[Federal Register Volume 80, Number 242 (Thursday, December 17, 2015)]
[Proposed Rules]
[Pages 78681-78689]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-31658]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
12 CFR Part 30
[Docket ID OCC-2015-0017]
RIN 1557-AD96
Guidelines Establishing Standards for Recovery Planning by
Certain Large Insured National Banks, Insured Federal Savings
Associations, and Insured Federal Branches
AGENCY: Office of the Comptroller of the Currency, Treasury.
ACTION: Proposed guidelines.
-----------------------------------------------------------------------
SUMMARY: The Office of the Comptroller of the Currency (OCC) is
requesting comment on proposed enforceable guidelines establishing
standards for recovery planning by insured national banks, insured
Federal savings associations, and insured Federal branches of foreign
banks with average total consolidated assets of $50 billion or more
(Guidelines). The OCC would issue the Guidelines as an appendix to its
safety and soundness standards regulations, and the Guidelines would be
enforceable by the terms of the Federal statute that authorizes the OCC
to prescribe operational and managerial standards for national banks
and Federal savings associations.
DATES: Comments must be submitted by February 16, 2016.
[[Page 78682]]
ADDRESSES: Because paper mail in the Washington, DC area and at the OCC
is subject to delay, commenters are encouraged to submit comments
through the Federal eRulemaking Portal or email, if possible. Please
use the title ``Guidelines Establishing Standards for Recovery Planning
by Certain Large Insured National Banks, Insured Federal Savings
Associations, and Insured Federal Branches'' to facilitate the
organization and distribution of the comments. You may submit comments
by any of the following methods:
Federal eRulemaking Portal--``Regulations.gov'': Go to
http://www.regulations.gov. Enter ``Docket ID OCC-2015-0017'' in the
Search Box and click ``Search''. Results can be filtered using the
filtering tools on the left side of the screen. Click on ``Comment
Now'' to submit public comments.
Click on the ``Help'' tab on the Regulations.gov home page
to get information on using Regulations.gov, including instructions for
submitting public comments.
Email: [email protected].
Mail: Legislative and Regulatory Activities Division,
Office of the Comptroller of the Currency, 400 7th Street SW., Suite
3E-218, Mail Stop 9W-11, Washington, DC 20219.
Hand Delivery/Courier: 400 7th Street SW., Suite 3E-218,
Mail Stop 9W-11, Washington, DC 20219.
Fax: (571) 465-4326.
Instructions: You must include ``OCC'' as the agency name and
``Docket ID OCC-2015-0017'' in your comment. In general, the OCC will
enter all comments received into the docket and publish them on the
Regulations.gov Web site without change, including any business or
personal information that you provide such as name and address, email
addresses, or phone numbers. Comments received, including attachments
and other supporting materials, are part of the public record and
subject to public disclosure. Do not enclose any information in your
comment or supporting materials that you consider confidential or
inappropriate for public disclosure.
You may review comments and other related materials that pertain to
this rulemaking action by any of the following methods:
Viewing Comments Electronically: Go to http://www.regulations.gov. Enter ``Docket ID OCC-2015-0017'' in the Search
box and click ``Search''. Comments can be filtered by agency name using
the filtering tools on the left side of the screen.
Click on the ``Help'' tab on the Regulations.gov home page
to get information on using Regulations.gov, including instructions for
viewing public comments, viewing other supporting and related
materials, and viewing the docket after the close of the comment
period.
Viewing Comments Personally: You may personally inspect
and photocopy comments at the OCC, 400 7th Street SW., Washington, DC.
For security reasons, the OCC requires that visitors make an
appointment to inspect comments. You may do so by calling (202) 649-
6700 or, for persons who are deaf or hard of hearing, TTY, (202) 649-
5597. Upon arrival, visitors will be required to present valid
government-issued photo identification and to submit to a security
screening in order to inspect and photocopy comments.
Docket: You may also view or request available background
documents and project summaries using the methods described above.
FOR FURTHER INFORMATION CONTACT: For questions concerning the
Guidelines, contact Lori Bittner, Large Bank Supervision--Resolution
and Recovery, (202) 649-6093; Stuart Feldstein, Director, Andra
Shuster, Senior Counsel, or Karen McSweeney, Counsel, Legislative &
Regulatory Activities Division, (202) 649-5490 or, for persons who are
deaf or hard of hearing, TTY, (202) 649-5597; or Valerie Song,
Assistant Director, Bank Activities and Structure Division, (202) 649-
5500, 400 7th Street SW., Washington, DC 20219.
SUPPLEMENTARY INFORMATION:
Background
The recent financial crisis demonstrated the destabilizing effect
that severe stress at large, complex, interconnected financial
companies can have on the national economy, capital markets, and the
overall financial stability of the banking system. Following the
crisis, Congress passed the Dodd-Frank Wall Street Reform and Consumer
Protection Act (Dodd-Frank Act); among other purposes, the Dodd-Frank
Act was intended to strengthen the framework for the supervision and
regulation of large U.S. financial companies in order to address the
significant impact that these institutions can have on capital markets
and the economy.
One lesson learned from the crisis is the importance--especially in
large or complex financial institutions--of strong risk management and
corporate governance practices. In 2014, the OCC adopted heightened
standards guidelines that address the risk management and corporate
governance of large or complex banks.\1\ These guidelines establish
minimum standards for the design and implementation of a corporate
governance framework and for a bank's board of directors in overseeing
the framework's design and implementation. The OCC believes that these
heightened standards further the goals of the Dodd-Frank Act by
clarifying the OCC's expectation that banks have robust practices in
areas where the crisis revealed substantial weaknesses.
