[Federal Register Volume 82, Number 127 (Wednesday, July 5, 2017)]
[Notices]
[Pages 31151-31153]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-14000]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
Agency Information Collection Activities: Information Collection
Renewal; Comment Request; OCC Guidelines Establishing Heightened
Standards for Certain Large Insured National Banks, Insured Federal
Savings Associations, and Insured Federal Branches
AGENCY: Office of the Comptroller of the Currency (OCC), Treasury.
ACTION: Notice and request for comment.
-----------------------------------------------------------------------
SUMMARY: The OCC, as part of its continuing effort to reduce paperwork
and respondent burden, invites the general public and other federal
agencies to take this opportunity to comment on a continuing
information collection, as required by the Paperwork Reduction Act of
1995 (PRA).
In accordance with the requirements of the PRA, the OCC may not
conduct or sponsor, and the respondent is not required to respond to,
an information collection unless it displays a currently valid Office
of Management and Budget (OMB) control number.
The OCC is soliciting comment concerning its information collection
titled, ``OCC Guidelines Establishing Heightened Standards for Certain
Large Insured National Banks, Insured Federal Savings Associations, and
Insured Federal Branches.''
DATES: Comments must be submitted on or before September 5, 2017.
ADDRESSES: Because paper mail in the Washington, DC area and at the OCC
is subject to delay, commenters are encouraged to submit comments by
email, if possible. Comments may be sent to: Legislative and Regulatory
Activities Division, Office of the Comptroller of the Currency,
Attention: 1557-0321, 400 7th Street SW., Suite 3E-218, Washington, DC
20219. In addition, comments may be sent by fax to (571) 465-4326 or by
electronic mail to [email protected]. You may personally inspect
and photocopy comments at the OCC, 400 7th Street SW., Washington, DC
20219. For security reasons, the OCC requires that visitors make an
appointment to inspect comments. You may do so by calling (202) 649-
6700 or, for persons who are deaf or hard of hearing, TTY, (202) 649-
5597. Upon arrival, visitors will be required to present valid
government-issued photo identification and submit to security screening
in order to inspect and photocopy comments.
All comments received, including attachments and other supporting
materials, are part of the public record and subject to public
disclosure. Do not include any information in your comment or
supporting materials that you consider confidential or inappropriate
for public disclosure.
FOR FURTHER INFORMATION CONTACT: Shaquita Merritt, OCC Clearance
Officer, (202) 649-5490 or, for persons who are deaf or hard of
hearing, TTY, (202) 649-5597, Legislative and Regulatory Activities
Division, Office of the Comptroller of the Currency, 400 7th Street
SW., Suite 3E-218, Washington, DC 20219.
SUPPLEMENTARY INFORMATION: Under the PRA (44 U.S.C. 3501-3520), federal
agencies must obtain approval from OMB for each collection of
information that they conduct or sponsor. ``Collection of information''
is defined in 44 U.S.C. 3502(3) and 5 CFR 1320.3(c) to include agency
requests or requirements that members of the public submit reports,
keep records, or provide information to a third party. Section
3506(c)(2)(A) of title 44 requires federal agencies to provide a 60-day
notice in the Federal Register concerning each proposed collection of
information, including each proposed extension of an existing
collection of information, before submitting the collection to OMB for
approval. To comply with this requirement, the OCC is publishing notice
of the proposed collection of information set forth in this document.
Title: OCC Guidelines Establishing Heightened Standards for Certain
Large Insured National Banks, Insured Federal Savings Associations, and
Insured Federal Branches.
OMB Control No.: 1557-0321.
Description: The OCC's guidelines codified in 12 CFR part 30,
appendix D establish minimum standards for the design and
implementation of a risk governance framework for insured national
banks, insured federal savings associations, and insured federal
branches of a foreign bank (bank). The guidelines apply to a bank with
average total consolidated assets:
(i) Equal to or greater than $50 billion; (ii) less than $50
billion if that bank's parent company controls at least one insured
national bank or insured federal savings association that has average
total consolidated assets of $50 billion or greater; or (iii) less than
$50 billion, if the OCC determines such bank's operations are highly
complex or otherwise present a heightened risk as to warrant the
application of the guidelines (covered banks). The guidelines also
establish minimum standards for a board of directors in overseeing the
framework's design and implementation. These guidelines were finalized
on September 11, 2014.\1\ The OCC is now seeking to renew the
information collection associated with these guidelines.
---------------------------------------------------------------------------
\1\ 79 FR 51518.
---------------------------------------------------------------------------
The standards contained in the guidelines are enforceable under
section 39 of the Federal Deposit Insurance Act (FDIA),\2\ which
authorizes the OCC to prescribe operational and managerial standards
for insured national banks, insured federal savings associations, and
insured federal branches of a foreign bank.
