2024-24402. OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches
-
AGENCY:
Office of the Comptroller of the Currency, Treasury.
ACTION:
Final guidelines.
SUMMARY:
The Office of the Comptroller of the Currency is amending its enforceable recovery planning guidelines to apply them to insured national banks, insured Federal savings associations, and insured Federal branches of foreign banks with average total consolidated assets of $100 billion or more; incorporate a testing standard; and clarify the role of non-financial (including operational and strategic) risk in recovery planning.
DATES:
The final guidelines are effective on January 1, 2025.
FOR FURTHER INFORMATION CONTACT:
Kimberly Jameson, Lead Expert, Market Risk, (202) 322-8527; Andra Shuster, Senior Counsel, Karen McSweeney, Special Counsel, or Priscilla Benner, Counsel, Chief Counsel's Office, (202) 649-5490; 400 7th Street SW, Washington, DC 20219. If you are deaf or hard of hearing or have a speech disability, please dial 7-1-1 to access telecommunications relay services.
SUPPLEMENTARY INFORMATION:
I. Background
Large-scale financial crises have demonstrated the destabilizing effect that severe stress can have on financial entities, capital markets, the Federal banking system, and the U.S. and global economies. This is particularly true when a crisis places severe stress on large, complex financial institutions due to the systemic and contagion risks that they pose. For example, during the 2008 crisis, the Office of the Comptroller of the Currency (OCC) observed that many financial institutions were not prepared to respond effectively to the financial effects of severe stress. The lack of or inadequate planning threatened the viability of some financial institutions, and many were forced to take significant actions without the benefit of a well-developed plan for recovery.
For the OCC, this experience highlighted the importance of large, complex banks having strong risk governance frameworks, including plans for how to respond quickly and effectively to, and recover from, the financial effects of severe stress. The agency recognized that this type of advance planning would reduce a bank's risk of failure and increase the likelihood that it would return to a position of financial strength and viability following severe stress.
On September 29, 2016, the OCC issued Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches (Guidelines).[1] Under the Guidelines, an insured national bank, insured Federal savings association, or insured Federal branch (bank) subject to the standards (covered bank) should have a recovery plan that includes (1) quantitative or qualitative indicators of the risk or existence of severe stress that reflect its particular vulnerabilities; (2) a wide range of credible options that it could undertake in response to the stress to restore its financial strength and viability; and (3) an assessment and description of how these options would affect it. The Guidelines provide that a recovery plan should also address (1) the covered bank's overall organizational and legal entity structure and its interconnections and interdependencies; (2) procedures for escalating decision-making to senior management or the board of directors or an appropriate committee thereof (board); (3) management reports; (4) communication procedures; and (5) any other information the OCC communicates in writing. The Guidelines also set forth the responsibilities of management and the board with respect to the covered bank's recovery plan.
The 2016 Guidelines applied to banks with total consolidated assets of $50 billion or more. In 2018, the OCC amended the Guidelines to raise the threshold to $250 billion based on its view, at that time, that these larger, more complex, and potentially more interconnected banks presented greater systemic risk to the financial system and would benefit most from recovery planning.[2]
In March 2023, several insured depository institutions (IDIs) with total consolidated assets of $100 billion or more experienced significant withdrawals of uninsured deposits in response to underlying weaknesses in their financial position and failed. These events highlighted the risk, complexity, and interconnectedness of banks with average total consolidated assets between $100 billion and $250 billion and underscored that it is important for banks in this size range (which are not covered by the current Guidelines) to develop and maintain recovery plans to respond to the financial effects of severe stress.
In addition, since the issuance of the Guidelines in 2016, the agency has examined covered banks' recovery planning processes and reviewed numerous recovery plans. Based on this experience, the OCC has identified areas where the current Guidelines should be strengthened.
To address these issues, on July 3, 2024, the OCC published a proposal to expand the Guidelines to apply to banks with average total consolidated assets of $100 billion or more; incorporate a testing standard; and clarify the role of non-financial (including operational and strategic) risk in recovery planning.[3] The OCC received five comments on the proposal. Two comments were from banks, one was from an individual, one was from two trade associations, and one was from a ( print page 84256) non-profit organization.[4] These comments are addressed in detail in the next section.
