AGENCY:

Board of Governors of the Federal Reserve System (Board).

ACTION:

Notice of proposed rulemaking.

SUMMARY:

The Board is seeking comment on a proposed new rating system for its supervision of large financial institutions. The proposed “Large Financial Institution Rating System” is closely aligned with the Federal Reserve's new supervisory program for large financial institutions. The proposed rating system would apply to all bank holding companies with total consolidated assets of $50 billion or more; all non-insurance, non-commercial savings and loan holding companies with total consolidated assets of $50 billion or more; and U.S. intermediate holding companies of foreign banking organizations established pursuant to the Federal Reserve's Regulation YY. The proposed rating system includes a new rating scale under which component ratings would be assigned for capital planning and positions, liquidity risk management and positions, and governance and controls; however, a standalone composite rating would not be assigned. The Federal Reserve proposes to assign initial ratings under the new rating system during 2018. The Federal Reserve is also seeking comment on proposed revisions to existing provisions in Regulations K and LL so they would remain consistent with certain features of the proposed rating system.

DATES:

Comments must be received no later than October 16, 2017.

ADDRESSES:

Interested parties are invited to submit written comments by following the instructions for submitting comments at http://www.federalreserve.gov/​generalinfo/​foia/​ProposedRegs.cfm.

• Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
• Email: regs.comments@federalreserve.gov. Include the docket number in the subject line of the message.
• Fax: (202) 452-3819 or (202) 452-3102.
• Mail: Address to Ann E. Misback, Secretary, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue NW., Washington, DC 20551.

All public comments will be made available on the Board's Web site at http://www.federalreserve.gov/​generalinfo/​foia/​ProposedRegs.cfm as submitted, unless modified for technical reasons. Accordingly, comments will not be edited to remove any identifying or contact information. Public comments may also be viewed electronically or in paper in Room 3515, 1801 K Street NW. (between 18th and 19th Street NW.), Washington, DC 20006 between 9:00 a.m. and 5:00 p.m. on weekdays.

FOR FURTHER INFORMATION CONTACT:

Richard Naylor, Associate Director, (202) 728-5854, Vaishali Sack, Manager, (202) 452-5221, April Snyder, Manager, (202) 452-3099, Bill Charwat, Senior Project Manager, (202) 452-3006, Division of Supervision and Regulation, Scott Tkacz, Senior Counsel, (202) 452-2744, or Christopher Callanan, Senior Attorney, (202) 452-3594, Legal Division, Board of Governors of the Federal Reserve System, 20th and C Streets NW., Washington, DC 20551. Telecommunications Device for the Deaf (TDD) users may contact (202-263-4869).

SUPPLEMENTARY INFORMATION:

Table of Contents

I. Background

II. Overview of the Proposed LFI Rating System

A. LFI Rating Components

B. LFI Rating Scale

III. Transition from the RFI Rating System to the LFI Rating System

IV. Consequences of LFI Ratings

V. Applicability

VI. Timing and Implementation

VII. Related Proposed Guidance

A. Management of Core Business Lines and Independent Risk Management and Controls

1. Senior Management

2. Management of Core Business Lines

3. Independent Risk Management and Controls

B. Board Effectiveness

VIII. Other Related Developments

IX. Proposed Changes to Existing Regulations

X. Comparison of the RFI and LFI Rating Systems

XI. Request for Comments

XII. Regulatory Analysis

A. Paperwork Reduction Act

B. Regulatory Flexibility Analysis

C. Solicitation of Comments on Use of Plain Language

Appendix A. Text of Proposed Large Financial Institution Rating System

I. Background

The 2007-2009 financial crisis demonstrated the risks that large financial institutions (LFIs) pose to U.S. financial stability. As a group, these institutions were overleveraged, had insufficient capital to support their risks, and relied heavily on short-term wholesale funding that was susceptible to runs. This excessive risk-taking, combined with similar behavior outside the regulated financial sector, left the U.S. economy vulnerable. The ensuing financial crisis led to a deep recession and the loss of nearly nine million jobs.

In response, since the financial crisis, the Federal Reserve has placed materially heightened supervisory expectations on LFIs. The Federal Reserve has developed a supervisory program specifically designed to address the risks posed by such firms to U.S. financial stability. The Federal Reserve established the Large Institution Supervision Coordinating Committee (LISCC) in 2010 to coordinate its supervisory oversight for the systemically important firms that pose the greatest risk to U.S. financial stability.^[1] The LISCC supervisory program conducts annual horizontal reviews of LISCC firms and firm-specific examination work focused on evaluating a firm's (i) capital adequacy under normal and stressed conditions; (ii) liquidity positions and risk management practices; (iii) recovery and resolution preparedness; and (iv) governance and controls. For LFIs that are not LISCC firms, the Federal Reserve performs horizontal reviews and firm-specific supervisory work focused on capital, Start Printed Page 39050liquidity, and governance and control practices, which are tailored to reflect the risk characteristics of these institutions.^[2]

In 2012, the Federal Reserve implemented a new consolidated supervisory program for LFIs (referred to as the “LFI supervision framework”) described in SR letter 12-17.^[3] The LFI supervision framework is intended to (i) enhance each LFI's financial and operational strength and resilience to reduce the likelihood of an LFI's failure or material financial or operational distress, and (ii) reduce the risk to U.S. financial stability overall if an LFI were to fail.^[4]

The LFI supervision framework includes heightened expectations regarding capital and liquidity, including both the amount of capital and liquidity and the related planning and risk management practices. The LFI supervision framework also outlined expectations for a firm's maintenance of operational strength and resilience and its compliance with laws and regulations, as provided by effective governance and control practices.

