New Oversight Rulemaking Aims to Balance Bank Safety and Innovation

Federal regulators are overhauling how they determine when a bank crosses the line from prudent to “unsafe.”

In a joint notice of proposed rulemaking Tuesday (Oct. 7), the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corp. (FDIC) said the change is designed to “promote greater clarity and certainty” in supervision and enforcement.

The proposal would, for the first time, codify what qualifies as an “unsafe or unsound practice” under Section 8 of the Federal Deposit Insurance Act.

The agencies defined it in a Tuesday bulletin announcing the notice as any act “contrary to generally accepted standards of prudent operation” that, “if continued, is likely to materially harm the financial condition of the institution or present a material risk of loss to the Deposit Insurance Fund.”

The goal is to “prioritize material financial risks over concerns related to policies, process, documentation and other nonfinancial risks,” the notice said. That means examinations would concentrate on issues that could meaningfully affect a bank’s capital, liquidity or earnings rather than on risks of “minor harm.”

The proposal reflects lessons from previous bank failures, when institutions with strong compliance files still faced sudden liquidity stress. It also highlights how operational exposures can jeopardize safety and soundness.

The agencies said in the notice that “critical infrastructure or cybersecurity deficiencies that are so severe as to, if continued, be likely to result in a material disruption” could meet the unsafe practice threshold.

The rule would also unify how regulators flag supervisory problems. Today, the OCC uses matters requiring attention (MRAs) while the FDIC issues matters requiring board attention (MRBAs). Under the new framework, an examiner could issue an MRA only if a practice “could reasonably be expected to, under current or reasonably foreseeable conditions, materially harm the financial condition of the institution or present a material risk of loss…”

The higher bar is meant to curb what regulators called in the notice a “proliferation of supervisory criticisms for immaterial procedural, documentation or other deficiencies.” The change is intended to keep management and examiners focused on issues that directly affect an institution’s financial health.

Both agencies said they will tailor MRAs by institution size and complexity. For smaller community banks, a finding of material harm would require a proportionally larger impact relative to capital or liquidity.

“[F]inding an unsafe or unsound practice would be a much higher bar for a community bank than for a larger institution,” the notice said.

The proposal dovetails with broader OCC efforts to relieve what it called in a Monday (Oct. 6) press release “regulatory burden for community banks.” By emphasizing proportional oversight, the agencies hope to reduce redundant documentation requests and shorten the time that MRAs remain open after issues are fixed.

The FDIC, for its part, said it seeks to limit penalty-bearing actions to circumstances where genuine risk exists.

In effect, regulators seem to be targeting a path where they are not loosening supervision but realigning it so enforcement activity corresponds to actual financial exposure.

The modernization also comes as banks and FinTechs are reevaluating how they collaborate.

The PYMNTS Intelligence report “Credit Union Innovation Readiness: How FinTechs Are Shifting Their Partnership Strategies” found that FinTechs are 19% more likely than a year ago to partner with credit unions and 56% less likely to work with national banks.

That trend points to a growing preference for partnerships built on local knowledge and flexible compliance frameworks. As oversight becomes clearer and more risk-focused, banks may find it easier to pilot new services with vetted FinTech partners, whether in payments, embedded lending or digital identity, without fearing that exploratory efforts will be deemed unsafe.

By tightening definitions rather than broadening them, the OCC and FDIC may foster innovation. Banks could allocate resources toward measurable risks, such as liquidity and cybersecurity, while collaborating on new solutions that strengthen resilience and transaction trust.

The agencies will accept public comments for 60 days after publication in the Federal Register. Feedback is specifically requested on how to quantify “material harm” and whether cyber-risk metrics should factor into the final rule.

For the industry, the implications are clearer guardrails for compliance and a wider runway for innovation.

The post New Oversight Rulemaking Aims to Balance Bank Safety and Innovation appeared first on PYMNTS.com.