II. Description of the Proposal, Comments, and Final Guidelines
A. Covered Bank Threshold
Definition of covered bank. The current Guidelines generally apply to banks with average total consolidated assets of $250 billion or more. Based on the OCC's observations during the IDI failures in 2023, the agency proposed to expand the Guidelines to apply to banks with average total consolidated assets of $100 billion or more.[5] To make this change, the OCC proposed to revise the definition of “covered bank” in paragraph I.E.3. of the current Guidelines.
The OCC received several comments on this proposed change. While one commenter supported the proposed $100 billion threshold, another commenter suggested a $150 billion threshold. Commenters also recommended that the OCC include metrics in addition to asset size in its definition of covered bank, periodically adjust the threshold for inflation, notify covered banks when they become subject to the Guidelines, and tailor the Guidelines based on covered banks' size and complexity.
The OCC continues to believe that the $100 billion threshold is appropriate. As noted above, the agency has observed that banks at or above this size generally have a level of risk, complexity, and interconnectedness at which recovery planning is most beneficial. Narrowing the threshold to $150 billion would exclude some of these banks. With respect to additional metrics, the reservation of authority in paragraph I.C. of the Guidelines provides the OCC with sufficient flexibility to determine, based on factors other than asset size, that a bank is highly complex or otherwise presents a heightened risk and, thus, should be subject to the Guidelines.[6]
Regarding an inflation adjustment, the OCC has determined that it does not need to include this provision in the Guidelines, as the agency can revisit and amend the threshold through the rulemaking process as appropriate. The OCC has also concluded that it is not necessary to notify a bank when it becomes a covered bank because this is determined based on a bank's own Consolidated Reports of Condition and Income (Call Report) data.[7] Finally, the current Guidelines specifically state that each covered bank's recovery plan should be “appropriate for its individual size, risk profile, activities, and complexity,” and thus, they are inherently tailored.[8]
Therefore, the OCC is adopting the changes to the definition of “covered bank” as proposed.
Calculation of the threshold. The current Guidelines define “average total consolidated assets” in paragraph I.E.1. as “the average total consolidated assets of the bank or the covered bank,” as reported on its Call Report for the four most recent consecutive quarters. The OCC proposed a clarifying change to this definition to refer to the average “of” total consolidated assets of the bank or covered bank. This change was intended to clarify that the calculation of “average total consolidated assets” for purposes of the Guidelines is based on the “total assets” line, not the “average total consolidated assets” line, of the Call Report.[9] This change could have affected the quarter in which a bank became a covered bank and would have been consistent with the OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches.[10] The OCC did not receive any comments on this proposed change and adopts it as proposed.
Reservation of authority. The reservation of authority in paragraph I.C.1. of the current Guidelines provides that the OCC has the discretion to apply the Guidelines, in whole or in part, to a bank with average total consolidated assets of less than $250 billion if it determines that the bank is highly complex or otherwise presents a heightened risk that warrants application of the Guidelines.[11] Consistent with the proposed threshold change described above, the proposal would have allowed the agency to apply the Guidelines to a bank with average total consolidated assets of less than $100 billion in these circumstances.[12]
The OCC received one comment on this proposed change, which stated that the reservation of authority should not be used for banks with under $100 billion in average total consolidated assets because recovery planning addresses issues similar to those already addressed in other contexts ( e.g., capital planning and stress testing). The OCC continues to believe that the agency should have the flexibility to apply the Guidelines to banks below the $100 billion threshold based on whether the bank is highly complex or otherwise presents a heightened risk. For this reason, the OCC is adopting this change as proposed.
B. Testing
Testing generally. As stated above, the OCC has many years of experience with administering the Guidelines, including reviewing covered banks' recovery plans. During this period, the agency has observed that covered banks would benefit from testing their recovery plans, which would allow them to proactively identify and address any weaknesses or deficiencies before they experience severe stress. This process would help a covered bank determine that its recovery plan is an effective tool that can realistically help restore the bank to financial strength and viability in response to severe stress. Not surprisingly, testing is already a key component of other regulatory frameworks addressing the stress continuum ( e.g., contingency funding planning [13] and stress testing [14] ).