---------------------------------------------------------------------------
\1\ 79 FR 54518 (Sept. 11, 2014) (OCC Guidelines Establishing
Heightened Standards for Certain Large Insured National Banks,
Insured Federal Savings Associations, and Insured Federal Branches;
Integration of Regulations).
---------------------------------------------------------------------------
Another important component of an institution's risk management and
corporate governance practices is how an institution plans to respond
to severe stress in a manner that preserves its financial and
operational strength and viability. In the aftermath of the crisis, it
became clear that many financial institutions had insufficient plans
for identifying and responding rapidly to significant stress events. As
a result, many institutions were forced to take significant actions
quickly without the benefit of a well-developed plan. In addition,
recent large-scale operational events, such as destructive cyber
attacks, demonstrate the need for institutions to plan how to respond
to such occurrences.
The OCC believes that large, complex institutions should have a
recovery plan that describes options for responding to stress events.
Accordingly, the OCC is proposing to establish standards for recovery
planning that would apply to insured national banks, insured Federal
savings associations, and insured Federal branches of foreign banks
(together, banks and each, a bank) with average total consolidated
assets of $50 billion or more (together, covered banks and each, a
covered bank).\2\ An institution's recovery planning should be a
dynamic, ongoing process. This process should complement the
institution's risk management and corporate governance functions and
support its safe and sound operation. The process of developing and
maintaining a recovery plan also should cause covered banks' management
and boards of directors to enhance their focus on risk management and
corporate governance with a view toward lessening the financial or
operational impact of future unforeseen events.
---------------------------------------------------------------------------
\2\ While the Dodd-Frank Act addresses resolution planning, it
does not specifically address recovery planning.
---------------------------------------------------------------------------
The OCC recognizes that many covered banks already engage in
[[Page 78683]]
significant planning to respond to events such as cyber attacks,
business interruptions, and leadership vacancies. They undertake
strategic, operational, contingency, capital (including stress
testing), liquidity, and resolution planning. We do not intend for the
recovery planning required by these Guidelines to duplicate these
efforts, and we encourage covered banks to leverage their existing
planning. Rather, the purpose of the Guidelines is to provide a
comprehensive framework for evaluating how severe stress may affect the
covered bank as a whole and the options that will allow it to remain
viable even under severe stress.
As described below, a covered bank should develop and maintain a
recovery plan that identifies triggers based on severe stress
scenarios. These scenarios should range from those that cause
significant financial and operational hardship to those that bring the
covered bank close to default, but no further; scenarios should not go
so far as to push the covered bank into resolution. The plan should
identify the credible options a covered bank could take to restore
financial and operational strength and viability in a timely manner,
while maintaining market confidence. Neither the plan nor the options
may assume or rely on any extraordinary government support.
As part of the OCC's regular supervisory activities, OCC examiners
will assess the appropriateness and adequacy of the covered bank's
recovery planning process and the integration of that process into the
covered bank's overall risk management and corporate governance
functions. Examiners will also assess the quality and reasonableness of
a covered bank's recovery plan, including its triggers and the stress
scenarios upon which the triggers are based, recovery options, impact
assessments, and execution strategies, as well as the covered bank's
management and board responsibilities.
Enforcement of the Guidelines
The OCC is proposing these Guidelines pursuant to section 39 of the
Federal Deposit Insurance Act (FDIA).\3\ Section 39 authorizes the OCC
to prescribe safety and soundness standards in the form of a regulation
or guidelines. The OCC currently has four sets of these guidelines,
issued as appendices to part 30 of the OCC's regulations. Appendix A
contains operational and managerial standards that relate to internal
controls, information systems, internal audit systems, loan
documentation, credit underwriting, interest rate exposure, asset
growth, asset quality, earnings, compensation, fees, and benefits.
Appendix B contains standards on information security, and Appendix C
contains standards that address residential mortgage lending practices.
Appendix D contains standards for the design and implementation of a
risk governance framework.
---------------------------------------------------------------------------
\3\ 12 U.S.C. 1831p-1. Section 39 was enacted as part of the
Federal Deposit Insurance Corporation Improvement Act of 1991,
Public Law 102-242, section 132(a), 105 Stat. 2236, 2267-70 (Dec.
19, 1991).
---------------------------------------------------------------------------
Section 39 prescribes different consequences depending on whether
the standards are issued by regulation or guidelines. Pursuant to
section 39, if a national bank or Federal savings association \4\ fails
to meet a standard prescribed by regulation, the OCC must require it to
submit a plan specifying the steps it will take to comply with the
standard. If a national bank or Federal savings association fails to
meet a standard prescribed by a guideline, the OCC has the discretion
to decide whether to require the submission of a plan.\5\ Issuing these
standards as guidelines rather than as a regulation provides the OCC
with the flexibility to pursue the course of action that is most
appropriate given the specific circumstances of a covered bank's
noncompliance with one or more standards and the covered bank's self-
corrective and remedial responses.
---------------------------------------------------------------------------
\4\ Section 39 of the FDIA applies to ``insured depository
institutions,'' which includes insured Federal branches of foreign
banks. While we do not specifically refer to these entities in this
discussion, it should be read to include them. However, section 39
does not apply to uninsured depository institutions.
