Are bank customers safer with the SAFER Act? Doesn't look like it.
The Senate Takes A Wrong Turn While Trying to Protect Bank Customers
The new version of the SAFE Act, now called the SAFER Act dropped yesterday. Honestly, the only section I care about is Section 10, which sought to limit the ability and discretion of bank regulators to pressure banks to cut ties with customers. The original section was controversial, for reasons I consider highly dubious, and was therefore rewritten.
The original Section 10 prohibited bank regulators from formally or informally requesting or ordering that a bank cut ties with a customer unless the regulator made a written determination that serving the customer was an unsafe and unsound business practice or resulted in the violation of a law, rule, or order (including posing a threat to national security). This determination could not have been based primarily on reputation risk. It also required banks to provide notice to customers so targeted and the justification, though notice was prohibited if it might interfere with a criminal investigation. Lastly, the banking regulators needed to provide reports to the relevant congressional committees on the number of account termination requests or orders the agency made in the past year and the justification for those orders.
The new Section 10 talks a good game. There is a Sense of Congress section that says lots of good things about how bank regulators’ duty is based on law and regulation and not personal or political preferences and how undue coercion has no place in banking regulation.
However, this section includes huge holes that are ripe for abuse, such as stressing that it is only lawful businesses that should be protected. At first this makes sense, because we don’t want criminal enterprises to access the banking system. But with this vague language, could it be interpreted to mean that any business that violates a law can be debanked? Who can meet the standard? Does this allow regulators to debank any disfavored group based on any technical violation they can find?
It then describes the limit placed on the banking regulators, which is unfortunately lacking. Under the new Section 10 bank regulators may request or require a bank to cut ties if it has a “Valid Reason” and reputational risk was not the dispositive factor to the request. What is a “Valid Reason” you may ask? What isn’t is the better question.
Under this proposal an unsafe or unsound practice (as defined by the regulator) is a valid reason, as is a violation of the law. Fair enough, but the draft also says a violation of written informal guidance is a valid reason. That’s right, the stuff that isn’t law and isn’t subject to a formal process can be a valid reason for an agency to require a bank to cut ties. It also allows for conduct that has given rise to certain kinds of supervisory matters to count, despite the discretionary and opaque nature of bank supervision. But there is more. The bill explicitly says that any reason determined valid by the agency itself is a “valid reason.”
How does this place any meaningful limitation on the regulators? How is this not just Congress capitulating to them and giving them a blank check.
The only restraint is that a regulator may not act when reputation risk was somehow “dispositive?” What does dispositive even mean in this context? Is it that but for the reputation risk the agency wouldn’t have brought the claim? We do not know. The bill does not explain, eliminating this one possible obstacle to the behavior Congress was trying to deter.
Ok, ok, that isn’t great, but maybe the notice sections will allow customers and Congress to check the regulators in the courts? Just a couple of problems.
First, this bill could have the effect of codifying an expansive view of agency authority that is currently disputed and not always accepted by the courts. By separating out unsafe and unsound from other justification, including justifications the agency itself creates, Congress risks voiding the important limit on regulator power articulated in Gulf Federal Savings Assoc. that for something to be unsafe or unsound, and therefore provide grounds for regulator action (barring other explicit statutory justification) the conduct must pose a real threat to the financial health of the bank.
To be sure, that view is not universally shared, especially by the regulators, but it provides an important check on their discretion. This bill risks giving them effectively carte blanch without regard for whether there is any actual economic risk to the bank, deposit insurance fund, or broader economy. Instead, the regulators get to define their own reasons, provided reputation risk isn’t dispositive. While people could still challenge an agency decision on constitutional grounds, this bill risks giving the agencies almost complete discretion for anything that doesn’t implicate the constitution, which given how broad Congress’s constitutional authority on interstate commerce is, would be most things.
The second problem is that the notice provisions appear to be neutered. For example, the original Section 10 prohibited disclosure to the customer if doing so would interfere with a national security or law enforcement investigation. The new Section 10 prohibits disclosure if that disclosure may result in revealing confidential supervisory information, which again is broadly defined and controlled by the regulators.
More distressingly, the bill also prohibits disclosure to the customer if the regulator thinks the bank or an institution-affiliated party (including customers) may have or may be about to violate laws rules, former or informal guidance or conduct an unsafe or unsound practice etc. etc. These are most of the things that count as “valid reasons” for the debanking in the first place! The bill allows regulators to put customers on double-secret probation where they can’t know what they are accused of, because they are accused of it.
There is more to Section 10, but it isn’t directly relevant to the key question of whether the new Section 10 meaningfully protects customers from regulatory abuse. It is hard to see how this is the case. What was a straightforward effort to place some limits around bank regulators’ power appears to have become an exercise in self-contradiction, where regulators get to create their own reasons and so long as they think they are valid that can serve to justify forcing a bank to cut ties. Meanwhile, the part of the original Section 10 that was meant to help customers know when they were being targeted and challenge it in court now allows regulators to prohibit disclosure for violations of things as petty as informal guidance! It isn’t hard to imagine how this might be abused, and what types of customers may find themselves in the crosshairs.
Maybe I am misreading this, but at present I fail to see how this isn’t outright counterproductive to its original and valid intent. The goal is to prevent the abuse of bank regulation as a means for the powerful to suppress legal but disfavored businesses and people. Something we know is a risk and have seen both here and abroad. This goal is too important to bungle.
If anything, the current proposal would be worse than the status quo because passing this could put a congressional stamp of approval on regulator’s assertions of power that currently exceed statutory authority and may be checked by the courts. If protecting customers is what Congress wants to do, and it should, they need to actually place meaningful barriers on regulator power, which this proposal does not do.