserve interprets the prohibition to allow banks owned by holding companies to affiliate with institutions engaged in securities underwriting and dealing so long as the activity involving bank-ineligible securities generates 10 percent or less of the affiliate's gross revenue. The 10-percent threshold signifies that the bank-ineligible activity is not a principal activity of the institution. The companies that the Federal Reserve has approved to underwrite and deal in bank-ineligible securities are known as Section 20 subsidiaries. Generally, the principal business of these subsidiaries is underwriting and dealing in bank-eligible securities. Other financial and operating conditions must also be met before a Section 20 subsidiary may be established by a bank holding company. As described in further detail in chapter 3, the company must meet the following criteria: It must be adequately capitalized. It must be approved for such activities by the Federal Reserve Board. It must register with SEC as a broker-dealer and be a member in good standing of NASD. It must comply with certain operating conditions and firewalls. BONA FIDE SUBSIDIARIES ------------------------------------------------------ Chapter 1:1.5.2 Although Section 21 of the Glass-Steagall Act has the effect of prohibiting a state-chartered non-FRS-member bank from underwriting securities, the prohibition does not extend to the bank's subsidiaries. In 1984, FDIC issued regulations\9 setting out conditions under which insured state banks that are not Federal Reserve members can establish subsidiaries to engage in the sale, distribution, and underwriting of bank-ineligible securities. These subsidiaries are known as bona fide subsidiaries. Unlike the Federal Reserve, FDIC does not require non-FRS-member banks to obtain advance approval from FDIC headquarters to establish bona fide subsidiaries. However, any nonmember bank that wants to establish such subsidiaries is required to notify the Regional FDIC director of its intentions. Otherwise, bona fide subsidiaries must meet conditions similar to those required of Section 20 subsidiaries. As discussed in further detail in chapter 4, the company must meet the following criteria: It must be adequately capitalized. It must register with SEC as a broker-dealer and be a member in good standing of NASD. It must comply with operating conditions and restrictions that are similar to the firewalls that the Federal Reserve requires of bank holding company subsidiaries. -------------------- \9 12 CFR Section 337.4. OBJECTIVES, SCOPE, AND METHODOLOGY ---------------------------------------------------------- Chapter 1:2 As a result of the requesters' concerns and issues raised about the regulation of banking organizations' expansion into securities brokerage, underwriting, and dealing activities, we reviewed (1) bank regulators' procedures and processes for examining and supervising banks that provide brokerage services directly by bank employees and (2) banking organizations' securities underwriting and dealing activities. Our objectives were to assess the extent to which banks provide securities brokerage services and how these services are regulated; the Federal Reserve's supervision of bank holding company subsidiaries that the agency authorizes to underwrite and deal in securities, including the completeness and results of its inspections; and FDIC's regulation of bona fide subsidiaries that underwrite and deal in securities. We also sought to provide information on training available to bank examiners on brokerage and other securities activities. The scope of our work was limited to banking organizations' securities activities that are subject to Federal Reserve, OCC, and FDIC regulation. We have reported in the past on SEC and SROs' regulation of the securities industry and broker-dealers in general, which include registered securities subsidiaries of banking organizations. This report does not address other bank securities activities, including banks' holding securities as proprietary investments, which they can trade; banks' management of trusts or serving as investment advisers to mutual funds; and banks' activities as registered government and municipal securities dealers. Also, it was not within the scope of our work to determine comparative degrees of risk associated with different types of investment products or the various banking and nonbanking activities that banks might engage in. We obtained information on regulatory programs from officials of federal bank regulatory agencies, reviewed agency documents and examination files, and surveyed a sample of banks. To evaluate bank regulators' oversight of bank-direct brokerage operations we obtained from OCC, the Federal Reserve, and FDIC, respectively, guidance for examining brokerage operations and nonbanking activities of national, state FRS-member and state non-FRS-member banks and bank subsidiaries. We reviewed regulatory examinations of banks identified as having bank-direct brokerage operations to determine if the brokerage operations were examined as directed by the guidance. We identified banks that provided brokerage services directly by the bank from our survey of banks' securities and mutual fund activities (see ch. 2). We obtained information on the Federal Reserve's supervision of underwriting subsidiaries of bank holding companies from Federal Reserve officials. We reviewed the two most recently completed inspections, usually from 1992 and 1993, of the underwriting subsidiaries in four Federal Reserve Districts--Chicago, New York, Richmond, and San Francisco--to determine if the inspections were conducted as directed by Federal Reserve guidance on the inspection of nonbank subsidiaries engaged in underwriting and dealing. The four districts were selected because they provided a mix of banking organizations and subsidiaries, including money center banks, large regional organizations, and foreign-owned subsidiaries. They also were located near our headquarters and regional offices. We obtained information on regulation of securities activities conducted by national banks and their securities affiliates from OCC officials. We also reviewed examinations and interviewed examiners of national banks affiliated with underwriting subsidiaries to determine if their examinations included procedures to review prohibited interaffiliate transactions between a national bank and an underwriting affiliate. We obtained information on regulation of nonmember state-chartered banks' securities activities from FDIC officials. In addition to our review of bank-direct brokerage operations, we also reviewed and selected recent examinations of banks identified by FDIC as having bona fide subsidiaries meeting the criteria for underwriting and dealing in securities. The three bank regulators also provided us information related to the training of bank examiners on banks' securities activities. To develop information on the extent to which banks are providing brokerage services to retail customers and how those services are being provided, we surveyed a stratified random sample of 2,233 banks that is projectable to a nationwide universe of about 11,100 commercial banks. Our survey sample, described in appendix VIII, included Federal Reserve member, nationally chartered, and state-chartered banks of varying sizes. We conducted the survey because data on banks' securities activities that are compiled by bank regulators and industry groups did not capture the information we sought on banks' involvement in securities brokerage and mutual fund activities. Our work was performed at the Board of Governors of the Federal Reserve System, OCC, and FDIC in Washington, D.C.; in the Federal Reserve's Chicago, New York, Richmond, and San Francisco districts; and in OCC's and FDIC's Atlanta, Chicago, New York, and San Francisco regions. We conducted our audit work between May 1993 and September 1994 in accordance with generally accepted government audit standards. We obtained comments on a draft of the report from the Federal Reserve, FDIC, OCC, SEC, and NASD. Their comments are presented and evaluated in chapters 2, 3, and 4 and are reprinted in appendixes III, IV, V, VI, and VII. BANKS' SECURITIES BROKERAGE ACTIVITIES RAISE REGULATORY ISSUES ============================================================ Chapter 2 Our survey of banks showed that the securities activities of most banks are regulated by SEC. The survey also showed that an estimated 287, about 12 percent, of the estimated 2,400 banks that provide securities brokerage services provide those services on bank premises, exclusively through bank employees. We refer to these as bank-direct brokerage operations. Because banks are exempt from securities regulation, as noted in chapter 1, the securities brokerage activities of these banks are regulated by bank regulators. In the past, bank regulators did not always review the bank-direct brokerage operations as part of bank examinations, but they issued new guidance and examination procedures in 1994 that have increased emphasis on such reviews. Nevertheless, exempting the securities activities of these banks from securities regulation results in parallel, though different, regulatory systems for the same activity. MANY BANKS PROVIDE RETAIL SECURITIES BROKERAGE SERVICES ---------------------------------------------------------- Chapter 2:1 To determine the number of banks providing bank-direct and other brokerage services and to gather data about the nature of services provided, we surveyed a sample of over 2,200 banks nationwide. Appendixes VIII and IX provide technical information about the survey and the questionnaire we used. On the basis of the results of our survey, we estimate that about 2,400 banks offered retail securities brokerage services as of June 1994. This represents about 22 percent of the 11,084 banks that we estimated were in the United States at the time of our survey.\1 Figures 2.1 through 2.3 show by size, type, and region the percent of all banks that offered brokerage services. For example, figure 2.1 shows that the larger the bank, the greater the likelihood that it provided securities brokerage services to retail customers. Figure 2.1: Estimated Percent of All Banks and Banks in Each Size Category Offering Retail Securities Brokerage Services (See figure in printed edition.) Source: GAO survey. Figures 2.2 and 2.3 show the percentages of banks by type and region of the United States that provide securities brokerage services. Figure 2.2: Estimated Percent of All Banks and Banks of Each Type Offering Retail Securities Brokerage Service (See figure in printed edition.) Source: GAO survey. Figure 2.3: Estimated Percent of All Banks and Banks in Each Region Offering Retail Securities Brokerage Services (See figure in printed edition.) Source: GAO survey. Of the estimated 2,400 banks that offered retail securities brokerage services, 27 percent provided full-service brokerage services, 52 percent provided discount brokerage services, and 21 percent provided accommodation brokerage services.\2 Except for banks operating in the West, we found similar patterns in the type of securities brokerage services banks offered by size, type of bank, and regional location, as shown in figures 2.4 through 2.6. We also found that larger banks and banks operating in the West were more likely to offer full-service retail brokerage services. Figure 2.4: Type of Brokerage Services Offered by Banks That Provide Securities Services in Each Size Category (See figure in printed edition.) Note: Percentages may not add to 100 percent bacause of rounding. Source: GAO survey. Figure 2.5: Type of Brokerage Services Offered by Banks That Provide Securities Services by Type of Bank (See figure in printed edition.) Source: GAO survey. Figure 2.6: Type of Brokerage Services Offered by Banks That Provide Securities Services by Region (See figure in printed edition.) Source: GAO survey. -------------------- \1 The sampling errors for the weighted estimates from our survey are no more than plus or minus 5 percent unless otherwise noted. The number of banks shown differs from the number, 11,210, shown in app. VIII, table VIII.1, because we estimated 126 banks in the original population were ineligible for our survey because they had ceased to operate as financial institutions. \2 In our survey of banks, we defined full-service brokerage as offering investment advice and/or buy and sell recommendations in conjunction with executing customer buy and sell orders, discount brokerage as acting solely as an agent in executing customer buy and sell orders, and accommodation brokerage as placing buy and sell orders as a service only when requested by a customer or to facilitate other transactions. MOST BANK BROKERAGE SERVICES WERE PROVIDED THROUGH SUBSIDIARIES AND THIRD-PARTY ARRANGEMENTS ---------------------------------------------------------- Chapter 2:2 As table 2.1 shows, 12 percent of the banks that offered securities brokerage services (287 banks, or about 3 percent of banks nationwide) provided only bank-direct brokerage services. The remaining 88 percent of banks that provided securities brokerage services did so through an SEC-registered securities broker-dealer. Securities brokerage services at some of these banks were provided in a variety of ways. As a result, some banks responding to our survey provided multiple responses to describe securities brokerage services. Table 2.1 shows the various ways in which banks provide securities brokerage services to retail customers. Table 2.1 How Banks Provide Retail Securities Brokerage Services to Their Customers (Multiple responses allowed) Bank response s (percent Services provided ) ------------------------------------------------------------ -------- Customer orders taken directly by employees of the bank only 12 Through a leasing or networking agreement\a with a 35 registered broker-dealer Bank employee referral of customers to registered broker- 39 dealers and/or other arrangements involving a registered broker-dealer Through registered affiliate or subsidiary broker-dealer 42 Using dual employees\b of the bank and a registered broker- 44 dealer ---------------------------------------------------------------------- \a A leasing or networking agreement is an arrangement between a bank and a registered broker-dealer to offer brokerage services to customers on bank premises. These arrangements can involve either affiliated or unaffiliated broker-dealer firms. \b An arrangement in which a registered broker-dealer uses bank employees and premises to sell securities and in return makes a monthly payment to the bank. The dual employees can be paid incentive bonuses in addition to a fixed salary. Source: GAO survey. To validate questionnaire responses and determine how banks handle brokerage transactions, we contacted all 46 banks that responded to our survey by April 15, 1994, indicating that they provided bank-direct brokerage services. Officials of six banks said their employees either referred customers directly to an unaffiliated registered broker-dealer or provided brokerage services through a registered broker-dealer subsidiary. Officials of the remaining 40 banks confirmed that they provided bank-direct brokerage services--that is, services at the bank premises and exclusively through bank employees. According to officials from these 40 banks, designated bank employees take customer-initiated orders to buy or sell investment products, which the bank refers to unaffiliated registered broker-dealers for execution and confirmation. After April 15, 1994, 25 additional banks responded to our survey and indicated that they provided bank-direct brokerage services. The size, type, and location of these additional banks appeared similar to the characteristics of the 40 banks we had identified earlier as providing bank-direct brokerage services. We did not gather additional information on how these 25 additional banks handled their retail securities brokerage operations because we had no reason to expect their responses would be different from the responses we received from the initial 46. Follow-up discussions with the 40 banks that provided bank-direct brokerage services indicated that most were not handling large volumes of brokerage transactions. Officials of 16 of those banks said that they processed fewer than 10 transactions per month, 14 said 10 to 25 per month, and 10 said more than 25 per month. An official from 1 of the 40 banks said the bank also offered investment advice to retail customers. However, the investment advice was offered only to retail customers interested in the bank's mutual fund sales program. The official from this particular bank said the bank also operated a separate brokerage unit to provide discount brokerage services to customers interested in buying or selling other securities products, such as stocks, bonds, and U.S. Treasury securities. BANK REGULATORS ARE WORKING TO IMPROVE REVIEWS OF BANK-DIRECT BROKERAGE OPERATIONS ---------------------------------------------------------- Chapter 2:3 Bank regulators' responsibilities for examining bank-direct brokerage operations are defined by regulations and supervisory guidance. Before 1994, under the old guidance, bank regulators did few examinations of bank-direct brokerage operations. In 1994, federal bank regulators issued new joint guidance and examination procedures for brokerage operations on bank premises. It is too early too tell how frequently examinations will be done or how effective bank examiners will be at examining brokerage operations under the new guidance and examination procedures. Examination of brokerages traditionally has been the responsibility of securities regulators. Further, not all bank examiners are trained to examine bank securities activities. BEFORE 1994, BANK REGULATORS DID FEW EXAMINATIONS OF BANK-DIRECT BROKERAGE OPERATIONS -------------------------------------------------------- Chapter 2:3.1 Bank regulators' responsibilities to monitor banks activities, including bank-direct brokerage activities, although not explicitly stated, are defined generally by the Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA) (P.L. 102-242). The act, as amended in 1994, requires federal bank regulatory agencies to perform a full-scope, on-site examination at least once a year for each insured depository institution with assets greater than $250 million.