\5\ See 12 U.S.C. 1831p-1(e)(1)(A)(i) and (ii).
---------------------------------------------------------------------------
The procedural rules implementing the supervisory and enforcement
remedies prescribed by section 39 are contained in part 30 of the OCC's
rules. Under these provisions, the OCC may initiate a supervisory or
enforcement process when it determines, by examination or otherwise,
that a national bank or Federal savings association has failed to meet
the standards set forth in the Guidelines.\6\ Upon making that
determination, the OCC may request, in writing, that the national bank
or Federal savings association submit a compliance plan to the OCC
detailing the steps the institution will take to correct the
deficiencies and the time within which it will take those steps. This
request is termed a Notice of Deficiency. Upon receiving a Notice of
Deficiency from the OCC, the national bank or Federal savings
association must submit a compliance plan to the OCC for approval
within 30 days.
---------------------------------------------------------------------------
\6\ The procedures governing the determination and notification
of failure to satisfy a standard prescribed pursuant to section 39,
the filing and review of compliance plans, and the issuance, if
necessary, of orders currently are set forth in the OCC's
regulations at 12 CFR 30.3, 30.4, and 30.5.
---------------------------------------------------------------------------
If a national bank or Federal savings association fails to submit
an acceptable compliance plan or fails in any material respect to
implement a compliance plan approved by the OCC, the OCC may issue a
Notice of Intent to Issue an Order pursuant to section 39 (Notice of
Intent). The bank or savings association then has 14 days to respond to
the Notice of Intent. After considering the bank's or savings
association's response, the OCC may issue the order, decide not to
issue the order, or seek additional information from the bank or
savings association before making a final decision. Alternatively, the
OCC may issue an order without providing the bank or savings
association with a Notice of Intent. In such a case, the bank or
savings association may appeal after-the-fact to the OCC, and the OCC
has 60 days to consider the appeal. Upon the issuance of an order, a
bank or savings association is deemed to be in noncompliance with part
30. Orders are formal, public documents, and they may be enforced by
the OCC in district court. The OCC may also assess a civil money
penalty, pursuant to 12 U.S.C. 1818, against any bank or savings
association that violates or otherwise fails to comply with any final
order and against any institution-affiliated party who participates in
such violation or noncompliance.
Description of the OCC's Guidelines for Recovery Planning
The proposed Guidelines consist of three sections. Section I
provides an introduction to the Guidelines, explains the scope of the
Guidelines, and defines key terms. Section II sets forth the standards
for the design and execution of a covered bank's recovery plan. Section
III provides the standards for management's and the board of directors'
responsibilities in connection with the recovery plan.
Section I: Introduction
Scope. The Guidelines would apply to a bank with average total
consolidated assets equal to or greater than $50 billion as of the
effective date of the Guidelines (calculated by averaging the covered
bank's total consolidated assets, as reported on the bank's
Consolidated Reports of Condition and Income (Call Reports), for the
four most recent consecutive quarters). This threshold is consistent
with the scope of the regulations of the Federal Deposit Insurance
Corporation (FDIC) and Board
[[Page 78684]]
of Governors of the Federal Reserve System (Board) that require certain
entities to prepare resolution plans.\7\ For those banks that have
average total consolidated assets less than $50 billion as of the
effective date of the Guidelines, but subsequently have average total
consolidated assets of $50 billion or greater, the date on which the
Guidelines would apply is the as-of date of the most recent Call Report
used in the calculation of the average.\8\ Once a bank becomes subject
to the Guidelines because its average total consolidated assets reach
or exceed the $50 billion threshold, it would be required to continue
to comply with the Guidelines, unless the OCC specifically determines
that compliance is not required.
---------------------------------------------------------------------------
\7\ See 12 CFR 381.2(f) and 243.2(f), respectively. See also 12
CFR 360.10.
\8\ While the Guidelines would apply as of the date of the most
recent Call Report used in the calculation of the average total
consolidated assets of the covered bank, we understand that a newly
covered bank will need time to formulate a recovery plan and expect
the bank to work with its OCC examiners during this period.
---------------------------------------------------------------------------
In order to maintain supervisory flexibility, the proposed
Guidelines would reserve the OCC's authority to apply the Guidelines to
a bank whose average total consolidated assets are less than $50
billion if the OCC determines such entity's operations are highly
complex or otherwise present a heightened risk that warrants
application of the Guidelines. The OCC expects to use this authority
infrequently; it does not intend to apply the Guidelines to community
banks.
In determining whether a bank's operations are highly complex or
present a heightened risk, the OCC will consider the bank's risk
profile, size, activities, and complexity, including the complexity of
its organizational and legal entity structure. Additionally, as noted
above, the OCC may determine that a covered bank is no longer required
to comply with the Guidelines. The OCC would generally make this
determination if a covered bank's operations are no longer highly
complex or no longer present a heightened risk.
When exercising any of these reservations of authority, the OCC
would apply notice and response procedures consistent with those set
out in 12 CFR 3.404. In accordance with these procedures, the OCC would
provide a bank or covered bank, as appropriate, with written notice of
its proposed determination under this paragraph of the Guidelines, and
the bank or covered bank would have 30 days to respond in writing. The
OCC would consider failure to respond within this time frame a waiver
of any objections. At the conclusion of the 30 days, the OCC would
issue a written notice of its final determination.
