Large banks, take note – the Office of the Comptroller of the Currency has released proposed guidelines to formalize its “heightened expectations” program addressing risk management and board oversight.
All insured national banks, federal savings associations, and federal branches of a foreign bank with $50 billion or more in total consolidated assets would be subject to the guidance, which establishes a risk governance framework for banks as well as oversight standards for boards.
Triggered by the recent financial crisis, the heightened expectations program began informally in 2010 and evolved into part of OCC examinations. Because large, complex institutions have a “significant impact on capital markets and the economy,” the OCC said formal guidelines satisfy the “need to be supervised and regulated more vigorously.”
“Achievement and maintenance of the heightened expectations should help lessen the impact of future economic downturns on large institutions,” the OCC explained. “Therefore, we are proposing standards developed from the heightened expectations in the form of enforceable guidelines.”
The agency laid out the five heightened expectations for large institutions: (1) preserving the sanctity of the charter (or the duty of a board to ensure that the institution operates in a safe and sound manner); (2) the creation of a well-defined personnel management program; (3) defining and communicating an acceptable “risk appetite” across the organization; (4) the development and maintenance of reliable oversight programs; and (5) the willingness of directors to challenge decision making and address the bank’s risk profile.
To manage and control the bank’s risk-taking and achieve the OCC’s expectations, the guidelines advise that a formal, written framework should be developed to address each of the eight categories of risk identified by the agency: credit risk, interest rate risk, liquidity risk, price risk, operational risk, compliance risk, strategic risk, and reputation risk. The framework should be evaluated on at least an annual basis for any necessary tweaks and updates.
The guidelines also set forth the roles and responsibilities for frontline units, independent risk management, and internal audit (noting that none of the organizational units may delegate their responsibilities under the framework to an external party). The bank’s CEO should rely upon input from these individuals to develop a three-year written, strategic plan for the institution. Each institution also needs a written statement of the bank’s “risk appetite” – the aggregate level and types of risk the board and management are willing to assume to achieve strategic objectives and business plans – with both qualitative components and quantitative limits, the OCC said.
Standards for the board include oversight of the framework, the strategic plan, and the risk appetite statement. Board members also need to engage in active oversight of management and conduct an annual self-assessment that includes an evaluation of the board’s effectiveness in following the guidelines. In addition, the OCC suggested that at least two members of the board should be independent, defined as individuals who are not members of the bank’s or the parent company’s management. “This guideline would enable the bank’s board to provide effective, independent oversight of bank management,” the OCC said.
To read OCC-2014-0001, click here.
Why it matters: The proposed guidance is currently open for public comment “on all aspects,” although the OCC requested that industry members weigh in on specific issues, such as the number of independent board members and the scope of covered entities. While the stated covered entities are institutions with $50 billion or more, the guidance would continue to apply if a bank’s total assets dropped below that amount, the OCC said. The agency also reserved its authority to apply the guidelines to an entity with less than the threshold amount if the OCC determines that it is a highly complex institution or presents a heightened risk. These types of large bank proposals, in this case aimed at national banks, have a way of trickling down through the banking system as a whole and finding their way into the bank examination process in one form or another. Suffice it to say, this proposal reflects the continued pressure on all banks to update and tighten their risk management process across the board and to focus ultimate responsibility for its effectiveness on a bank’s board of directors.