The Federal Reserve has not modified its supervisory rating system for bank holding companies since the 2007-2009 financial crisis. Since 2004, the Federal Reserve has used the “RFI/C(D)” rating system (referred to as the “RFI rating system”) to communicate its supervisory assessment of every bank holding company (BHC) regardless of its asset size, complexity, or systemic importance.^[5] The RFI rating system focuses on the risk management practices (R component) and financial condition (F component) of the consolidated organization, and assesses the potential impact (I component) of a BHC's nondepository entities on its subsidiary depository institution(s).

Given the systemic risks posed by LFIs and the corresponding changes to the Federal Reserve's supervisory expectations and oversight of those firms, the Federal Reserve believes that a new rating system would be more effective than the RFI rating system for evaluating LFIs. The RFI rating system remains a relevant and effective tool for developing and communicating supervisory assessments for community and regional holding companies. Therefore, the RFI rating system will continue to be used in the supervision of these organizations.

II. Overview of the Proposed LFI Rating System

The proposed LFI rating system provides a supervisory evaluation of whether a firm possesses sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions. The proposed LFI rating system is designed to:

• Fully align with the Federal Reserve's current supervisory programs and practices, which are based upon the LFI supervision framework's core objectives of reducing the probability of LFIs failing or experiencing material distress and reducing the risk to U.S. financial stability;
• Enhance the clarity and consistency of supervisory assessments and communications of supervisory findings and implications; and
• Provide appropriate incentives for LFIs to maintain financial and operational strength and resilience, including compliance with laws and regulations, by more clearly defining the supervisory consequences of a given rating.

A. LFI Rating Components

Under the proposed LFI rating system, the Federal Reserve would evaluate and assign ratings for the following three components: ^[6]

• Capital Planning and Positions
• Liquidity Risk Management and Positions
• Governance and Controls

The Capital Planning and Positions component rating would encompass assessments of (i) the effectiveness of the governance and planning processes used by a firm to determine the amount of capital necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm's capital positions to comply with applicable regulatory requirements and to support the firm's ability to continue to serve as a financial intermediary through a range of conditions. Findings from CCAR for LISCC firms and certain other large and complex LFIs,^[7] and from similar supervisory activities for other LFIs,^[8] represent a material portion of the work that would be conducted to determine the Capital Planning and Positions component rating.

The Liquidity Risk Management and Positions component rating would encompass assessments of (i) the effectiveness of a firm's governance and risk management processes used to determine the amount of liquidity necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm's liquidity positions to comply with applicable regulatory requirements and to support the firm's ongoing obligations through a range of conditions.^[9] The Liquidity Risk Management and Positions component rating would be based on findings of coordinated examinations of liquidity positions and risk management Start Printed Page 39051practices conducted across several firms (horizontal examinations), as well as ongoing assessments of an individual firm's liquidity positions and risk management practices conducted through the supervisory process.

Horizontal examinations help to ensure that the liquidity positions and risk management practices of firms with similar liquidity risk profiles are evaluated in a consistent manner. LISCC firms are subject to the Comprehensive Liquidity Analysis and Review (CLAR), which is an annual horizontal exercise that assesses both liquidity positions and risk management. Other LFI firms are subject to more narrow horizontal examinations depending on their risk profile. The Federal Reserve also conducts targeted examinations of specific areas that are of high risk to an individual firm or have not been covered by a recent horizontal examination.

The Federal Reserve evaluates each firm's risk management practices by reviewing the processes that firms use to identify, measure, monitor, and manage liquidity risk and make funding decisions. The Federal Reserve evaluates a firm's liquidity positions against applicable regulatory requirements, and assesses the firm's ability to support its obligations through other means, such as its funding concentrations.

The Governance and Controls component rating would evaluate the effectiveness of a firm's (i) board of directors, (ii) management of core business lines and independent risk management and controls, and (iii) recovery planning (for domestic LISCC firms only).^[10] This rating would assess a firm's effectiveness in aligning strategic business objectives with the firm's risk tolerance ^[11] and risk management capabilities; maintaining strong, effective, and independent risk management and control functions, including internal audit; promoting compliance with laws and regulations, including those related to consumer protection; and otherwise providing for the ongoing resiliency of the firm. Firm-specific and horizontal examination work focused on a firm's corporate governance, independent risk management, controls, and lines of business, among other areas, would provide the basis for determining the Governance and Controls component rating.

Unlike other supervisory rating systems, including the RFI rating system, the Federal Reserve would not assign a standalone composite rating under the proposed LFI rating system. The Federal Reserve believes assigning a standalone composite rating is not necessary because the three proposed LFI component ratings are designed to clearly communicate supervisory assessments and associated consequences for each of the core areas (capital, liquidity, and governance and controls) considered critical to a firm's strength and resilience. It is unlikely that the assignment of a standalone composite rating would convey new or additional information regarding supervisory assessments, and a standalone composite rating could dilute the clarity and impact of the component ratings.

