Testimony before The Permanent Subcommittee On Investigations, Committee On Homeland Security And Governmental Affairs United States Senate March 15, 2013
'Chairman Levin, Ranking Member McCain, and members of the Subcommittee, we appreciate this opportunity to discuss the OCC’s oversight of JPMorgan Chase, National Association (the bank), as it relates to the bank’s more than $6 billion in trading losses last year. The Subcommittee’s important work in this area will enhance our understanding of lessons learned from the specific events at the bank and how we may apply them to improve both the risk management of other large institutions and our own supervisory processes. The OCC has supported the Subcommittee’s efforts to review the bank’s credit derivatives trades, and we will continue to cooperate on this matter.
The risk management culture and processes that led to the significant trading losses at the bank are unacceptable. The bank’s risk management and internal controls failed to identify and appropriately manage credit derivatives trading practices conducted by the Chief Investment Office (CIO) on behalf of the bank. Corporate governance and oversight were lacking with respect to the CIO risk taking. As a result, the activity and the risk associated with the CIO were not transparent. Equally troubling was the failure of the bank to provide timely and complete information to the OCC as events unfolded. This represents a fundamental breakdown in the open communication that we expect bank management to maintain with our supervisory staffs. Had the risk management and audit processes worked as intended, this activity should have been highlighted to bank management and supervisors, thereby resulting in greater scrutiny by both the bank and the OCC.
Clearly, there were red flags that we should have noticed and acted upon, and as our testimony will describe, we have taken actions to strengthen our supervision in this area. However, once we became aware of the potential scope of the problems in the trades conducted by the CIO on behalf of the bank, we quickly took actions to obtain more information from the bank, and we initiated a series of targeted examinations. Based on our findings, we issued a Cease and Desist (C&D) order against the bank to remedy the unsafe and unsound practices and legal violations related to the derivatives trading activities conducted by the CIO on behalf of the bank. As more fully described in our C&D, we found deficiencies in the following core functions: oversight and governance; risk management processes and procedures; control over trade valuation; development and implementation of models; and internal audit processes. Throughout this time, we were working closely with supervisors from the Federal Reserve System, and, concurrent with the OCC's enforcement action, the Board of Governors of the Federal Reserve System (FRB) issued a C&D order against the bank's parent company, JPMorgan Chase & Co (the holding company).
We also launched an internal review to assess the quality of our supervision and lessons learned in order to strengthen our supervision at the bank and across the large bank population that we supervise. Our goal is to ensure that we focus resources efficiently and effectively to identify risks, assess the adequacy of banks’ governance and risk management, and ensure that weaknesses are promptly addressed.
Our testimony addresses the key issues highlighted in the Subcommittee’s invitation letter, including our oversight of the CIO activities affecting the bank and the Synthetic Credit Portfolio (SCP); the extent to which the bank provided evidence of the SCP risk mitigation activities; our oversight of the SCP’s valuation practices and the bank’s use of its Value at Risk (VaR) models; and the extent to which the CIO and the bank impeded effective oversight by the OCC. Our testimony then describes the lessons we have learned from our internal review and examinations, and how we are using those lessons to improve our supervision of large banks.
I. An Overview of the Bank, the CIO, and SCP
JPMC is a $2.4 trillion bank holding company with approximately $140 billion in Tier 1 common capital as of December 31, 2012. The lead national bank has approximately $1.9 trillion in total consolidated assets and $112 billion in Tier 1 common capital.
The activities that generated the reported $6 billion loss were conducted in the national bank by the CIO. CIO performs a number of tasks, principally taking positions to manage the holding company’s (and the bank’s) exposure to various risks and investing cash. The CIO’s primary mandate is to manage structural interest rate risk and hedge foreign currency capital and mortgage servicing rights. It also manages company- owned and bank-owned life insurance and oversees the holding company’s pension funds. The CIO also had small securities and derivatives positions for both trading and investment purposes. The CIO functions separately from the holding company’s investment banking business, where most trading and market making take place.
In 2006, the holding company formally approved a modest initiative of the CIO to trade credit indexes in North America and London to manage the holding company’s large cyclical exposure to credit. The VaR limit for this program was initially $5 million. The program grew rapidly in 2007 and 2008 as the financial crisis developed, taking substantial short positions in High Yield (HY) credit in SCP intended to hedge potential credit losses in loan and other portfolios. Because they were short positions, their value would generally increase if credit conditions in this market segment deteriorated.