As discussed above, the Guidelines would be enforceable pursuant to
section 39 of the FDIA and part 30 of the OCC's rules. Section I of the
Guidelines provides that nothing in section 39 or the Guidelines in any
way limits the authority of the OCC to address unsafe or unsound
practices or conditions or other violations of law.\9\
---------------------------------------------------------------------------
\9\ Section 39 preserves all authority otherwise available to
the OCC, stating, ``The authority granted by this section is in
addition to any other authority of the Federal banking agencies.''
See 12 U.S.C. 1831p-1(g).
---------------------------------------------------------------------------
Definitions. Paragraph D of Section I defines certain terms used
throughout the Guidelines, including ``average total consolidated
assets,'' ``bank,'' ``covered bank,'' ``recovery,'' ``recovery plan,''
and ``trigger.'' The term ``recovery'' means timely and appropriate
action that a covered bank takes to remain a going concern when it is
experiencing or is likely to experience considerable financial or
operational distress. A covered bank in recovery has not yet
deteriorated to the point where liquidation or resolution is imminent.
A ``recovery plan'' is a plan that identifies triggers and options for
responding to a wide range of severe internal and external stress
scenarios and for restoring a covered bank to financial and operational
strength and viability in a timely manner, while maintaining the
confidence of market participants. Neither the plan nor the options may
assume or rely on any extraordinary government support. ``Trigger''
means a quantitative or qualitative indicator of the risk or existence
of severe stress that should always be escalated to management or the
board of directors, as appropriate, for purposes of initiating a
response. The breach of any trigger should result in timely notice
accompanied by sufficient information to enable management of the
covered bank to take corrective action.
Section II: Recovery Plan
Each covered bank should develop and maintain a recovery plan
appropriate for its individual risk profile, size, activities, and
complexity, including the complexity of its organizational and legal
entity structure. Section II sets forth the elements that the covered
bank should include in a recovery plan.\10\
---------------------------------------------------------------------------
\10\ A covered bank can use information included in its
resolution plan to prepare its recovery plan.
---------------------------------------------------------------------------
1. Overview of covered bank. It is important that a recovery plan
provide a detailed description of the covered bank's overall
organizational and legal structure, including its material entities,
critical operations, core business lines, and core management
information systems. The description should explain interconnections
and interdependencies \11\ (i) across business lines within the covered
bank, (ii) with affiliates in a bank holding company structure, (iii)
between a covered bank and its foreign subsidiaries, and (iv) with
critical third parties. The description should address whether a
disruption of these interconnections or interdependencies would
materially affect the funding or operations of the covered bank and, if
so, how. Examples include relationships with respect to credit
exposures, investments, or funding commitments; guarantees including an
acceptance, endorsement, or letter of credit issued for the benefit of
an affiliate during normal periods, as opposed to during a crisis; and
payment services, treasury operations, collateral management,
information technology (IT), human resources (HR), or other operational
functions. This overview is an essential part of the recovery plan.
---------------------------------------------------------------------------
\11\ We are using the terms ``interconnections'' and
``interdependencies'' in a manner consistent with FDIC and Board
resolution plan regulations. See supra note 7.
---------------------------------------------------------------------------
2. Triggers. As defined above, a trigger is a quantitative or
qualitative indicator of the risk or existence of severe stress that
should always be escalated to management or the board of directors, as
appropriate, for purposes of initiating a response. In order to
identify triggers that appropriately reflect the particular
vulnerabilities of each covered bank, the bank should begin by
designing severe stress scenarios that would threaten the covered
bank's critical operations or cause it to fail if one or more recovery
options were not implemented in a timely manner. Because a recovery
plan should demonstrate the ability of the covered bank to restore its
financial and operational strength and viability, these scenarios
should range from those that cause significant financial and
operational hardship to those that bring the covered bank close to
default, but not into resolution.\12\
---------------------------------------------------------------------------
\12\ Separate from these Guidelines, covered banks are required
to conduct supervisory stress tests. While the scenarios used to
conduct those tests may be appropriate for purposes of identifying
triggers under these Guidelines, a covered bank should evaluate the
appropriateness of those scenarios on a case-by-case basis.
---------------------------------------------------------------------------
The covered bank should consider a range of bank-specific and
market-wide stress scenarios, individually and in the aggregate, that
are immediate and prolonged. The stress scenarios should be designed to
result in capital shortfalls, liquidity pressures, or other significant
financial losses. Examples of
[[Page 78685]]
bank-specific stress scenarios include fraud; portfolio shocks; a
significant cyber attack \13\ or other wide-scale operational event;
accounting and tax issues; events that cause a reputational crisis that
degrades customer or market confidence; and other key stresses that
management identifies. Examples of market-wide stress scenarios include
the disruption of domestic or global financial markets; the failure or
impairment of systemically important financial industry participants,
critical financial market infrastructure firms, and critical third-
party relationships; significant changes in debt or equity valuations,
currency rates, or interest rates; the widespread interruption of
critical infrastructure that may degrade operational capability; \14\
and general economic conditions.
---------------------------------------------------------------------------
\13\ An example of a significant cyber attack includes an event
that has an impact on a bank's computer network(s) or the computer
network(s) of one of its third-party providers and that undermines
the covered bank's data or processes.
\14\ An example of this type of interruption includes a
disruption to a payment, clearing, or settlement system that affects
the covered bank's ability to access that system.
