The Office of the Comptroller of the Currency has issued a notice of proposed rulemaking that establishes standards for the risk governance frameworks at national banks, federal savings associations, and federal branches of foreign banks, with consolidated assets of $50 billion or more. It requires boards to oversee the framework's implementation, challenge management when needed, and have at least two directors who are  independent and free of potential conflicts of interest.

The proposal addresses roles and responsibilities for independent risk management and internal audit at covered banks as they establish risk controls. “These units should also ensure that the board has sufficient information on a covered bank's risk profile and risk management practices to provide credible challenges to management's recommendations and decisions when appropriate,” it says.

Banks  would need to develop a comprehensive written statement that articulates its risk appetite and serves as a basis for the framework. Risk, for purposes of the rule, refers to the aggregate level and types of risk the board and management are willing to assume in order to achieve strategic objectives in their business plan, consistent with applicable capital, liquidity, and other regulatory requirements. The qualitative components of the risk appetite statement should “describe a safe and sound risk culture and how a covered bank will assess and accept risks, including those that are difficult to quantify, on a consistent basis throughout the institution.” Quantitative limits should incorporate sound stress testing processes, as appropriate, and address a covered bank's earnings, capital, and liquidity positions.

The proposal says each member of the board has a duty to oversee a bank's compliance with safe and sound banking practices. Consistent with this duty, they should ensure that the covered bank establishes and implements an effective framework that complies with the guidelines. The board or its risk committee should also approve any changes to the framework. The board should also actively oversee a covered bank's risk-taking activities and hold management accountable for adhering to the framework.

Directors are required to “evaluate management's recommendations and decisions by questioning, challenging, and, when necessary, opposing management's proposed actions that could cause the covered bank's risk profile to exceed its risk appetite or threaten the institution's safety and soundness,” the proposed rule says. At least two members of a covered bank's board should be independent and not members of the bank's or the parent company's management.

If a bank fails to meet the standards established by the rulemaking, the OCC may require it to submit a plan specifying the steps it will take to comply. Penalties may be assessed if an bank, after being notified it is in violation of a standard, fails to submit an acceptable compliance plan or fails materially to comply with an OCC-approved plan.

The comment period for the proposed rule ends March 28, 2014.

Topics