B. LFI Rating Scale

Each LFI component rating would be assigned using a multi-level scale (Satisfactory/Satisfactory Watch, Deficient-1, and Deficient-2). A “Satisfactory” rating indicates that the firm is considered safe and sound and broadly meets supervisory expectations.^[12] A “Satisfactory Watch” rating is a conditional “Satisfactory” rating, and is discussed in greater detail below. A “Deficient-1” rating indicates that although the firm's current condition is not considered to be materially threatened, there are financial and/or operational deficiencies that put its prospects for remaining safe and sound through a range of conditions at significant risk. A “Deficient-2” rating indicates that financial and/or operational deficiencies materially threaten the firm's safety and soundness, or have already put the firm in an unsafe and unsound condition.

Supervisors may assign a “Satisfactory Watch” component rating which indicates that the firm is generally considered safe and sound; however certain issues are sufficiently material that, if not resolved in a timely manner in the normal course of business, would put the firm's prospects for remaining safe and sound through a range of conditions at risk. This would be consistent with existing supervisory practice where supervisors generally indicate to a firm that a rating downgrade is a strong possibility if the firm fails to resolve identified weaknesses in a timely manner. The “Satisfactory Watch” rating may also be used for firms previously rated “Deficient” when circumstances warrant.

In considering whether supervisory issues are likely to be resolved in the normal course of business, the Federal Reserve will assess the firm's ability to remediate or mitigate these issues (through compensating controls and/or a reduced risk profile) in a timely manner without material changes to, or investments in, a firm's governance, risk management or internal control structures, practices, or capabilities.

A “Satisfactory Watch” rating is not intended to be used for a prolonged period. Firms that receive a “Satisfactory Watch” rating would have a specified timeframe to fully resolve issues leading to that rating (as is the case with all supervisory issues), generally no longer than 18 months.^[13] If the firm successfully resolved the issues leading to the “Satisfactory Watch” rating, the firm would typically be upgraded to “Satisfactory” as it has demonstrated an ability to successfully remediate or mitigate these issues in a timely manner in the normal course of business. However, if the firm failed to timely remediate or mitigate those issues, that failure would generally be viewed as evidence that the firm lacked sufficient financial and/or operational capabilities to remain safe and sound Start Printed Page 39052through a range of conditions. In these instances, the firm would typically be downgraded to a “Deficient” rating.

When a firm is rated “Satisfactory Watch,” supervisors would focus on determining whether a firm's issues are related to each other, similar in nature or root cause, or constitute a pattern reflecting deeper governance or risk management weaknesses, warranting a downgrade to a “Deficient” rating.

III. Transition From the RFI Rating System to the LFI Rating System

As noted above, the LFI supervision framework—as described in SR 12-17 and accompanied by the issuance of enhanced regulatory requirements, supervisory expectations and practices—has been established over recent years to enhance the ability of large systemically important firms to sustain operations through a range of stressful conditions and events. Introduction of a new rating system that is comprehensively aligned with the LFI supervision framework represents the natural next step in the build-out of this program. As such, transition to the proposed LFI rating system is intended to be evolutionary and expected to be routine in most respects for affected firms.

Approaches to assessing an LFI's financial strength and resilience via effective capital and liquidity governance and planning, and sufficiency of related positions, are more prominent in the proposed LFI rating system versus the RFI rating system, and are fully reflective of current supervisory practices and expectations. Key conclusions of LFI supervision activities, including CCAR and CLAR, will be directly reflected within the Capital and Liquidity component rating assignments. By contrast, the RFI rating system was not designed to readily accommodate the results of these activities.

Similarly, the key elements within the Governance and Controls component rating, which underlie a firm's operational resilience and overall risk management, are also consistent with current practices. Most of these elements can be traced to supervisory expectations for risk management and internal controls first introduced in 1995, and subsequently carried forth into the RFI rating system in 2004.^[14] These foundational aspects of a firm's governance and control framework, including expectations relating to the effectiveness of boards of directors and emphasis on sound risk management, remain present in the proposed LFI rating system, albeit with some changes in emphasis and nomenclature.

The Governance and Controls component rating also provides an updated approach to assessing the effectiveness of risk management and control activities as conducted (i) directly within a firm's business line operations (where risk-taking activities are initiated and implemented), and (ii) throughout a firm's independent risk management and controls. More recently, key expectations regarding the alignment of a firm's strategy with its risk tolerance and risk management capabilities were included in SR letter 12-17, and are also reflected within capital planning guidance issued in 2015.^[15]

The chart included below in Section X, “Comparison of the RFI and LFI Rating Systems,” broadly compares and illustrates the structural differences between the two rating systems.

