On June 8, 2016, the Federal Reserve Board issued supervisory guidance for supervised institutions with total consolidated assets of less than $50 billion for assessing risk management. The guidance notes that sound risk management principles should apply to all risks facing an institution, including, but not limited to, credit, market, liquidity, operational, compliance and legal risk. The guidance states that in evaluating an institution’s risk management framework, examiners should evaluate four key areas: board and senior management oversight of risk management, policies, procedures and limits, risk monitoring and management information systems and internal controls. The guidance provides additional considerations that examiners should look for in connection with each of these areas, but notes that the considerations listed therein are not a checklist. The guidance explicitly recognizes that risk management processes and control functions for the US operations of foreign banking organizations may be implemented domestically or outside of the United States. However, in cases where the functions are performed outside of the United States, the guidance states that the oversight function, policies and procedures, and information systems need to be sufficiently transparent to allow US supervisors to assess their adequacy.
The guidance is available at: http://www.federalreserve.gov/bankinforeg/srletters/sr1611a1.pdf.