\3 The purpose of these examinations is to ensure that effective internal controls are in place and operating as intended to protect the safety and soundness of the bank. The examinations are to cover all factors relevant to the safe and sound operation of the bank--including nonbanking activities conducted on bank premises, such as bank-direct brokerage services. However, federal securities regulators told us that bank regulatory oversight is not equivalent to oversight by securities regulators because federal banking statutes and regulations do not comprehensively address sales practice issues, nor do they impose an explicit duty to supervise bank securities sales personnel. In addition, they said bank securities customers have no formal avenue of redress for complaints. Regulatory responsibilities related to bank-direct brokerage activities are further defined by guidance that each bank regulator has issued on nonbanking activities, including securities brokerage activities. During 1993, each of the three bank regulators individually issued agency guidance that instructed examiners to focus on the sale of nondeposit investment products on bank premises as part of routine bank examinations.\4 Despite the requirements of FDICIA and existing agency guidance, many bank-direct brokerages were not reviewed during on-site examinations completed in the period 1992 through mid-1994. The results of our review of examinations completed in that period showed that 28 (72 percent) of 39 bank-direct brokerages that should have been reviewed were not. (We excluded one FDIC-regulated bank from this analysis because it responded that it provided minimal accommodation brokerage services.) Because these bank-direct brokerages are exempt from SEC and NASD regulation and they were not reviewed by bank regulators, they were operating without any federal oversight. Table 2.2 shows the number of bank-direct brokerages, out of the 40 we reviewed, that bank regulators have examined. Table 2.2 Bank-Direct Brokerage Operations Examined by Bank Regulators in the Period 1992 Through Mid-1994 Banks with examinations that included a review Banks with bank- of bank-direct direct brokerage brokerage Bank regulators operations operations ------------------------------ ------------------ ------------------ FDIC 18 3 Federal Reserve 4 1 OCC 17 8 ====================================================================== Total 39 12 ---------------------------------------------------------------------- Source: GAO analysis. -------------------- \3 State regulatory examinations can be substituted in alternate years for state-chartered banks, and longer examination periods--18 months--can be used for banks with less than $250 million in assets that previous examinations have shown to be well-capitalized and well-managed. \4 FRB notice to Officers-in-Charge of Supervision at each federal reserve bank on the separation of mutual fund sales activities from insured deposit-taking activities (June 17, 1993) (SR 93-35 (FIS)); OCC Banking Circular 274, issued July 19, 1993 (NR 93-77); FDIC Statement on State Nonmember Bank Sales of Mutual Funds and Annuities, issued October 8, 1993 (FIL-71-93). BANK REGULATORS HAVE ISSUED NEW GUIDANCE ON BANK-DIRECT BROKERAGE OPERATIONS -------------------------------------------------------- Chapter 2:3.2 Banking regulators recently took steps to improve their oversight of bank-direct brokerage operations. On February 15, 1994, federal bank regulators issued a joint policy statement on the sale of nondeposit investment products on the premises of insured banking institutions. This new guidance addresses investor protection issues, such as sales practices and suitability,\5 use of information about customers, and consumer disclosure and advertising requirements for the retail sale of mutual funds and other securities products on bank premises. The new guidance applies to retail recommendations and sales of nondeposit investment products made by (1) employees of a banking organization, (2) employees of an affiliated or unaffiliated third party operating on the premises of the banking organization, and (3) sales resulting from a referral of retail customers by the institution to a third party when the depository institution receives a benefit for the referral. The purpose of the guidance is to minimize the possibility of customer confusion and to safeguard the institution from liability under antifraud provisions of the federal securities laws. The Federal Reserve, FDIC, and OCC have taken steps to review for compliance with this guidance as part of their routine safety-and-soundness examinations. Although the new guidance does not have the same force as a federal statute or bank regulation, federal bank regulators have informed the various banking organizations under their jurisdiction that, as appropriate, a review for compliance with the joint agency guidance will be included in routine bank examinations. For example, OCC said that it directed examiners to include a review of nondeposit investment product sales activities in all bank safety and soundness examinations. All three bank regulators have developed detailed examination procedures for their examiners to use in reviewing securities sales activities of banks during routine examinations. The examination procedures address investor protection concerns, such as advertising, suitability of investments recommended, and sales practices. -------------------- \5 Suitability refers to the matching of customer financial means and investment objectives with a suitable product. INFORMATION ON TRAINING PROVIDED TO BANK EXAMINERS FOR OVERSIGHT OF BANK SECURITIES ACTIVITIES -------------------------------------------------------- Chapter 2:3.3 FDICIA requires federal bank agencies to periodically review and provide training to their examiners to ensure frequent, objective, and thorough examinations of federally insured banking institutions. The Federal Reserve, FDIC, and OCC provide bank examiners with guidance on overseeing bank securities activities. Bank examiners at the Federal Reserve and OCC also receive formal training that addresses oversight of bank and bank subsidiaries' securities activities, including the joint agency guidance. However, as of September 1994, FDIC had no formal examiner training program that focused on oversight of securities activities of state nonmember banks and their subsidiaries. THE FEDERAL RESERVE AND OCC PROVIDE EXAMINER TRAINING ON BANK SECURITIES ACTIVITIES ------------------------------------------------------ Chapter 2:3.3.1 Federal Reserve examiners may receive training related to bank securities activities through specialized seminars and training courses. For example, Federal Reserve examiners can attend a securities market seminar. This 2- to 3-day seminar covers relevant securities and banking laws governing bank securities activities as well as retail securities brokerage activities within the bank. Seminar topics include inequitable and unfair sales practices, insider trading, customer account recordkeeping and confirmation requirements, firewall requirements (discussed in chapters 3 and 4), SEC and SRO oversight functions, and other related topics. In addition, the Federal Reserve recently developed an examiner training course on the joint regulatory guidance on retail sale of nondeposit investment products in the bank. OCC examiners receive specialized training through conferences, seminars, and courses. In December 1992, OCC offered examiners a conference that included a session on risks banks take in selling mutual funds and annuities. This conference included a discussion of suitability issues.\6 In September 1993, OCC offered examiners a 3-day seminar on bank sales of mutual funds and nondeposit investment products. In addition, OCC's 1993 course catalog also lists various examiner training opportunities related to bank securities activities. An OCC Capital Markets Expert Seminar covered a range of capital markets topics, including bank dealer, trading, and retail brokerage activities. Another OCC course covered fundamental concepts and terminology of the securities business. It explained the processes and procedures used in issuing, transferring, and regulating securities and presented an overview of securities industry operations and the basic industry components. A course entitled "Bank Securities Dealers" was designed to enable OCC examiners to identify potentially unsafe and unsound practices for sales of municipal securities. Another OCC examiner course focused on the potential effects of transactions between banks and affiliates and related organizations. According to OCC, training relevant to examining bank securities activities was also provided in each of its six district offices and those examiners, in turn, provided the training to examiners in other offices across the country. -------------------- \6 Consistent with NASD's Rules of Fair Practice, bank regulators expect banks to determine whether a product being recommended is an appropriate investment for the customer. Banks are instructed to ensure that any salesperson involved in bank-related sales obtains sufficient information from a customer to enable the salesperson to make a judgment about the suitability of any recommendations to the customer. FDIC PROVIDES NO FORMAL EXAMINER TRAINING ON BANK SECURITIES ACTIVITIES ------------------------------------------------------ Chapter 2:3.3.2 FDIC provided no extended formal training to its examiners on oversight of bank securities brokerage and underwriting activities. FDIC's examiner training on these subjects was limited to briefings on changes in regulations, a lecture on bank relationships with broker-dealers, and on-the-job examiner training. FDIC officials said that FDIC's primary focus is to oversee the safety and soundness of banks--not the sales practices of bank securities subsidiaries, which are subject to oversight by securities industry regulators. However, FDIC is responsible for regulatory oversight of bank-direct brokerage activities of banks under FDIC's jurisdiction. Such brokerages are exempt from oversight of securities regulators. In April 1994, FDIC provided examiners with specific examination procedures for examinations of bank-direct brokerage activities; however, the agency provides no similar guidance for examinations related to securities underwriting activities. In the absence of such aids and a formal training program, FDIC examiners are instructed to use FDIC's regulation for bona fide subsidiaries as guidance, along with their professional judgment, in examining banking organizations for compliance with the FDIC firewall provisions that apply to bank securities underwriting activities. FDIC officials said that despite the lack of formal training programs to address bank securities underwriting and brokerage activities, they were confident that their examiners could assess the impact of banks' securities activities on the safety and soundness of state nonmember banks. BANK AND SECURITIES REGULATORS CAN COOPERATE TO MAKE OVERSIGHT OF BANK-DIRECT BROKERAGE OPERATIONS MORE CONSISTENT ---------------------------------------------------------- Chapter 2:4 Under the current regulatory structure, either bank or securities regulators may oversee the securities activities of banks, depending on how banks organize the activities. Therefore, to ensure that customers who invest in securities are treated fairly, bank and securities regulators must work closely together to share information, coordinate rules, and provide consistent examinations. Otherwise, securities investors can be exposed to inconsistent sales practices by sales representatives having different levels of training and experience. Although bank and securities regulators have cooperated well on some activities, other opportunities for cooperation exist that could provide more consistent regulation of bank securities activities. On occasion bank and securities regulators have worked together. For example, during 1994 bank regulators sought the assistance of SEC and NASD officials and examiners in developing new guidance and in developing and pilot-testing examination procedures. Also during 1994, the Federal Reserve and NASD agreed to coordinate examinations of bank brokerage affiliates. In January 1995, all three banking regulators and NASD reached a formal agreement to coordinate examination schedules of bank-affiliated broker-dealers and share examination findings and workpapers. Further, securities regulators and bank regulators told us that they are discussing various proposals to extend securities industry qualifications testing and registration to bank employees who are engaged in bank-direct securities activities. The testing and registration process is to be backed by examination, enforcement, and disciplinary functions designed to be identical to those in place for the securities industry. Bank and securities regulators expect to resolve this issue within the next several months. SEC has also contacted the bank regulators to propose development of a common approach to eliminating the payment of referral fees to nonregistered employees of financial institutions. Despite such cooperative efforts, differences in approaches to and procedures for regulating bank brokerage operations persist. For example, the interagency guidance sets forth standards for registered broker-dealers that differ, in some respects, from federal securities laws and regulations. These differences were highlighted when, in December 1994, NASD released for comment proposed rules governing securities broker-dealers operating on bank premises. The proposed NASD rules prohibit the payment of referral fees by the broker-dealer to nonregistered bank employees. Referral fees are permitted by the interagency guidance, provided that they are one-time nominal fees of a fixed-dollar amount and not contingent on the referral resulting in a transaction. The proposed rules also place stricter controls than the interagency guidance on the broker's use of confidential bank customer financial information, such as certificate of deposit maturity dates and balances, for soliciting sales of securities. Also, the proposed NASD rules place stricter limits on the use of bank logos in advertising materials for securities than the interagency guidance. NASD's proposed rules have generated controversy in the banking industry. According to the financial press, some bankers have complained that the rules hold bank brokerages to standards that are higher than for nonbank brokerages. For example, they note that, unlike bank brokerages, nonbank brokerages are not required to disclose that mutual funds are not federally insured. An NASD official responded that when a customer deals with a brokerage in a bank, that brokerage has a higher responsibility to ensure that the customer understands the risk involved in investing in securities as compared to savings accounts or certificates of deposit. According to NASD, its proposed rules\7 seek consistent treatment of affiliated and networking (third-party) broker-dealers. Further, NASD said the banking guidelines established by the Interagency Statement do not have the force and effect of law and cannot support disciplinary actions against broker-dealers. Both the Interagency Statement and the proposed NASD rules, however, require written acknowledgement of the disclosure of risks associated with investment products sold in banks. The Interagency Statement is more comprehensive in that it also requires oral disclosure at any sales presentation or offering of investment advice. Additional cooperative efforts among bank and securities regulators could help make regulation more uniform and consistent by making information and regulatory procedures used by securities regulators available to bank regulators. For example, NASD and state securities regulators maintain the Central Registration Depository (CRD), a database containing background and disciplinary information on broker-dealers and individual sales representatives.\8 In our September 1994 report and testimony before the congressional oversight committee\9 we recognized that the CRD information, after system design limitations are corrected, could be a useful regulatory tool for controlling the migration of unscrupulous persons among sectors of the financial services industry. We recommended that SEC, the Treasury Department, and other regulators work together to increase disclosure of the CRD information among the various regulators of financial services. Those regulators have begun actions to increase disclosure.