---------------------------------------------------------------------------
\2\ 12 U.S.C. 1831p-1. Section 39 was enacted as part of the
Federal Deposit Insurance Corporation Improvement Act of 1991,
Public Law 102-242, section 132(a), 105 Stat. 2236, 2267-70 (Dec.
19, 1991).
---------------------------------------------------------------------------
The guidelines formalize the OCC's heightened expectations program.
The guidelines also further the goal of the Dodd-Frank Wall Street
Reform and Consumer Protection Act of 2010 to strengthen the financial
system by focusing management and boards of directors on improving and
strengthening risk management practices and governance, thereby
minimizing the probability and impact of future financial crises.
The standards for the design and implementation of the risk
governance framework, which contain collections of information, are as
follows:
Standards for Risk Governance Framework
Covered banks should establish and adhere to a formal, written risk
governance framework designed by independent risk management. The
framework should include delegations of authority from the board of
directors to management committees and executive officers as well as
risk limits established for material activities. The framework should
be approved by the board of directors or the board's risk committee,
and it should be reviewed and updated, at least annually, by
independent risk management.
Front Line Units
Front line units should take responsibility and be held accountable
by the chief executive officer (CEO) and the board of directors for
appropriately assessing and effectively managing all of
[[Page 31152]]
the risks associated with their activities. In fulfilling this
responsibility, each front line unit should, either alone or in
conjunction with another organizational unit that has the purpose of
assisting a front line unit: (i) Assess, on an ongoing basis, the
material risks associated with its activities and use such risk
assessments as the basis for fulfilling its responsibilities and for
determining if actions need to be taken to strengthen risk management
or reduce risk given changes in the unit's risk profile or other
conditions; (ii) establish and adhere to a set of written policies that
include front line unit risk limits. Such policies should ensure risks
associated with the front line unit's activities are effectively
identified, measured, monitored, and controlled, consistent with the
covered bank's risk appetite statement, concentration risk limits, and
all policies established within the risk governance framework; (iii)
establish and adhere to procedures and processes, as necessary to
maintain compliance with the policies described in (ii); (iv) adhere to
all applicable policies, procedures, and processes established by
independent risk management; (v) develop, attract, and retain talent
and maintain staffing levels required to carry out the unit's role and
responsibilities effectively; (vi) establish and adhere to talent
management processes; and (vii) establish and adhere to compensation
and performance management programs.
Independent Risk Management
Independent risk management should oversee the covered bank's risk-
taking activities and assess risks and issues independent of the front
line units by: (i) Designing a comprehensive written risk governance
framework commensurate with the size, complexity, and risk profile of
the covered bank; (ii) identifying and assessing, on an ongoing basis,
the covered bank's material aggregate risks and using such risk
assessments as the basis for fulfilling its responsibilities and for
determining if actions need to be taken to strengthen risk management
or reduce risk given changes in the covered bank's risk profile or
other conditions; (iii) establishing and adhering to enterprise
policies that include concentration risk limits; (iv) establishing and
adhering to procedures and processes to ensure compliance with policies
in (iii); (v) identifying and communicating to the CEO and board of
directors or board's risk committee material risks and significant
instances where independent risk management's assessment of risk
differs from that of a front line unit, and significant instances where
a front line unit is not adhering to the risk governance framework;
(vi) identifying and communicating to the board of directors or the
board's risk committee material risks and significant instances where
independent risk management's assessment of risk differs from the CEO,
and significant instances where the CEO is not adhering to, or holding
front line units accountable for adhering to, the risk governance
framework; and (vii) developing, attracting, and retaining talent and
maintaining staffing levels required to carry out the unit's role and
responsibilities effectively while establishing and adhering to talent
management processes and compensation and performance management
programs.
Internal Audit
Internal audit should ensure that the covered bank's risk
governance framework complies with the guidelines and is appropriate
for the size, complexity, and risk profile of the covered bank. It
should maintain a complete and current inventory of all of the covered
bank's material processes, product lines, services, and functions, and
assess the risks, including emerging risks, associated with each, which
collectively provide a basis for the audit plan. It should establish
and adhere to an audit plan, which is periodically reviewed and
updated, that takes into account the covered bank's risk profile,
emerging risks, issues, and establishes the frequency with which
activities should be audited. The audit plan should require internal
audit to evaluate the adequacy of and compliance with policies,
procedures, and processes established by front line units and
independent risk management under the risk governance framework.
Significant changes to the audit plan should be communicated to the
board's audit committee. Internal audit should report in writing,
conclusions and material issues and recommendations from audit work
carried out under the audit plan to the board's audit committee.
Reports should identify the root cause of any material issues and
include: (i) A determination of whether the root cause creates an issue
that has an impact on one organizational unit or multiple
organizational units within the covered bank; and (ii) a determination
of the effectiveness of front line units and independent risk
management in identifying and resolving issues in a timely manner.