---------------------------------------------------------------------------
As provided in the definition of ``trigger,'' the breach of a
trigger should always be escalated to management or the board of
directors, as appropriate, for its consideration of an appropriate
response. The breach of any trigger should result in timely notice
accompanied by sufficient information to enable management of the
covered bank to take corrective action. A covered bank should select
triggers that address a continuum of increasingly severe stress,
ranging from those that provide a warning of the likely occurrence of
severe stress to those that indicate the actual existence of severe
stress. The number and nature of triggers should be appropriate for the
covered bank's business and risk profile.
The nature of the trigger informs the nature of the response. For
example, in some situations, the appropriate response to the breach of
a trigger may be enhanced monitoring; in other situations, the breach
of a trigger should result in activating a specific recovery option set
forth in the plan or taking other corrective action. It should be
noted, however, that the breach of a particular trigger does not
necessarily correspond to a single recovery option; instead, more than
one option may be appropriate when a particular trigger is breached.
A recovery plan should include both quantitative and qualitative
triggers. Quantitative triggers include changes in covered bank-
specific indicators that reflect the covered bank's capital or
liquidity position. While capital or liquidity triggers may be the most
critical, a covered bank should also consider other quantitative
triggers that may have an impact on its condition, such as a rating
downgrade; access to credit and borrowing lines; equity ratios;
profitability; asset quality; or other macroeconomic indicators. Of
course, a covered bank should be prepared to act to preserve the
financial and operational strength and viability of the bank if it is
at risk, regardless of whether a trigger has been breached or the
recovery plan includes options to specifically address the problems the
bank faces.
Qualitative triggers include the unexpected departure of senior
leadership; the erosion of reputation or market standing; the impact of
an adverse legal ruling; and a material operational event that affects
the covered bank's ability to access critical services or to deliver
products or services to its customers for a material period of time. It
is important to note that the covered bank should review and update
both qualitative and quantitative triggers, as necessary, to take into
account changes in laws and regulations and other material events. In
addition, a covered bank should consider the regulatory or legal
consequences that may be associated with the breach of a particular
trigger.
3. Options for recovery. The recovery plan should identify a wide
range of credible options that a covered bank could undertake to
restore financial and operational strength and viability, thereby
allowing the bank to continue to operate as a going concern and to
avoid liquidation or resolution. A covered bank should be able to
execute the identified options within time frames that allow those
options to be effective during periods of stress. Neither the plan nor
the options may assume or rely on any extraordinary government support.
A recovery plan should explain how the covered bank would carry out
each option. It should include a description of the decision-making
process for implementing each option, including the steps to be
followed and any timing considerations. It should also identify the
critical parties needed to carry out each option. Options may include
the conservation or restoration of liquidity and capital; the sale,
transfer, or disposal of significant assets, portfolios, or business
lines; the reduction of risk profile; the restructuring of liabilities;
the activation of emergency protocols; and succession planning. Options
may also include organizational restructuring, including divesting
legal entities in order to simplify the covered bank's structure. The
recovery plan should also identify obstacles that could impede the
execution of an option and set out mitigation strategies for addressing
these obstacles. The recovery plan should specifically identify
recovery options that require regulatory or legal approval.
Set forth below are examples of how stress scenarios, triggers, and
options relate to each other:
------------------------------------------------------------------------
Example of a severe stress Possible options in
scenario Possible triggers response to triggers
------------------------------------------------------------------------
Idiosyncratic stress: Tier 1 Issue new
Trading losses caused by a capital falls below capital.
rogue trader. 6%. Sell
Liquidity nonstrategic assets
falls below or businesses.
internal bank Reduce loan
policy requirements. originations or
commitments.
Systemic stress: Significant Short-term Sell
decline in U.S. gross credit rating falls strategic assets or
domestic product, coupled below A-3. businesses.
with an increase in the Reduce
U.S. unemployment rate and Nonperforming loans expenses (e.g.,
a deterioration in U.S. rise above a business
residential housing market. specified contractions).
percentage. Access the
Market Board's Discount
capitalization Window.
falls below a
specific limit for
a certain period of
time.
------------------------------------------------------------------------
4. Impact assessments. For each recovery option, a covered bank
should assess and describe how the option would affect the covered
bank. This impact assessment and description should specify the
procedures the covered bank would use to maintain the financial and
operational strength and viability of its material entities, critical
[[Page 78686]]
operations, and core business lines for each recovery option. This
assessment should include an analysis of both its internal operations
(e.g., IT systems, suppliers, HR operations) and its access to market
infrastructure (e.g., clearing and settlement facilities, payment
systems, additional collateral requirements). A recovery plan should
also specify actions a firm can take to sell entities, assets, or
business lines to restore the financial condition of the covered bank.
For each recovery option, a covered bank should identify any
impediments or regulatory requirements that must be addressed to
execute the option, including how to overcome those impediments or
satisfy those requirements. Each recovery option also should address
potential consequences, including the benefits and risks of that
particular option. The assessment should address the impact on the
covered bank's capital, liquidity, funding and profitability; and the
effect on the covered bank's material entities, critical operations,
and core business lines, including reputational impact.
5. Escalation procedures. A recovery plan should clearly outline
the process for escalating decision-making to senior management or the
board of directors, as appropriate, in response to the breach of a
trigger. The recovery plan should also identify the departments and
persons responsible for making and executing these decisions, including
the process for informing necessary stakeholders (e.g., shareholders,
counsel, accountants, regulators) to effect the action. At a minimum,
the escalation procedures should result in the covered bank taking
action before remedial supervisory action is necessary.
