The US is entering a new phase of financial deregulation, marked most visibly by the November 2025 decision by the Federal Deposit Insurance Corporation (FDIC) and other federal regulators to ease key leverage rules for banks, which set minimum capital ratios to ensure financial institutions have enough capital to absorb losses and maintain solvency. The reforms reduce the enhanced supplementary leverage ratio (eSLR) for the largest institutions and lighten capital obligations for smaller banks.
According to Reuters, subsidiaries at major banks could see capital requirements fall by about 27 percent, about $213 bn in total, while the eSLR at the holding company level is estimated to drop by around $13 bn (less than 2 percent).
A recent analysis by the Financial Times noted that this deregulation wave is being driven by proponents who argue that the post-2008 capital regime constrained lending and economic growth. While the changes are framed as supporting growth, they carry significant implications for the risk posture of the US banking system. Capital buffers introduced after the financial crisis were designed to strengthen resilience. Reducing them shifts how banks, markets and regulators must manage systemic risk.
What this means for GRC execs
For governance, risk and compliance teams, deregulation does not reduce responsibility. Instead, lighter regulatory constraints heighten the need for stronger internal discipline. With thinner mandatory capital buffers, banks must ensure that internal risk controls, stress-testing frameworks and capital-planning processes are rigorous enough to compensate for reduced supervisory guardrails.
GRC teams will need to reassess assumptions around liquidity, credit exposures and operational vulnerabilities. Scenario analysis must incorporate the possibility that institutions could face stress with less loss-absorbing capacity. Boards will expect clearer reporting on how the institution’s risk profile shifts under the new rules, meaning GRC functions must deliver more precise and forward-looking risk insights.
Deregulation also affects third-party oversight. As banks adjust balance-sheet strategies or pursue new business lines under looser constraints, downstream effects will flow to fintech partners, broker-dealer affiliates and payment processors. GRC teams across the financial ecosystem will need to revisit vendor-risk frameworks, focusing on resilience, contractual safeguards and contingency planning.
In essence, deregulation shifts more responsibility from regulators to institutions. GRC functions become central to demonstrating that organizations can manage risk responsibly without relying heavily on prescriptive capital rules.
The ripple effect
Although the SEC does not supervise bank capital requirements, the agency plays a critical market-oversight role. When banks operate with less capital, volatility can increase across funding markets, securities financing, lending and market-making activities – all of which intersect with SEC-regulated entities.
The SEC is likely to intensify scrutiny of how publicly listed banks and broker-dealers disclose risks related to capital adequacy, liquidity and counterparty exposures. Firms may face deeper reviews of internal controls, governance processes and the accuracy of issuer filings. In an environment of lighter prudential rules, transparency becomes one of the SEC’s primary tools for safeguarding markets.
The SEC may also increase attention on systemic-risk channels linked to repo markets, treasury trading and securities lending – areas influenced by bank balance-sheet capacity. Market-structure oversight could evolve as regulators monitor how reduced capital affects trading behavior and funding stability.
Looking ahead
Although politically framed as a growth-oriented shift, US bank deregulation introduces a more complex landscape for GRC professionals and the SEC. Lighter capital rules do not diminish the need for strong risk management. Instead, they elevate it. Institutions must demonstrate more robust governance, sharper risk reporting and stronger operational discipline to compensate for fewer prescriptive requirements.
For GRC teams, the next phase will be defined not by fewer rules but by greater expectations. For the SEC, disclosure quality and market oversight will become even more important as banking risks increasingly flow into capital markets.