Internal audit should establish and adhere to processes for
independently assessing the design and ongoing effectiveness of the
risk governance framework on at least an annual basis. The independent
assessment should include a conclusion on the covered bank's compliance
with the standards set forth in the guidelines. Internal audit should
identify and communicate to the board's audit committee significant
instances where front line units or independent risk management are not
adhering to the risk governance framework. Internal audit should
establish a quality assurance program that ensures internal audit's
policies, procedures, and processes comply with applicable regulatory
and industry guidance, are appropriate for the size, complexity, and
risk profile of the covered bank, are updated to reflect changes to
internal and external risk factors, emerging risks, and improvements in
industry internal audit practices, and are consistently followed.
Internal audit should develop, attract, and retain talent and maintain
staffing levels required to effectively carry out its role and
responsibilities. Internal audit should establish and adhere to talent
management processes and compensation and performance management
programs that comply with the guidelines.
Strategic Plan
The CEO, with input from front line units, independent risk
management, and internal audit, should be responsible for the
development of a written strategic plan that should cover, at a
minimum, a three-year period. The board of directors should evaluate
and approve the plan and monitor management's efforts to implement the
strategic plan at least annually. The plan should include a
comprehensive assessment of risks that impact the covered bank, an
overall mission statement and strategic objectives, an explanation of
how the covered bank will update the risk governance framework to
account for changes to its risk profile projected under the strategic
plan, and be reviewed, updated, and approved due to changes in the
covered bank's risk profile or operating environment that were not
contemplated when the plan was developed.
Risk Appetite Statement
A covered bank should have a comprehensive written statement that
articulates its risk appetite that serves as the basis for the risk
governance framework. It should contain qualitative components that
describe a safe and sound risk culture and how the covered bank will
assess and accept risks and quantitative limits that include sound
stress testing processes and address earnings, capital, and liquidity.
[[Page 31153]]
Risk Limit Breaches
A covered bank should establish and adhere to processes that
require front line units and independent risk management to: (i)
Identify breaches of the risk appetite statement, concentration risk
limits, and front line unit risk limits; (ii) distinguish breaches
based on the severity of their impact; (iii) establish protocols for
disseminating information regarding a breach; (iv) provide a written
description of the breach resolution; and (v) establish accountability
for reporting and resolving breaches.
Concentration Risk Management
The risk governance framework should include policies and
supporting processes appropriate for the covered bank's size,
complexity, and risk profile for effectively identifying, measuring,
monitoring, and controlling the covered bank's concentrations of risk.
Risk Data Aggregation and Reporting
The risk governance framework should include a set of policies,
supported by appropriate procedures and processes, designed to provide
risk data aggregation and reporting capabilities appropriate for the
covered bank's size, complexity, and risk profile and to support
supervisory reporting requirements. Collectively, these policies,
procedures, and processes should provide for: (i) The design,
implementation, and maintenance of a data architecture and information
technology infrastructure that support the covered bank's risk
aggregation and reporting needs during normal times and during times of
stress; (ii) the capturing and aggregating of risk data and reporting
of material risks, concentrations, and emerging risks in a timely
manner to the board of directors and the OCC; and (iii) the
distribution of risk reports to all relevant parties at a frequency
that meets their needs for decision-making purposes.
Talent and Compensation Management
A covered bank should establish and adhere to processes for talent
development, recruitment, and succession planning. The board of
directors or appropriate committee should review and approve a written
talent management program. A covered bank should also establish and
adhere to compensation and performance management programs that comply
with any applicable statute or regulation.
Board of Directors Training and Evaluation
The board of directors of a covered bank should establish and
adhere to a formal, ongoing training program for all directors. The
board of directors should also conduct an annual self-assessment.
Type of Review: Regular review.
Affected Public: Businesses or other for-profit.
Estimated Number of Respondents: 41.
Estimated Burden per Respondent: 3,776 hours.
Estimated Total Annual Burden: 154,816 hours.
Comments: Comments submitted in response to this notice will be
summarized and included in the request for OMB approval. All comments
will become a matter of public record. Comments are invited on:
(a) Whether the collection of information is necessary for the
proper performance of the functions of the OCC, including whether the
information has practical utility;
(b) The accuracy of the OCC's estimate of the burden of the
information collection;
(c) Ways to enhance the quality, utility, and clarity of the
information to be collected;
(d) Ways to minimize the burden of the collection on respondents,
including through the use of automated collection techniques or other
forms of information technology; and
(e) Estimates of capital or start-up costs and costs of operation,
maintenance, and purchase of services to provide information.
Dated: June 23, 2017.
Karen Solomon,
Deputy Chief Counsel, Office of the Comptroller of the Currency.
[FR Doc. 2017-14000 Filed 7-3-17; 8:45 am]
BILLING CODE 4810-33-P