\10 According to the Federal Reserve, banking and securities regulators are developing a proposal that would include developing a CRD recordkeeping system for bank sales personnel. -------------------- \7 NASD's proposed rules will be held open for further notice and comment when they are submitted to SEC for approval. \8 Originally established as a centralized broker licensing and SRO registration system, CRD is now also used by regulators and the industry to help oversee brokers' activities. \9 Securities Markets: Actions Needed To Better Protect Investors Against Unscrupulous Brokers (GAO/GGD-94-208, Sep. 14, 1994); and Securities Markets: Actions Needed To Better Protect Investors Against Unscrupulous Brokers (GAO/T-GGD-94-190, Sep. 14, 1994). \10 Bank regulators currently have access to CRD but as currently structured, CRD does not include bank employees engaged in bank-direct sales of securities. BANK AND SECURITIES REGULATORS HAVE DIFFERING VIEWS ON HOW BANKS' SECURITIES ACTIVITIES SHOULD BE REGULATED ---------------------------------------------------------- Chapter 2:5 Although bank and securities regulators have cooperated to develop guidance and related examination procedures for banks offering brokerage services, the same regulators have been at odds about whether the current regulatory structure is adequate to protect investors. Securities regulators are concerned that the current regulatory structure for oversight of bank securities activities has not kept pace with changes in the market and may not be adequate to protect investors. In particular, the securities regulators have questioned the continued exemption of banks from SEC registration and regulation. They argue that the exemptions subject banks to weaker regulatory standards than broker-dealers. For example, in congressional hearings SEC officials stated that banking regulation has traditionally focused on the safety and soundness of the banking system and the protection of depositors as opposed to protection of securities investors. The securities regulators and securities industry representatives have stated that Congress should reassess the current regulatory structure in light of banks' expansion into securities activities and develop a system of functional regulation in which the securities regulators would be responsible for regulating all securities activities, including those of banks.\11 In contrast, bank regulators and banking industry representatives have stated that measures that they have taken to strengthen oversight of securities activities provide adequate protection to customers who choose to invest through their banks. They also said that reforming the regulatory structure as advocated by SEC would create a duplicative and burdensome regulatory environment for banks. Banking industry representatives have testified that functional regulation should be considered only in connection with comprehensive reform of banking regulation, including repeal of Glass-Steagall Act provisions that limit banks' securities activities. -------------------- \11 The concept of functional regulation calls for regulation according to function rather than according to the entity performing the function. Hence, under functional regulation SEC would be responsible for regulation and oversight of all securities broker-dealer and related activities of banks, and banking regulators would be precluded from examining these activities. CONCLUSIONS ---------------------------------------------------------- Chapter 2:6 Clearly, banking and securities activities are no longer separate as envisioned by 1930s legislation because banks have become more involved in providing their customers with securities services. The regulatory system, which was also designed in the 1930s, has not been adjusted to reflect the changed activities. Because banks are exempt from SEC registration and regulation, banking organizations can chose how to organize their securities brokerage activities, and depending on that organization, how they are regulated. For example, banks can choose to sell securities directly and be subject to oversight by banking regulators but not by securities regulators. If these activities are to be regulated, then bank regulators must include them in their regulatory scheme and examinations. Under the current regulatory structure the same type of securities activities can be overseen by different regulators depending on how banks organize their securities activities. The potential for inconsistent oversight has not been much of a problem so far because most banks provide securities services in subsidiaries that are regulated primarily by securities regulators. Further, for the 3 percent of banks nationwide that offer brokerage services that are exempt from regulation by securities regulators, bank regulators have provided new guidance and examination procedures and are working to improve their oversight. Nevertheless, providing consistent securities oversight, no matter where in an organization these activities are done, would be enhanced by increased cooperation, coordination, and sharing of regulatory expertise among bank and securities regulators. Although bank and securities regulators have shown that they can cooperate on oversight of securities sales on bank premises, as we have indicated, issues requiring further coordination remain. By working more closely together bank and securities regulators could help ensure that both safety and soundness and investor protection concerns are appropriately addressed in regulatory requirements and examinations of bank-direct brokerage activities, but without added regulatory burden. RECOMMENDATION ---------------------------------------------------------- Chapter 2:7 We recommend that the heads of the Federal Reserve, FDIC, OCC, SEC, and NASD require their respective staffs to work together to develop and implement an approach for regulating bank-direct securities activities that provides consistent and effective standards for investor protection while ensuring bank safety and soundness. AGENCY COMMENTS AND OUR EVALUATION ---------------------------------------------------------- Chapter 2:8 FDIC -------------------------------------------------------- Chapter 2:8.1 FDIC commented that although its procedures were not flawless in the period covered by our review, the results shown in table 2.2 on bank-direct brokerages examined by bank regulators may be misleading. In preparing detailed comments, FDIC reviewed our analysis and said it found a different picture of its regulatory oversight from that indicated by the numbers presented. FDIC polled its regions and found that three, rather than two, of the banks' brokerage activities were examined. This additional examination was completed after the period of our survey. We now include it in table 2.2 as being examined. FDIC stated that many of the banks are not involved in retail sales of nondeposit investment products except to accommodate customer requests. FDIC also said that the remainder of those banks conduct a brokerage activity only through a third-party vendor. We cannot explain why the securities brokerage activities of banks as reported by FDIC would differ from information we obtained directly from the banks we surveyed, unless the banks changed how they provided brokerage services between the time of our survey and the time they were last contacted by FDIC examiners. Nineteen FDIC-regulated banks responded to our survey that they provided brokerage services to customers directly by bank employees. We later called each of those banks to validate their responses. Eighteen of those banks responded that they provide discount brokerages services by bank employees. One bank responded that it provided minimal accommodation brokerage services. We have dropped it from the table 2.2 analysis in our final report. FDIC commented that its efforts have been directed at eliminating customer confusion concerning investment products sold by banks. It said it is working closely with other federal regulators to develop and implement an improved and coordinated approach to supervising securities activities and would continue to work with SEC and NASD to harmonize rules. FDIC commented that it has supervisory responsibility over few banking organizations with securities activities that would require extensive specialized examiner training. However, it is considering the type and scope of examiner training necessary. FEDERAL RESERVE -------------------------------------------------------- Chapter 2:8.2 The Federal Reserve agreed with our recommendation that bank and securities regulators work together to develop and implement an approach for regulating bank-direct securities activities. The Federal Reserve said that it has been pursuing a number of efforts to coordinate supervision of bank securities activities with securities regulators. It also said that its joint efforts with securities regulators are resulting in a supervisory program for bank-direct sales activities that is analogous to, and consistent with, broker-dealer regulation. Among these, the Federal Reserve noted banking regulators' efforts to make securities regulators' professional qualification examinations available to bank sales personnel. The Federal Reserve also noted that the banking regulators have proposed coordinated rulemaking by the banking regulators, including developing a comprehensive central registration depository type recordkeeping system for bank sales personnel. OCC -------------------------------------------------------- Chapter 2:8.3 OCC commented that our recommendation is consistent with actions it has already undertaken to improve oversight of banks' securities brokerage activities through better coordination and cooperation with securities regulators. OCC disagreed with our discussion of the additional risks to banks that are associated with securities activities. We did not study the comparative risks of various banking and nonbanking activities. Nevertheless, securities activities can pose risks to banking organizations, just as they can to securities firms. When federally insured banks can be affected by such risks, measures should be taken to insulate those banks from losses incurred by the securities activities. OCC stated that it directed examiners to include a review of nondeposit investment product sales activities in all bank safety and soundness examinations. The examinations are to be done with statutory frequency--every 12 to 18 months, depending on bank size and condition. OCC expects that by the end of 1995, all national banks that are engaged in bank-direct brokerage operations will have had at least one such examination. SEC -------------------------------------------------------- Chapter 2:8.4 SEC commented that it, the federal banking regulators, and NASD have worked hard together but that interagency cooperation to regulate banks' securities activities is not enough. It advocated a system of functional regulation, in which each entity is regulated according to the particular activity that it undertakes. SEC stated that functional regulation would be a more efficient and responsible use of both taxpayer dollars and bank capital. SEC emphasized the importance of ensuring that the applicable regulatory scheme provides equal protection for all investors and reduces regulatory costs. This, SEC commented, in turn, would ensure that competition is based on market performance, rather than on arbitrary differences in regulation. SEC commented that our report appears to encourage a system of duplicative regulation, which it strongly disagrees with. We believe that in the present regulatory environment, in which bank-affiliated securities activities are regulated primarily by securities regulators and bank-direct activities are regulated by bank regulators, cooperation and coordination by regulators is a practical means of sharing regulatory expertise and achieving consistent investor protection. Without financial system reform and restructuring, which could include both functional and consolidated regulatory systems as a means to efficient and comprehensive regulation, cooperation and coordination is the only way to achieve consistent investor protection. Under a system of functional regulation, cooperation and coordination among regulators would still be needed to avoid duplication and coverage gaps and share information and examination results. NASD -------------------------------------------------------- Chapter 2:8.5 NASD commented that it is a strong advocate of functional regulation as the long-term solution to establishing an effective regulatory structure that spans the securities activities of banks and broker-dealers. However, NASD stated that it was willing to support our recommendation that the regulators cooperate by sharing its advertising and sales practice policies and procedures and experience and expertise in securities examinations with the bank regulators and assisting in bank examiner training. FEDERAL RESERVE INSPECTIONS USUALLY ASSESS COMPLIANCE WITH ALL APPLICABLE FIREWALLS ============================================================ Chapter 3 As of November 1994, the number of Section 20 subsidiaries in operation was 35. The total gross revenues of all Section 20 subsidiaries was about $10 billion in 1993, which was about 8 percent of total 1993 gross revenues for the securities industry. The Federal Reserve has prescribed firewalls to protect insured affiliated banks from risks associated with the Section 20 subsidiaries' securities activities. Federal Reserve examiners are to inspect those Section 20 subsidiaries that seek to underwrite and deal in corporate securities before they begin operations to ensure that they are capable of complying with prescribed firewalls. For all other Section 20 subsidiaries, the first annual inspection is to include a detailed examination of compliance with applicable firewalls. All subsidiaries are then to be inspected annually to assess their financial condition and to determine their compliance with firewalls and the limits on the amount of their business in bank-ineligible securities. We found that the Federal Reserve has generally maintained its annual inspection cycle during the last 2 years and that the Federal Reserve has taken steps to correct deficiencies identified by the inspections. However, we also found that some firewalls were not examined, and documentation available in some examination files was inadequate for determining whether appropriate firewall inspections had occurred. Thus, although the Federal Reserve in general comprehensively reviewed or tested for compliance with all firewalls, there were a few cases in which full compliance with all firewalls could not be assured. SECTION 20 SUBSIDIARIES' SECURITIES ACTIVITIES HAVE GROWN ---------------------------------------------------------- Chapter 3:1 As mentioned in chapter 1, the Federal Reserve allows bank holding companies to establish Section 20 subsidiaries, which engage in limited amounts of underwriting and dealing in bank-ineligible securities (no more than 10 percent of the subsidiary's gross revenue can be derived from such activities). The Federal Reserve has approved bank-ineligible securities for Section 20 activities over time, starting in 1987. The initial Federal Reserve order of April 30, 1987, approved applications of Citicorp, J.P. Morgan & Co., and Bankers Trust New York Corp. to engage in limited underwriting and dealing in municipal revenue bonds, mortgage-related securities, and commercial paper. Later that year, the Federal Reserve issued an order approving the underwriting of asset-backed securities.\1 The activities approved in 1987 are referred to as "1987 powers" of Section 20 subsidiaries. In 1989, the Federal Reserve extended the powers for certain Section 20 subsidiaries to underwriting and dealing in corporate debt and equity securities--referred to as "1989 powers." As of November 1994, 35 Section 20 subsidiaries were operating under Federal Reserve approval. As shown in table 3.1, 17 of those subsidiaries operated under 1987 powers, 14 operated under both 1987 and 1989 powers, and 4 had 1987 and 1989 corporate-debt- only powers. Twelve of the 35 Section 20 subsidiaries were foreign-owned. The volume of activity among Section 20 subsidiaries in bank-ineligible securities has grown rapidly in recent years even though their share of revenues in the securities industry has declined. In 1990, the volume of bank-ineligible securities underwritten by Section 20 subsidiaries was about $27.8 billion.\2 According to Federal Reserve records, the volume of bank-ineligible securities underwritten by Section 20 subsidiaries in 1993 was about $58.6 billion, a 110-percent increase over 1990's volume. The total gross revenues of the Section 20 subsidiaries increased by 57 percent from about $6.4 billion for 1990 to about $10.0 billion for 1993. However, according to SEC data, the total gross revenues of Section 20 subsidiaries as a percent of the total for the securities industry declined from 10.1 percent for 1990 to 7.8 percent for 1993. As of the end of 1993, Section 20 subsidiaries held 13.6 percent of the total securities industry assets. The top 10 Section 20 subsidiaries in terms of revenue production during 1993 included J.P. Morgan Securities, Greenwich Capital Markets, BT Securities, Citicorp Securities, Barclays Capital, Chase Manhattan Securities, Sanwa-BGK Securities, Chemical Securities, Deutsche Bank Securities, and NationsBanc Capital Markets. The Section 20 subsidiaries and their parent organizations are also shown in table 3.1. Table 3.1 Section 20 Subsidiaries' Securities Powers and Parent Organizations as of November 1994 Section 20 subsidiary Parent organization ---------------------------------- ---------------------------------- 1987 and 1989 Corporate debt and equity powers ---------------------------------------------------------------------- BA Securities, Inc. BankAmerica Corp. BT Securities Corp. Bankers Trust N.Y. Corp. Chase Securities Inc. Chase Manhattan Corp. Chemical Securities Inc. Chemical Banking Corp. Deutsche Bank Securities Corp. Deutsche Bank AG\a Harris Nesbitt Thomson Securities, Bankmont Financial Corp.\a Inc. Hopper Soliday and Co., Inc. Dauphin Deposit Corp. J.P. Morgan Securities Inc. J.P. Morgan and Co., Inc. NationsBanc Capital Markets, Inc NationsBanc Corp. RBC Dominion Securities Corp. Royal Bank of Canada\a Republic N.Y. Securities Corp. Republic New York Corp.\a ScotiaMcleod (USA) Inc. The Bank of Nova Scotia\a Toronto Dominion Securities (USA) Toronto-Dominion Bank\a Inc. Woody Gundy Corp. The Canadian Imperial Bank of Commerce\a 1987 and 1989 Corporate debt powers ---------------------------------------------------------------------- Barclays Capital Corp. Barclays Bank PLC\a Citicorp Securities Inc. Citicorp First of America Securities, Inc. First of America Bank Corp. First Chicago Capital Markets, First Chicago Corp. Inc. 1987 Powers ---------------------------------------------------------------------- ABN AMRO Securities (USA) Inc. ABN AMRO North America, Inc.