IV. Consequences of LFI Ratings

Statutes and regulations applicable to LFIs grant a number of privileges to well managed firms.^[16] Under the RFI rating system, a firm's composite rating and Risk Management rating determine whether a holding company is considered to be “well managed” for purposes of these privileges.^[17] Under the proposed LFI rating system, a firm must be rated “Satisfactory” or “Satisfactory Watch” for each of its three component ratings in order to be considered “well managed.” ^[18] A rating of “Deficient-1” or lower for any component would result in the firm not being deemed “well managed.” This reflects the judgment that an LFI is not in satisfactory condition overall unless it is considered sound in each of the key areas of capital, liquidity, and governance and controls.

A “Deficient-1” component rating could be a barrier for a firm seeking the Federal Reserve's approval to engage in new or expansionary activities, unless the firm can demonstrate that (i) it is making meaningful, sustained progress in resolving identified deficiencies and issues; (ii) the proposed new or expansionary activities would not present a risk of exacerbating current deficiencies or issues or lead to new concerns; and (iii) the proposed activities would not distract the board or senior management from remediating current deficiencies or issues.

The Federal Reserve would be extremely unlikely to approve any proposal seeking to engage in new or expansionary activities from a firm with a “Deficient-2” component rating.

Under the Bank Holding Company Act (BHC Act) and the Home Owners' Loan Act,^[19] companies that have elected to be treated as financial holding companies (FHCs) and that do not remain well managed face restrictions on commencement or expansion of certain activities. In addition, a firm with less than satisfactory ratings may be subject to restrictions or higher charges in attempting to access the Federal Reserve's discount window or in gaining access to intraday credit.

A “Deficient-1” component rating would often be an indication that the firm should be subject to either an informal or formal enforcement action, and may also result in the designation of the firm as being in “troubled condition.” ^[20] A firm with a “Deficient-2” component rating should expect to be subject to a formal enforcement action and deemed to be in “troubled condition.”

V. Applicability

The Federal Reserve would use the proposed LFI rating system to evaluate and communicate the supervisory condition of all bank holding companies that have total consolidated assets of $50 billion or more; all non-insurance, non-commercial savings and loan holding companies that have total consolidated assets of $50 billion or more; and all U.S. intermediate holding companies (IHCs) of foreign banking organizations established pursuant to section 252.153 of the Federal Reserve's Regulation YY.^[21] In the future, the Start Printed Page 39053Federal Reserve plans to use the LFI rating system to assess systemically important nonbank financial companies designated by the Financial Stability Oversight Council (FSOC) for supervision by the Federal Reserve; however, this would be done through a separate rulemaking.

Until final adoption of a LFI rating system, the Federal Reserve will continue to evaluate firms using the existing RFI rating system. Holding companies with less than $50 billion in total consolidated assets would continue to be evaluated using the RFI rating system.

VI. Timing and Implementation

The Federal Reserve proposes to assign initial LFI ratings to all applicable firms during 2018. Due to differences in the timing of supervisory cycles across the portfolios that comprise the LFI supervisory program, firms in one portfolio may receive their initial LFI ratings at different times during the year than firms in another portfolio.

During the initial LFI rating supervisory cycle, each applicable firm would receive all three component ratings under the LFI rating system concurrently. Consistent with current Federal Reserve practice on the assignment and communication of supervisory ratings by examiners, ratings under the proposed LFI rating system would be assigned and communicated to firms on at an annual basis, and more frequently as warranted. After the initial LFI rating supervisory cycle, examiners may assign and communicate individual component ratings on a rolling basis to the firms. Under the proposed LFI rating system, the Federal Reserve would continue to generally rely to the fullest extent possible on the information and assessments developed by other relevant supervisors and functional regulators. In accordance with the Federal Reserve's regulations governing confidential supervisory information,^[22] ratings assigned under the LFI rating system would be communicated by the Federal Reserve to the firm but not disclosed publicly.

The proposed LFI rating system would apply if a firm reports total consolidated assets of $50 billion or more, calculated based on the average of the firm's total consolidated assets in the four (4) most recent quarters as reported on the firm's quarterly financial reports filed with the Federal Reserve. A firm that meets this criteria would generally receive the three LFI component ratings within one year of becoming subject to the LFI rating system. A firm would continue to be rated under the LFI rating system until it has less than $45 billion in total consolidated assets, based on the average total consolidated assets as reported on the firm's four (4) most recent quarterly financial reports filed with the Federal Reserve. The Federal Reserve may determine to apply the RFI rating system or another applicable rating system in certain limited circumstances.^[23]

VII. Related Proposed Guidance

Concurrent with issuing this proposal, the Board is issuing another proposal for public comment addressing supervisory expectations for boards of directors of all Federal Reserve-supervised institutions.^[24] That proposal includes proposed guidance concerning the effectiveness of boards of directors of large financial institutions, which is an element of the Governance and Controls component rating. The Board also plans to separately release additional proposed guidance seeking comment on supervisory expectations relating to a firm's management of core business lines and independent risk management and controls, which is also an element of the Governance and Controls component rating. The Federal Reserve expects to release this additional guidance in the near future. However, if the LFI rating system is finalized before the additional governance and controls guidance is finalized, firms would be evaluated using existing supervisory guidance until such time that the additional governance and controls guidance is finalized.^[25]

The following section provides a summary of the planned guidance relating to a firm's management of core business lines and independent risk management and controls, as well as a summary of the proposed guidance relating to the effectiveness of a firm's board of directors.^[26]

A. Management of Core Business Lines and Independent Risk Management and Controls

The supervisory assessment of a firm's management of core business lines and independent risk management and controls would have three components: (1) Expectations for senior management with respect to both core business lines and independent risk management and controls; (2) expectations for the management of core business lines (CBLs); and (3) expectations for independent risk management (IRM) and controls.

