Truist is subject to extensive and evolving government regulation and supervision, which could adversely affect our business, financial condition, results of operations, and prospects.
The banking and financial services industries are highly regulated. Truist is subject to supervision, regulation, and examination by regulators, including the FRB, FDIC, NCCOB, SEC, CFTC, CFPB, FINRA, MSRB, NFA, and various other federal and state regulatory agencies. The regulatory and supervisory framework applicable to banking organizations is intended primarily for the protection of depositors and other customers, the DIF, the broader economy, and the stability of the U.S. financial system, rather than for the protection of shareholders and non-deposit creditors. In addition to banking statutes, regulations, and other laws, Truist is subject to various other laws that directly or indirectly affect its business and operations, including its ability to make distributions to shareholders. Governmental agencies and self-regulatory organizations also issue policy statements, interpretive letters, guidance, and other documents and communications that similarly impact Truist. The scope, complexity, intensity, and interpretation of these laws, documents, communications, and actions can vary based on such factors as the state of the economy, the prevailing political environment, and the performance of business and operations by us and other financial institutions.
Truist is also subject to heightened requirements under the enhanced prudential standards and increased supervisory scrutiny, including, for example, single counterparty credit limits, heightened expectations with respect to governance, risk management and internal controls, and additional capital and liquidity requirements.
These compliance risks relate to a wide variety of laws, rules, and regulations varying across Truist's lines of business, corporate functions, and jurisdictions, and include risks related to financial products and services, relationships and interactions with clients, and teammate activities. Compliance risks include those associated with anti-money laundering compliance, trading activities, market conduct, and the laws, rules, and regulations related to the offering of financial products and services. Compliance risk is also inherent in Truist's fiduciary activities, including the failure to exercise the applicable standard of care to act in the best interest of fiduciary clients or to treat fiduciary clients fairly.
The regulation and supervision of Truist significantly affects the way that we conduct our business and operations. Laws and regulations that are applicable to us, and Truist's inability to act in certain instances without receiving prior regulatory approval, affect Truist's lending practices, capital structure, investment practices, dividend policy, ability to repurchase common stock, and ability to pursue strategic acquisitions, among other activities. Changes to statutes, regulations, or regulatory policies or their interpretation or implementation and the continued heightening of regulatory requirements could affect Truist in substantial and unpredictable ways. Federal and state banking regulators also possess broad powers to take supervisory actions as they deem appropriate. These supervisory actions may result in higher capital and liquidity requirements, higher deposit insurance premiums, higher compliance expenses, changes to our business or operations, and monetary penalties. These actions could also negatively impact the products and services that we offer and our ability to engage in business opportunities. The restrictions imposed by any of these actions could have an adverse effect on our operations, strategy, profitability, and reputation.
Truist has elected to be treated as an FHC, which permits us to engage in a number of financial and related activities beyond banking, including securities, advisory, and merchant banking activities. Truist and Truist Bank are subject to ongoing requirements for Truist to qualify as an FHC. If a BHC or any of its insured depository institutions were found not to be well capitalized or well managed, as defined under applicable law, the BHC can be restricted from engaging in the broader range of financial and related activities permitted for FHCs, including the ability to acquire companies engaged in those activities, and can be required to discontinue these activities or even divest any of its insured depository institutions. In addition, if an insured-depository-institution subsidiary of a BHC were to fail to achieve a satisfactory or better rating under the CRA, the ability of the BHC to expand its financial and related activities or make acquisitions could be restricted.
Financial regulators' prudential and supervisory authority gives them broad power and discretion to direct Truist's actions, and they have assumed an active oversight, examination, and enforcement role across the financial services industry on both the federal and state levels. Areas of focus in the recent past have been with respect to climate change, deposits, interest-rate risk management, commercial real estate, risk governance and controls, capital, liquidity, long-term debt requirements, consumer loan practices, data privacy, data protection, cybersecurity, overdraft and other fees, retention and recordkeeping of electronic communications, reimbursement for fraudulent transactions, and other compliance matters.
