The unnerving events of fall 2008 removed all doubt that investment banks and other nonbank financial firms can propagate systemic risk and endanger the world’s financial system. In response, Congress instituted a robust system for regulating systemic risk posed by nonbanks. The Dodd-Frank Act created two approaches to nonbank systemic risk regulation. The first, known as entity-based regulation, authorized the new Financial Stability Oversight Council (FSOC) to designate individual nonbank financial firms as systemically important financial institutions (SIFIs) for heightened regulation and oversight by the Federal Reserve. The second, dubbed activities-based regulation, gave FSOC the power to make nonbinding recommendations to primary financial regulators to regulate specific financial activities for systemic risk. Activities-based regulation often applies to an activity across an entire industry or industries, while the entity-based approach focuses on individual firms that pose elevated risk.
In a forthcoming book chapter, we argue that nonbank financial stability regulation will not be effective going forward if, as seems likely, policymakers jettison entity-based regulation. In our view, activities regulation is not enough: The entity-based approach is essential to curbing systemic risk from the nonbank sector.
In the early years after Dodd-Frank’s enactment, the Obama Administration deployed both the entity- and activities-based approaches for nonbanks. During that era, FSOC designated four large financial companies as nonbank SIFIs: the consumer finance giant GE Capital and the life insurers AIG, MetLife, and Prudential. In addition, the Obama Administration adopted enhanced activities regulation of money market mutual funds for systemic risk. On balance, however, FSOC put most of its energy during the Obama Administration into developing entity-based regulation.
The prevailing winds shifted with the election of President Trump. Under Secretary Steven Mnuchin, the Treasury Department issued a major 2017 report stating that, henceforth, systemic risk oversight of nonbanks should emphasize an activities-based approach over nonbank SIFI designations. (Mnuchin’s opinion matters because he has veto power over any new designations as FSOC chair). Seemingly in lockstep, one week later, the Financial Stability Board (FSB) announced that it would no longer update its list of global insurance company SIFIs and planned to focus on an activities-based approach instead. Following FSB’s lead, in November 2018, the International Association of Insurance Supervisors proposed a “holistic” activities-based framework for addressing systemic risk in insurance.
Meanwhile, back in the United States, FSOC effectively ended entity-based nonbank SIFI regulation by October 2018. The council de-designated GE Capital, AIG, and Prudential in 2016, 2017, and 2018, respectively, and MetLife wrested itself free from its designation after winning a court challenge. Since then, FSOC has not recommended any new activities-based regulations, despite its members’ insistence that the council is pivoting to an activities-based approach.
With entity-based regulation on life support and no new activities-based regulation on the horizon, we call for a return to the original approach—using entity-based and activities-based regulation together—because even well-crafted activities regulation, on its own, cannot save systemically risky nonbank firms from failure. The reason is that a firm’s level of systemic risk depends on the interactions among its different business activities plus its risk management controls. When it comes to systemic risk, the whole is generally greater than the sum of the parts. An activity posing little or no systemic risk in isolation may produce alarming systemic risk when combined with other activities within the same firm. AIG is a classic example. When its credit default swaps (CDS) tanked, the company’s securities lending counterparties panicked, terminating their transactions and instigating a fatal run on the firm. Because the activities-based approach only focuses on individual services in isolation, it is blind to these types of toxic interactions.
To make matters worse, activities-based regulation is hampered by its backward-looking perspective. Inherently, activities regulation is limited to pre-defined, existing activities. So unlike entity-based regulation, it is not equipped to pinpoint and curb unfamiliar new activities that could transmit financial contagion.
Compare this with entity-based regulation, where the whole purpose is to scrutinize risky interactions that could cause a nonbank SIFI to collapse and activate systemic risk. Two of the central tools of entity-based regulation—capital adequacy requirements and liquidity rules—regulate the interplay between the asset and liability side of a nonbank’s balance sheet. Unlike activities-based regulation, which all too often assumes that one size fits all, the Federal Reserve can tailor capital and liquidity requirements to the unique risk profile of each nonbank SIFI. The entity-based approach similarly uses periodic examinations of nonbank SIFIs to monitor the joint run risk from separate activities such as CDS and securities lending. At the same time, the risk management provisions that entity-based regulation impose require the board of directors and top managers of a nonbank SIFI to establish structures to monitor those same interactions themselves.
The entity-based approach has other advantages. It is flexible and nimble enough to detect new sources of systemic risk as they appear. In part, this is because the entity-based approach has a mandate to guard against risks to the safety and soundness of nonbank SIFIs and to financial stability, whether those risks emanate from practices new or old. In turn, this ability to stay abreast of new threats to financial stability enriches the activities-based approach by flagging new risks needing activities regulation. Activities-based regulation is incapable of doing that by itself.
Finally, entity-based regulation does a better job of discouraging firms from accumulating too much systemic risk because nonbanks that shed risk can avoid designation (or win de-designation, if they are already designated as SIFIs). In contrast, firms can often bypass activities-based rules by modifying their activities. This makes the activities-based approach more susceptible to regulatory arbitrage than its entity-based counterpart.
Bottom line, we agree that well thought out activities regulation has a valuable role to play in systemic risk regulation of nonbanks. But an activities-based approach is not enough. Instead, the federal government needs to redouble its commitment to robust entity-based regulation of nonbank SIFIs to prevent a repeat of the financial crisis of 2008.
 Jeremy C. Kress, Patricia McCoy & Daniel Schwarcz, Activities Are Not Enough! Why Designation of Nonbank SIFIs is Essential to Prevent Systemic Risk, in Systemic Risk in the Financial Sector: Ten Years After the Great Crash ___ (Toronto: CIGI Press, Douglas W. Arner, Emilios Avgouleas, Danny Busch & Steven L. Schwarcz, eds., forthcoming 2019).
 See Daniel Schwarcz, A Critical Take on Group Regulation of Insurers in the United States, 5 U.C. Irvine L. Rev. 537, 554 (2015).
 See Daniel Schwarcz & David Zaring, Regulation by Threat: Dodd-Frank and the Nonbank Problem, 84 U. Chi. L. Rev. 1813 (2017).
 For full analysis, see Jeremy C. Kress, Patricia McCoy & Daniel Schwarcz, Regulating Entities and Activities: Complementary Approaches to Nonbank Systemic Risk, 92 So. Cal. L. Rev. ___ (forthcoming 2019).
This post comes to us from professors Jeremy C. Kress at the University of Michigan’s Stephen M. Ross School of Business, Patricia A. McCoy at Boston College Law School, and Daniel Schwarcz at the University of Minnesota Law School. It is based on their recent book chapter, “Activities Are Not Enough!: Why Nonbank SIFI Designations Are Essential to Prevent Systemic Risk,” available here.