1. Senior Management

Senior management oversees both the management of core business lines and independent risk management and controls. The supervisory assessment of the effectiveness of senior management would include senior management's role in managing the firm's day-to-day operations, promoting safety and soundness and compliance with internal policies and procedures, laws, and regulations, including those related to consumer protection.^[27]

Senior management is responsible for implementing the firm's strategy and risk tolerance as approved by the firm's board. Senior management should implement the strategic and risk objectives across the firm such that they support the firm's long-term resiliency and safety and soundness, including the firm's resilience to a range of stressed conditions. Senior management should ensure that the firm's infrastructure, staffing, and resources are sufficient to carry out the firm's strategic objectives.

Senior management should maintain and implement an effective risk management framework and ensure the firm can appropriately manage risk consistent with its strategy and risk Start Printed Page 39054tolerance. This should include establishing clear responsibilities and accountability for the identification, management, and control of risk. Senior management should also develop and maintain the firm's policies and procedures and system of internal controls to ensure compliance with laws and regulations.

Senior management is responsible for ensuring the resolution of key issues and effective firm-wide communication, including to and from the board of directors. Senior management should have in place robust mechanisms for keeping apprised of, among other things, current and emerging risks to the firm and other material issues, including by maintaining robust management information systems.

Senior management should have in place succession and contingency staffing plans for key positions and have compensation and performance management programs that promote and enforce prudent risk-taking behaviors and business practices.

2. Management of Core Business Lines

The Federal Reserve would consider the effectiveness of the management of core business lines in meeting its supervisory expectations.^[28] For LISCC firms, all business lines would be considered CBLs. For other firms, CBLs would be defined as those business lines where a significant control disruption, failure, or loss event would result in a material loss of revenue, profit, or franchise value, or result in significant consumer harm.^[29] The Federal Reserve is reserving discretion to identify other business lines or functions as core business lines, based on their size, risk profile, or other supervisory considerations.

CBL management should establish for each core business line specific business and risk objectives that align with the firm-wide strategy and risk tolerance.^[30] CBL management should inform senior management when the risk management capabilities are insufficient to align those business and risk objectives. CBL management should also clearly present to senior management the risks emanating from the business line's activities and explain how those risks are managed and align with the firm's risk tolerance.

CBL management should identify, measure, and manage current and emerging risks that stem from CBL activities and external factors. CBL management should also incorporate appropriate feedback from independent risk management (IRM) on business line risk positions, implementation of the risk tolerance, and risk management practices, including risk mitigation.

CBL management should manage the CBL's activities so they remain within risk limits established by IRM, consult with senior management before permitting any breaches of the limits, and follow appropriate procedures for obtaining exceptions to limits. CBL management should also adhere to the firm's policies and procedures for vetting new business products and initiatives, and escalate to senior management any required changes or modifications to risk management systems or internal control policies and procedures arising from the adoption of a new business or initiative.

CBL management should provide a CBL with sufficient resources and infrastructure to meet financial goals and strategic objectives while maintaining operational and financial resilience in a range of operating conditions, including stressful ones. Resources and infrastructure include sufficient personnel with appropriate training and expertise and management information systems.

CBL management should develop and maintain an effective system of sound and appropriate internal controls for its CBL that ensures compliance with laws and regulations.^[31] CBL management should regularly test to ensure the effectiveness of controls within the business lines and ensure that deficiencies are remediated, and should escalate material deficiencies and systematic control violations to senior management, as well as provide periodic reports. Finally, CBL management should reassess controls periodically to ensure relevancy and alignment with current approved policies.

CBL management should establish policies and guidelines that delineate accountability, set forth clear lines of management authority within the CBL, and align desired behavior with the firm's performance management incentives. CBL management should hold employees accountable for conduct that is inconsistent with the firm's policies or board and senior management directives or that could result in violations of law. CBL management should inform senior management of improper conduct when appropriate, including individual instances and when there are identified patterns of misconduct. CBL management should have ongoing and effective means to prevent, detect, and remediate risk management and compliance failures.

3. Independent Risk Management and Controls

The Federal Reserve would assess whether the firm's independent risk management and controls meet supervisory expectations. This assessment would focus on three related areas: The independent risk management function, internal controls, and internal audit.

a. Independent Risk Management (IRM) Function

i. Chief Risk Officer (CRO)

A CRO must have sufficient capability and experience in identifying, assessing, and managing risk exposures of large, complex financial institutions.^[32] The CRO should guide IRM to establish and monitor compliance with enterprise-wide risk limits, identify and aggregate the firm's risks, assess the firm's risk positions relative to the parameters of the firm's risk tolerance, and provide relevant risk information to senior management and the board of directors.

