An Extravaganza of Activity for Financial Policy Nerds
Some people enjoy spending time outdoors hiking or camping. Others join book clubs. Some are hardcore sports fans. A (much) smaller subset eat, sleep and breathe financial services policy. We helpfully point out to our spouses, repeatedly and proudly, fictional scenes and conversations added to HBO’s adaptation of Too Big to Fail for dramatic purposes. Though their spouses roll their eyes with every outburst, we know with complete certainty that, deep down, they appreciate the unsolicited bonus commentary. We swap stories of our favorite Banking or Financial Services committee hearings. We look forward to long-haul flights for the periodic opportunity to reread, uninterrupted, the 2011 report issued by the Financial Crisis Inquiry Commission, which we’ve had saved on our iPads since the day it was released, just for kicks. For this admittedly very small universe of banking policy nerds, this week has been momentous.
First, some context. Congress passed, and President Obama signed into law, the Dodd-Frank Wall Street and Consumer Protection Act in the summer of 2010. By any objective metric, Dodd-Frank was massive in its breadth. The leading legal firm Davis Polk concluded that Dodd-Frank required the financial regulatory agencies to write 390 new rules, which has translated into more than 22,000 pages of rules and guidelines from the federal financial agencies. To put that in perspective, that’s the equivalent of reading Tolstoy’s War and Peace almost 18 times.
In more traditional political periods, there is a predictable chain of events that follows enactment of such significant legislation: a few years after the new law has been implemented, Congress, with little fanfare or hubbub, identifies areas of the bill that, though perhaps brilliant in theory when written by a Congressional staffer in a cramped office at 2 am, have proven to be difficult to work with in reality. Congress then enacts a rational, bipartisan package of technical corrections and fixes. We are, of course, not in a traditional political period and haven’t been for some time. Accordingly, no significant changes to Dodd-Frank had been approved by Congress since the bill was signed into law nearly eight years ago. Until today.
In a signing ceremony at the White House this afternoon, President Trump signed the Economic Growth, Regulatory Relief, and Consumer Protection Act into law. The legislation, which passed both the House and the Senate with bipartisan support, marks the first substantive changes to Dodd-Frank’s regulatory regime the financial system has seen. The new law, among other provisions, revises Dodd-Frank to allow banks with less than $250b in total assets to escape enhanced regulatory supervision, exempts institutions with less than $10b in assets from the Volcker Rule, and expands the definition of “qualified mortgage” for smaller financial institutions, which proponents argue will make it easier for community banks to provide access to credit for their customers. Though the bill is relatively modest – Republican-only legislative proposals have included provisions that would significantly change the structure of or entirely eliminate the Consumer Financial Protection Bureau, for example – liberal Democrats derided its enactment. Sen. Elizabeth Warren (D-MA), for example, argued that in allowing the bill to become law, “We’ll be paving the way for the next big crash. It’s time for the rest of us to fight back and demand that Washington work for us, not the big bank lobbyists.”
Washington was also busy this week on personnel, not just policy. The Senate earlier today confirmed Jelena McWilliams, the current General Counsel of Fifth-Third Bank and a former senior staffer on the Senate Banking Committee, to lead the Federal Deposit Insurance Corporation (FDIC), which, in addition to its mandate to protect Americans’ deposits at banks, examines and supervises more than 4,000 small financial institutions across the country. Mel Watt, the former Democratic Congressman and Director of the Federal Housing Finance Agency, is now the only remaining Obama-era appointee to lead an independent financial regulatory agency. Following McWilliams’ confirmation, nine out of the 10 voting members of the Financial Stability Oversight Council – the committee of regulators created by the Dodd-Frank Act after the financial crisis to identify and mitigate systemic risks in the U.S. financial system – have been appointed by President Trump. The White House now has a full slate of its appointees at the helm of the various prudential banking agencies, and each have signaled support of the President’s general inclination towards deregulation in the financial services markets.
And the action hasn’t been limited to only Washington. If you noticed you received quite a few updated privacy notices in your inbox this week, you’re not alone. As of tomorrow, Europe’s General Data Protection Regulation (GDPR) becomes enforceable by European regulators. (The timing of Mark Zuckerberg’s appearance this week before European policymakers to ask for forgiveness for the Facebook/Cambridge Analytica breach was therefore somewhat ironic.) This is a date that many of us have had circled on our calendars since April of 2016, when May 25, 2018 was formalized as the final implementation date. Under GDPR, businesses across virtually every industry must apply the highest-possible privacy settings to their customers’ data by default, must notify their customers of a data breach within 72 hours, and cannot share their customers’ data with any other party, or use it for any reason whatsoever, without the consumer’s express opt-in, which can be revoked at any time. Additionally, under GDPR, consumers have the “right to be forgotten” – that is, to have their data erased from the systems of the businesses that hold it.
Though GDPR doesn’t apply outside European borders, many firms, particularly those with international operations, have voluntarily decided to adopt GDPR-like data privacy standards across their geographical footprints. With a number of countries outside of Europe considering data privacy regimes similar to GDPR, these organizations have made strategic decisions to become first adopters internationally, believing that ultimately, consumer data privacy regulations will spread across borders. Only time will tell.