Premiums paid for that protection were offset by long credit positions in other HY maturities and indexes as well as short and long Investment Grade (IG) credit positions across a variety of indexes, maturities, series, regions, and tranches. As HY positions are generally not bank-eligible, the bank transferred the market risk of these positions into a subsidiary of an Edge Act corporation, which took most of the losses. SCP was actively managed to achieve a dual mandate: make modest returns in a benign environment and more substantial returns in a credit stress event.
Throughout the financial crisis, the position appeared to perform well. By September 2010 the bank had reduced its SCP risk, and CIO management planned to further reduce the position. 2011 was a pivotal year, as markets stabilized and the risk/reward of the book was not as compelling as it had been. Consequently, the book size was reduced until June 2011. However, this cutback in stress loss protection led to large and sustained excesses of the CIO stress loss limits from February through June 2011. The limit excesses stopped in June 2011 when the HY short positions were increased once again as credit markets deteriorated.
In late 2011, CIO management had a stated goal of reducing the internal risk- based capital allocated to the CIO unit through reductions in the CIO’s risk-weighted assets (RWA). This was to be accomplished in part by changes in the credit derivatives positions. Despite that goal, CIO added to its HY short positions in late 2011 and early 2012. The CIO also added to the other positions to offset premiums paid on the short position. Losses, both actual and potential, accumulated in January 2012 so that by the end of the month, traders and CIO management were struggling to come up with a viable strategy to either stop building positions or, conversely, to continue aggressively trading with the hope that markets would turn more favorable. Ultimately, they chose the latter strategy and in February and March, there was a large and rapid increase in positions across a wide range of indexes, maturities, series, and tranches.
The positions became so large as to be noticed by external market traders and reported in the press. Losses continued to mount through April leading to the holding company’s public announcement of $2 billion dollars in losses with the potential for more to come. To-date, reported losses on the position have totaled some $6 billion.
II. The OCC’s Oversight of the CIO and the SCP
The OCC oversees the holding company’s national banks and various subsidiaries, including a branch in London. The FRB oversees the holding company and its affiliates, as well as the Edge Act subsidiary of the national bank. The OCC’s supervisory team includes approximately 65 onsite examiners who are responsible for reviewing nearly all facets of the bank’s activities and operations, including commercial and retail credit; mortgage banking; trading and other capital markets activities; asset liability management; bank technology and other aspects of operational risk; audit, and internal controls; and compliance with the Bank Secrecy Act, anti-money laundering laws, and the Community Reinvestment Act. These onsite examiners are supported by additional subject matter experts from across the OCC, and a small team of examiners in London.
OCC supervises the CIO activities affecting the bank as part of its broader supervision of capital markets activities in the bank. The CIO activities are conducted globally but managed and controlled out of the holding company’s New York offices. As a result, these activities are supervised by OCC and FRB staff assigned to the firm’s headquarters in New York.
Examination targets for the bank’s capital markets activities were determined based on our risk assessment system. As part of this process, our capital markets team made supervisory judgments in order to focus attention where we perceived the largest risk to be. We examined high risk and complex trading books in the bank’s investment bank. The examination team also reviewed the bank’s compliance with Basel rules, liquidity, and interest rate risk management. Within the CIO, our supervisory focus was on its investment portfolio. This $350 billion portfolio had grown quickly through 2008 and 2009 due to mergers and growth in deposits. The objectives of the portfolio are twofold: 1) to serve as a warehouse of liquid assets should the bank experience deposit losses due to idiosyncratic or systemic stress; and 2) to provide an earnings buffer for deployment of excess deposits. Given its growth, we were focusing much of our attention there.
We were aware of the various short term strategies being conducted in the CIO, and their performance and risk were mentioned briefly in Treasury, CIO, and holding company reports. While we knew that the CIO held a position protecting against an economic downturn, we now realize that the bank’s reporting on SCP did not convey the full nature of the activities or risks. Throughout much of the financial crisis and into 2011, the SCP book was consolidated into CIO performance metrics and not reported separately. Because of this lack of granular information, in 2011 and until the disclosure of the losses, reporting about the SCP was not transparent, and information of interest to examiners on emerging issues was not provided. This lack of transparency inhibited our ability to fully understand the nature of the risk taking and evolution of the SCP strategy.