6. Management reports. A recovery plan should require reports that
provide management or the board of directors with sufficient data and
information to make timely decisions regarding the appropriate actions
necessary to respond to the breach of a trigger. A recovery plan should
identify the types of reports that the covered bank will provide to
allow management or the board to monitor progress with respect to the
actions taken under the recovery plan.
7. Communication procedures. A recovery plan should provide that
the covered bank notify the OCC of any significant breach of a trigger
and any action taken or to be taken in response to such breach and
should explain the process for deciding when a breach of a trigger is
significant. A covered bank should work closely with the OCC when
executing a recovery plan.
A recovery plan also should address when and how the covered bank
will notify persons within the organization and other external parties
of its actions under the recovery plan. These elements will ensure that
all stakeholders are informed in a timely manner of how the covered
bank responds to a breach of a trigger. In addition, the recovery plan
should specifically identify how the covered bank will obtain required
regulatory or legal approvals in order to ensure that the covered bank
receives such approval in a timely manner.
8. Other information. A recovery plan should include any other
information that the OCC communicates in writing directly to the
covered bank regarding the covered bank's recovery plan. A well-
developed recovery plan should also consider relevant information
included in other written OCC or Federal Financial Institutions
Examination Council material.
C. Relationship to other processes; coordination with other plans.
The covered bank should integrate its recovery plan into its corporate
governance and risk management functions. The covered bank also should
coordinate its recovery plan with its strategic; operational (including
business continuity); contingency; capital (including stress testing);
liquidity; and resolution planning. In many cases, these plans may be
interconnected and would require the covered bank to coordinate among
them. In addition, to the extent possible, a covered bank should align
its recovery plan with any recovery and resolution planning efforts by
the covered bank's holding company so that the plans are consistent
with and do not contradict each other. We recognize that some
inconsistency may be unavoidable because recovery planning and
resolution planning differ in that recovery planning addresses a bank's
ongoing financial and operational strength and viability while
resolution planning starts from the point of non-viability.
The OCC notes that covered banks are an integral part of bank
holding company recovery and resolution plans. As a result, a covered
bank may be able to leverage certain elements in these other plans. For
example, resolution plans typically require a bank to map its critical
operations. A covered bank may find this resolution planning mapping
exercise to be useful in describing its interconnections and
interdependencies as set out in its recovery plan overview.
Section III: Management's and Board of Directors' Responsibilities
Section III of the proposed Guidelines addresses the
responsibilities of both management and the board of directors with
respect to the recovery plan.
Management of the covered bank should review the recovery plan at
least annually and in response to a material event. It should revise
the plan as necessary to reflect material changes in the covered bank's
risk profile, complexity, size, and activities, as well as changes in
external threats. During this review, management should consider the
ongoing relevance and applicability of the stress scenarios and
triggers and revise the recovery plan as needed. This review should
evaluate the covered bank's organizational structure and its
effectiveness in facilitating a recovery. The assessment should
consider the legal structures, number of entities, geographical
footprint, booking practices (e.g., guarantees, exposures), and
servicing arrangements necessary to enable flexible operations. The
board and management should provide justification for the covered
bank's organizational and legal structures and outline changes that
would enhance the board's and management's ability to oversee the
covered bank in times of stress. A more rational legal structure can
provide a clearer path to recovery and the operational flexibility to
implement the recovery plan.
The board is responsible for overseeing the covered bank's recovery
planning process. As part of the board's oversight of a covered bank's
safe and sound operations, the board also should work closely with the
bank's senior management in developing and executing the recovery plan.
Accordingly, the Guidelines provide that a covered bank's board of
directors, or an appropriate committee of the board, should review and
approve the recovery plan at least annually and as needed to address
any changes made by management.
Request for Comments
The OCC requests comment on all aspects of the proposed Guidelines.
Regulatory Analysis
Paperwork Reduction Act
The OCC has determined that this proposal involves collections of
information pursuant to the provisions of the Paperwork Reduction Act
of 1995 (PRA) (44 U.S.C. 3501 et seq.). The OCC may not conduct or
sponsor, and an organization is not required to respond to, these
information collection requirements unless the information collection
displays a currently valid Office of Management and Budget (OMB)
control number. The OCC is seeking a control number for this
[[Page 78687]]
collection from OMB and has submitted this collection to OMB.
The collections of information that are subject to the PRA in this
proposal are found in 12 CFR part 30, appendix E, sections II.B.,
II.C., and III. Section II.B. specifies the elements of the recovery
plan, including an overview of the covered bank; triggers; options for
recovery; impact assessments; escalation procedures; management
reports; and communication procedures. Section II.C. addresses the
relationship of the plan to other covered bank processes and plans, as
well as those of its bank holding company. Section III outlines
management's and board of directors' responsibilities.
Title: OCC Guidelines Establishing Standards for Recovery Planning
by Certain Large Insured National Banks, Insured Federal Savings
Associations, and Insured Federal Branches.
OMB Control No.: To be assigned by OMB.
Frequency of Response: On occasion.
Affected Public: Businesses or other for-profit organizations.
Burden Estimates:
Total Number of Respondents: 23.
Total Burden per Respondent: 7,543 hours.