The CRO should inform the board of directors if his or her stature, independence, or authority is not sufficient or is at risk of being insufficient to provide unbiased and independent assessments of the firm's risks, risk management activities, and system of internal controls.^[33] Further, the CRO should be included in discussions with other senior management and the board related to key decisions, such as strategic planning and capital and liquidity planning, and provide input to the board on incentive compensation.

The CRO should notify senior management and the board of directors when activities or practices at the firm-Start Printed Page 39055wide, risk-specific, or CBL level do not align with the firm's overall risk tolerance. As appropriate, the CRO should recommend constraints on risk taking and enhancements to risk management practices to senior management and the board of directors.

The CRO should support the independence of IRM from the business lines by establishing clearly defined roles and responsibilities and reporting lines.

ii. Chief Audit Executive (CAE)

The firm should have a CAE, appointed by the board, with sufficient capability, experience, independence, and stature to manage the internal audit function's responsibilities.^[34] Under the direction of the CAE, the internal audit function performs an independent assessment of the effectiveness of the firm's system of internal controls and the risk management framework. The CAE should manage effectively all aspects of internal audit work on an ongoing basis, including any internal audit work that is outsourced. The CAE should have the authority to oversee all internal audit activities and to hire internal audit staff with sufficient capability and stature. The CAE should report findings, issues, and concerns to the board's audit committee and senior management.

iii. Risk Tolerance and Limits

IRM should evaluate whether the firm's risk tolerance appropriately captures the firm's material risks, whether it aligns with the firm's strategic plan and the corresponding business activities, and whether it is consistent with the capacity of the risk management framework. IRM, including through the CRO, should provide input to both senior management and the board to assist in the development, evaluation, and approval of the firm's risk tolerance. IRM should also determine whether the firm's risk profile is consistent with the firm's risk tolerance and assess whether the firm's risk management framework has the capacity to manage the risks outlined in the risk tolerance.

Under direction of the CRO, IRM should establish enterprise-wide risk limits as well as more granular risk limits, as appropriate, that are consistent with the firm's risk tolerance for the firm's full set of risks. IRM should monitor and update risk limits as appropriate, especially as the firm's risk tolerance, risk profile, or external conditions change. IRM should identify significant trends in risk levels to evaluate whether risk-taking and risk management practices are consistent with the firm's strategic objectives. IRM should escalate to senior management material breaches to the firm's risk tolerance and enterprise-wide risk limits, as well as instances where IRM's conclusions differ from those of CBLs.

IRM should identify and measure under both normal and stressful operating conditions, where possible, current and emerging risks within and across business lines and risk types, as well as any other relevant perspective. Common risk types include credit, market, operational, liquidity, interest rate, legal, and compliance (such as consumer protection and Bank Secrecy Act/anti-money laundering).

IRM should aggregate risks across the entire firm and assess those risks relative to the firm's risk tolerance. IRM should identify material or critical concentrations of risks and assess the likelihood and potential impact of those risks on the firm. IRM should identify information gaps, uncertainties, or limitations in risk assessments for the board of directors and senior management, as appropriate.

Risk reporting should cover current and emerging risk, risk exposure and adherence to risk limits and risk concentrations as well as the firm's ongoing strategic, capital, and liquidity planning processes. Risk reporting should enable prompt escalation and remediation of material problems; enhance appropriate and timely responses to identified problems; provide current and forward-looking perspectives; and support or influence strategic decision-making.

b. Internal Controls

Developing and maintaining effective internal controls are the responsibility of senior management, IRM, and CBL management. Accordingly, a firm should appropriately assign management responsibilities for the establishment and maintenance of internal controls. To foster an appropriate control culture within the firm, adequate control activities should be integrated into the daily functions of all relevant personnel.

A firm should have mechanisms to monitor and test internal controls and to identify and escalate issues that appear to compromise the effectiveness of internal controls. The scope, frequency, and depth of testing should consider the complexity of the firm, the results of risk assessments, and the number and significance of the deficiencies identified during prior testing. A firm should test and monitor internal controls using a risk-based approach, prioritizing efforts on controls in areas of highest risk and less effective controls.

A firm should evaluate and communicate internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management.

c. Internal Audit

The internal audit function should examine, evaluate, and perform an independent assessment of the effectiveness of the firm's risk management framework and internal control systems and report findings to senior management and the firm's audit committee. The Federal Reserve would assess the extent to which a firm complies with existing guidance on internal audit.^[35]

B. Board Effectiveness

Concurrent with this proposal, the Board is issuing a related proposal for public comment addressing supervisory expectations for boards of directors of all Federal Reserve-supervised institutions. The Federal Reserve conducted a multi-year review of the practices of boards of directors, particularly at the largest financial institutions, which considered the factors that make boards effective, the challenges boards face, how boards influence the safety and soundness of their firms, and the impact of the Federal Reserve's expectations for boards of directors in existing supervisory guidance. The proposed guidance relating to boards of directors and its accompanying notice published in the Federal Register constitute the results of the review. The review identified three key issues that could potentially reduce a board's ability to be effective. First, supervisory expectations for boards of directors and senior management have become increasingly difficult to distinguish. Second, boards typically spend a significant amount of time focused on supervisory expectations that do not directly relate to the board's core responsibilities, which include guiding the development of the firm's strategy and risk tolerance, overseeing senior management and holding them accountable, supporting Start Printed Page 39056the stature and independence of the firm's independent risk management and internal audit functions, and adopting effective governance practices. Third, boards of large financial institutions often face significant challenges managing the overwhelming quantity of information provided by senior management in advance of board meetings.

