Skip to main content
The Federal Reserve Bank of New York building is seen in the Manhattan borough of New York, U.S., December 16, 2017.  REUTERS/Eduardo Munoz - RC1C40CEF810
Report

The curse of confidential supervisory information

Editor's Note:

This report is part of the Series on Financial Markets and Regulation and was produced by the Brookings Center on Regulation and Markets.

Over the past few years, a number of scholars and practitioners have been shining light on the phenomenon of bank supervision—the workhorse of government efforts to influence the financial system. Supervision is different from regulation and legislation, the rules of the road passed by Congress and regulators, such as the Federal Reserve (Fed), Consumer Financial Protection Bureau, or the Comptroller of the Currency. Instead, supervision is a complex set of evolving practices that put the government and private banks in direct contact, with sometimes surprising results.

Peter Conti-Brown

Assistant Professor of Legal Studies & Business Ethics - Wharton School, University of Pennsylvania

Nonresident Fellow - Economic Studies, The Brookings Institution

This burst of scholarly attention on bank supervision is exciting and welcome. As Randal Quarles, the Fed’s first Vice Chairman for Supervision, has invited “greater legal scholarship on the due process considerations associated with bank supervision as a process distinct from regulation.”

This interest from within and beyond the Fed, inside the academy and industry, in bank supervision as an epistemology that exists separate from other modes of legal obedience is an exciting development. But as my co-author, Sean Vanatta and I discovered, it is also a frustrating one. Sean and I are concluding a four-year project writing the history of bank supervision, from the Civil War to the changes wrought in supervision after the Dodd-Frank Act, forthcoming from Harvard University Press. A primary source of our frustrations has been a tortured legal doctrine that protects, with criminal penalties, “confidential supervisory information” from disclosure, often without regard to its historical value or relevance to modern debates. In this essay, I write about the flawed and complex legal basis for withholding supervisory information, and explain steps banking regulators and Congress can take to relax those restrictions for better accountability of the financial system without great sacrifice to the deliberations between banks and bank supervisors.  This release will permit us to avoid making the same costly mistakes in the way we as a society both interact with a vital and healthy financial system and supervise that system to ensure its success for the future.

The (Bad) Law and (Worse) Policy of Confidential Supervisory Information

Confidential supervisory information is defined by Fed regulation as including “reports of examination and inspection, confidential operating and condition reports, and any information derived from, relating to, or contained in them” and any “documents prepared by, on behalf of, or for the use of the Board [of Governors, or] a Reserve Bank.” Under the law, 12 CFR § 261.2(b), it cannot be disclosed, under three distinct principles. First, Congress has made it illegal for bank examiners to disclose confidential supervisory information, subject to fines and potential imprisonment. Second, the Fed has asserted a legal theory applying to all recipients of CSI, under the statutory authority of the general statute that prohibits theft of “public money, property, or records” of the government. The Fed asserts the same law that criminalizes stealing money from the public fisc also applies to anyone who gains access to CSI. The idea is that CSI belongs to the Fed, even when it is produced by the banks and even when the banks themselves are eager to disclose it. Finally, Congress added exemption 8 to the Freedom of Information Act exempting from public disclosure any information “contained in or related to examination, operating, or condition reports prepared by, on behalf of, or for the use of an agency responsible for the regulation or supervision of financial institutions.”

All of these legal assertions—from the clearly articulated prohibitions in FOIA to the Fed’s less credible theory about CSI disclosure as a form of embezzlement—aim to balance two competing demands: (1) the need for accountability over banks and bank regulators by members of the public—politicians, bank customers, the banks themselves—and (2) the idea that bank supervision is a special process that needs special protections. As one court put it, that “[b]ank safety and soundness supervision is an iterative process of comment by the regulators and response by the bank.” That process “depends vitally upon the quality of communication between the regulated banking firm and the bank regulatory agency,” a relationship that “is both extensive and informal.”

The problem with the existing state of the art of confidential supervisory information is the countervailing goal—public accountability for banks and bank supervisors—is almost completely missing.

The problem with the existing state of the art of confidential supervisory information is the countervailing goal—public accountability for banks and bank supervisors—is almost completely missing. The existing state of affairs means that regulators have virtually untrammeled authority to exclude from public consumption any information that remotely falls under these capacious categories, with few if any exceptions.