\a Banc One Capital Corp. Bank One Corp. Bank South Securities Corp. Bank South Corp. Barnett Securities, Inc. Barnett Banks Inc. DKB Securities Corp. The Dai-Ichi Kangyo Bank, Ltd.\a First Union Securities, Inc. First Union Corp. Fleet Securities, Inc. Fleet Financial Group, Inc. Greenwich Capital Markets, Inc. The Long-Term Credit Bank of Japan\a Huntington Capital Corp. Huntington Bancshares, Inc. Liberty Investment Services, Inc. Liberty National Bancorp, Inc. National City Investments Corp. National City Corp. Norwest Investment Services Norwest Corp. PNC Securities Corp. PNC Bank Corp. Sanwa-BGK Securities Co., L.P. The Sanwa Bank Ltd.\a SouthTrust Securities Inc. SouthTrust Corp. SunTrust Capital Markets SunTrust Banks, Inc. Synovus Securities, Inc. Synovus Financial Corp. ---------------------------------------------------------------------- \a Foreign-owned corporation. Source: Federal Reserve Board. -------------------- \1 These are bonds or notes backed by loans or accounts receivable originated by banks, credit card companies, or other providers of credit. Typically, the originator of the loan or account receivable paper, such as for automobile loans and credit card receivables, sells the paper to a special trust, which repackages it as securities. The securities are then underwritten by brokerage firms, which reoffer them to the public. \2 Our report, Bank Powers: Bank Holding Company Securities Subsidiaries' Market Activities Update (GAO/GGD-91-131, Sep. 20, 1991), provided information on the market activities of Section 20 subsidiaries. From the amount shown for the value of securities underwritten we excluded the amount of commercial paper underwritten by the Section 20 subsidiaries in 1990 to make the total amount consistent with data reported to the Board for 1993. The Board did not include commercial paper, because issues are frequently rolled over and reissued several times during a year. THE FEDERAL RESERVE HAS PRESCRIBED FIREWALLS TO PROTECT BANKS AND REQUIRES SECTION 20 SUBSIDIARIES TO HAVE INTERNAL CONTROLS ---------------------------------------------------------- Chapter 3:2 Both the Federal Reserve and banking organizations that seek to establish Section 20 subsidiaries are to provide safeguards to insulate banks from subsidiaries' securities activities. To protect affiliated insured banks and the parent banking organization from risks associated with Section 20 subsidiaries' underwriting and dealing activities, the Federal Reserve has prescribed various firewalls. The banking organizations that establish Section 20 subsidiaries are also to have internal controls in place to ensure compliance with the firewalls and to manage attendant business risks. FIREWALLS PROVIDE IMPORTANT PROTECTION FOR INSURED BANK AFFILIATES -------------------------------------------------------- Chapter 3:2.1 As discussed briefly in chapter 1, Section 20 subsidiaries are subject to various limitations on their activities and operating conditions, which are called firewalls. These limitations and operating conditions are intended to insulate affiliated banks from risks associated with the ineligible securities underwriting and dealing activities and minimize conflicts of interest. The firewalls define the method a banking organization with a Section 20 subsidiary should use to calculate its capital so that investments and loans to the subsidiary are not counted toward the consolidated capital of the bank holding company; limit credit extensions that the bank affiliate may make to the Section 20 subsidiary and its clients and customers; require separate offices for the Section 20 subsidiary and limit employees, officers, and directors from serving in the same capacity for both the Section 20 subsidiary and an affiliated bank. require disclosures of the nature of the Section 20 subsidiary's business and its relationship with the banking affiliates, including disclosing to customers that the subsidiary is an organization separate from any affiliated bank and that securities recommended, offered, or sold by the subsidiary are not bank deposits and are not insured by FDIC; restrict a banking affiliate from offering investment advice regarding securities underwritten or dealt in by the Section 20 subsidiary unless the customer is notified of the affiliate's involvement; restrict extensions of credit and purchases of assets that would shift risk to insured institutions and prevent any unfair competitive advantage to bank-affiliated securities firms; and restrict the exchange of nonpublic customer information between banking affiliates and the Section 20 subsidiary. For each Section 20 subsidiary, the specific firewalls that apply vary according to the powers of the subsidiary and whether the subsidiary is foreign-owned. All of the firewalls are published in the Federal Reserve's Bank Holding Company Supervision Manual. (See app. I for a list of the Federal Reserves's detailed firewall conditions.) In addition to meeting the firewall conditions, applicants seeking expanded 1989 powers to underwrite and deal in corporate debt and equity securities are required to establish the necessary managerial and operational infrastructure before receiving Federal Reserve approval for these activities. The original Federal Reserve orders giving banks approval to underwrite and deal in securities document the rationale and importance of the establishment and operations of firewalls. The firewalls that prohibit extensions of credit, for example, are considered important for the following reasons: They preclude banking affiliates from making loans to depositors to purchase securities underwritten by a Section 20 subsidiary and thus seek to ensure that affiliates grant credit in a sound and impartial manner. They restrict banking subsidiaries from making unwise loans to improve the financial condition of the companies or organizations whose securities are underwritten or dealt in by an affiliated underwriting subsidiary, either to assist in marketing the securities or to prevent the customers of the underwriting subsidiary from incurring losses on securities sold by the subsidiary. They prohibit loans or other transactions between banking subsidiaries and underwriting subsidiaries to cover any financial losses sustained by the underwriting subsidiaries. They prohibit banks from purchasing low-quality assets from the underwriting subsidiary or providing the underwriting subsidiary with credit on preferential terms. (Such transactions are prohibited by Sections 23A and 23B of the Federal Reserve Act.) Firewalls that insulate the underwriting subsidiaries from banking subsidiaries by requiring separate operations--including separate officers, directors, and employees--are important to avoid any conflicts of interest and prevent loss of public trust in the banking subsidiary should the underwriting subsidiary sustain financial losses. SUBSIDIARIES ARE DIRECTED TO ESTABLISH INTERNAL CONTROLS FOR COMPLIANCE WITH FIREWALLS AND OTHER REQUIREMENTS -------------------------------------------------------- Chapter 3:2.2 The Federal Reserve generally requires Section 20 subsidiaries to have internal controls in place. For example, Federal Reserve inspection guidance for Section 20 subsidiaries seeking 1989 powers directs examiners to confirm that the subsidiaries have (1) internal control procedures to ensure compliance with the Federal Reserve's firewalls; (2) written underwriting and trading position limits; (3) procedures for managing syndicate (group) underwritings; and (4) procedures for segregation of duties, control over data entry, and hiring competent employees. The banking organizations we met with use a variety of such policies, procedures, and control mechanisms. According to information we obtained from three banking organizations, the controls used generally were in the form of written policies and procedures, staff training and awareness activities, and internal audit functions. Also, procedures to ensure compliance with regulations included compliance manuals, routine memoranda on securities underwritten and associated restrictions on credit relationships, separation of duties, supervision of employees, surveillance systems, compliance reviews, and internal audits. Those Section 20 subsidiaries also had policies and procedures to prevent insider trading and prevent affiliates from engaging in impermissible credit or investment activities and "tie-in" arrangements. (Tie-in or tying arrangements involve an agreement to provide a customer one service on the condition that he or she also obtain other services. This practice is considered anticompetitive and is generally prohibited by the Bank Holding Company Act, section 106(b).) To restrict insider trading and impermissible credit or investment activities, the subsidiaries issued "watch lists" and "restricted lists." To make employees aware of regulatory provisions prohibiting tie-in arrangements and the banks' antitying policies, the subsidiaries used compliance guidelines, memoranda, and training. Officials of the three banking organizations also said that they had employee training programs that included reviews of regulatory compliance requirements. Officials of one banking organization said that the organization's compliance manual is reviewed with employees, and insider trading and antitying policies are highlighted. Officials of another bank holding company said that all new hires were trained on securities laws and regulations as well as provisions on firewalls and antitying. Officials of another banking organization said it provided employees ongoing regulatory compliance training, and it required all employees to read compliance regulations annually and certify that they are familiar with and will comply with controls and provisions governing the bank's securities activities. According to Federal Reserve officials, such internal controls and training programs are common among the bank holding companies that the Federal Reserve has approved to underwrite and deal in bank-ineligible securities. However, a detailed review of private sector banking organizations' internal control systems was beyond the scope of our work, and we cannot comment on the effectiveness of those controls. BOTH FEDERAL RESERVE AND SECURITIES REGULATORS ARE TO EXAMINE SECTION 20 SUBSIDIARIES ---------------------------------------------------------- Chapter 3:3 Section 20 subsidiaries are to be examined by both the Federal Reserve and by securities regulators, but for different purposes. The Federal Reserve focuses on compliance with the firewalls and with the 10-percent limit on the subsidiaries' business in bank-ineligible securities. Securities regulators examine the subsidiaries for compliance with securities laws and SEC and SRO regulations and rules. Both the Federal Reserve and securities regulators examine the Section 20 subsidiaries' financial condition; however, according to Federal Reserve officials, the scope and objectives of the examinations differ. The officials said that securities regulators examine financial records to check for compliance with net capital requirements for broker-dealers.\3 They said Federal Reserve examiners verify data reported to the Federal Reserve on the subsidiaries' financial performance\4 and focus on any adverse effects of the subsidiaries' operations on the consolidated bank holding company and its depository institution affiliates. -------------------- \3 Net capital requirements are set forth in SEC Rule 15c3-1. \4 Section 20 subsidiaries report quarterly on Form FR Y-20, Financial Statements for a Bank Holding Company Subsidiary Engaged in Ineligible Securities Underwriting and Dealing. The FR Y-20 data are considered as confidential pursuant to section (b)(4) of the Freedom of Information Act, 5 U.S.C. 552(b)(4). FEDERAL RESERVE INSPECTIONS FOCUS ON COMPLIANCE WITH FIREWALLS AND OPERATING CONDITIONS -------------------------------------------------------- Chapter 3:3.1 The Federal Reserve's guidance on inspections of Section 20 subsidiaries outlines four types of inspections of the subsidiaries: firewall condition inspections, infrastructure reviews, annual inspections, and supplemental inspections. The timing and purposes of these inspections are described in table 3.2. Table 3.2 Federal Reserve Inspections of Section 20 Subsidiaries Type of Time of inspection inspection Scope of inspection ------------- ------------- ---------------------------------------- Firewall Initial All of the Section 20 subsidiary's condition inspection policies and operating procedures. inspection for compliance with firewalls and operating conditions applicable to 1987 powers. Infrastructur Before Reviews of management, SRO examination e review approval for results, internal controls, computer and 1989 powers, accounting systems, and internal audit regardless of and other areas. Examiners are to (1) whether the review and confirm that management is applicant is qualified to direct and supervise seeking securities underwriting and dealing initial activities and knowledgeable about powers or has associated risks and marketing been approved techniques; (2) review the latest SRO for 1987 examination to determine compliance with powers. securities laws and regulations; (3) review internal controls to ensure that appropriate controls are in place; (4) review computer and accounting systems to determine whether the systems can process and account for the relevant securities activities; and (5) evaluate the internal audit program and auditors' qualifications and determine the adequacy of the internal audit function, recordkeeping, and accounting and computer systems. Annual Annual. Evaluations of compliance with the inspection applicable firewalls and the 10 percent revenue limitation, and assessments of the subsidiaries' financial condition. In conducting annual inspections, Federal Reserve examiners rely on the work of the subsidiary's internal auditor and focus on (1) assessing changes in subsidiary operations that may have affected applicable firewalls and (2) verifying that deficiencies found by internal and any external audits have been corrected. The annual inspection procedures emphasize that a strong internal audit department will ordinarily review and test internal controls. This minimizes the need for Federal Reserve examiners to engage in extensive review and testing of controls. Supplemental Random or Testing of the firewalls in instances inspections targeted. where a Section 20 subsidiary has a poor compliance record or has not been subject to substantial internal audits. ---------------------------------------------------------------------- Source: GAO Analysis of the Federal Reserve's Inspection Guidance. Additional controls over Section 20 subsidiaries are provided by mandatory financial reporting, the Federal Reserve's centralized monitoring of inspection results and the underwriting activities of the subsidiaries, and regulation by securities industry regulators. In 1990, the Federal Reserve instituted a program requiring Section 20 subsidiaries to file quarterly reports on balance sheet, income, stockholders' equity, and other data on their underwriting activities. These data are to be submitted on reporting Form FR Y-20. The Federal Reserve uses these data to monitor compliance with the Federal Reserve's 10 percent revenue test and the financial status and underwriting activities of the Section 20 subsidiaries. Before FR Y-20 reporting was started, the Federal Reserve used copies of FOCUS Reports (Financial and Operational Combined Uniform Single Report) filed with securities industry Self-Regulatory Organizations (SROs) and other quarterly reports to monitor compliance with the 10 percent revenue test and the financial condition of Section 20 subsidiaries. Staff at Federal Reserve headquarters also monitor the results of the Federal Reserve districts' inspections of the Section 20 subsidiaries. SECURITIES REGULATORS EXAMINE FOR COMPLIANCE WITH SECURITIES LAWS AND REGULATIONS -------------------------------------------------------- Chapter 3:3.2 Section 20 subsidiaries are also required to register with SEC and join an SRO. The currently approved Section 20 subsidiaries are members of NASD or the New York Stock Exchange. The SROs regulate and examine the Section 20 subsidiaries' compliance with securities laws and regulations, SRO rules of fair practice, and their implementation of procedures designed to restrict opportunities for insider trading.\5 While banking organizations should have controls in place to prohibit the sharing of confidential information, the Section 20 subsidiaries' compliance with the insider trading provisions is primarily under SEC, NASD, and other SRO oversight, rather than the bank regulators.