Following the April 2012 Wall Street Journal article about the "London Whale," we directed the bank to provide us with granular information about the SCP so that we could fully assess the risks being taken, and we began internal discussions on the scope of corrective actions warranted. We quickly determined that a full-scale, comprehensive review of the activities and oversight of the CIO and SCP was required due to increasing levels of losses the bank was then reporting and the bank’s lack of fulsome responses to our requests for information. Our review was launched during the first week of May and had two components. The first component focused on evaluating the adequacy of the bank’s risk controls and risk governance, informed by their application to the positions at issue. The second component evaluated the lessons that could be learned from this episode to enhance risk control and risk management processes at this and other banks, and to improve OCC supervisory approaches.
The first prong of our review involved our onsite examination team focusing on three broad areas. First, we actively assessed the quality of management and risk management in the CIO function. This review looked at decision making and board oversight, including whether the risk committee members were appropriately informed and engaged; the types and reasonableness of risk measurement metrics and limits; the model governance review process; the valuation control process; and the quality of work by the independent risk management team, as well as internal audit. Second, we assessed the adequacy of the information provided within the holding company and the bank and made available to the OCC to evaluate the risks and risk controls associated with the positions undertaken by the CIO. Third, we are now reviewing the compensation process of the CIO and assessing the bank’s determination on “claw backs” as part of that analysis.
Working on a parallel track, as part of the second prong of our supervisory review, we compiled a detailed chronology of events to identify gaps in the bank’s risk management and to provide lessons to be learned for the OCC. To ensure that we had a full and complete picture of the SCP portfolio and how it changed over time, our internal review initially covered activities from the start of 2011, over a year before the losses were realized, and in some cases, extended back several years. We focused particular attention on the rationale for the transactions and how they fit within the framework of the bank’s risk management processes; the quality and extent of information provided to the OCC; and consistency of the bank’s actions with OCC supervisory guidance. In addition, we assessed relevant audit and examination findings and whether deficiencies were addressed; the extent to which the risks associated with the strategy were recognized and evaluated; and whether there was an effective exchange of views among the business unit and control groups.
As a result of the work of the onsite examination teams, and as previously noted, we issued a C&D order against the bank for unsafe and unsound practices, and legal violations related to derivatives trading activities conducted on behalf of the bank by the CIO. Those practices and violations are detailed in the C&D order, which is available on the OCC website. The bank has committed to taking all necessary and appropriate steps to remedy the deficiencies, unsafe or unsound practices, and violations identified by the OCC, and our examiners are closely monitoring the bank’s corrective actions and compliance with our order.
III. The Extent to Which the Bank Provided Evidence of SCP Hedging Activities in 2012
The SCP portfolio was never specifically linked to a dedicated pool of assets. In addition, it was characterized by the bank as a hedge of overall credit risk of the holding company and as a hedge of credit risk of the CIO. Not until the OCC demanded a meeting on April 16, 2012, did the CIO management provide a more fulsome explanation of SCP positions. Even then, significant information was lacking; for example, that trading had been stopped and that losses had increased significantly.
IV. OCC Oversight of the Valuation Practices Applied to the SCP
Our ongoing supervision of valuation practices is also based on our assessment of risk. Valuations are often tested during targeted examinations. Between examinations, we review internal reports, including reports of internal auditors. The OCC’s supervision of the valuation practices at the bank focused on the investment bank, where the bulk of trading in complex and difficult to value instruments took place. Within the CIO, we had reviewed the valuation of the investment portfolio and found the processes to be satisfactory. As mentioned, we did not, however, perform detailed testing of the SCP. We became aware of problems in SCP valuation practices as a result of both the bank management’s internal review in late April, and an internal audit report provided to us at about the same time.
We have since conducted an examination of bank-wide valuation processes, including the CIO, and focused on the consistency of practices and controls bank-wide, and as reflected in our C&D, we have directed the bank to make improvements to its valuation practices. We will be conducting onsite verification to determine the bank’s compliance.
V. OCC Oversight of the CIO’s Implementation of a New Value-at-Risk Model in January 2012 and Revocation of that Model in May 2012
VaR is one risk measure used by banks to monitor and control risk taking. VaR methodology is also used in the federal banking agencies’ and Basel risk-based capital rules for market risk. In general, VaR models are not designed to capture extreme tail or stress events.
The OCC was aware that changes were being made to the CIO VaR model intended to make the model comply with the new Basel 2.5 market risk capital rules, and that VaR could fall by as much as one-half under this new model. We had an existing requirement that the bank improve its model risk management in general and the surrounding control processes, and we expected the bank to follow the processes developed to address that deficiency.