Truist must comply with laws and regulations relating to AML, economic sanctions, embargo programs, and anti-corruption, which can increase its risks of non-compliance and costs associated with the implementation and maintenance of complex compliance programs. These laws and regulations are designed to protect the financial system, consumers, and financial institutions from bad actors and illicit activities by requiring financial institutions to develop and implement programs designed to deter and when possible detect and prevent the use of the financial system to facilitate the funding of criminal activities. Federal law grants substantial enforcement powers to federal financial institution regulators, OFAC, and the U.S. DOJ, among other government agencies, with respect to these laws and regulations. This enforcement authority includes, among other things, the ability to: assess significant civil or criminal monetary penalties, fines, or restitution; issue cease and desist or prohibition orders; and initiate injunctive actions against financial institutions and institution-affiliated parties, including individual teammates. These enforcement actions may be initiated for violations of laws and regulations or unsafe and unsound practices. Additionally, actual or alleged misconduct by teammates, including unethical, fraudulent, improper, or illegal conduct, or unfair, deceptive, abusive, or discriminatory practices, can result in litigation, or government investigations and enforcement actions, and cause significant reputational harm to Truist, even if allegations are ultimately unsubstantiated.
The Company and other large financial institutions have become subject to increased scrutiny, more intense supervision and regulation, and more supervisory findings and actions, with increased operational and compliance costs, as well as impacts on geographic expansion and acquisitions, which may continue. The financial services industry has faced and may continue to face a stricter and more aggressive enforcement of laws at federal, state, and local levels-particularly in connection with business and other practices that may harm or appear to harm consumers or affect the financial system more broadly. Truist expects to remain subject to extensive regulation and supervision. Any potential new regulations or modifications to existing regulations would likely necessitate changes to Truist's existing regulatory compliance and risk management infrastructure and could result in increased compliance costs.
Our regulatory and supervisory environments, whether at federal, state, or local levels, are not static. No assurance can be given that applicable statutes, regulations, and other laws will not be amended or construed differently, that new laws will not be adopted, or that any of these laws will not be enforced more aggressively, including as a result of changes to control of branches of the U.S. government. Truist could become subject to future legislation and regulatory requirements beyond those currently proposed, adopted, or contemplated in the U.S. or abroad, including limits on acquisitions, more stringent capital and liquidity requirements, policies and rulemaking related to emerging technologies, cybersecurity, and data, and climate risk management, governance, and reporting, including emissions and sustainability disclosure. In addition, concerns over climate change may prompt changes in regulations that, in turn, could have an adverse impact on asset values and the financial performance of Truist's businesses and its clients. The cumulative effect of such legislation and regulations on Truist's business, operations, and profitability cannot be accurately predicted. Such regulatory changes may reduce Truist's revenues, limit the types of financial services and products it may offer, alter the investments it makes, affect the manner in which it operates its businesses, increase its litigation and regulatory costs, and increase the ability of nonbanks to offer competing financial services and products. Further, our noncompliance with applicable laws, whether as a result of changes in interpretation or enforcement, system or human errors, or otherwise and, in some cases, regardless of whether noncompliance was inadvertent, can result in the suspension or revocation of authority to conduct business operations and in the initiation of supervisory actions, enforcement proceedings, or private litigation.
Truist also relies upon third parties who may expose the Company to compliance and legal risk. New or existing legal requirements also could heighten the reputational impact of perceived misuses of client data by the Company and third parties. See additional disclosures in the "Regulatory Considerations" section in Item 1 "Business."
Regulatory capital and liquidity standards and future revisions to them may negatively impact our business and financial results.
Truist is subject to regulatory capital and liquidity requirements established by the FRB and the FDIC. These regulatory capital and liquidity requirements are typically developed at an international level by the BCBS and then applied, with adjustments, in each country by the appropriate domestic regulatory bodies. Domestic regulatory agencies have the ability to apply stricter capital and liquidity standards than those developed by the BCBS. In several instances, the U.S. banking agencies have done so with respect to U.S. banking organizations.