For these reasons, the OCC proposed to add a testing provision as a new paragraph II.D. of the Guidelines, which stated that a covered bank should validate the effectiveness of its recovery plan. The preamble explained that a covered bank may do this by simulating severe financial and non-financial stress scenarios ( e.g., the scenarios used to develop the plan) to confirm that the plan is likely to work as intended. This testing should include, for example, ensuring that the plan's triggers appropriately reflect the covered bank's particular vulnerabilities and will, in practice, provide timely notice of ( print page 84257) increasingly severe stress, ranging from warnings of the likely occurrence of severe stress to its actual existence. Testing should also enable management and the board to verify that the covered bank has identified credible options that it is prepared to carry out during a period of severe stress. It should provide management and the board with similar assurances regarding other elements of the plan and, ultimately, the plan as a whole. The proposal did not specify a testing format or methodology but stated that testing should be risk-based and reflect the covered bank's size, risk profile, activities, and complexity.
The OCC received three comments on its proposed testing provision. One commenter stated that testing should be a flexible, risk-based “capabilities assessment” ( i.e., an assessment of a covered bank's capability to implement its recovery plan in a timely manner). The commenter also expressed concern that validation was not defined or explained and could require a covered bank to prove its plan's effectiveness by, for example, actually executing a recovery plan option ( e.g., divesting a business line). The commenter also argued that the inclusion of scenario analysis would duplicate the process that a covered bank used to develop or update a recovery plan. Another commenter supported the addition of testing to the Guidelines but stated that the OCC should provide more specific directions.
The OCC disagrees with several of these comments. While a capabilities assessment is an important aspect of testing, it is insufficient on its own to achieve the purpose of testing. For example, a capabilities assessment would not necessarily help a covered bank identify gaps in its recovery plan ( e.g., missing triggers or options) or determine if the plan can realistically help to restore the bank to financial strength and viability during periods of severe stress. With respect to the concept of validation, the OCC is using the term to convey that testing should confirm, to the extent possible, that the plan can accomplish its intended goals. Naturally, validation does not necessarily mean that a covered bank should actually execute a recovery option as part of testing. With respect to scenario analysis, the proposal would not have directed covered banks to use a specified testing format or methodology. Therefore, one covered bank could determine that a scenario analysis is an informative component of testing, while another may decide that it would unnecessarily duplicate its process for developing and updating its recovery plan. Accordingly, the OCC makes no change in the final Guidelines in response to these comments.
However, the OCC agrees that testing should be risk-based. A risk-based standard will provide each covered bank with the flexibility to develop and implement a testing framework that is consistent with its individual characteristics. To reflect this, the OCC is amending the final Guidelines to state that testing “should be appropriate for the bank's individual size, risk profile, activities, and complexity, including the complexity of its organizational and legal entity structure” and declines to establish a more prescriptive testing standard.
Testing of elements. The proposal stated that testing should include validation of the effectiveness of each element of the plan.[15] Two commenters questioned how a bank would validate the effectiveness of key aspects of recovery planning ( e.g., the “Overview of covered bank,” which describes a covered bank's overall organizational and legal entity structure and its interconnections and interdependencies). The OCC agrees that it may not be possible to validate the effectiveness of each plan element, particularly descriptive elements ( e.g., the covered bank's overview). The agency believes, however, that a covered bank should consider each element of its recovery plan as part of testing to validate the effectiveness of the overall plan. This consideration may include, for example, assessing the effectiveness, completeness, or accuracy of each element, as appropriate. To address any confusion, the OCC has revised the final Guidelines to state: “Testing should validate the effectiveness of the recovery plan, including by considering each element set forth in paragraph II.B. of this appendix.”
Frequency of testing. The proposed testing provision provided that a covered bank should test its recovery plan periodically but not less than annually. Two commenters generally agreed that annual testing is appropriate while another commenter suggested that testing should be conducted at intervals and along timelines that are appropriate for each bank. In addition, a commenter said that the testing should be conducted in connection with, or as part of, resolution planning or other business-as-usual testing to avoid unnecessary duplication and that a provision for specific testing in response to a material change is unnecessary if testing is risk-based.
The OCC continues to believe that annual testing is appropriate and has concluded that a covered bank should also test its recovery plan following any significant changes to the recovery plan made in response to a material event. This frequency will ensure that management and the board can consider the results of testing during their recovery plan reviews under paragraphs III.A. and B. of the Guidelines, respectively.[16] Within this framework, the final Guidelines provide each bank with flexibility regarding when to test its plan, including whether to align this testing with other types of testing or to engage in continuous or regular testing throughout the testing cycle, provided that the bank meets the testing standard in the Guidelines. The OCC also reiterates that it does not expect a covered bank to consider every component of each element during each testing cycle ( e.g., considering the trigger element during a cycle does not necessarily mean considering every trigger during that cycle). Rather, as noted above, testing should be risk-based. Therefore, the final Guidelines provide that “Each covered bank should test its recovery plan periodically but not less than annually and following any significant changes to the recovery plan made in response to a material event.”