\6 -------------------- \5 These procedures, required by the Insider Trading and Securities Fraud Enforcement Act of 1988, P.L. 100-704, are intended to prevent nonpublic information acquired in one capacity from being used in another--for example, between a financial organization's varied activities, such as underwriting and trading and investment research and advice. NASD and NYSE have jointly developed guidelines for the securities industry to restrict insider trading. \6 We reported on SROs' adoption of insider trading provisions in Securities Markets: Clearly Defined "Chinese Wall" Standards Have Been Issued (GAO/GGD-91-115, Aug. 21, 1991). SUBSIDIARIES GENERALLY WERE INSPECTED ANNUALLY ---------------------------------------------------------- Chapter 3:4 Information on the timing of the Federal Reserve's inspections of Section 20 subsidiaries showed that Federal Reserve examiners generally inspected the Section 20 subsidiaries annually. The information provided to us by Federal Reserve officials showed that the Federal Reserve annually inspected 30 of the 31 Section 20 subsidiaries that were active at the end of 1992 and 1993. One subsidiary was not inspected; although Federal Reserve officials could not provide a reason for this, they said they had made the district bank aware that the Section 20 subsidiary should be inspected annually. However, in the period from 1989 through 1993, a total of nine of the Section 20 firms were not examined annually as required. According to Federal Reserve officials, annual inspections were delayed for a variety of reasons. The officials said delays in inspections of foreign-owned subsidiaries occurred due to a 1991 reorganization of the Federal Reserve's New York District inspection staff. In that reorganization, the officials said, two separate units were formed--one to inspect domestic firms and the other to inspect foreign-owned firms. According to the officials, as a result of the reorganization, no foreign-owned subsidiaries were inspected in 1991, but such scheduling delays have not been repeated. According to the Federal Reserve officials, other inspections were delayed because some districts were slow in implementing Section 20 inspection programs. One Section 20 subsidiary initially was not inspected because, although approved in 1990 for 1989 powers, it had not completed an internal audit program and was not actually allowed to begin underwriting and dealing activities until 1991. We also interviewed bank examiners with OCC, the primary regulator of national banks. These examiners are responsible for examining national banks that are subsidiaries of the same parent bank holding company as a Section 20 subsidiary. The national bank examiners said that their examinations consider the operations of Section 20 subsidiaries only to the extent that they might affect the safety and soundness of the national banks. The examiners said they are concerned with the bank's overall risk exposure and the bank's efforts to measure and manage risk levels, and they leave the detailed reviews of the Section 20 subsidiaries to the Federal Reserve and securities regulators. SOME FEDERAL RESERVE INSPECTIONS RELIED ON INTERNAL AUDITS AND DID NOT ALWAYS ASSESS COMPLIANCE WITH ALL FIREWALLS ---------------------------------------------------------- Chapter 3:5 Our review of the Federal Reserve's inspections of 14 Section 20 subsidiaries located in the Chicago, New York, Richmond, and San Francisco Federal Reserve districts showed that the Federal Reserve usually conducted detailed reviews of the subsidiaries. The district examiners conducted the required infrastructure reviews of subsidiaries seeking powers to underwrite corporate equity and debt securities. The results of our analysis of four infrastructure reviews completed during 1993 showed that those reviews generally were complete and addressed all conditions listed in the Federal Reserve's guidance. As noted on page 55, the Federal Reserve also completed annual firewall inspections of 30 of 31 approved underwriting subsidiaries. We also analyzed annual and special firewall inspections completed in 1992 and 1993 for all 14 Section 20 subsidiaries. The approach taken on the annual inspections varied among districts. The Richmond and San Francisco Federal Reserve Banks generally conducted independent reviews and, as applicable, tested the firewall conditions. The Chicago and New York Banks--especially the New York bank, in whose district the largest number of Section 20 subsidiaries are located--relied more on the banking organizations' internal auditors' assessments of compliance with the firewall conditions. For example, our review of the Federal Reserve's annual inspections of six Section 20 subsidiaries in the New York district found that the examiners relied, in all six cases, on the internal auditors' review and testing of the firewalls. Although Federal Reserve examiners said that they did some selective review of policies and procedures and testing of the firewalls, we found that such review and testing were not always documented in the inspection workpapers. In addition, the workpapers did not always include documents showing the scope and methodology of the internal auditors' review and testing of firewalls. In a 1993 report on the Federal Reserve's bank holding company inspections, we noted that the quality of Federal Reserve workpapers was inconsistent, and the Federal Reserve Manual did not provide guidance on workpaper preparation.\7 We also recommended that the Federal Reserve improve workpaper documentation of its bank holding company inspections. In response to those recommendations, the Federal Reserve said that those workpapers would be subject to standards similar to the agency's new standards for workpapers in commercial bank examinations, which the Federal Reserve was testing as of September 1994. The Federal Reserve's standardized commercial bank work documentation program is intended to provide a consistent format for documenting the tasks performed on each examination. The Federal Reserve's commercial bank examination standards also provide a format for examiners to follow in reviewing the work of internal auditors, including determining the adequacy of internal auditors' testing methods. In our review of the Federal Reserve's inspections of the Section 20 subsidiaries, we found two instances in which neither Federal Reserve examiners nor the internal auditors reviewed for compliance with certain firewalls. More specifically, we found the following: In the 1993 inspection of one of the larger Section 20 subsidiaries, neither the Federal Reserve examiner nor the internal auditors reviewed firewalls that restricted credit extensions to the underwriting subsidiary and its clients and customers, prohibited interlocking directorates, required disclosure of the subsidiary's relationship to the parent organization, and prohibited intercompany transactions and transfers of assets between the Section 20 subsidiary and affiliated insured banks. In this case, the examiner said that he relied on an internal audit that was the same one he relied on in the prior year's inspection. The Federal Reserve examiners said that they used spot-checks and walk-throughs to review these items, and those reviews may not have been documented in workpapers. In another inspection, neither the Federal Reserve examiner nor the internal auditor reviewed firewalls that restrict the sale of securities underwritten by the Section 20 subsidiary to other subsidiaries of the same bank holding company and restrict any asset sales to affiliated banks. It is important that these firewalls be checked to ensure that they are in place and functioning properly to restrict conflicts of interest, risky credit relationships, and illegal intercompany transactions\8 and reciprocal arrangements. In these instances, inspection supervisors' reviews would have been needed to ensure that all firewalls were examined and work was properly documented in workpapers. Federal Reserve officials said that it allowed the districts to use their own discretion in deciding how much to rely on the work of internal auditors. Such discretion is allowed because it is a practical approach to covering all Section 20 subsidiaries. Otherwise, the districts would not be able to cover all of the bank holding companies and their subsidiaries if Federal Reserve examiners themselves did extensive testing of every regulatory requirement. This would be especially true for the New York district, which has the highest number of Section 20 subsidiaries (13). -------------------- \7 Bank Examination Quality: FRB Examinations and Inspections Do Not Fully Assess Bank Safety and Soundness (GAO/AFMD-93-13, Feb. 16, 1993). \8 We earlier reported that during bank holding company inspections Federal Reserve examiners did not adequately assess risks from intercompany transactions. See GAO/AFMD-93-13, Feb. 16, 1993, pp. 45-46. FEDERAL RESERVE INSPECTIONS SEEK TO CORRECT DEFICIENCIES AND AVERT PROBLEMS ---------------------------------------------------------- Chapter 3:6 The Federal Reserve, as well as the other federal bank regulators, can impose any of several informal and formal enforcement actions on banks that operate in an unsafe or unsound manner or fail to comply with laws and regulations. Informal enforcement actions include meeting with bank officers and boards of directors to obtain agreement on improvements needed, requiring banks to issue commitment letters to the regulators specifying corrective actions that need to be taken, requiring bank boards of directors to issue resolutions specifying corrective actions, and requiring a memorandum of understanding between regulators and bank officers on actions that will be taken. Formal enforcement actions include formal written agreements; orders to cease and desist; assessments of civil money penalties; and orders for removal, prohibition, or suspension of individuals from bank operations.\9 According to Federal Reserve officials, the Federal Reserve has taken few enforcement actions against Section 20 subsidiaries for firewall noncompliance. Since the 1987 order that first approved Section 20 subsidiaries, two enforcement actions have been taken, one formal and one informal, both during 1994. On December 5, 1994, the Federal Reserve Bank of New York executed a Written Agreement with a bank holding company, its affiliated bank, and its Section 20 subsidiary not to engage in any violation of Section 23A of the Federal Reserve Act or any of the Federal Reserve's firewalls. As a result of a 1994 inspection, at the Federal Reserve's request a Section 20 subsidiary adopted a board of directors resolution that restricted the subsidiary's underwriting and dealing in ineligible securities and required various corrective measures. According to Federal Reserve officials, the Federal Reserve has taken few enforcement actions because the Federal Reserve emphasizes corrective measures, rather than enforcement actions, to ensure that Section 20 firms have appropriately functioning internal control and internal audit procedures in place. Under this approach, Federal Reserve officials said, potential problems are discovered and corrected as part of the inspection process before they become serious enough to warrant an enforcement action. However, Federal Reserve officials said they will take enforcement actions if their examiners discover (1) an incidence of serious noncompliance with laws, regulations, or supervisory guidance relative to a Section 20 subsidiary; (2) repeat offenses; or (3) an unwillingness to correct voluntarily noted deficiencies or violations. Even though the Federal Reserve's inspections have not resulted in many enforcement actions, our review of Federal Reserve inspection reports showed that the Federal Reserve's annual firewall inspection efforts have identified deficiencies and potential problems. In 15 out of 31 of the most recent inspections completed during 1992 or 1993, Federal Reserve examiners noted deficiencies. These deficiencies included, among others, a lack of internal audits for a newly established Section 20 subsidiary and failure to account for and adhere to technical rules related to calculation of the amounts of ineligible versus eligible revenues. According to Federal Reserve officials, such deficiencies are discussed with bank officials in inspection close-out meetings. Following these meetings, Federal Reserve officials said they require the subsidiaries' management to respond in writing within 60 days about the actions that the subsidiary will take to correct such deficiencies. The officials also said that the Federal Reserve would consider taking a formal or informal enforcement action, as appropriate, if no response were received or the next inspection showed that the subsidiary had failed to correct the deficiency. -------------------- \9 The bank regulatory enforcement process is described in detail in our report Bank Supervision: Prompt and Forceful Regulatory Actions Needed (GAO/GGD-91-69, April 15, 1991, pp.17-19). CONCLUSIONS ---------------------------------------------------------- Chapter 3:7 The Federal Reserve's inspections of Section 20 subsidiaries were usually done on schedule and assessed compliance with applicable firewalls. Federal Reserve examiners or bank holding company internal auditors usually reviewed and tested for compliance with all applicable firewalls. However, the Federal Reserve's monitoring for firewall compliance is not complete unless Federal Reserve examiners or internal auditors review all applicable firewalls and unless Federal Reserve examiners review the completeness of the internal audit and document the audit's scope, methodology, and results. Reliable monitoring of and compliance with firewalls help ensure that banking organizations--including federally insured banks--are not engaging in unwise or unduly risky transactions with the underwriting subsidiaries, their clients, or their customers. In cases where documentation of the work performed by examiners and internal auditors is not sufficient, the Federal Reserve cannot attest to the completeness of its firewall inspections or to the general level of compliance with firewalls. Also, without sufficient documentation we cannot fully conclude that the Federal Reserve's inspections are complete and effective, that the Federal Reserve has a basis for reliance on bank holding company internal auditors, or comment on the general level of compliance with the Federal Reserve's firewalls. The Federal Reserve's proposed development of a standardized workpaper format for bank holding company inspections that is similar to the format that it has developed and is testing for commercial bank examinations could provide adequate documentation of the work performed by Federal Reserve examiners and internal auditors if applied to the Section 20 subsidiary segments of the bank holding company inspections. However, those instances where firewall reviews are not being performed will not be remedied by implementation of documentation procedures. RECOMMENDATIONS ---------------------------------------------------------- Chapter 3:8 We recommend that the Chairman of the Board of Governors of the Federal Reserve System ensure that either Federal Reserve examiners or internal auditors review and test all applicable firewalls at least once annually and document in inspection workpapers the work performed by Federal Reserve examiners or bank holding company internal auditors. Federal Reserve workpapers should document Federal Reserve examiners' testing of the work of internal auditors as a basis for reliance on internal audit. AGENCY COMMENTS AND OUR EVALUATION ---------------------------------------------------------- Chapter 3:9 The Federal Reserve said that it would promptly address our findings related to firewall compliance. It intends to reiterate for examiners the Federal Reserve's long-standing policy to inspect and fully document Section 20 companies' compliance with all applicable firewall conditions. In addition, it will instruct examiners that when they rely on the reports of internal auditors, their workpapers must explicitly cross-reference the auditors' documentation of testing for compliance with each firewall. The Federal Reserve also noted that in recent months additional enhancements have been made to its supervisory program to facilitate oversight of Section 20 companies' regulatory compliance. According to the Federal Reserve these include (1) the addition of another full-time, experienced staff member to its Section 20 oversight group; and (2) the preparation of a quarterly profile of the operations of each Section 20 company, including any violations of, or weaknesses in, controls relative to firewall conditions and the status of any supervisory follow-up actions and corrective measures. The Federal Reserve also commented on three instances that we cited in the draft report of examiners or internal auditors failing to review for compliance with certain firewalls and instances where examiners' review and testing of firewalls were not always documented. The Federal Reserve said that those instances were either minor or not completely accurate. Federal Reserve staff reviewed each of the instances cited to provide additional detail. In the first instance, Federal Reserve staff found that the examiners felt justified in their reliance on the same internal audit for two consecutive inspections. This was because of the examiners' confidence in the company's strong program of quarterly firewall testing, history of consistent compliance, and the high quality of its internal audit programs. We could not review private banking organizations' compliance and internal audit programs and cannot comment on their quality. However, we believe that relying on the same internal audit for two consecutive inspections of firewall compliance does not provide continued assurance of compliance with firewalls. In the second instance, Federal Reserve staff found that internal auditors failed to review compliance with a firewall restricting sales of securities underwritten by the Section 20 company to affiliates because of a recent merger. In that case Federal Reserve staff found that the examiners verified compliance with this firewall. However, we did not see this work and the results documented in the inspection workpaper files that we reviewed. The Federal Reserve staff also noted that the Section 20 company in question, at the time of the inspection, was operating under the Federal Reserve Board's 1987 Order and was not subject to the firewall governing asset sales. According to our reading of the Federal Reserve's Bank Holding Company Supervision Manual, Section 2185.0, page 28, the 1987 Order did contain a firewall governing asset sales. In the third instance, Federal Reserve staff found that a firewall prohibiting reciprocal arrangements was not tested because the Section 20 company in question did about 98 percent of its business in government securities, which are not subject to firewalls. This company was involved only as a minor participant in underwritings of ineligible securities. This information was not apparent from inspection workpapers and was not provided to us at the time of our review. We have dropped this example from the final report. FDIC WAS UNABLE TO ASSESS RISKS TO FEDERALLY INSURED BANKS POSED BY SECURITIES ACTIVITIES OF BANK SUBSIDIARIES ============================================================ Chapter 4 Under FDIC regulation and supervision federally insured state-chartered nonmember banks under its jurisdiction can establish or acquire bona fide subsidiaries to underwrite and deal in securities--activities not permissible for banks. However, the agency has not fully prepared its examiners to examine these activities and does not have other procedures for monitoring the subsidiaries' activities. As a result, FDIC has no systematic way of knowing the extent to which bank subsidiaries are engaged in securities activities that pose risks to nonmember banks or ensuring that any such risks are minimized. BONA FIDE AND SECTION 20 SUBSIDIARY FIREWALLS SHARE THE SAME PURPOSE ---------------------------------------------------------- Chapter 4:1 As discussed in chapter 1, bona fide subsidiaries are subject to operating conditions and firewalls required under FDIC Rules and Regulations, Section 337.4. The purpose of these requirements, like the requirements that Section 20 subsidiaries must meet, is to ensure the safety and soundness of bank affiliates of the bona fide subsidiaries and protect consumers from conflict-of-interest abuses and other inequities. Generally, Section 337.4 contains the following provisions: The bona fide subsidiary must be adequately capitalized. The bona fide subsidiary must be physically separate from the bank with separate offices, separate accounting and other records, and separate employees and officers. Bona fide subsidiaries' underwriting and dealing activities are limited to (1) "investment quality" debt and equity securities that are rated in the top four rating categories by a nationally recognized rating service or have equivalent characteristics, or (2) underwriting of investment companies whose holdings are primarily investment quality securities or obligations of the U.S. government and its agencies or money market instruments.