Despite plenty of advanced notice and an extension of the compliance deadline, new recordkeeping rules crafted by the Federal Deposit Insurance Corporation may still leave financial institutions in a late stage scramble.
Back in 2017, the FDIC approved a final rule establishing recordkeeping requirements for FDIC-insured institutions with a large number of deposit accounts. The goal is to facilitate rapid payment of insured deposits to customers if the institutions were to fail.
The “Recordkeeping for Timely Deposit Insurance Determination” rule requires each insured depository institution that has two million or more deposit accounts to configure its information technology system to be capable of calculating the insured and uninsured amount in each deposit account by ownership right and capacity, which would be used by the FDIC to make deposit insurance determinations in the event of the institution’s failure.
Another requirement is to maintain “complete and accurate information” needed by the FDIC to determine deposit insurance coverage with respect to each deposit account.
The stark reality, and a driving force behind the rule, is that more than 400 banks have failed since 2009. If the FDIC cannot facilitate the sale of a failed bank to a healthy bank, the FDIC promptly pays the failed institution’s depositors the full amount of their insured deposits. The rule is intended to provide depositor confidence that they will garner at least some relief in the event of a bank’s collapse and resolution.
Typically, the FDIC strives to reimburse depositors within one business day of a bank failure. The agency, however, has growing concerns that the size and complexity of the largest banks would preclude it from maintaining this level of efficiency.
Deposit insurance coverage is based on an individual bank’s data. In large banks, the relevant data is frequently maintained in multiple information technology systems, and the insurance coverage calculations may be complicated (with various types of accounts) or delayed (when data is missing). To mitigate this risk of delayed payment, the FDIC issued a new rule in February 2017 specifying recordkeeping and compliance requirements.
The rule applies to insured depository institutions with more than 2 million deposit accounts and requires these institutions to maintain complete and accurate data on each depositor. Covered banks are also required to ensure that their information technology systems are capable of calculating the amount of insured money for most depositors within 24 hours of a failure.
Currently there are 38 institutions with more than 2 million deposit accounts. The rule allows these institutions three years to develop the recordkeeping and IT systems required for compliance.
The rule specifies that banks must reach compliance by April 1, 2020. Experts say that large banks will likely need the entire three years to fully satisfy all of the data and recordkeeping requirements. The concern, however, is that 2020 seems a long ways off and procrastination may create a late state panic and rush to get the work done.
“Timely access to insured deposits is critical to maintaining public confidence in the banking system,” FDIC Chairman Martin Gruenberg said in a statement at the time the rule was enacted. The rule “bolsters the FDIC's ability to provide depositors at banks with a large number of deposit accounts the same rapid access to their insured funds in the case of a failure as the FDIC does in smaller resolutions.”
“While the final rule would apply to banks with at least two million deposit accounts, some of the 38 banks that would be covered by the final rule now have more than 50 million deposit accounts, offer FDIC-insured accounts using complex account structures, and use information technology systems that are more complex than smaller banks typically employ,” he added, conceding to likely complications and challenges. “Many of them also have multiple deposit platforms inherited through prior acquisitions.”
“This is really about getting a handle on your product types and account types, beneficiaries, and all the money that is associated with those deposit holders and then insurance calculations for who is covered by the FDIC, and for how much, and having a view of it.”
Harry Chopra, Chief Client, AxiomSL
By law, the FDIC must pay deposit insurance “as soon as possible” after an insured depository institution fails while also resolving it in the manner least costly to the Deposit Insurance Fund.
“The FDIC believes that prompt payment of deposit insurance is essential to the FDIC’s mission for several reasons,” the rule says.” First, prompt payment of deposit insurance maintains public confidence in the FDIC, the banking system and overall financial stability. Second, facilitating prompt access to insured funds for depositors enables them to meet their financial needs and obligations. A delay in the payment of deposit insurance, especially in the case of the failure of one of the largest IDIs, could harm the entire financial system and national economy.”
For example, the failure of such a large IDI could cause disruptions to check clearing processes, direct debit arrangements, or other payment system functions.
“The final rule is expected to significantly reduce the difficulties the FDIC would face in making prompt deposit insurance determinations at the largest IDIs,” the rule, as published in the Federal Register, says.