Plan updates following testing. Finally, the proposed testing provision provided that a covered bank should revise its recovery plan as appropriate following testing. One commenter stated that the OCC should not require a bank to both test and make changes to its recovery plan based on the result of the testing in the same testing cycle. The OCC believes that covered banks should take a risk-based approach to updating their recovery plans following testing. For example, if testing reveals a critical deficiency in the plan, the covered bank should update it as soon as feasible. However, for less significant deficiencies, it may be appropriate to delay updates until the next annual review cycle. Therefore, the OCC adopts this provision of the Guidelines as proposed. ( print page 84258)
C. Non-Financial Risk
In the OCC's experience with covered banks' implementation of the Guidelines, banks have generally been successful in considering and addressing financial risks in their recovery plans. For example, many covered banks' recovery plans address changes to the bank's financial position, such as profitability, funding sources, liquidity ratios, and capital ratios. The OCC has observed, however, that covered banks have been less consistent in considering or addressing non-financial risk, such as operational and strategic risks. By focusing a recovery plan exclusively on financial risks while neglecting non-financial risks, the covered bank may overlook the very real threats that non-financial risks can pose to its financial strength and viability.
Because the current Guidelines do not specifically reference non-financial risk, the proposal contained changes to ensure that covered banks appropriately address these risks in their recovery plans. Specifically, the OCC proposed to add language to paragraph II.A. stating that a covered bank “should appropriately consider both financial risk and non-financial risk (including operational and strategic risk).” The reference to financial risk was not because covered banks had not appropriately considered this type of risk but to highlight that both types of risk should be considered. The OCC also proposed conforming changes to the definitions of “recovery” and “trigger” in paragraphs I.E.4. and I.E.6., respectively, and to the recovery plan elements of “trigger” and “impact assessment” in paragraphs II.B.2. and II.B.4., respectively.[17] Finally, to provide an additional example of an operational risk plan with which a covered bank should align its recovery plan, the OCC proposed adding a reference to “resilience program” in paragraph II.C.
The OCC received one comment on the proposed non-financial risk language, which agreed that this type of risk should be considered but also observed that financial risk and non-financial risk have distinct roles in recovery planning. In particular, the commenter noted that the role of, and a covered bank's response to, non-financial risk differs from its response to financial risk and that breaches of non-financial triggers should not automatically lead to activation of the recovery plan and execution of recovery options.
The OCC agrees that financial risk and non-financial risk differ. However, both are important aspects of recovery planning, and the Guidelines provide covered banks with sufficient flexibility to account for these differences. Each covered bank's recovery plan can and should address financial risk and non-financial risk in a manner appropriate for that bank, including by ensuring that its recovery plan reflects their differences. Moreover, while the breach of any trigger (whether financial or non-financial) should always be escalated for purposes of initiating a response, a covered bank should not view a specific trigger as necessitating the execution of a particular option. Rather, a covered bank should use its judgment to determine what options, if any, to undertake during a period of severe stress. Therefore, the OCC is adopting these changes as proposed.
D. Compliance
When the OCC issued the proposal, it understood that covered banks would need time to implement the proposed changes. To this end, the agency proposed to amend paragraph I.B. of the Guidelines, entitled “Compliance date,” to provide affected banks with sufficient time to comply.
Specifically, under the proposal, a bank that is a covered bank under the current Guidelines would have had 12 months from the effective date of the amendments to comply with the changes. A bank that has $100 billion or more but less than $250 billion in average total consolidated assets on the effective date of the amendments to the Guidelines would have had to comply with the Guidelines within 12 months of the effective date, except for the testing requirements with which the bank would have had to comply within 18 months. A bank or other financial institution that is not a covered bank on the effective date of the amended Guidelines but that subsequently becomes a covered bank would have had 12 months from the date on which it became a covered bank to comply with the Guidelines, except that it would have had 18 months to comply with the testing requirements.[18]
The OCC received several comments on this topic. Two commenters stated that newly covered banks should have more time to comply ( e.g., 24 months), while another suggested that the proposal provided newly covered banks with too much time because of synergies with resolution and contingency planning requirements. One commenter said that the final Guidelines should have (1) one compliance date for a covered bank to develop the testing framework and (2) another compliance date to conduct the testing and, if necessary, revise its recovery plan based on the testing results. Finally, one commenter suggested that the OCC's compliance dates should not overlap with the FDIC's resolution planning rule.
