89 FR 38 pgs. 14145-14148 - Agency Information Collection Activities: Information Collection Renewal; Submission for OMB Review; OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches

Next Article Next

Type: NOTICEVolume: 89Number: 38Pages: 14145 - 14148

FR document: [FR Doc. 2024-03816 Filed 2-23-24; 8:45 am]

Agency: Treasury Department

Sub Agency: Customs Service

Official PDF Version: PDF Version

Pages: 14145, 14146, 14147, 14148

[top]

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

Agency Information Collection Activities: Information Collection Renewal; Submission for OMB Review; OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches

AGENCY:

Office of the Comptroller of the Currency (OCC), Treasury.

ACTION:

Notice and request for comment.

SUMMARY:

The OCC, as part of its continuing effort to reduce paperwork and respondent burden, invites comment on a continuing information collection, as required by the Paperwork Reduction Act of 1995 (PRA). In accordance with the requirements of the PRA, the OCC may not conduct or sponsor, and the respondent is not required to respond to, an information collection unless it displays a currently valid Office of Management and Budget (OMB) control number. The OCC is soliciting comment concerning the renewal of its information collection titled, "OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches." The OCC also is giving notice that it has sent the collection to OMB for review.

DATES:

Comments must be received by March 27, 2024.

ADDRESSES:

Commenters are encouraged to submit comments by email, if possible. You may submit comments by any of the following methods:

• Email: prainfo@occ.treas.gov.

• Mail: Chief Counsel's Office, Attention: Comment Processing, Office of the Comptroller of the Currency, Attention: 1557-0321, 400 7th Street SW, Suite 3E-218, Washington, DC 20219.

• Hand Delivery/Courier: 400 7th Street SW, Suite 3E-218, Washington, DC 20219.

• Fax: (571) 293-4835.

Instructions: You must include "OCC" as the agency name and "1557-0321" in your comment. In general, the OCC will publish comments on www.reginfo.gov without change, including any business or personal information provided, such as name and address information, email addresses, or phone numbers. Comments received, including attachments and other supporting materials, are part of the public record and subject to public disclosure. Do not include any information in your comment or supporting materials that you consider confidential or inappropriate for public disclosure.

Written comments and recommendations for the proposed information collection should also be sent within 30 days of publication of this notice to www.reginfo.gov/public/do/PRAMain. You can find this information collection by selecting "Currently under 30-day Review-Open for Public Comments" or by using the search function.

You may review comments and other related materials that pertain to this information collection following the close of the 30-day comment period for this notice by the method set forth in the next bullet.

• Viewing Comments Electronically: Go to www.reginfo.gov. Hover over the "Information Collection Review" tab and click on "Information Collection Review" from the drop-down menu. From the "Currently under Review" drop-down menu, select "Department of Treasury" and then click "submit." This information collection can be located by searching OMB control number "1557-0321" or "OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches." Upon finding the appropriate information collection, click on the related "ICR Reference Number." On the next screen, select "View Supporting Statement and Other Documents" and then click on the link to any comment listed at the bottom of the screen.

• For assistance in navigating www.reginfo.gov, please contact the Regulatory Information Service Center at (202) 482-7340.

FOR FURTHER INFORMATION CONTACT:

Shaquita Merritt, Clearance Officer, (202) 649-5490, Chief Counsel's Office, Office of the Comptroller of the Currency, 400 7th Street SW, Washington, DC 20219. If you are deaf, hard of hearing, or have a speech disability, please dial 7-1-1 to access telecommunications relay services.

SUPPLEMENTARY INFORMATION:

[top] Under the PRA (44 U.S.C. 3501 et seq. ), Federal agencies must obtain approval from the OMB for each collection of information that they conduct or sponsor. "Collection of information" is defined in 44 U.S.C. 3502(3) and 5 CFR 1320.3(c) to include agency requests or requirements that members of the public submit reports, keep records, or provide information to a third party. The OCC

asks the OMB to extend its approval of the collection in this notice.

Title: OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches.

OMB Control No.: 1557-0321.

Type of Review: Regular.

Affected Public: Businesses or other for-profit.

Description: The OCC's guidelines, codified in 12 CFR part 30, appendix D, establish minimum standards for the design and implementation of a risk governance framework for insured national banks, insured Federal savings associations, and insured Federal branches of a foreign bank (banks). The guidelines apply to covered banks. A covered bank is a bank with average total consolidated assets: (i) equal to or greater than $50 billion; (ii) less than $50 billion if that bank's parent company controls at least one insured national bank or insured Federal savings association that has average total consolidated assets of $50 billion or greater; or (iii) less than $50 billion, if the OCC determines such bank's operations are highly complex or otherwise present a heightened risk as to warrant the application of the guidelines. The guidelines also establish minimum standards for a board of directors in overseeing the framework's design and implementation. These guidelines were finalized on September 11, 2014. ¹ The OCC is now seeking to renew the information collection associated with these guidelines. The standards contained in the guidelines are enforceable under section 39 of the Federal Deposit Insurance Act (FDIA), ² which authorizes the OCC to prescribe operational and managerial standards for insured national banks, insured Federal savings associations, and insured Federal branches of a foreign bank.