In a meeting on May 9, 2012, to brief the OCC on the large losses in the SCP, bank management revealed that they had found major problems with regard to implementation of the new VaR model and had decided to revert to the prior VaR model. Bank management acknowledged that the new model had not been implemented properly and was poorly controlled. As a result, we immediately commenced a comprehensive review of both the VaR model change in the CIO and the use of VaR across the bank. Our review identified numerous deficiencies and found violations of qualitative regulatory requirements. As a result, we directed corrective action, and we are closely monitoring the bank’s progress.
We should have asked for more information about the change in the VaR model
in January, given the large drop in VaR and the recent VaR limit excesses, even though
the model was not changed for Basel 1 RWA. As previously noted, at the time, our
examiners were focused on evaluating stress testing methods, and had been focused on
ensuring the firm improved its internal review process. As we learned later, the bank’s
internal processes for model risk management were not being effectively applied to the
CIO. As a result, we have changed our supervisory practices, and we now discuss VaR
model changes during monthly meetings with the bank. We expect the bank to address
the reporting and other control weaknesses specified in our supervisory letters and C&D
VI. The Extent to Which the CIO and the Bank Impeded Effective OCC Oversight of the SCP and Engaged in Unsafe or Unsound Banking Practices
Despite regular meetings with JMPC Treasury and CIO, review of corporate and business unit reports, and targeted examinations of the CIO, it was the Wall Street Journal article naming the London Whale that led the OCC to contact the CIO and ask detailed questions about the credit derivatives trading. At that time, we were focusing resources on areas perceived to be of higher risk, and managers and control groups in the bank were believed to be competent. We now know, however, that they were not forthcoming about the business and did not raise issues appropriately with the OCC. Holding company-wide reporting provided limited and sometimes incomplete information about these trading activities and performance. We were aware in general terms of CIO stress loss protection, but not about the details of the SCP. However, the fact that the CIO was not transparent about the SCP and that its reports were not informative does not excuse us from asking additional questions of the bank. We have learned a number of lessons from this event, and as a result, are making improvements to our supervision.
VII. Lessons Learned for OCC Supervision
The OCC’s Large Bank supervision program is structured to promote consistent risk-based supervision of large banks, including internationally-active, complex financial institutions. While we believe our supervision-by-risk program is fundamentally sound, our internal review of the events at the bank and our own processes have highlighted a number of areas where we could improve. These lessons and the actions we are taking to strengthen our supervision are summarized below.
1) The Need to Obtain and Verify Timely, Accurate, and Complete Information
First, we failed to recognize the extent of SCP risk and potential for losses in a timely manner. Regardless of the contributing factors, we must test the quality of information and reports provided by firms we regulate to ensure we have a complete view of their operations. That is our standard practice, but SCP showed us that we can improve. We continue to emphasize that it is the responsibility of bank risk management, finance, and audit to ensure information is complete, accurate, and meaningful.
While we have been emphasizing the need for banks to have firm-wide risk measures and reporting, this event also underscores the need to evaluate desk and business unit level risk and performance reporting to ensure that firm-wide reporting is adequate and highlights trends and outliers in the data for further review and discussion. Since examiners receive substantial amounts of data, it is particularly important to ensure that the data we obtain is presented in a clear format and reviewed in a timely fashion. In this particular case, we realize that while the reports themselves did not have necessary details, a more thorough follow up with the bank could have given us a better view on SCP strategies before the rapid buildup of positions occurred. As a result, we have changed our daily operating processes at the bank to ensure that an examiner reviews excesses in a timely fashion and that there is a back-up process in place.
2) The Need to Identify and Apply Resources with Prerequisite Skills
The OCC has resources and expertise for supervising trading units but we did not adequately deploy them to the SCP. Instead, examiners with specific trading expertise, including those with a combination of industry and bank supervision experience, as well as experts in OCC headquarters in various areas including trading, derivatives accounting, and economics, were dedicated to reviewing investment bank trading. Others were focused on how the bank protected its corporate and counterparty credit exposure. Our work in the CIO focused on the $350 billion investment portfolio, rather than the SCP. We paid particular attention to the investment portfolio since it had grown dramatically since the crisis and had a composition that differed from other national banks in important ways that affected both credit and liquidity risk.
Effectively developing, applying, and coordinating the varied sources of expertise across the agency, in this case for trading, but more generally across the many units and strategy of the bank, is a challenge we are addressing. We continue to aggressively train examiners and will continue to seek and hire staff with the required technical and trading expertise. We are also evaluating our staffing and our use of technical experts to oversee this bank and other large banks. Improved analysis of trade and market data is a goal of the OCC's data analytics groups.