The OCC agrees with commenters that covered banks should have time to both develop a testing framework and conduct testing. In order to provide sufficient time for both, the OCC is revising the proposed compliance dates. Specifically, under the final Guidelines, banks that are currently covered banks will have 12 months to amend their recovery plans to address non-financial risk and an additional 6 months to comply with the new testing provision. Banks that are not covered by the current Guidelines but that become covered banks on the effective date of the final Guidelines will have 12 months to develop their recovery plan and an additional 12 months to comply with the testing provision. Banks or other financial institutions that become covered banks after the effective date of the final Guidelines will have 12 months to develop their recovery plan and an additional 12 months to comply with the testing provision. These compliance dates provide banks and other financial institutions that are or become covered banks under the final Guidelines with sufficient time and flexibility to both develop a testing framework and conduct testing, and based on our supervisory experience, they strike the appropriate balance between the time needed to satisfy the final Guidelines and the risks that recovery planning is designed to address. The agency believes this addresses the other comments about the ( print page 84259) proposed compliance dates discussed above.[19]
In the proposal, the OCC also asked whether it should reserve authority to adjust an otherwise-applicable compliance date. In response, one commenter noted that if the OCC did so, it should reserve authority to both lengthen and shorten the applicable timeframes but should not specifically reference the context in which it might be appropriate to use this reservation of authority because the referenced examples could be interpreted as highly risky.
The OCC has determined that an additional reservation of authority for compliance date adjustments is unnecessary, as the agency already has sufficient tools to address this issue. For example, as a condition of approving a merger, the OCC can require that a bank comply with the Guidelines on a timeline other than the one specified in paragraph I.B. Therefore, the final Guidelines do not contain any changes in response to this question.
E. Other
In addition to the changes discussed above, the OCC has made technical and clarifying changes to the final Guidelines.
III. Regulatory Analysis
Paperwork Reduction Act of 1995
Under the Paperwork Reduction Act of 1995 (PRA),[20] the OCC may not conduct or sponsor, and a respondent is not required to respond to, an information collection unless it displays a currently valid Office of Management and Budget (OMB) control number. The OMB previously approved the collection of information in the current Guidelines, which are found in 12 CFR part 30, appendix E, at paragraphs II.B., II.C., and III. Specifically, paragraph II.B. lists the elements of the recovery plan, which are an overview of the covered bank; triggers; options for recovery; impact assessments; escalation procedures; management reports; communication procedures; and other information. Paragraph II.C. addresses the relationship of the plan to other covered bank processes and coordination with other plans, including the processes and plans of its bank holding company. Paragraph III. outlines management's and the board's responsibilities.
The final Guidelines include changes to the information collection.[21] Specifically, the threshold for applying the final Guidelines is reduced from $250 billion to $100 billion in average total consolidated assets. The final Guidelines also establish a testing standard, which provides that a covered bank should test its recovery plan. Additionally, the final Guidelines clarify the role of non-financial risk (including operational and strategic risk) in recovery planning.
The OCC has submitted the following revised information collection to the OMB for review.
Title: OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches.
OMB Control No.: 1557-0333.
Affected Public: Businesses or other for-profit organizations.
Estimated Burden:
Frequency of Response: On occasion.
Total Number of Respondents: 21.
Total Burden per Respondent: 32,017 hours.[22]
Total Burden for Collection: 672,360 hours.
The OCC did not receive any PRA-related comments. The agency has a continuing interest in the public's opinions of information collections. Within 30 days of publication of this document, commenters may submit comments regarding the burden estimate, or any other aspect of this collection of information, including suggestions for reducing the burden, to the address listed in the ADDRESSES caption in the Notice of Proposed Rulemaking. All comments will become a matter of public record. Written comments and recommendations for the information collection should be sent within 30 days of publication of this document to www.reginfo.gov/public/do/PRAMain. Find this information collection by selecting “Currently under 30-day Review—Open for Public Comments” or using the search function.