Footnotes:

¹ 79 FR 54518.

² 12 U.S.C. 1831p-1. Section 39 was enacted as part of the Federal Deposit Insurance Corporation Improvement Act of 1991, Public Law 102-242, section 132(a), 105 Stat. 2236, 2267-70.

The guidelines formalize the OCC's heightened expectations program. The guidelines also further the goal of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 to strengthen the financial system by focusing management and boards of directors on improving and strengthening risk management practices and governance, thereby minimizing the probability and impact of future financial crises. The standards for the design and implementation of the risk governance framework, which contain collections of information, are as follows:

Standards for Risk Governance Framework

Covered banks should establish and adhere to a formal, written risk governance framework designed by independent risk management. The framework should include delegations of authority from the board of directors to management committees and executive officers and risk limits for material activities. The framework should be approved by the board of directors or the board's risk committee, and it should be reviewed and updated, at least annually, by independent risk management.

Front Line Units

Front line units should take responsibility and be held accountable by the chief executive officer (CEO) and the board of directors for appropriately assessing and effectively managing the risks associated with their activities. In fulfilling this responsibility, each front line unit should, either alone or in conjunction with another organizational unit that has the purpose of assisting a front line unit: (i) assess, on an ongoing basis, the material risks associated with its activities and use such risk assessments as the basis for fulfilling its responsibilities and for determining if actions need to be taken to strengthen risk management or reduce risk given changes in the unit's risk profile or other conditions; and (ii) establish and adhere to a set of written policies that include front line unit risk limits. Such policies should ensure that risks associated with the front line unit's activities are effectively identified, measured, monitored, and controlled, consistent with the covered bank's risk appetite statement, concentration risk limits, and all policies established within the risk governance framework. Front line units should also establish and adhere to procedures and processes, as necessary to maintain compliance with the policies described in (ii). Furthermore, front line units should adhere to all applicable policies, procedures, and processes established by independent risk management. Front line units should also develop, attract, and retain talent and maintain staffing levels required to carry out the unit's role and responsibilities effectively; establish and adhere to talent management processes; and establish and adhere to compensation and performance management programs.

Independent Risk Management

Independent risk management should oversee the covered bank's risk-taking activities and assess risks and issues independent of the front line units. In fulfilling these responsibilities, independent risk management should: (i) take responsibility and be held responsible by the CEO and the board of directors for designing a comprehensive written risk governance framework that meets the guidelines and is commensurate with the size, complexity, and risk profile of the covered bank; (ii) identify and assess, on an ongoing basis, the covered bank's material aggregate risks and use such risk assessments as the basis for fulfilling its responsibilities and for determining if actions need to be taken to strengthen risk management or reduce risk given changes in the covered bank's risk profile or other conditions; (iii) establish and adhere to enterprise policies that include concentration risk limits that state how aggregate risks within the covered bank are effectively identified, measured, monitored, and controlled, consistent with the covered bank's risk appetite statement and all policies and processes established within the risk governance framework; (iv) establish and adhere to procedures and processes, as necessary, to ensure compliance with policies in (iii); (v) identify and communicate to the CEO and either the board of directors or the board's risk committee any material risks and significant instances where the independent risk management's assessment of risk differs from that of a front line unit and any significant instances where a front line unit is not adhering to the risk governance framework; (vi) identify and communicate to the board of directors or the board's risk committee material risks and significant instances where independent risk management's assessment of risk differs from that of the CEO and significant instances where the CEO is not adhering to, or not holding front line units accountable for adhering to, the risk governance framework; and (vii) develop, attract, and retain talent and maintain the staffing levels required to carry out the unit's role and responsibilities effectively while establishing and adhering to talent management processes and compensation and performance management programs.

Internal Audit

[top] Internal audit should ensure that the covered bank's risk governance framework complies with the guidelines and is appropriate for the size,

