Group of professionals discuss finance

Breaking news and expert analysis on legal and compliance issues

[Back To Home][Back To Archives]

From Banking and Finance Law Daily, January 16, 2014

OCC seeks comments on formal guidelines for large bank risk governance

By John M. Pachkowski, J.D.

The Office of the Comptroller of the Currency is seeking comments on proposed guidelines, to be issued as Appendix D to part 30 of its regulations, that would establish minimum standards for the design and implementation of a risk governance framework for large insured national banks, insured federal savings associations, and insured federal branches of foreign banks with average total consolidated assets of $50 billion or more and minimum standards for a board of directors in overseeing the framework’s design and implementation.

“Heightened expectations.” The proposed guidelines would implement a set of five “heightened expectations” that the OCC communicated to large complex national banks following the financial crisis that was intended to enhance the agency’s supervision and strengthen the governance and risk management practices of large national banks.

The first of these expectations—preserving the sanctity of the charter—calls on a bank’s board of directors to ensure that the institution operates in a safe and sound manner.

The second expectation generally requires large institutions to have a well-defined personnel management program that ensures appropriate staffing levels, provides for orderly succession, and provides for compensation tools to appropriately motivate and retain talent that does not encourage imprudent risk taking.

The third expectation pertains to risk appetite, or tolerance, and involves institutions defining and communicating an acceptable risk appetite across the organization, including measures that address the amount of capital, earnings, or liquidity that may be at risk on a firm-wide basis, the amount of risk that may be taken in each line of business, and the amount of risk that may be taken in each key risk category monitored by the institution.

Under the fourth expectation, large institutions are to develop and maintain strong audit and risk management functions by comparing the performance of their audit and risk management functions to the OCC’s standards and leading industry practices and taking appropriate action to address material gaps.

The final expectation focuses on the board of directors’ willingness to provide a credible challenge to bank management’s decision-making and thus requests independent directors to acquire a thorough understanding of an institution’s risk profile and to use this information to ask probing questions of management and to ensure that senior management prudently addresses risks.

The proposed guidelines consist of three parts. Part I provides an introduction to the guidelines, explains its scope, and defines key terms used throughout the guidelines. Part II sets forth the minimum standards for the design and implementation of a bank’s risk governance framework. Part III provides the minimum standards for the board of directors’ oversight of the framework.

Risk taking. Part I of the proposed guidelines would provide the minimum standards for the design and implementation of a bank’s risk governance framework and the minimum standards for the bank’s board to use in overseeing the framework’s design and implementation. The OCC notes in its proposal that these standards are not intended to be exclusive, and that they are in addition to any other applicable requirements in law or regulation. For example, the OCC expects banks to continue to comply with the operational and management standards articulated in Appendix A to part 30, including those related to internal controls, risk management, and management information systems. If a bank has a risk profile that is substantially the same as its parent company, the parent company’s risk governance framework complies with these guidelines, and the bank has demonstrated through a documented assessment that its risk profile and its parent company’s risk profile are substantially the same, the bank may use its parent company’s risk governance framework to satisfy the guidelines.

Framework standards. Part II of the proposed guidelines sets out minimum standards for the design and implementation of a bank’s risk governance framework. At a minimum, a bank should establish and adhere to a formal, written framework that covers the following risk categories that apply to the bank: credit risk, interest rate risk, liquidity risk, price risk, operational risk, compliance risk, strategic risk, and reputation risk. The OCC has defined these eight categories of risks for supervision purposes, but banks may choose to categorize underlying risks in a different manner for risk management purposes. Regardless of how a bank categorizes its risks, the framework must appropriately cover risks to the bank’s earnings, capital, liquidity, and reputation that arise from all of its activities, including risks associated with third-party relationships. Independent risk management should be responsible for the design of the framework, and for ensuring it comprehensively covers the bank’s risks. Independent risk management should also review and update the framework at least annually, and as often as needed to address changes in the bank’s risk profile caused by internal or external factors or the evolution of industry risk management.

Standards for board of directors. Finally, Part III of the proposed guidelines sets out the minimum standards for the bank’s board in providing oversight to the risk governance framework’s design and implementation. Under Part III, the bank’s board of directors must:

  • ensure an effective risk governance framework;

  • provide active oversight of management and be a credible challenge to management;

  • exercise independent judgment;

  • include independent directors;

  • provide ongoing training to independent directors; and

  • conduct an annual self-assessment.

Enforcement of guidelines. The OCC is establishing these proposed guidelines under Section 39 of the Federal Deposit Insurance Act (12 U.S.C. §1831p-1) which authorizes the OCC to prescribe safety and soundness standards in the form of a regulation or guidelines. By issuing the standards as guidelines, the OCC has the flexibility to pursue the course of action that is most appropriate given the specific circumstances of a bank’s noncompliance with one or more standards, and the bank’s self-corrective and remedial responses. Had the OCC issued the risk governance framework as a regulation under FDIA Act section 39, the OCC is statutorily mandated to require that a bank to submit a plan specifying the steps it will take to comply with the standard.

Commenting on the proposed guidelines, Comptroller of the Currency Thomas J. Curry said, “The standards announced today build on lessons learned from the financial crisis. They will contribute to a safer financial system for all of us by providing clear and enforceable standards for the risk management and governance of our largest institutions. They provide additional supervisory tools to examiners of large national banks and federal savings associations, and they will measurably enhance our supervision of these institutions.”

MainStory: TopStory BankingOperations DirectorsOfficersEmployers FinancialStability

Banking and Finance Law Daily

Introducing Wolters Kluwer Banking and Finance Law Daily — a daily reporting service created by attorneys, for attorneys — providing same-day coverage of breaking news, court decisions, legislation, and regulatory activity.


A complete daily report of the news that affects your world

  • View full summaries of federal and state court decisions.
  • Access full text of legislative and regulatory developments.
  • Customize your daily email by topic and/or jurisdiction.
  • Search archives for stories of interest.

Not just news — the right news

  • Get expert analysis written by subject matter specialists—created by attorneys for attorneys.
  • Track law firms and organizations in the headlines with our new “Who’s in the News” feature.
  • Promote your firm with our new reprint policy.

24/7 access for a 24/7 world

  • Forward information with special copyright permissions, encouraging collaboration between counsel and colleagues.
  • Save time with mobile apps for your BlackBerry, iPhone, iPad, Android, or Kindle.
  • Access all links from any mobile device without being prompted for user name and password.