The latest semiannual Supervision and Regulation Report from the Federal Reserve has insight into how CRE lending credit performance “remains an area of concern,” particularly office. Delinquency rates topped 10% in the second quarter, significantly more than any other type, and 11% at large banks.
But there was more to say about financial institutions with $100 billion or more in assets. They had “more than the required regulatory capital levels, with “generally … sound” asset quality.
During the first half of 2024, about a third of large financial institutions had satisfactory ratings in the Federal Reserve’s three categories of measurement: capital planning and positions; liquidity risk management and positions; and governance and controls. The other two-thirds, however, had an unsatisfactory rating in either one or two of the other critical components.
Most of the large banks met capital planning and liquidity risk management. Even then, regulators saw “continued weaknesses in risk-management practices for interest rate risk and liquidity risk.” Included in such categories are problems of the sort that sank the banks First Republic, Silicon Valley, and Signature in 2023. Additionally, there were shortcomings in some areas of governance and controls, including operational resilience, cybersecurity, and Bank Secrecy Act (BSA) and anti-money laundering (AML) compliance.
The report said the total number of outstanding supervisory findings was almost flat over the first half of 2024. And yet, according to the Fed’s information, that should be cold comfort. In 2019, 45% of large banks had less than satisfactory ratings. Then in 2023, 60% of them lacked fully satisfactory ratings. So far, 2024 is demonstrating similar characteristics.
Out of the outstanding supervisory findings in large financial institutions, close to 80% were issues of governance and controls, so involving the basic operations of banks that are necessary to keep the financial framework solvent and reasonably free of risk. Cybersecurity has become a “high priority given the increasing and evolving nature of cybersecurity threats” that can leave banks open to attacks and criminal fraud.
For the coming months, the Fed’s “supervisory priorities” for large banks include interest rate risk; market and counterparty risk; CRE loan risk; and firms catching up with previous concerns about operations, all as part of capital planning and positions.
In liquidity risk management and positions, there are internal liquidity stress tests; risk-management practices and governance; and, again, firms catching up with previous concerns.
Governance and control targets are IT risk and operational resistance, including cybersecurity; third-party vendor management; and firm remediation of previous concerns.