\1 The nature of the bona fide subsidiary's business and its relationship with the banking affiliates, including that the subsidiary is a separate organization from the bank and that investments recommended, offered, or sold by the subsidiary are not bank deposits and are not insured by FDIC, must be disclosed to customers. Credit extensions that the bank affiliate may make to the bona fide subsidiary and its clients and customers are limited. Banks are prohibited from purchasing as fiduciary any securities underwritten or dealt by the bona fide subsidiary. Banks are prohibited from transacting business through a trust department with a bona fide subsidiary on terms that appear preferential when compared to similar transactions with unaffiliated securities companies. Banks are prohibited from conditioning any loan or extension of credit on the requirement that the bona fide subsidiary underwrite or distribute a company's securities. Like the Federal Reserve, FDIC seeks to ensure that subsidiaries engaged in underwriting and dealing in bank-ineligible securities are insulated from bank affiliates by mandating separate operations--including separate officers and employees. Also similar to the Federal Reserve, the FDIC Regulation requires that an insured nonmember bank's direct investment in a securities subsidiary not be counted toward the bank's capital. FDIC expects bona fide subsidiaries to establish the necessary managerial and operational infrastructure before beginning operations. A more detailed account of the Section 337.4 provisions that apply to bona fide subsidiaries is presented in appendix II. -------------------- \1 This restriction does not apply to subsidiaries that are members in good standing with NASD and have been in continuous operation for at least 5 years. FDIC REQUIRES NOTIFICATION OF BANKS' AFFILIATION WITH BONA FIDE SUBSIDIARIES ---------------------------------------------------------- Chapter 4:2 The Federal Reserve examines a Section 20 subsidiary before it is approved to underwrite and deal in corporate equity and debt securities. In contrast, FDIC requires only that a nonmember bank notify the agency when it establishes or acquires a bona fide subsidiary. Section 337.4, rather than an FDIC action of approval, authorizes bona fide subsidiaries to underwrite and deal in certain corporate equity and debt securities. A nonmember bank is to notify the FDIC regional director of its intention to establish a bona fide subsidiary 60 days before the subsidiary is to begin operations and again within 10 days after it begins operations. FDIC makes no effort to ensure through an on-site examination that bona fide subsidiaries commence securities underwriting and dealing activities in compliance with Section 337.4 operating conditions and firewalls. FDIC requires compliance with the Section 337.4 provisions at the time that a bona fide subsidiary begins operations. However, as a matter of policy, after receiving the notification FDIC reviews the bank's compliance at the next scheduled FDIC examination of the bank. Under certain conditions, this policy could allow a bona fide subsidiary to operate for many months before it is examined for compliance with Section 337.4 requirements. For banks subject only to FDIC examinations, a newly established bona fide subsidiary could operate for nearly a year before an examination. For banks that are subject to annual examinations alternating between FDIC and state regulators, such subsidiaries might operate without FDIC oversight for a longer period.\2 According to FDIC officials, FDIC has not established any procedure for approving state nonmember banks' establishment of bona fide subsidiaries because doing so would be burdensome on the banks. -------------------- \2 The FDIC Improvement Act allows examination requirements to be met by state examinations in alternating years if the federal regulator deems this appropriate. FDIC DOES NOT KNOW HOW MANY BANKS HAVE ESTABLISHED BONA FIDE SUBSIDIARIES ---------------------------------------------------------- Chapter 4:3 From among the more than 6,000 banks the agency supervised, FDIC could neither provide an accurate count of the number of banks that had established or acquired bona fide subsidiaries nor identify all such subsidiaries. In response to our request for a list of banks with bona fide subsidiaries, FDIC polled its regions and identified 80 such banks. In our review of examination files for 13 of these banks, we found that none were engaged in underwriting and dealing in bank-ineligible securities.\3 In fact, only 5 of the 13 banks had actually established or acquired bona fide subsidiaries. Of those five subsidiaries, three provided full-service brokerage services; the remaining two provided only discount brokerage services (which did not require bona fide subsidiary status). Of the remaining eight banks that had not established bona fide subsidiaries, one provided full-service brokerage services (so it should have obtained bona fide subsidiary status), five provided only discount brokerage services, and two provided no brokerage services.\4 FDIC officials later told us that the initial listing of 80 banks was inaccurate, and they were unable to provide us with any other data on banks with bona fide subsidiaries engaged in underwriting and dealing in bank-ineligible securities. The officials said that examiners have several ways of identifying banks and subsidiaries that should be examined for compliance with Section 337.4: (1) through the notices filed by banks to FDIC regional directors, (2) from information obtained from the banks in response to a preexamination entry letter, (3) from survey questionnaires responded to by bank officers, (4) from listings of bank affiliates and subsidiaries, and (5) from examiners' own visual examination of the banking organizations' activities. According to the officials, very few nonmember banks have established bona fide subsidiaries for the purpose of underwriting and dealing in bank-ineligible securities. The FDIC officials said that underwriting and dealing in securities are more common among larger banking organizations than the state-chartered nonmember banks FDIC supervises. -------------------- \3 The 13 banks were located in FDIC's Atlanta, Chicago, New York, and San Francisco regions. \4 As noted in chapter 1, the Glass-Steagall Act does not prohibit banks from providing discount and full-service brokerage services. SOME EXAMINERS WERE UNCERTAIN ABOUT EXAMINING BONA FIDE SUBSIDIARIES ---------------------------------------------------------- Chapter 4:4 FDIC examination guidance directs examiners to review the activities of bank subsidiaries and their compliance with firewalls.\5 During examinations of nonmember banks, FDIC examiners are also to determine that the activities of bank subsidiaries do not endanger the safety and soundness of the parent institution. When applicable, FDIC examiners are to review for compliance with Section 337.4 provisions. Although such subsidiaries are also subject to SEC and NASD examination, possible impacts on the safety and soundness of affiliated banks and compliance with firewalls to protect those banks are not within the scope of the SEC and NASD examinations. In our review of FDIC examinations, we found instances of uncertainty among examiners about whether the Section 337.4 provisions applied to the subsidiary being examined. On two examinations--one in FDIC's Atlanta region and one in the San Francisco region--examiners did not know if the Section 337.4 provisions applied to the organization being examined and had to obtain determinations from FDIC regional legal counsels of whether the regulation applied. In another instance--in the Chicago region--a bank subsidiary that was providing full-service brokerage services was not examined for compliance with the regulation because the examiners believed that it did not apply to full-service brokerage activities. The uncertainty examiners experienced regarding the applicability of Section 337.4 provisions is understandable. FDIC has no process for approving the securities activities of individual banks; thus, going into examinations FDIC examiners do not know which banks should be examined for compliance with Section 337.4. Further, FDIC's requirement that full-service brokerage subsidiaries be bona fide subsidiaries and comply with Section 337.4 provisions does not appear in FDIC's examination guidance. Section 337.4 requires only that activities prohibited by the Glass-Steagall Act, namely underwriting and dealing, be conducted in a bona fide subsidiary. The uncertainty that follows from this condition might be minimized by additional examiner guidance. As noted in chapter 2, FDIC examiners are not provided formal training on bank securities activities. Also, FDIC has no detailed examination procedures for examiners to follow in examining for compliance with Section 337.4. According to FDIC officials, no specific examination procedures are needed because Section 337.4 "speaks for itself" and serves as adequate examination guidance. FDIC relies on the examination process as a means of monitoring the activities of bona fide subsidiaries. However, FDIC has no reliable means of knowing which banks and subsidiaries should be examined for compliance with Section 337.4, nor has it provided clear examination guidance or specialized training to enable FDIC examiners to conduct efficient and effective compliance examinations of bona fide subsidiaries. -------------------- \5 Securities subsidiaries of nonmember banks, including bona fide subsidiaries, are also subject to NASD examinations, which focus on investor protection issues, such as net capital position, trading practices, and sales practices, rather than on any effect that the subsidiary might have on the safety and soundness of the parent banking institution. FDIC HAS NO RELIABLE WAY TO MONITOR SECURITIES ACTIVITIES OF NON-FEDERAL RESERVE MEMBER BANKS ---------------------------------------------------------- Chapter 4:5 FDIC delegates all oversight of the bona fide subsidiaries to its regions. FDIC does not maintain centralized data on nonmember banks that have established or acquired bona fide subsidiaries, the volume of bank subsidiaries underwriting and dealing activities, the financial condition of the subsidiaries, or the subsidiaries' compliance with FDIC firewalls. This information would be relevant to monitoring possible risks to federally insured banks and any possible effect on the FDIC-administered Bank Insurance Fund. The effects of FDIC's lack of centralized oversight of the securities activities of nonmember banks were exemplified by the results of our effort to obtain information about those activities. FDIC could not provide a count of banks that had established bona fide subsidiaries or even identify any such subsidiaries. This inability to provide information is most troublesome, as it bears on FDIC's ability to monitor the safety and soundness of banks under its jurisdiction that operate bona fide subsidiaries. CONCLUSIONS ---------------------------------------------------------- Chapter 4:6 Federal banking regulators with supervisory responsibility for bank subsidiaries that engage in securities underwriting and dealing activities have a clear responsibility to adequately monitor the subsidiaries' activities in order to assess and minimize risks such activities may pose to federally insured banks. FDIC's policies on compliance monitoring and examination guidance and training, and the lack of systematic oversight, do not enable the agency to fulfill its responsibility to ensure that risks securities activities pose to nonmember banks are minimized. Perhaps FDIC officials are correct in their perception that very few nonmember banks have engaged in underwriting and dealing in securities as permitted by FDIC regulations. If so, FDIC probably does not need to establish a program to monitor bona fide subsidiaries of the same magnitude as the program the Federal Reserve uses to monitor Section 20 subsidiaries. However, to ensure the safety and soundness of insured parent banks, FDIC at least should be capable of (1) identifying which of the banks it supervises have established bona fide subsidiaries, (2) monitoring and maintaining information on the size of those subsidiaries' underwriting and dealing activities and their capital adequacy positions, and (3) ensuring that the subsidiaries have controls in place and functioning to ensure compliance with firewalls. RECOMMENDATION ---------------------------------------------------------- Chapter 4:7 We recommend that the Chairman, FDIC, establish a program to identify and routinely review the securities activities and the financial condition and performance of bona fide subsidiaries under FDIC's jurisdiction to assess the overall risks posed by the activities on federally insured banks and ensure compliance with firewalls. The program should provide FDIC examiners guidance and training on how to examine bank and bank subsidiary securities activities. AGENCY COMMENTS AND OUR EVALUATION ---------------------------------------------------------- Chapter 4:8 FDIC disagreed with our recommendation that it establish a program to identify and routinely review the financial condition and performance of bona fide subsidiaries, assess risks posed by the subsidiaries' securities activities, and ensure compliance with firewalls. It believes that its decentralized approach has provided effective supervision and minimized risks to insured banks. It commented that because the range of permissible bank securities activities is subject to change over time, centralized reporting would only identify which banks had a bona fide subsidiary at some point in time. FDIC also said that supervision of those institutions would still fall to regional personnel. FDIC noted that bank securities subsidiaries also fall under the supervisory umbrella of SEC and NASD. FDIC said that rather than create a burdensome reporting process, it prefers to deal with bank subsidiaries' securities activities on a case-by-case basis. However, FDIC also commented that as the number of banks engaged in securities activities and the variety of such activities increase, it is considering various ways to improve its oversight of institution and systemic developments and issues. We disagree with FDIC's view that changes in the range of permissible bank securities activities make monitoring those activities difficult and thereby justify its not systematically monitoring those activities. We believe that as a regulator of federally insured banks, FDIC is responsible for knowing of and supervising activities that may pose risks to those banks. We believe a centrally administered program to identify and monitor the securities activities and financial performance of institutions could improve FDIC's oversight of nonmember banks' securities activities immediately at little extra cost. For example, the centrally administered Federal Reserve program requires minimal staff resources--until recently, it required only one full-time analyst. With FDIC having few banking organizations with securities activities to oversee, a centrally administered program would likely require only a part-time responsibility for one headquarters staff position. Also, because FDIC already requires banks to notify it of subsidiaries' securities activities and has regional supervision programs in place, a centralized program should not require added regulatory burden on nonmember banks. Such a program, through regional examiners, would rely on the results of securities regulators' examinations to alert FDIC of conditions that might affect bank safety and soundness and not encourage duplicative examinations. Additional reporting burden would also not be a concern because securities subsidiaries' financial data are available from the FOCUS reports required by securities SROs. FEDERAL RESERVE BOARD FIREWALLS =========================================================== Appendix I This appendix lists (1) the firewall requirements the Federal Reserve established in its 1987 and 1989 orders approving bank holding company subsidiaries to underwrite and deal in bank-ineligible securities and (2) firewall requirements the Federal Reserve modified for underwriting subsidiaries of foreign banks. Foreig 1987 1989 n- Firewall category/firewall description Powers Powers owned -------------------------------------------------------- ------ ------ ------ Types of securities to be underwritten -------------------------------------------------------------------------------- 1. Section 20 subsidiary may underwrite and deal only in the following four ineligible securities: municipal revenue bonds, mortgage-related securities, commercial paper, and consumer-receivable-related (asset-backed) securities. 