The Federal Deposit Insurance Corp. flagged
The annual report, which was released Monday, also highlighted cybersecurity as a key issue for banks and, for the first time, delved into threats
Despite a slower economy, smaller profit margins and three large bank failures this spring, the FDIC determined the banking sector to be sound and resilient. The review included analysis of overall economic conditions, financial markets and the state of the banking industry specifically.
The report largely focuses on data compiled from 2022 through the first quarter of this year, so the aftereffects of the failures of Silicon Valley Bank and Signature Bank in March were not fully reflected. The failure of First Republic Bank, which took place in May, is noted in the report, but not part of the statistical findings.
Throughout all portions of the report, the FDIC noted the impact of rising interest rates, which initially served as a boon to banks as they were able to expand their net interest margins in 2022, but has since become an overarching concern, as higher funding costs outpace the fixed returns of long-dated loans and securities.
"The sharp rise in interest rates in 2022 caused widespread depreciation in securities portfolios, and banks with a higher share of long-term assets reported higher depreciation in investment portfolios and lower growth in NIMs than other institutions," the report noted.
Yet, the report noted that unrealized losses on securities — a driving issue in the failure of Silicon Valley Bank — moderated through the first quarter of 2023 and overall asset quality throughout the banking system remains "favorable."
Still, there are pockets of potential vulnerabilities on bank balance sheets. The report notes that the amount of commercial real estate, or CRE, loans held by banks surpassed $3 trillion in the first quarter of this year, with 98% holding some kind of exposure to the asset class and more than half of banks listing it as their largest loan category. Community banks are acutely exposed to the sector, accounting for 28% of CRE lending compared to 15% of overall bank lending.
The report notes that the risk in commercial real estate centers on the office sector, with the other three top property types — industrial, multifamily and retail — all performing relatively well. But the problems with the office sector are significant. Rents in the sector have been flat since before the pandemic, net absorption — the difference between office uptake and new vacancies — has been negative for the past three years, driving overall vacancy levels from 9.6% in early 2020 to 12.8% this year, and the amount of space being put up for sublease has exceeded levels seen in the wake of the subprime mortgage crisis.
The report points to the shift to full-remote or hybrid work that has reduced the demand for office space in a way that seems likely to impact commercial space use for the long term.
"Industry forecasts project further increases in the national office vacancy rate through 2023," the report states. "Low office attendance by workers suggests weakness in office properties. Access card swipes at a sample of U.S. office buildings indicates attendance was only one-half the pre-pandemic level in early 2023."
Delinquency rates for commercial mortgage-backed securities, while still under 5%, have been rising steadily since the end of 2022. Similarly, the report states that most corporate tenants have continued to pay their rent, but it notes that a glut of lease expirations in the coming years could make it difficult for borrowers to refinance their assets.
"Even absent further economic slowdown, some borrowers may face potentially higher interest rates and debt servicing costs or encounter other challenges refinancing," the report states. "Amid these evolving challenges for banks and their borrowers, strong risk-management practices are essential for operating sound CRE lending programs."
Many banks, especially large ones, have increased their exposure to nonbank financial institutions, the FDIC report finds. This type of lending includes loans or lines of credit to investment firms, financial vehicles, nonbank real estate lenders, insurers and transaction processors, among others.
Overall, this type of lending grew by 12% year over year in the first quarter of 2023, compared to a rate of just 5% in the fourth quarter of 2022. Most other lending categories were flat or down during that period. This led to the total volume of funded loan commitments to the sector reaching a record high of $761 billion.
Global systemically important banks made up a little more than 50% of the loan commitments to nonbanks in the first quarter of 2023, up from just under 40% four years prior. Community banks, meanwhile, saw their participation in the market fall by 18.5% since the end of 2021.
The FDIC found the quality of loans to nonbanks to be broadly favorable, the report expressed concern about how well this sector will be able to withstand a sustained economic slowdown or an economic shock, noting that many do not have stable sources of funding. It noted that the high interest rates nonbank lenders are able to pay to banks are derived from engaging in higher risk activities.
"Bank lending to riskier NBFIs can thus indirectly transmit increased credit and liquidity risks to their own balance sheets," the report warns.
The FDIC singled out cybersecurity as the single biggest operational risk for banks, pointing to geopolitical developments, including the ongoing war in Ukraine, as raising the threat level of cyberattacks on institutions in the U.S. and other Ukrainian allied nations.
The report noted that ransomware attacks — in which hackers seize control of essential institutional information and hold it ransom until a large payoff is made — skyrocketed in 2021, totaling 1,489, more than triple the previous year and more than the prior five years combined.
The FDIC said it is imperative that banks conduct sufficient due diligence on their customers, partners and third-party service providers.
"Security risks arising from compromised third-party software include disclosure of credentials or confidential data, corruption of data, installation of malware, and application outages," the report states. "These problems can result in lost time, money, and customer trust."
In a new addition, the FDIC's 2023 Risk Review includes a brief section on crypto assets. In it, the agency writes that many banks grew interested in crypto in 2022 but the space has proven itself to be volatile, with risks that remain difficult to quantify.
The report flagged instances of fraud, misrepresentation of information and legal uncertainties as top issues. It also highlighted the various guidance issued by the FDIC and