Total Burden for Collection: 173,489 hours.
Comments should be submitted as provided in the ADDRESSES section
and are invited on: (1) Whether the proposed collection of information
is necessary for the proper performance of the OCC's functions;
including whether the information has practical utility; (2) the
accuracy of the OCC's estimate of the burden of the proposed
information collection, including the cost of compliance; (3) ways to
enhance the quality, utility, and clarity of the information to be
collected; and (4) ways to minimize the burden of information
collection on respondents, including through the use of automated
collection techniques or other forms of IT.
Regulatory Flexibility Analysis
Pursuant to section 605(b) of the Regulatory Flexibility Act, 5
U.S.C. 605(b) (RFA), the regulatory flexibility analysis otherwise
required under section 603 of the RFA is not required if the agency
certifies that the proposal will not, if promulgated, have a
significant economic impact on a substantial number of small entities
(defined for purposes of the RFA to include commercial banks and
savings institutions with assets less than or equal to $550 million and
trust companies with assets less than or equal to $38.5 million) and
publishes its certification and a short, explanatory statement in the
Federal Register along with its proposal.
The proposed Guidelines would have no impact on any small entities.
The proposed Guidelines would apply only to insured national banks,
insured Federal savings associations, and insured Federal branches of
foreign banks with $50 billion or more in average total consolidated
assets. The proposed Guidelines reserve the OCC's authority to apply
them to an insured national bank, insured Federal savings association,
or insured Federal branch of a foreign bank with less than $50 billion
in average total consolidated assets if the OCC determines such
entity's operations are highly complex or otherwise present a
heightened risk. We do not expect any small entities will be determined
to have highly complex operations or present heightened risk by the
OCC. Therefore, the OCC certifies that the proposed Guidelines would
not, if issued, have a significant economic impact on a substantial
number of small entities.
Unfunded Mandates Reform Act Analysis
Section 202 of the Unfunded Mandates Reform Act of 1995 (2 U.S.C.
1532), requires the OCC to prepare a budgetary impact statement before
promulgating a rule that includes a Federal mandate that may result in
the expenditure by State, local, and tribal governments, in the
aggregate, or by the private sector, of $100 million or more in any one
year (adjusted annually for inflation). The OCC has determined that
this proposal will not result in expenditures by State, local, and
tribal governments, or the private sector, of $100 million or more in
any one year. Accordingly, the OCC has not prepared a budgetary impact
statement.
List of Subjects in 12 CFR Part 30
Banks, Banking, Consumer protection, National banks, Privacy,
Safety and soundness, Reporting and recordkeeping requirements.
For the reasons set forth in the preamble, and under the authority
of 12 U.S.C. 93a, chapter I of title 12 of the Code of Federal
Regulations is proposed to be amended as follows:
PART 30--SAFETY AND SOUNDNESS STANDARDS
0
1. The authority citation for part 30 continues to read as follows:
Authority: 12 U.S.C. 1, 93a, 371, 1462a, 1463, 1464, 1467a,
1818, 1828, 1831p-1, 1881-1884. 3102(b) and 5412(b)(2)(B); 15 U.S.C.
1681s, 1681w, 6801, and 6805(b)(1).
0
2. Add Appendix E to part 30 to read as follows:
Appendix E to Part 30--OCC Guidelines Establishing Standards for
Recovery Planning by Certain Large Insured National Banks, Insured
Federal Savings Associations, and Insured Federal Branches
Table of Contents
I. Introduction
A. Scope
B. Reservation of Authority
C. Preservation of Existing Authority
D. Definitions
II. Recovery Plan
A. Recovery Plan
B. Elements of Recovery Plan
1. Overview of Covered Bank
2. Triggers
3. Options for Recovery
4. Impact Assessments
5. Escalation Procedures
6. Management Reports
7. Communication Procedures
8. Other Information
C. Relationship to Other Processes; Coordination With Other
Plans
III. Management's and Board of Directors' Responsibilities
A. Management
B. Board of Directors
I. Introduction
A. Scope. This appendix applies to a covered bank, as defined in
paragraph I.D.3.
B. Reservation of authority.
1. The OCC reserves the authority:
a. To apply this appendix, in whole or in part, to a bank that has
average total consolidated assets of less than $50 billion, if the OCC
determines such bank is highly complex or otherwise presents a
heightened risk that warrants the application of this appendix; or
b. To determine that compliance with this appendix should not be
required for a covered bank. The OCC will generally make the
determination under this paragraph I.B.1.b. if a covered bank's
operations are no longer highly complex or no longer present a
heightened risk.
2. In determining whether a covered bank is highly complex or
presents a heightened risk, the OCC will consider the bank's risk
profile, size, activities, and complexity, including the complexity of
its organizational and legal entity structure. Before exercising the
authority reserved by this paragraph I.B, the OCC will apply notice and
response procedures in the same manner and to the same extent as the
notice and response procedures in 12 CFR 3.404.
C. Preservation of existing authority. Neither section 39 of the
Federal Deposit Insurance Act (12 U.S.C. 1831p-1) nor this appendix in
any way limits the authority of the OCC to
[[Page 78688]]
address unsafe or unsound practices or conditions or other violations
of law. The OCC may take action under section 39 and this appendix
independently of, in conjunction with, or in addition to any other
enforcement action available to the OCC.