The proposal would refocus existing supervisory expectations on a board's core responsibilities by more clearly distinguishing the roles and responsibilities of the board from those of senior management; eliminating redundant, outdated, or irrelevant supervisory expectations for boards; and ensuring that supervisory guidance is more closely aligned.

The proposal contains three parts, the first of which includes proposed supervisory guidance addressing effective boards of directors (proposed BE guidance), which would apply to the largest depository institution holding companies supervised by the Federal Reserve. The proposed BE guidance identifies five key attributes of effective boards of directors and would provide the framework the Federal Reserve would use to assess a firm's board of directors. The proposed BE guidance also would clarify supervisory expectations for boards as distinct from expectations for senior management.

The second part of the proposal would revise certain supervisory expectations for boards to ensure they are aligned with the Federal Reserve's supervisory framework, and would eliminate redundant, outdated, or irrelevant supervisory expectations. These changes reflect the Federal Reserve's review of approximately 170 existing supervisory expectations contained in 27 Supervision and Regulation letters (SR letters), and would apply to bank and savings and loan holding companies of all sizes.

The third part of the proposal includes proposed supervisory guidance that would replace Federal Reserve SR letter 13-13 ^[36] and clarify expectations for communicating supervisory findings to an institution's board of directors and senior management. This proposed guidance, like the existing guidance, would apply to all financial institutions supervised by the Federal Reserve. The proposed guidance would facilitate the execution of boards' core responsibilities by clarifying expectations for communicating supervisory findings to an institution's board of directors and senior management. The proposed guidance would indicate that Federal Reserve examiners and supervisory staff would direct most Matters Requiring Immediate Attention (MRIAs) and Matters Requiring Attention (MRAs) to senior management for corrective action. MRIAs and MRAs would only be directed to the board for corrective action when the board needs to address its corporate governance responsibilities or when senior management fails to take appropriate remedial action. The board would remain responsible for holding senior management accountable for remediating supervisory findings.

VIII. Other Related Developments

Upon finalizing the LFI rating system, the Federal Reserve expects to issue supervisory guidance to update and align the consolidated supervisory framework, including SR letter 12-17, to be fully consistent with any modifications made through the final adoption of the LFI rating system as well as supervisory guidance relating to governance and controls.

In the future, the Federal Reserve may propose to revise the LFI rating system to include an additional rating component to assess the sufficiency of resolution planning efforts undertaken by LISCC firms (and perhaps other select LFIs) to reduce the impact on the U.S. financial system in the event of the firm's failure. This proposed revision to the LFI rating system would be issued for notice and comment.

IX. Proposed Changes to Existing Regulations

References to holding company ratings are included in a number of the Federal Reserve's existing regulations. In certain cases, the regulations are narrowly constructed such that they contemplate only the assignment of a standalone composite rating using a numerical rating scale. This is consistent with the current RFI rating system but is not compatible with the proposed LFI rating system. Three provisions in the Federal Reserve's existing regulations are written in this manner, including two in Regulation K and one in Regulation LL. In Regulation K, section 211.2(z) of Regulation K includes a definition of “well managed” which in part requires a bank holding company to have received a composite rating of 1 or 2 at its most recent examination or review; and section 211.9(a)(2) requires an investor (which by definition can be a bank holding company) to have received a composite rating of at least 2 at its most recent examination in order to make investments under the general consent or limited general consent procedures contained in sections 211.9(b) and (c). In Regulation LL, section 238.54(a)(1) restricts savings and loan holding companies from commencing certain activities without the Federal Reserve's prior approval unless the company received a composite rating of 1 or 2 at its most recent examination.

To ensure that the Federal Reserve's regulations are consistent and compatible with all aspects of both the RFI rating system as well as the proposed LFI rating system, the Federal Reserve proposes to amend those three regulatory provisions so they would apply to entities which receive numerical composite ratings as well as to entities which do not receive numerical composite ratings (including firms subject to the proposed LFI rating system).^[37] To satisfy the requirements of those provisions, firms that do not receive numerical composite ratings would have to be considered satisfactory under the proposed LFI rating system. To be considered satisfactory, a firm would have to be rated “Satisfactory” or “Satisfactory Watch” for each component of the proposed LFI rating system; a firm which is rated “Deficient-1” or lower for any component would not be considered satisfactory. This standard would apply to any provision contained in the Federal Reserve's regulations which requires or refers to a firm having a satisfactory composite rating.

X. Comparison of the RFI and LFI Rating Systems

The proposed LFI rating system includes several structural changes from the RFI rating system. The following table provides a broad comparison between the two rating systems.Start Printed Page 39057

XI. Request for Comments

The Board invites comments on all aspects of the proposed LFI rating system, including responses to the following questions:

(1) Are there specific considerations beyond those outlined in this proposal that should be considered in the Federal Reserve's assessment of whether an LFI has sufficient financial and operational strength and resilience to maintain safe and sound operations?