3) Need to Apply Matters Requiring Attention Appropriately
The OCC has standards for tracking Matters Requiring Attention (MRA) that
were not effectively followed in the case of the CIO. An MRA associated with the CIO investment portfolio should have come with clear deadlines, and progress should have been more closely tracked. As a result of identifying this weakness, we have reinforced these standards, and we are conducting ongoing monitoring to ensure they are being followed consistently across the agency.
4) The Need for Regular Review of Internal Risk-Weighted Asset Models and Reporting
We noted a number of deficiencies in the regulatory reporting in regards to market risk RWA for the CIO. Along with evaluating the bank’s policies, procedures, practices, and controls to ensure the integrity of regulatory reporting, we need to consistently track the use of internal models; review RWA reporting to ensure it is informative, accessible, and accurate; and review material changes in internal models used for RWA. While examiners from the OCC and FRB met regularly with JPM to discuss internal models, our C&D order requires improved controls and reporting which should enable us to better ensure material changes are identified. Specifically, VaR model changes are being highlighted and reviewed in monthly meetings with the bank.
The implementation of Basel 2.5 will provide us with the opportunity to validate or, in some cases, revalidate VaR models and require improved processes as conditions of approval. Basel 2.5 approvals are done in partnership with the FRB, but we will impose conditions we feel are appropriate for the national bank. Our large bank quality assurance unit will be undertaking a targeted review of efforts to improve our review of RWA reporting to ensure that these practices are undertaken across our large bank portfolio where relevant.
5) The Need to Look Across Business Lines and Locations and Coordinate with Other Supervisors
The events at the bank highlighted our need to be more cognizant of market risks outside the conventional trading lines of business and operational breakdowns in the oversight and control of these risks. SCP also exposed the dangers of trading in offices or “hubs” removed from close proximity to senior management, despite advances in information technology and communication. It also highlights that at large complex institutions, risks and risk management functions can span across legal entities, resulting in overlapping responsibilities among banking supervisors. As a result we will focus more attention on overseas hubs, and conduct onsite examinations as appropriate. We also are looking for ways to enhance our collaboration with the FRB and other appropriate supervisors in our supervision of large complex firms.
6) The Need to Identify Risks Associated with Risky Siloed Business Activities
The CIO’s structure illustrates characteristics that we need to look for in other business units in this bank and other banks. In this case, we observed a business unit operating in a silo, with poorly integrated reporting and application of controls. Processes for calculating risk and RWA calculation at the CIO were outside technology control processes; risk management portfolios lacked a clear mandate and reporting was limited; and, large and sustained limit excesses and limits raised to accommodate new risk taking lacked adequate review and evaluation by the firm. Identifying these characteristics in other business units may give us additional direction on where to look for potential issues before they become major problems.
7) The Need to Identify Changes in Strategic Direction
Our supervision needs to place more emphasis on identifying key changes with a bank’s risk management or risk culture. For example, areas that are considered to be low risk but have experienced significant changes in management or key staff talent, strategy, unusual movements in gains/losses, and position growth or changes in types of activities or risk/reward profiles should be a red flag for more in-depth investigation. Our efforts to drive banks to strengthen their independent risk management, valuation, and audit functions will be the most important factor in reducing surprises. We are committed to involving our technical experts in reviews of all capital markets examination scoping, and in ongoing reviews of management information systems (MIS) to ensure that their technical skills are utilized to identify red flags and assess risk management processes.
8) The Need to Improve Internal OCC Information Management Systems
An ongoing challenge for the OCC is to improve our internal information management systems, to reduce manual processes to verify that the correct reports are being collected, and to ensure we take advantage of improvements in technology. Detailed data on trades and markets could have provided additional value, for example, in the identification of concentrations. Improving the information management systems and taking advantage of additional market data will require additional resources, and we are strengthening our data analytics team.
VIII. Holding Large Banks to Higher Standards
Finally, the events at the bank underscore the need to hold the largest banks to the highest standards. These banks must be managed and governed more rigorously than less systemically important institutions. We are doing this by demanding strong capital, reserves, and liquidity, and raising the bar for the corporate governance under which we expect large banks to operate.