The Consequences

What are the consequences of this regime? Ignorance. The financial system bellows out extraordinary amounts of information, but some of the most important types of information are obscured from any kind of public consumption. Consider the consequences for consumers, investors, banks, and scholars.

Consumers. Consumers suffer as bank supervisors have credible information that sheds light on ongoing practices that hurt consumers, whether explicit racial profiling, fraudulent activity that target those at the economic margin for quick fees, or the shuffling of consumer transactions to maximize bank revenue. These show up in bank examinations, but supervisors often choose not to disclose them. The consequences are that consumers are losing in contests against banks and bank supervisors know this. Consumers don’t.

Investors. Securities laws are built on twin pillars of disclosure and fairness. But major banks are permitted to hide adverse material information from investors under the guise of CSI. Information about the health of the institution, at the very heart of valuing these banks’ securities, cannot be disclosed to those investors if the supervisors insist on confidentiality. This cuts both ways: there are banks well managed, whose supervisory experience can verify as much, who are similarly blocked from making these disclosures to gain investor trust, and banks where release of this information may signal to investors to be more cautious. It is worth investigating why banks, special in many ways, should be treated to such vastly different standards of securities regulation from the rest of the public capital markets.

Banks. Banks credibly complain that the secrecy of the supervisory process—and their inability to publicly discuss that process—subjects them to risks that they cannot manage. Given that risk management is a vital part of bank supervision, the risks that bank examination can exacerbate—and as Sean and I discuss in our forthcoming book, history is full of these exacerbated risks—are worth assessing too.

Banks can exaggerate this risk. The discretion that supervisors exercise is at the center of what makes supervision different from bank regulation, corporate governance, private litigation, criminal enforcement, and so many other modalities of legal obedience. But their concerns are real: if sunlight is the best disinfectant, as the saying goes, bank supervision has thrived in the dark.

Scholars. This last category may seem to matter least, but the costs to our public understanding of how bank supervision—and with it, how banking, politics, law, public accountability, public and private power, and so much else—work suffers. Sean and I have been very grateful for the help we have received from the FOIA offices at the Fed, Comptroller of the Currency, and the Federal Reserve, not to mention the openness shown us by the Conference of State Bank Examiners. But there are vast holes in our understanding of bank supervision that may well be permanent. Lawyers within the regulators have insisted, to us and to other scholars, that they are prohibited by law from sharing information that even contains “confidential supervisory information.” Some of this information is over one hundred years old. Some of it has been intentionally destroyed so that an enterprising scholar cannot obtain it by other means.

I regard the destruction of supervisory information, whatever the legal justification, as a tragedy. That sounds dramatic, but bank supervision truly does provide a unique window into how government works where private and public power intersect. Our inability to delve into those details in a concrete way is a large and dangerous liability.

The Better Path

What, then, should be done? Let me present three options, from most to least extreme, that the Fed and other bank regulators should consider adopting to open up the world to this vital information without eliminating the important benefits of confidentiality.

First, we abolish CSI completely. We are in a world of much greater transparency about how the world works. This old concept, forged in the mid-20th century, may not have the resilience for the 21st century.

Second, we disclose specific aspects of the examination process, from redacted examination reports, call reports, or final ratings assigned by supervisors to each bank (the so-called CAMELS ratings). This information would be appropriately abstracted away from the source, thus preserving the flexibility of confidentiality of process while giving consumers, investors, banks, and scholars important information about the health of individual institutions and the system itself.

Third, we preserve everything: no more wanton destruction of old records. And we should disclose everything, after an appropriate lag, just as is currently done with maximal disclosure of monetary policy deliberations after a five-year lag. In my view, that lag should be measured in years, not decades, but I would take decades at this point. The standard right now is “never.”

Finally, at the very least, Congress or the regulators should consider convening a panel of experts—from industry, consumer groups, investors, the academic community, the regulators—to study how we have arrived at this world of intense secrecy and whether the current regime serves the goals that we should all have for a resilient, transparent, efficient, and fair financial system. I am confident that such a group would not conclude that the status quo reflects the best we can do.


The author did not receive financial support from any firm or person for this article or from any firm or person with a financial or political interest in this article. He is currently not an officer, director, or board member of any organization with an interest in this article.

Get daily updates from Brookings