(2) Does the proposal clearly describe the firms that would be subject to the LFI rating system, and those firms that would continue to be subject to the RFI rating system?

(3) Does the proposal clearly describe the supervisory expectations for senior management in the evaluation of a firm's governance and controls under the proposed LFI rating system?

(4) Does the proposal clearly describe how and under what circumstances a “Satisfactory Watch” rating would or would not be assigned? Does that rating provide appropriate messaging and incentives to firms to correct identified deficiencies?

(5) Should the LFI rating system be revised at a future date to assess the sufficiency of a firm's resolution planning efforts undertaken to reduce the impact on the financial system in the event of the firm's failure? If yes, what should the Federal Reserve specifically consider in conducting that assessment?

(6) Are there options that should be considered to enhance the transparency of LFI ratings in order to incent more timely and comprehensive remediation of supervisory deficiencies or issues?

(7) What specific issues should the Federal Reserve consider when using the LFI rating system to inform future revisions to other supervisory rating systems used to assess the U.S. operations of foreign banking organizations?

XII. Regulatory Analysis

A. Paperwork Reduction Act

There is no collection of information required by this proposal that would be subject to the Paperwork Reduction Act of 1995, 44 U.S.C. 3501 et seq.

B. Regulatory Flexibility Analysis

The Board is providing an initial regulatory flexibility analysis with respect to this proposed rule. The Regulatory Flexibility Act, 5 U.S.C. 601 et seq. (RFA), generally requires an agency to assess the impact a rule is expected to have on small entities. The RFA requires an agency either to provide an initial regulatory flexibility analysis with a proposed rule for which a general notice of proposed rulemaking is required or to certify that the proposed rule will not have a significant impact on a substantial number of small entities. Based on the Board's analysis Start Printed Page 39058and for the reasons stated below, the Board believes that neither the proposed LFI rating system nor the proposed rule will have a significant economic impact on a substantial number of small entities. A final regulatory flexibility analysis will be conducted after comments received during the public comment period have been considered.

Under regulations issued by the Small Business Administration, a small entity includes a depository institution, bank holding company, or savings and loan holding company with assets of $550 million or less (small banking organizations). As of June 1, 2017, there were approximately 3,539 small banking organizations. As described above, the proposed LFI rating system would apply only to all bank holding companies with total consolidated assets of $50 billion or more; all non-insurance, non-commercial savings and loan holding companies with total consolidated assets of $50 billion or more; and U.S. intermediate holding companies of foreign banking organizations established pursuant to section 252.153 of the Federal Reserve's Regulation YY. Small banking organizations would therefore not be subject to the proposed LFI rating system. Similarly, the proposed rule would make conforming changes to several regulations to reflect certain aspects of the proposed LFI rating system, but would not change the operation of those regulations for any entity that would not be subject to the proposed LFI rating system. As a result, neither the proposed LFI rating system nor the proposed rule should have any impact on small banking organizations. In light of the foregoing, the Board believes that the proposed LFI rating system will not have a significant economic impact on small banking organizations supervised by the Board.

C. Solicitation of Comments on Use of Plain Language

Section 722 of the Gramm-Leach-Bliley Act requires the Board to use plain language in all proposed and final rules published after January 1, 2000. The Board invites comment on how to make this proposed rule easier to understand. For example:

• Has the Board organized the material to suit your needs? If not, how could the proposal be more clearly stated?
• Does the proposal contain technical language or jargon that is not clear? If so, what language requires clarification?
• Would a different format (grouping and order of sections, use of headings, paragraphing) make the proposal easier to understand? If so, what changes would make the proposal easier to understand?
• Would more, but shorter, sections be better? If so, what sections should be changed?
• What else could the Board do to make the proposal easier to understand?

List of Subjects

12 CFR Part 211

• Exports
• Federal Reserve System
• Foreign banking
• Holding companies
• Investments
• Reporting and recordkeeping requirements

12 CFR Part 238

• Administrative practice and procedure
• Banks
• Banking
• Federal Reserve System
• Holding companies
• Reporting and recordkeeping requirements

Authority and Issuance

For the reasons stated in the preamble, the Board proposes to amend 12 CFR parts 211 and 238 as follows:

PART 211—INTERNATIONAL BANKING OPERATIONS (REGULATION K)

1. The authority citations for part 211 continues to read as follows: 12 U.S.C. 221 et seq., 1818, 1835a, 1841 et seq., 3101 et seq., 3901 et seq., and 5101 et seq.; 15 U.S.C. 1681s, 1681w, 6801 and 6805.

2. Section 211.2 is amended by revising paragraph (z) to read as follows:

3. Section 211.9 is amended by revising paragraph (a) to read as follows:

PART 238—SAVINGS AND LOAN HOLDING COMPANIES (REGULATION LL)

1. The authority citations for part 211 continues to read as follows:

Authority: 5 U.S.C. 552, 559; 12 U.S.C. 1462, 1462a, 1463, 1464, 1467, 1467a, 1468, 1813, 1817, 1829e, 1831i, 1972; 15 U.S.C. 78 l.

2. Section 238.54 is amended by revising paragraph (a)(1) to read as follows:

Footnotes