D. Definitions.
1. Average total consolidated assets means the average total
consolidated assets of the bank or the covered bank, as reported on the
bank's or covered bank's Call Reports for the four most recent
consecutive quarters.
2. Bank means any insured national bank, insured Federal savings
association, or insured Federal branch of a foreign bank.
3. Covered bank means any bank--
(a) With average total consolidated assets equal to or greater than
$50 billion; or
(b) With average total consolidated assets less than $50 billion,
if the OCC determines that such bank is highly complex or otherwise
presents a heightened risk as to warrant the application of this
appendix pursuant to paragraph I.B.1.a.
4. Recovery means timely and appropriate action that a covered bank
takes to remain a going concern when it is experiencing or is likely to
experience considerable financial or operational distress. A covered
bank in recovery has not yet deteriorated to the point where
liquidation or resolution is imminent.
5. Recovery plan means a plan that identifies triggers and options
for responding to a wide range of severe internal and external stress
scenarios and to restore a covered bank that is in recovery to
financial and operational strength and viability in a timely manner.
The options should maintain the confidence of market participants, and
neither the plan nor the options may assume or rely on any
extraordinary government support.
6. Trigger means a quantitative or qualitative indicator of the
risk or existence of severe stress that should always be escalated to
management or the board of directors, as appropriate, for purposes of
initiating a response. The breach of any trigger should result in
timely notice accompanied by sufficient information to enable
management of the covered bank to take corrective action.
II. Recovery Plan
A. Recovery plan. Each covered bank should develop and maintain a
recovery plan that is appropriate for its individual risk profile,
size, activities, and complexity, including the complexity of its
organizational and legal entity structure.
B. Elements of recovery plan. A recovery plan under paragraph II.A.
should include the following elements:
1. Overview of covered bank. A recovery plan should describe the
covered bank's overall organizational and legal structure, including
its material entities, critical operations, core business lines, and
core management informational systems. The plan should describe
interconnections and interdependencies (i) across business lines within
the covered bank, (ii) with affiliates in a bank holding company
structure, (iii) between a covered bank and its foreign subsidiaries,
and (iv) with critical third parties.
2. Triggers. A recovery plan should identify triggers that
appropriately reflect the covered bank's particular vulnerabilities.
3. Options for recovery. A recovery plan should identify a wide
range of credible options that a covered bank could undertake to
restore financial and operational strength and viability, thereby
allowing the bank to continue to operate as a going concern and to
avoid liquidation or resolution. A recovery plan should explain how the
covered bank would carry out each option and describe the timing
required for carrying out each option. The recovery plan should
specifically identify the recovery options that require regulatory or
legal approval.
4. Impact assessments. For each recovery option, a covered bank
should assess and describe how the option would affect the covered
bank. This impact assessment and description should specify the
procedures the covered bank would use to maintain the financial and
operational strength and viability of its material entities, critical
operations, and core business lines for each recovery option. For each
option, the recovery plan should address the following:
a. The effect on the covered bank's capital, liquidity, funding and
profitability;
b. The effect on the covered bank's material entities, critical
operations and core business lines, including reputational impact; and
c. Any legal or market impediment or regulatory requirement that
must be addressed or satisfied in order to implement the option.
5. Escalation procedures. A recovery plan should clearly outline
the process for escalating decision-making to senior management or the
board of directors, as appropriate, in response to the breach of a
trigger. The recovery plan should also identify the departments and
persons responsible for making and executing these decisions.
6. Management reports. A recovery plan should require reports that
provide management or the board of directors with sufficient data and
information to make timely decisions regarding the appropriate actions
necessary to respond to the breach of a trigger.
7. Communication procedures. A recovery plan should provide that
the covered bank notify the OCC of any significant breach of a trigger
and any action taken or to be taken in response to such breach and
should explain the process for deciding when a breach of a trigger is
significant. A recovery plan also should address when and how the
covered bank will notify persons within the organization and other
external parties of its action under the recovery plan. The recovery
plan should specifically identify how the covered bank will obtain
required regulatory or legal approvals.
8. Other information. A recovery plan should include any other
information that the OCC communicates in writing directly to the
covered bank regarding the covered bank's recovery plan.
C. Relationship to other processes; coordination with other plans.
The covered bank should integrate its recovery plan into its risk
management and corporate governance functions. The covered bank also
should coordinate its recovery plan with its strategic; operational
(including business continuity); contingency; capital (including stress
testing); liquidity; and resolution planning. To the extent possible,
the covered bank also should align its recovery plan with any recovery
and resolution planning efforts by the covered bank's holding company,
so that the plans are consistent with and do not contradict each other.
III. Management's and Board of Directors' Responsibilities
The recovery plan should address the following management and board
responsibilities:
A. Management. Management should review the recovery plan at least
annually and in response to a material event. It should revise the plan
as necessary to reflect material changes in the covered bank's risk
profile, complexity, size, and activities, as well as changes in
external threats. This review should evaluate the organizational
structure and its effectiveness in facilitating a recovery.
B. Board of directors. The board is responsible for overseeing the
covered bank's recovery planning process. The board of directors or an
appropriate
[[Page 78689]]
committee of the board of directors of a covered bank should review and
approve the recovery plan at least annually and as needed to address
any changes made by management.
Dated: December 10, 2015.
Thomas J. Curry,
Comptroller of the Currency.
[FR Doc. 2015-31658 Filed 12-16-15; 8:45 am]
BILLING CODE 4810-33-P