2. Section 20 subsidiary may underwrite and deal in corporate debt and equity. Capital investment and adequacy -------------------------------------------------------------------------------- 3(a). Parent is required to deduct from its consolidated capital any investment it makes in the Section 20 subsidiary that is treated as capital in the Section 20 subsidiary. 3(b). Foreign parent bank should meet Basle Accord risk-based capital standards. 4. Parent will also deduct from its regulatory capital any credit it or a nonbank subsidiary extends directly or indirectly to the Section 20 subsidiary unless the extension of credit is fully secured by U.S. Treasury Securities or other marketable securities and is collateralized in the same manner and to the same extent as would be required under Section 23A(c) of the Federal Reserve Act if the credit extension was made by a member bank. 5(a). Parent and its nonbank subsidiaries will not, directly or indirectly, provide any funds to, or for the benefit of, the Section 20 subsidiary, whether in the form of capital, secured or unsecured extensions of credit, or transfer of assets, without prior notice to and approval by the Board. 5(b). A Section 20 subsidiary may not be funded by an applicant's U.S. bank, thrift, branch, or agency. A foreign bank may invest in or lend to a Section 20 subsidiary as though foreign bank was a bank holding company. 6. Before commencing new activities, parent must submit to the Board acceptable plans to raise additional capital or demonstrate that it is strongly capitalized and will remain so after making the capital adjustments authorized or required by the Board's order. 7. Section 20 subsidiary will maintain at all times capital adequate to support its activity and cover reasonably expected expenses and losses. Credit extensions to customers of underwriting subsidiary -------------------------------------------------------------------------------- 8(a). Parent and its subsidiaries will not extend credit that may be viewed as enhancing credit worthiness or marketability of an ineligible security issue underwritten by the Section 20 subsidiary. 8(b). Section 20 subsidiary will not underwrite or distribute ineligible securities if it knows that an affiliate, foreign or domestic, is providing credit enhancements. 9. Parent and its non-Section 20 subsidiaries will not knowingly extend to a customer credit directly or indirectly secured by, or for the purpose of purchasing, any ineligible security that the Section 20 subsidiary underwrites during the underwriting period or for 30 days thereafter; or to purchase from the Section 20 subsidiary any ineligible security in which it makes a market. 10(a). Parent and its subsidiaries may not make loans to issuers of ineligible securities underwritten by the Section 20 subsidiary for purpose of payment of principal, interest, or dividends on such securities. To ensure compliance, any credit lines extended to an issuer by a bank affiliate shall provide for different timing, terms, conditions, and maturities from ineligible securities being underwritten. 11. Parent will adopt appropriate procedures to assure that any credit extensions by it or any of its subsidiaries to issuers of ineligible securities underwritten or dealt in by the Section 20 are on an arm's length basis for purposes other than payment of principal, interest, or dividends on such securities. 12. In any transaction involving the Section 20 subsidiary, thrift subsidiaries will observe the \a limitations of Sections 23A and 23B of the Federal Reserve Act as if the thrifts were banks. 13. Requirements relating to credit extensions to issuers noted in items 8-12 above will also apply to extensions of credit to parties that are major users of projects that are financed by industrial revenue bonds. 14. Parent will cause its U.S. bank subsidiaries to adopt policies and procedures, including appropriate limits on exposure, to govern their participation in financing transactions underwritten or arranged by the Section 20 subsidiary. 15. Parent and its U.S. subsidiaries will establish appropriate policies, procedures, and limitations regarding exposure of the holding company on a consolidated basis to any single customer whose securities are underwritten or dealt in by the Section 20 subsidiary. Limitations to maintain separateness of underwriting affiliate's activity -------------------------------------------------------------------------------- 16(a). No officer, director, or employee interlocks are permitted between the Section 20 and any bank subsidiaries of the holding company. Section 20 will have separate offices from any affiliated bank. 16(b). No interlocks except one officer of branch may act as a director of section 20 subsidiary. The Section 20 will have offices separate from any affiliated bank. Disclosure by underwriting subsidiary -------------------------------------------------------------------------------- 17(a). Section 20 subsidiary will provide special disclosure statement describing difference between the Section 20 subsidiary and its U.S. bank affiliates, pointing out that an affiliated bank could be a lender to an issuer and referring the customer to the disclosure document for details. Statement will state that securities sold, offered, or recommended by the Section 20 subsidiary are not deposits, are not insured by FDIC or FSLIC, are not guaranteed by bank affiliate, and are not an obligation or responsibility of the bank. Section 20 will disclose any material lending relationship between issuer and bank affiliate, and in every case whether the proceeds of the issue will be used to repay outstanding indebtedness to affiliates. Marketing activities on behalf of underwriting subsidiary -------------------------------------------------------------------------------- 18. Section 20 subsidiary and affiliated U.S. bank will not engage in advertising or enter into an agreement stating or suggesting that an affiliated bank is responsible in any way for the Section 20's obligations. 19(a). U.S. bank affiliates of the Section 20 will not act as agent for, or engage in marketing activities on behalf of, the Section 20. In this regard, prospectuses and sales literature relating to securities being underwritten or dealt in by the Section 20 subsidiary may not be distributed by bank and may not be made available to the public at bank affiliate office, unless specifically requested by a customer. Investment advice by bank and thrift affiliates and conflicts of interest -------------------------------------------------------------------------------- 20. U.S. bank affiliates may not express opinion on the value or the advisability of purchase or sale of ineligible securities underwritten or dealt in by the Section 20 subsidiary unless the bank affiliate notifies the customer that the Section 20 subsidiary is underwriting, making a market, distributing, or dealing in the security. 21. Parent and its U.S. bank, thrift, trust, or investment advisory subsidiary will not purchase, as a trustee or in any other fiduciary capacity, for accounts over which they have investment discretion ineligible securities (a) under-written by the Section 20 subsidiary as lead underwriter or syndicate member during period of underwriting or selling syndicate, and for 60-day period after termination; (b) from the Section 20 if it makes a market in that security, unless such purchase is specifically authorized. Extensions of credit and purchases and sales of assets/conflicts of interest -------------------------------------------------------------------------------- 22. Parent and its non-Section 20 subsidiaries will not: (a) purchase, as principal, ineligible securities that are underwritten by the Section 20 subsidiary during underwriting period and for 60 days after close of underwriting period or (b) purchase from the Section 20 subsidiary any ineligible securities in which the Section 20 subsidiary makes a market. 23. Section 20 subsidiary may not underwrite or deal in ineligible securities issued by its affiliates or representing interests in, or secured by, obligations originated or sponsored by its affiliate, except for: (a) securities of affiliates if rated by a nonaffiliated, nationally recognized rating organization or are issued or guaranteed by FNMA, FHLMC or GNMA\,\b or represent interests in such obligations; and (b) grantor trusts or special purpose corporations created to facilitate underwriting of securities backed by residential mortgages originated by a nonaffiliated lender. 24(a). Parent will ensure that no U.S. bank subsidiary will, directly or indirectly, extend credit in any manner to the Section 20 subsidiary; or issue a guarantee, acceptance, or letter of credit, including an endorsement or standby letter of credit, for the benefit of the Section 20 subsidiary. 24(b). This prohibition does not apply to an extension of credit by a bank to the Section 20 subsidiary that is incidental to the provision of clearing services by the bank to the Section 20 subsidiary with respect to securities of the U.S. or its agencies, if the credit extension is fully secured by such securities, is on market terms, and is repaid on the same calendar day. 25(a). All purchases and sales of assets between U.S. bank affiliates and Section 20 subsidiary (or third parties in which the Section 20 is participant, or has financial interest, or acts as an agent or broker or receives a fee for its services) will be at arm's length and on terms no less stringent than those applicable to unrelated third parties and will not involve low-quality securities, as defined in Section 23A of the Federal Reserve Act. 25(b). U.S. bank subsidiary will not, directly or indirectly, for its own account, purchase or sell financial assets of the Section 20 subsidiary. This limitation does not apply to the purchase and sale of U.S. Treasury securities that are not subject to repurchase or reverse repurchase agreements between the Section 20 subsidiary and bank affiliate. Limitations on transfers of information to address possible unfair competition -------------------------------------------------------------------------------- 26. U.S. bank affiliates may not disclose to the Section 20 subsidiary, and vice versa, any nonpublic customer information, including an evaluation of credit worthiness of an issuer or other customer of that bank or Section 20 subsidiary, without customer consent. Reports -------------------------------------------------------------------------------- 27. Parent will submit quarterly to the Federal Reserve FOCUS reports filed with NASD or other SROs and detailed information on the Section 20's underwriting activity broken out by eligible and ineligible securities. Transfer of activities and formation of subsidiaries of an underwriting subsidiary to engage in underwriting and dealing -------------------------------------------------------------------------------- 28. Pursuant to Regulation Y, corporate reorganization of the Section 20 subsidiary may not be consummated without prior Board approval. Limitations on reciprocal arrangements and discriminatory treatment -------------------------------------------------------------------------------- 29(a). Parent and its subsidiaries may not, directly or indirectly, enter into any reciprocal arrangement with another holding company for purposes of evading Board requirements. 29(b). U.S. bank affiliates of Section 20 subsidiary \c will not, directly or indirectly, (a) acting alone or with others, extend or deny credit or services, or vary terms or conditions, if the effect would be to treat an unaffiliated securities firm less favorably than the Section 20, unless the extension or denial is based on objective criteria and is consistent with sound business practices; (b) extend or deny credit or services or vary terms or conditions with intent of creating a competitive advantage for the Section 20. Requirement for supervisory review before commencement of activities -------------------------------------------------------------------------------- 30. Parent may not commence proposed debt and equity securities underwriting and dealing activities until the Board has determined that policies and procedures have been established to ensure compliance with this Order's requirements, including computer, audit, and accounting systems, internal risk management controls, and operational and managerial infrastructure. -------------------------------------------------------------------------------- Legend = Firewall applicable \a Sections 23A and 23B of the Federal Reserve Act were made applicable to thrifts in 1989 by the Financial Institutions Reform, Recovery, and Enforcement Act of 1989. \b FNMA refers to Federal National Mortgage Association; FHLMC refers to Federal Home Loan Mortgage Corporation; GNMA refers to Government National Mortgage Association. \c Although 1987 firewalls did not include tying restrictions, Section 20 subsidiaries operating with 1987 powers are not exempt from tying prohibitions contained in section 106(b) of the Bank Holding Company Act Amendments of 1970 and Federal Reserve Regulation Y (12 C.F.R. 225.7). Source: GAO analysis of Federal Reserve information. FDIC BONA FIDE SUBSIDIARY PROVISIONS AND FIREWALLS ========================================================== Appendix II FDIC regulation 337.4 requires that a subsidiary of an insured nonmember bank that conducts securities activities not authorized for a bank under sections 16 and 21 of the Glass-Steagall Act (1) is adequately capitalized; (2) is physically separate and distinct in its operations from the operation of the bank; (3) maintains separate accounting and other corporate records; (4) observes separate formalities, such as board of directors' meetings; (5) maintains separate employees who are compensated by the subsidiary; (6) shares no common officers with the bank; (7) has a board of directors that is composed of a majority of persons who are neither directors nor officers of the bank; and (8) conducts business pursuant to independent policies and procedures designed to inform customers and prospective customers of the subsidiary that the subsidiary is an organization separate from the bank and that investments recommended, offered, or sold by the subsidiary are not bank deposits, are not insured by FDIC, and are not guaranteed by the bank nor are otherwise obligations of the bank. Bona fide subsidiaries are required to register with the Securities and Exchange Commission as broker-dealers and be members in good standing of the National Association of Securities Dealers. Bona fide subsidiaries' underwriting activities are limited to underwriting of investment quality debt and equity securities and underwriting of investment companies with not more than 25 percent of their investments in other than investment quality securities or obligations of the United States Government and its agencies, bank certificates of deposit, bankers acceptances, and other bank money instruments, short-term corporate debt instruments, and other similar investments normally associated with a money market fund. An insured nonmember bank that has a subsidiary or affiliate that engages in the sale, distribution, or underwriting of stocks, bonds, debentures, notes, or other securities, or acts as an investment advisor to any investment company shall not: (1) Purchase in its discretion as fiduciary, cofiduciary, or managing agent any security currently distributed, currently underwritten, or issued by its "bona fide" subsidiary or an investment company advised by that subsidiary, unless where allowed by regulation. (2) Transact business through its trust department with its subsidiary unless the transactions are at least comparable to transactions with an unaffiliated securities company or a securities company that is not a subsidiary of the bank. (3) Extend credit or make any loan directly or indirectly to any company the stocks, bonds, debentures, notes, or other securities of which are currently underwritten or distributed by its subsidiary or affiliate of the bank unless the company's stocks, bonds, debentures, notes, or other securities that are underwritten or distributed qualify as investment quality debt or equity securities. (4) Extend credit or make any loan directly or indirectly to any investment company whose shares are currently underwritten or distributed by the "bona fide" subsidiary of the bank. (5) Extend credit or make any loan where the purpose of the extension of credit or loan is to acquire any stock, bond, debenture, note, or other security underwritten by the bank's subsidiary or an investment company advised by the subsidiary, unless as allowed by regulation. (6) Make any loan or extension of credit to the "bona fide" subsidiary unless the loan or extension of credit is within limits imposed by Section 23A of the Federal Reserve Act. (7) Make any loan or extension of credit to an investment company for which the bank's subsidiary acts as an investment advisor unless the loan or extension of credit is within limits imposed by Section 23A of the Federal Reserve Act. (8) Directly or indirectly condition any loan or extension of credit to any company on the requirement that the company contract with, or agree to contract with, the bank's subsidiary to underwrite or distribute the company's securities or directly or indirectly condition any loan or extension of credit to any person on the requirement that the person purchase any security currently underwritten or distributed by the bank's subsidiary or affiliate. (See figure in printed edition.)Appendix III COMMENTS FROM THE BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM ========================================================== Appendix II (See figure in printed edition.) (See figure in printed edition.) (See figure in printed edition.) (See figure in printed edition.) (See figure in printed edition.) The following is GAO's comment on the Federal Reserve's May 18, 1995, letter. GAO COMMENT -------------------------------------------------------- Appendix II:1 1. The caption in the executive summary, the title of chapter 3, and our conclusion on the effectiveness of the Federal Reserve's program in the final report were modified. These changes were made in response to the Federal Reserve's noting the few problems we found after reviewing inspections of numerous individual firewall conditions. (See figure in printed edition.)Appendix IV COMMENTS FROM THE FEDERAL DEPOSIT INSURANCE CORPORATION ========================================================== Appendix II (See figure in printed edition.) Now on p. 36. (See figure in printed edition.) (See figure in printed edition.) See comment 3. (See figure in printed edition.) See comment 5. See comment 7. (See figure in printed edition.) The following are GAO's comments on FDIC's May 18, 1995, letter. GAO COMMENTS -------------------------------------------------------- Appendix II:2 1. The draft of this report referred to securities activities that FDIC "allows." Because FDIC pointed out that it did not have the authority to convey authority to banks, the text in this report was modified to delete the word "allows." 