Requirements to maintain specified levels of capital and liquidity and regulatory expectations as to the quality of the Company's capital and liquidity may prevent the Company from taking advantage of opportunities in the best interest of shareholders or force the Company to take actions contrary to their interests. For example, Truist may be limited in its ability to pay or increase dividends or otherwise return capital to shareholders. In addition, these requirements may impact the amount and type of loans the Company is able to make. Truist may be constrained in its ability to expand, either organically or through mergers and acquisitions. These requirements may cause the Company to sell or refrain from acquiring assets where the capital requirements appear inconsistent with the assets' underlying risks. In addition, liquidity standards require the Company to maintain holdings of highly liquid investments, thereby reducing the Company's ability to invest in less liquid assets, even if more desirable from a balance sheet return or interest rate risk management perspective. As a Category III banking organization, Truist is subject to additional capital and liquidity requirements. For example, Truist is subject to a requirement to submit capital plans to the Federal Reserve for review that include, among other things, projected dividend payments and repurchases of capital stock. As part of the capital planning and stress testing processes, our capital actions are assessed against our ability to satisfy applicable capital requirements in the event of a stressed market environment. If we fail to satisfy applicable capital requirements, including the SCB, our ability to undertake capital actions may be restricted.
In addition to the regulatory capital and liquidity requirements applicable to Truist and Truist Bank, the Company's broker-dealer subsidiaries are subject to capital requirements established by the SEC.
Regulatory capital and liquidity requirements receive periodic review and revision by the BCBS and the U.S. banking agencies. Proposed changes to applicable capital and liquidity requirements, such as the Basel III proposal and the long-term debt proposal, could result in increased expenses or cost of funding, which could negatively affect our financial results or our ability to pay dividends and engage in share repurchases. For more information concerning our legal and regulatory obligations with respect to Basel III and long-term debt requirements, please see "Regulatory Considerations" in Item 1 "Business."
Truist is subject to risks related to originating and selling loans, including repurchase and indemnification obligations.
When loans are sold or securitized, it is customary to make representations and warranties to the purchaser about the loans, including the manner in which they were originated, and to agree to repurchase the loans or indemnify the buyer in the event of a breach of the sale agreement, including a breach of these representations or warranties. An increase in the number of repurchase and indemnity demands from purchasers related to representations and warranties on sold loans could result in an increase in the amount of losses for loan repurchases. Truist also bears a risk of loss from borrower defaults for multi-family commercial mortgage loans sold to FNMA.
In addition to repurchase claims from GSEs, Truist could be subject to indemnification claims from non-GSE purchasers of the Company's loans. Claims could be made if the loans sold fail to conform to statements about their quality, the manner in which the loans were originated and underwritten, or their compliance with state and federal law.
Additional factors affecting the extent to which we may securitize loans and receivables in the future include the overall credit quality of our loans and receivables, the costs of securitizing our loans and receivables, the demand for consumer asset-backed securities and the legal, regulatory, accounting or tax rules affecting securitization transactions and asset-backed securities, generally. In addition, proposals regarding reform to the U.S. housing finance market could impact our decisions regarding which loans should be securitized in the future.
Truist faces risks as a servicer of loans.
The Company acts as servicer for a range of assets and products, primarily for loans in securitizations and unsecuritized loans owned by investors. As servicer for loans, the Company has certain contractual obligations to the securitization trusts, investors, or other third parties, including foreclosing on defaulted loans or, to the extent consistent with the applicable securitization or other investor agreement, considering alternatives to foreclosure such as loan modifications or short sales. Generally, the Company's servicing obligations are set by contract, for which the Company receives a contractual fee. However, GSEs can amend their servicing guidelines unilaterally for certain government guaranteed mortgages, which can increase the scope or costs of the services required without any corresponding increase in the Company's servicing fee. Federal and state laws that impose additional servicing requirements could increase the scope and cost of the Company's servicing obligations. As a servicer, the Company also advances expenses on behalf of investors, which it may be unable to collect.