In order to resolve a bank under the least-cost requirement, the FDIC says it must be able to estimate the cost to the DIF of each possible resolution type.
As part of this estimate, the FDIC must be able to rapidly identify insured versus uninsured deposits. Insufficient information about a bank’s insured deposits and the difficulties posed in identifying relationships between deposit accounts at the time of closing, due in part to the large volume of deposit accounts managed by the institution, may impede the FDIC’s ability to meet its insurance requirements.
The inherent challenge for covered institutions is collecting the needed data and keeping it up to date as deposits and withdrawals are constantly in flux.
The consolidation of the banking industry has resulted in larger institutions that have more complex information technology systems. Also, these institutions often use multiple deposit systems, which complicate deposit insurance determinations.
“Depending on the structure of the deposit systems, data aggregation and account identification may be burdensome, inefficient, and time-consuming,” the FDIC concedes. It has estimated the cost of the final rule for covered institutions amounts to roughly $386 million and approximately 5.2 million total labor hours over three years.
The cost components of the estimate include implementing the deposit insurance calculation, legacy data cleanup, data extraction, data aggregation, data standardization, data quality control and compliance, data reporting, and ongoing operations.
The final rule requires that the chief executive officer or chief operating officer must certify the data submitted to the FDIC as accurate and timely.
Harry Chopra is chief client officer for AxiomSL, a global provider of regulatory reporting, risk, and data management solutions. The longtime veteran of the financial services industry is hopeful that banks will start putting compliance with the FDIC rule atop their “to do” list.
A common reaction: “Oh my goodness, here is another regulation, and I jut swallowed a CCAR elephant,” Chopra says. “This is really about getting a handle on your product types and account types, beneficiaries, and all the money that is associated with those deposit holders and then insurance calculations for who is covered by the FDIC, and for how much, and having a view of it.”
In his assessment, one could look at FDIC 370 as the next regulatory hurdle faced by deposit-taking institutions, or an opportunity to be positioned for growth in a rising rate and increasing liability environment. A consolidated and granular view of deposits provides retail and corporate banking leaders a nuanced perspective on interest expense liabilities for the institution.
Once all of the deposit-taking data is on an intelligent platform, business leaders can begin to identify areas of cross-selling opportunities. Deposit-taking institutions will have the basis to discuss ways to reach retail customers or business clients and drive a future view of deposits and products for the organization.
As interest rates rise, deposit-taking institutions are turning to promotions to attract funds to savings accounts and certificates of deposit. The recent passage of the tax bill in the United States means there may be an additional 10 to 14 percent of cash flow that will be generated by small-to-medium enterprises and corporate clients. “This means that financial institutions will need to develop a granular capability to project deposit liabilities that may present themselves under various product scenarios,” Chopra says.
Nevertheless, developing a view of all deposits is a daunting one and the regulation not only stipulates consolidating this information across core account processing systems and business lines, but also maintaining all associated financial metrics such as accurately calculating applicable FDIC insurance for all account holders.
The speed by which banks must turn over data is also a challenge. A key requirement of FDIC 370 is that deposit-taking institutions have to be able to provide the said regulatory outputs within 24 hours of a request from the FDIC.
“Manual processes and unconsolidated data will make it very difficult for institutions to comply with and manage this requirement,” Chopra warns. “Implementing a standardized data model that reflects the bank’s retail, wealth management, and corporate banking deposits, along with a template that accurately reflects the business rules to meet the regulatory specification, will help organizations sleep better at night.”
Key challenges include unraveling information that is often held in different departments with disparate systems, and some records are still paper-based. Banks may lack certain information required by the FDIC, in which case they need to figure out how to get it from their customers or a third party for pass-through accounts.
“What you really need to do as an institution is to have an enterprise view of all your account types, product types, and all the beneficiary information associated with them,” Chopra says. “The daily balances in all those accounts and an insurance calculation needs to be done in a single eco-system.”
The benefit of compliance, he reiterates, is getting an enterprise view of your accounts, products, and insurance liabilities. “Getting it done puts you in a position to model the liability side of the balance sheet in a really clean way.”