Stronger Capital, Reserves, and Liquidity Standards
Since the onset of the financial crisis, we have directed the largest institutions to strengthen their capital, reserves, and liquidity positions. As a result, the quality and level of capital at national banks and bank holding companies with total assets greater than $50 billion have improved significantly. The median percentage of Tier 1 common capital relative to total assets for bank holding companies increased from 5.1 percent in 2008 to more than 7.4 percent today, while the comparable ratio for national banks and federal savings institutions rose from 6.2 percent to 8.7 percent over that same period.
Under scrutiny of our examiners, the largest banks have increased their loan loss reserves as a percentage of gross loans since the end of 2007, from 1.4 percent to 2.1 percent. Similarly, the largest banks have materially strengthened their liquidity buffers through increases in short-term liquid assets that can be used to meet unanticipated liquidity demands and through a decreased reliance on short-term, volatile funding. System-wide, liquid assets are up $3.4 trillion over the past four years. The implementation of proposed rules related to Basel III will further enhance the quality and quantity of capital and liquidity held for regulatory purposes, ensuring that today’s historically high levels remain sustainable through the next cycle.
Heightened Expectations for Strong Corporate Governance and Oversight
While stronger capital and liquidity buffers are essential components for improving the resiliency of large banks, strong corporate governance is equally important. We have set higher expectations for corporate governance at large banks in five specific areas.
1. Board willingness to provide credible challenge. A key element in corporate governance is a strong, knowledgeable board with independent directors who provide a credible challenge to bank management. Effective directors prudently question the propriety of strategic initiatives, talent decisions, and the balance between risk taking and reward. Effective information flow and risk identification within the organization is essential to the ability of directors to perform this role.
2. Talent Management and Compensation. We expect large banks to have a well- defined personnel management process that ensures appropriate, quality staffing levels, provides for orderly succession, and maintains appropriate compensation tools to motivate and retain talent. Of particular importance is the need to ensure that incentive compensation structures balance risk and financial rewards and are compatible with effective controls and risk management.
3. Defining and Communicating Risk Tolerance Expectations Across the Company. Consistent with prudent governance practices, banks must define and communicate acceptable risk tolerance, and results need to be visible and periodically compared to pre-defined limits. Examiners are directing banks to strengthen their existing risk tolerance structures by better articulating the bank’s risk appetite, its measures and limits of risk to capital or earnings on a firm-wide basis, the amount of risk that may be taken in each line of business, and the amount of risk that may be taken in each of the key risk categories monitored by the banks.
4. Development and Maintenance of Strong Audit and Risk Management Functions. The recent crisis reinforced the importance of quality audit and risk management functions. We have directed bank audit and risk management committees to perform gap analyses relative to OCC’s standards and industry practices and to take appropriate action to improve their audit and risk management functions. We expect members of the bank’s board and its executive management team to ensure audit and risk management teams are visibly and substantively supported.
5. Sanctity of the Charter. While holding companies of large banks are typically managed on a line of business basis, directors at the bank level are responsible for oversight of the bank’s charter—the legal entity. Such responsibility requires separate and focused governance. We have reminded the boards of banks that their primary fiduciary duty is to ensure the safety and soundness of the national bank or federal savings association. This responsibility involves focus on the risk and control infrastructure. Directors must be certain that appropriate personnel, strategic planning, risk tolerance, operating processes, delegations of authority, controls, and reports are in place to effectively oversee the performance of the bank. The bank should not simply function as a booking entity for the holding company. It is incumbent upon bank directors to be mindful of this primary fiduciary duty as they execute their responsibilities.
IX. Conclusion: Commitment of OCC Leadership
The leadership of the OCC is committed to strong and effective supervision. As demonstrated by our C&D, we will not hesitate to take strong action whenever we discover significant problems at an institution we supervise. Our work at the bank is ongoing, and we will continue to assess whether additional enforcement actions or referrals are warranted.
We are equally committed to continuously enhancing our supervisory programs. The results of our internal investigation have been carefully reviewed by the OCC’s executive management team, who agreed with the findings and recommendations, and formulated plans to address them. Within the OCC, we have disseminated the lessons we have learned to our large bank EICs, as well as our capital markets team leads. We have held meetings with them and provided them with guidance for incorporating these lessons learned in supervisory plans and practices. Our large bank management teams are providing semiannual status reports to ensure effective implementation of the lessons learned. These reviews will be supplemented by an independent evaluation of some of these areas by the OCC’s Quality Assurance unit.
We appreciate the Subcommittee’s investigation into this incident, and we will carefully review its report and recommendations to consider further enhancements to our supervisory program'.