A material breach of the Company's obligations as servicer may result in contract termination if the breach is not cured within a specified period of time following notice, causing the Company to lose servicing income. In addition, the Company may be required to indemnify the securitization trustee or other holder of the loan against losses from any failure by the Company, as a servicer, to perform the Company's servicing obligations or any act or omission on the Company's part that involves willful misfeasance, bad faith, or gross negligence. For certain investors and certain transactions, Truist may be contractually obligated to repurchase a loan or reimburse the investor for credit losses incurred on the loan as a remedy for servicing errors with respect to the loan. The Company may be subject to increased repurchase or indemnity obligations as a result of claims made that the Company did not satisfy its obligations as a servicer. The Company may also experience increased loss severity on repurchases, which may require a material increase to the Company's repurchase reserve. While the number of such indemnification claims has been small, these could increase in the future.
Truist faces substantial risks in safeguarding personal and other sensitive information.
Truist's businesses are subject to complex and evolving laws, rules, and regulations governing data privacy, data protection, and cybersecurity, particularly with respect to the privacy and protection of personal information of individuals. Individuals whose personal information may be protected by law can include the Company's clients (and in some cases its clients' clients), prospective clients, job applicants, teammates, and the employees of the Company's vendors, and other third parties. Complying with the laws, rules, and regulations applicable to the Company's disclosure, collection, use, sharing, storage, and other processing of personal information can increase operating costs, impact the development of new products or services, and reduce operational efficiency. Any mishandling or misuse of personal information by the Company or a third-party affiliated with the Company could expose the Company to litigation or regulatory fines, penalties, or other sanctions.
Additional risks could arise from the failure of the Company or third parties to provide adequate disclosure or transparency to the Company's clients about the personal information collected from them and the use of such information; to receive, document, and honor the privacy preferences expressed by the Company's clients; to protect personal information from unauthorized disclosure; or to maintain training on data privacy, data protection, or cybersecurity practices for all teammates or third parties who have access to personal information. Concerns regarding the effectiveness of Truist's measures to safeguard personal information, or even the perception that those measures are inadequate, could cause Truist to lose existing or potential clients, and thereby reduce Truist's revenues. Furthermore, any failure or perceived failure by the Company to comply with applicable data privacy, data protection, or cybersecurity laws, rules, or regulations may subject it to inquiries, examinations, and investigations that could result in requirements to modify or cease certain operations or practices, significant liabilities or regulatory fines, penalties, or other sanctions. Any of these could damage Truist's reputation and otherwise adversely affect its businesses.
In recent years, well-publicized incidents involving the inappropriate disclosure, collection, use, sharing, storage, and other processing of personal information have led to expanded governmental scrutiny of practices relating to the safeguarding of personal information by companies. That scrutiny has in some cases resulted in, and could in the future lead to, the adoption of stricter laws, rules, and regulations relating to the disclosure, collection, use, sharing, storage, and other processing of personal information. Truist will likely be subject to new and evolving data privacy, data protection, and cybersecurity laws, rules, and regulations in the U.S. and abroad, which could result in additional costs of compliance, litigation, regulatory fines, and enforcement actions. These types of laws, rules, and regulations could prohibit or significantly restrict financial services firms such as Truist from sharing information among affiliates or with third parties such as vendors, and thereby increase compliance costs, or could restrict Truist's use of personal information when developing or offering products or services to clients. These restrictions could also inhibit Truist's development or marketing of certain products or services or increase the costs of offering them to clients.
For more information concerning our legal and regulatory obligations with respect to data privacy, data protection, and cybersecurity, please see "Privacy, Data Protection, and Cybersecurity" in Item 1 "Business."
Differences in regulation and supervision can affect the Company's ability to compete effectively.
The content and application of laws and regulations affecting financial services firms sometimes vary according to factors such as the size of the firm, the jurisdiction in which it is organized or operates, and other criteria. Large institutions, such as the Company, often are subject to more stringent regulatory requirements and supervision than smaller institutions. In addition, financial technology companies and other non-traditional competitors may not be subject to banking regulation or may be supervised by a national or state regulatory agency that does not have the same regulatory priorities or supervisory requirements as the Company's regulators. These differences in regulation can impair the Company's ability to compete effectively with competitors that are less regulated and do not have similar compliance costs.