complexity, and risk profile of the covered bank. It should maintain a complete and current inventory of the covered bank's material processes, product lines, services, and functions and assess the risks, including emerging risks, associated with each. These risks collectively provide a basis for the audit plan. Internal audit should establish and adhere to an audit plan that: (i) is periodically reviewed and updated; (ii) takes into account the covered bank's risk profile, emerging risks, and issues; and (iii) establishes the frequency with which activities should be audited. The audit plan should require internal audit to evaluate the adequacy of and compliance with policies, procedures, and processes established by front line units and independent risk management under the risk governance framework. Significant changes to the audit plan should be communicated to the board's audit committee. Internal audit should report, in writing, conclusions, material issues, and recommendations from audit work carried out under the audit plan to the board's audit committee. Reports should identify the root cause of any material issues and include: (i) a determination of whether the root cause creates an issue that has an impact on one or more organizational units within the covered bank; and (ii) a determination of the effectiveness of front line units and independent risk management in identifying and resolving issues in a timely manner. Internal audit should establish and adhere to processes for independently assessing the design and ongoing effectiveness of the risk governance framework on at least an annual basis. The independent assessment should include a conclusion on the covered bank's compliance with the standards set forth in the guidelines. Internal audit should identify and communicate to the board's audit committee significant instances where front line units or independent risk management are not adhering to the risk governance framework. Internal audit should establish a quality assurance program that ensures internal audit's policies, procedures, and processes: (i) comply with applicable regulatory and industry guidance; (ii) are appropriate for the size, complexity, and risk profile of the covered bank; (iii) are updated to reflect changes to internal and external risk factors, emerging risks, and improvements in industry internal audit practices; and (iv) are consistently followed. Internal audit should develop, attract, and retain talent and maintain staffing levels required to effectively carry out its role and responsibilities. Internal audit should establish and adhere to talent management processes and compensation and performance management programs that comply with the guidelines.

Strategic Plan

The CEO, with input from front line units, independent risk management, and internal audit, should be responsible for the development of a written strategic plan that covers, at a minimum, a three-year period. The board of directors should evaluate and approve the plan and monitor management's efforts to implement the strategic plan at least annually. The plan should: (i) include a comprehensive assessment of risks that currently impact the covered bank or that could have an impact on the covered bank during the period covered by the strategic plan; (ii) articulate an overall mission statement and strategic objectives for the covered bank with an explanation of how the covered bank will update the risk governance framework to account for changes to its risk profile projected under the strategic plan; and (iii) be reviewed, updated, and approved due to changes in the covered bank's risk profile or operating environment that were not contemplated when the plan was developed.

Risk Appetite Statement

A covered bank should have a comprehensive written statement that articulates its risk appetite and serves as the basis for the risk governance framework. The statement should contain both qualitative components that describe a safe and sound risk culture and how the covered bank will assess and accept risks and quantitative limits that include sound stress testing processes and address earnings, capital, and liquidity.

Risk Limit Breaches

A covered bank should establish and adhere to processes that require front line units and independent risk management to: (i) identify breaches of the risk appetite statement, concentration risk limits, and front line unit risk limits; (ii) distinguish breaches based on the severity of their impact; (iii) establish protocols for when and how to inform the board of directors, front line unit management, independent risk management, internal audit, and the OCC regarding a breach; (iv) provide a written description of the breach resolution; and (v) establish accountability for reporting and resolving breaches that include consequences for risk limit breaches that take into account the magnitude, frequency, and recurrence of breaches.

Concentration Risk Management

The risk governance framework should include policies and supporting processes appropriate for the covered bank's size, complexity, and risk profile for effectively identifying, measuring, monitoring, and controlling the covered bank's concentrations of risk.

Risk Data Aggregation and Reporting

The risk governance framework should include a set of policies, supported by appropriate procedures and processes, designed to provide risk data aggregation and reporting capabilities appropriate for the covered bank's size, complexity, and risk profile and to support supervisory reporting requirements. Collectively, these policies, procedures, and processes should provide for: (i) the design, implementation, and maintenance of a data architecture and information technology infrastructure that support the covered bank's risk aggregation and reporting needs during normal times and during times of stress; (ii) the capturing and aggregating of risk data and reporting of material risks, concentrations, and emerging risks in a timely manner to the board of directors and the OCC; and (iii) the distribution of risk reports to all relevant parties at a frequency that meets their needs for decision-making purposes.

Talent and Compensation Management

A covered bank should establish and adhere to processes for talent development, recruitment, and succession planning. The board of directors or appropriate committee should review and approve a written talent management program. A covered bank should also establish and adhere to compensation and performance management programs that comply with any applicable statute or regulation.

Board of Directors Training and Evaluation

The board of directors of a covered bank should establish and adhere to a formal, ongoing training program for all directors. The board of directors should also conduct an annual self-assessment.

Burden Estimates:

Estimated Number of Respondents: 27.

Estimated Burden per Respondent: 3,776 hours.

Estimated Total Annual Burden: 101,952 hours.

[top] Comments: On December 13, 2023, the OCC published a 60-day notice for

this information collection, (88 FR 86445). No comments were received.

Comments continue to be invited on:

(a) Whether the collection of information is necessary for the proper performance of the functions of the OCC, including whether the information has practical utility;

(b) The accuracy of the OCC's estimate of the burden of the collection of information;

(d) Ways to minimize the burden of the collection on respondents, including through the use of automated collection techniques or other forms of information technology; and

(e) Estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information.

Theodore J. Dowd,

Deputy Chief Counsel, Office of the Comptroller of the Currency.

[FR Doc. 2024-03816 Filed 2-23-24; 8:45 am]

BILLING CODE 4810-33-P