2. The analysis of table 2.2 and related text were modified, in part, in response to information provided by FDIC. 3. Table 1.1 was modified to reflect FDIC's comment that bank direct brokerages are not subject to regulation by SEC and NASD. The text was modified to include this information. 4. The text and table 1.1 were modified to indicate that bank regulators have no authority over third-party broker-dealers operating on bank premises. 5. As FDIC pointed, out the text was modified to indicate that bank and securities regulators are already cooperating on developing testing requirements for bank personnel. 6. FDIC pointed out that a statement in the draft was inconsistent with a provision in the Federal Deposit Act and the statement was deleted from the text. 7. FDIC pointed out that a statement in the draft about its regulatory requirements concerning bank capital was incorrect. The statement was revised to indicate that its regulations require that an insured nonmember bank's direct investment in a securities subsidiary not be counted toward the bank's capital. 8. FDIC pointed out that a statement in the draft about which subsidiaries must meet the definition of a bona fide subsidiary was incorrect and the statement was deleted from the text. (See figure in printed edition.)Appendix V COMMENTS FROM THE COMPTROLLER OF THE CURRENCY ========================================================== Appendix II (See figure in printed edition.) See comment 1. See comment 2. (See figure in printed edition.) Now on p. 41. Now on pp. 34 and 35. Now on pp. 37 and 38. (See figure in printed edition.) The following are GAO's comments on OCC's June 8, 1995, letter. GAO COMMENTS -------------------------------------------------------- Appendix II:3 1. OCC said the introductory section incorrectly concludes that bank underwriting activities necessarily increase bank risk. It said that diversification into securities activities can actually reduce risk. In the Objective, Scope, and Methodology section we note that it was not in the scope of our review to determine comparative degrees of risk associated with different banking and nonbanking activities that banks might engage in. However, banks that engage in securities underwriting and dealing would be subject to risks of financial losses just as securities firms that underwrite and deal in securities are. 2. OCC said that the draft misrepresented its proposed rule governing corporate applications. The text was modified to incorporate OCC's interpretation of the proposal. 3. OCC said the draft incorrectly implied that the banking agencies permitted referral fees in a manner inconsistent with a NASD proposed rule. The text was modified to indicate that the Interagency Statement permits one-time fixed-dollar amount referral fees. OCC states that the NASD proposal also permits, or does not prohibit, such fees. However, fees paid by the bank to bank employees are beyond NASD's authority. 4. As OCC suggested, the text was modified to note that the Interagency Statement also requires oral disclosure at any sales presentation or offering of investment advice. 5. OCC said that banking agency access to CRD information should not be highlighted as a new initiative because they have had direct access to that information for years. A footnote was added to note limitation of the regulators access to CRD information. 6. In response to OCC's comments, information about the cooperative effort to make securities industry qualification examinations available to the banking industry is now characterized as an ongoing effort rather than a proposal. 7. The text was modified to include the additional training that OCC said was provided to examiners. 8. As OCC suggested, the text was modified to indicate that the antifraud provisions of federal securities law apply to banks in the same manner as registered broker-dealers. 9. The statement that banking regulators try to minimize their disclosure of enforcement actions against banks was deleted from the text. (See figure in printed edition.)Appendix VI COMMENTS FROM THE SECURITIES AND EXCHANGE COMMISSION ========================================================== Appendix II (See figure in printed edition.) (See figure in printed edition.) (See figure in printed edition.) The following are GAO's comments on SEC's May 19, 1995, letter. GAO COMMENTS -------------------------------------------------------- Appendix II:4 1. As SEC suggested, the text was modified to compare the number of bank-direct brokerages to the total number of banks that provide securities services. 2. Brokerage services that are provided through registered broker-dealers, including bank affiliates and independent third-party broker-dealers, were not included in the scope of this report, as SEC suggested, because they are subject to SEC and NASD regulation. See p. 22. (See figure in printed edition.)Appendix VII COMMENTS FROM THE NATIONAL ASSOCIATION OF SECURITIES DEALERS ========================================================== Appendix II (See figure in printed edition.) See comment 1. (See figure in printed edition.) See comment 3. See comment 4. See comment 5. (See figure in printed edition.) The following are GAO's comments on NASD's May 17, 1995, letter. GAO COMMENTS -------------------------------------------------------- Appendix II:5 1. The clarification to table 1.1 that NASD suggested was made by providing separate categories for bank affiliates and third-party broker-dealers. 2. NASD said the bank regulators did not discuss their Joint Policy Statement with NASD as the draft stated. The phrase was deleted from the text. 3. The text was modified to special "financial" information as NASD recommended. 4. The text was modified to include NASD's views on regulation of banks' securities brokerage activities. 5. As NASD indicated, information about the cooperative effort to make securities industry qualification examinations available to the banking industry is now characterized as an ongoing effort rather than a proposal. TECHNICAL APPENDIX: SURVEY OF BANKS ======================================================== Appendix VIII Ranking Minority Members of congressional committees asked us to determine whether bank examiners check for compliance with retail securities brokerage safeguards and whether sanctions are imposed on banks that breach those safeguards. To accomplish this, we needed to select for evaluation banks whose own employees were involved in the brokerage services offered by the bank. We also set out to describe the nature and extent of retail securities activities conducted by banks. To help meet this request, we mailed questionnaires to a random sample of 2,233 banks. The results of that survey are representative of the entire banking industry. Our questionnaire gathered data on the different types of retail securities brokerage services offered and through what arrangements with employees, subsidiaries, affiliates, or third parties the services were being offered. In addition, we included a number of questions on the related subject of bank mutual fund sales programs. The fieldwork for the survey was conducted from February through June of 1994. SURVEY SAMPLE PLAN ---------------------------------------------------- Appendix VIII:0.1 We developed the survey frame (a listing, without duplicates or omissions, of each element in the population of U.S. banks) from a file containing the June 1993 Call Report data. This database listed 13,360 banks. After removing International Banking Associations and New York Investment Companies (which we felt were mostly commercial institutions unlikely to have retail brokerage programs), our frame contained 11,769 banks. Later, we excluded 559 mutual savings banks from the analysis, because they fell outside the scope of our work. Our total survey population, or universe, consisted of 11,210 banks. From this frame, we randomly sampled 2,233 banks. We divided the institutions in the frame into 12 strata (see table VIII.1) and distributed our sample across those strata so that survey estimates from each stratum would be likely to have sampling errors for the most important questions of no more than � 5 percent at the 95-percent level of confidence. Unless otherwise noted, the survey statistics in this report have sampling errors within that range. Because we surveyed only one of a large number of possible samples of the bank population to develop the statistics used in this report, each of the estimates made from this sample has a sampling error, which is a measure of the precision with which the estimate approximates the population value. The sampling error is the maximum amount by which estimates derived from our sample could differ from estimates from any other sample of the same size and design and is stated at a certain confidence level, usually 95 percent. This means that if all possible samples were selected, the interval defined by their sampling errors would include the true population value 95 percent of the time. In addition to sampling error, all sample surveys may also be subject to error from a number of other sources, as described in the section on survey error and data quality below. QUESTIONNAIRE DESIGN AND ADMINISTRATION ---------------------------------------------------- Appendix VIII:0.2 We developed our questionnaires in consultation with experts in the finance industry and at regulatory agencies, and we conducted six pretests with banks that represented a range of sizes and regulators. We made revisions to the questionnaire on the basis of the comments we received. See appendix IX for a copy of the pages from the questionnaire used in our analysis. We addressed each questionnaire to the office of the President or CEO at each institution, using the mailing address information listed in the Call Report file. We mailed questionnaires to all 2,233 sampled banks in early February of 1994. To the institutions not responding to our survey by the end of March 1994, we sent a follow-up questionnaire on April 1, 1994. We ended the fieldwork for this survey on June 16, 1994, discarding any questionnaire returned after that date. SURVEY RESPONSE ---------------------------------------------------- Appendix VIII:0.3 By the end of the survey fieldwork period, we had received 1,508 completed questionnaires, accounting for 68 percent of the banks in our sample. Table VIII.1 displays, by strata, the dispositions of the questionnaires we sent out. Because banks in different strata were sampled at different rates, and because institutions responded at different rates across the strata, the survey estimates made in this report were weighted, or statistically adjusted, so that the answers given by institutions in different strata were represented in proportion to their actual numbers in the entire population. There was a slight tendency for the smaller institutions (in terms of asset size) to respond at higher rates than larger institutions. Also, those responding early in the survey period tended to be the banks not offering brokerage services (such questionnaires required little work on the part of our respondents, making it easier to fill out the questionnaire). We have no reason to believe that these patterns of response had any impact on the accuracy of the survey estimates. However, we conducted no follow-up contacts with any of the nonrespondents to determine if their answers were significantly different from the answers of those who did respond. Table VIII.1 Survey Dispositions of Sampled Banks Strata (institution Returned Returned type and asset Original Initial Ineligible\b Adjusted undeliverable by unusable Returned usable size) population\a sample from sample sample\c Post Office\d questionnaire\e questionnaire Response rate\f ---------------- ------------ ------------ ------------ ---------------- ---------------- ---------------- ---------------- ---------------- FRS national 2,514 350 2 348 12 2 265 0.76% banks up to $150 million $150-$250 348 174 4 170 6 0 122 0.72 million $250 MM-$1 388 194 5 189 10 0 98 0.52 billion $1 billion and 202 150 4 146 4 2 75 0.51 up FRS state banks 749 270 1 269 8 1 207 0.77 up to $150 million $150-$250 76 76 2 74 4 0 47 0.64 million $250 million-$1 84 84 0 84 3 0 55 0.65 billion $1 billion and 63 63 1 62 5 0 33 0.53 up FDIC state banks 5,900 375 4 371 9 2 284 0.77 up to $150 million $150-$250 428 214 2 212 7 0 143 0.67 million $250 million-$1 350 175 4 171 13 1 120 0.70 billion $1 billion and 108 108 2 106 10 1 59 0.56 up ==================================================================================================================================================== Totals 11,210 2,233 31 2,202 91 9 1,508.00 0.68 ---------------------------------------------------------------------------------------------------------------------------------------------------- \a All banks identified in the June 1993 Call Report, except mutual savings banks, international bank associations, and New York investment companies. \b Sampled elements outside the survey population due to no existing address, merger, receivership, or other cessation of operations as a depository institution. \c Number in original sample minus number ineligible. \d Sampled elements in the survey population, but questionnaire returned undeliverable due to insufficient address, or unknown address and forwarding order expiration. \e Blank, incomplete, or refused questionnaire returned, or returned after cut-off date. \f Response rate calculated as the number of banks completing usable questionnaires divided by the number of eligible banks in the adjusted sample. SURVEY ERROR AND DATA QUALITY ---------------------------------------------------- Appendix VIII:0.4 In addition to the presence of sampling errors, as discussed above, the practical difficulties of conducting any survey may introduce other types of errors, commonly referred to as nonsampling errors. For example, differences in how a particular question is interpreted, in the sources of information that are available to respondents, or in the types of people who do not respond can introduce unwanted variability into the survey results. We included steps in both the data collection and data analysis stages for the purpose of minimizing such nonsampling errors. We selected our sample from the most complete and up-to-date listing of banks available, and we attempted to increase the response rate by conducting a follow-up mailing accompanied by cover letters stressing the importance of the survey. To minimize errors in measurement, we pretested the questionnaire thoroughly and obtained reviews from industry experts and agency officials. To ensure data processing integrity, all data were double-keyed and verified during data entry. Computer analyses were performed to identify inconsistencies or other indication of errors, and all computer analyses were checked by a second independent analyst. Finally, we performed limited validation of a number of returned questionnaires through contacts with respondents or review of other agency records. (See figure in printed edition.)Appendix IX SURVEY OF BANKS AND THRIFTS ON MUTUAL FUND AND SECURITIES ACTIVITIES ======================================================== Appendix VIII (See figure in printed edition.) (See figure in printed edition.) MAJOR CONTRIBUTORS TO THIS REPORT =========================================================== Appendix X GENERAL GOVERNMENT DIVISION, WASHINGTON, D.C. --------------------------------------------------------- Appendix X:1 Michael A. Burnett, Project Director David P. Tarosky, Project Manager Charles Michael Johnson, Deputy Project Manager Desiree W. Whipple, Reports Analyst Carl Ramirez, Social Science Analyst CHICAGO REGIONAL OFFICE --------------------------------------------------------- Appendix X:2 Roger E. Kolar, Senior Evaluator Daniel K. Lee, Evaluator NEW YORK REGIONAL OFFICE --------------------------------------------------------- Appendix X:3 Susan Chan, Evaluator Phillip F. Merryman, Evaluator SAN FRANCISCO REGIONAL OFFICE --------------------------------------------------------- Appendix X:4 Susan J. Kramer, Senior Evaluator Donald Y. Yamada, Senior Evaluator