Regulatory Flexibility Act
In general, the Regulatory Flexibility Act (RFA) [23] requires an agency, in connection with a proposed and final rulemaking, to prepare a Regulatory Flexibility Analysis describing the impact of the rule on small entities, which are defined by the U.S. Small Business Administration for purposes of the RFA to include commercial banks and savings institutions with total assets of $850 million or less and trust companies with total assets of $47 million or less. However, a Regulatory Flexibility Analysis is not required if the agency certifies that the rulemaking would not have a significant economic impact on a substantial number of small entities and publishes its certification and a short explanatory statement in the Federal Register along with its rulemaking.
The OCC currently supervises approximately 942 IDIs,[24] of which 636 are small entities.[25] The final Guidelines do not impact any small entities because they only apply to banks with average total consolidated assets of $100 billion or more. Accordingly, the OCC certifies that the final Guidelines will not have a significant economic impact on a substantial number of small entities.
Unfunded Mandates Reform Act of 1995
Under section 202 of the Unfunded Mandates Reform Act of 1995 (UMRA),[26] the OCC prepares a budgetary impact statement before promulgating a rulemaking that includes any Federal mandate that may result in the expenditure by State, local, and Tribal governments, in the aggregate, or by the private sector, of $100 million or more (currently $183 million, as adjusted annually for inflation) in any one year. The OCC has determined that the expenditures associated with the final Guidelines' mandates will be approximately $86.7 million. Therefore, the OCC concludes that the final Guidelines will not result in an expenditure of $183 million or more annually by State, local, and Tribal governments, in the aggregate, or by the private sector. Accordingly, the ( print page 84260) OCC has not prepared the budgetary impact statement described above.
Congressional Review Act
For purposes of the Congressional Review Act,[27] the OMB determines whether a final rule constitutes a major rule. If a rule is deemed a major rule by the OMB, the Congressional Review Act generally provides that the rule may not take effect until at least 60 days following its publication. The Congressional Review Act defines a “major rule” as any rule that the Administrator of the Office of Information and Regulatory Affairs of the OMB finds has resulted in or is likely to result in (1) an annual effect on the economy of $100 million or more; (2) a major increase in costs or prices for consumers, individual industries, Federal, State, or local government agencies or geographic regions; or (3) significant adverse effects on competition, employment, investment, productivity, innovation, or on the ability of United States-based enterprises to compete with foreign-based enterprises in domestic and export markets. The OCC submitted the final Guidelines to the OMB for this major rule determination, and the OMB determined that the final Guidelines are not a major rule. As required by the Congressional Review Act, the OCC is submitting the appropriate report to Congress and the Government Accountability Office for review.
Administrative Procedure Act
The Administrative Procedure Act [28] requires that publication of a substantive rule generally be made not less than 30 days before its effective date. Consistent with this requirement, the final Guidelines will be effective on January 1, 2025, which is more than 30 days after their publication in the Federal Register .
Riegle Community Development and Regulatory Improvement Act of 1994
Pursuant to section 302(a) of the Riegle Community Development and Regulatory Improvement Act of 1994,[29] in determining the effective date and administrative compliance requirements for new regulations that impose additional reporting, disclosure, or other requirements on IDIs, the OCC considers, consistent with the principles of safety and soundness and the public interest: (1) any administrative burdens that the rule will place on depository institutions, including small depository institutions and customers of depository institutions and (2) the benefits of a rulemaking. The OCC has considered the administrative burdens that the final Guidelines will place on IDIs, including small depository institutions and their customers, and the benefits of the final Guidelines. The agency believes that the effective date of January 1, 2025, is appropriate.
List of Subjects in 12 CFR Part 30
- Banks
- Banking
- Consumer protection
- National banks
- Privacy
- Safety and soundness
- Reporting and recordkeeping requirements
Authority and Issuance
For the reasons set forth in the preamble, and under the authority of 12 U.S.C. 93a and 12 U.S.C. 1831p-1, chapter I of title 12 of the Code of Federal Regulations is amended as follows:
PART 30—SAFETY AND SOUNDESS STANDARDS
1. The authority citation for part 30 continues to read as follows:
2. Amend appendix E by:
a. Revising and republishing paragraph I.B.
b. In paragraph I.C.1.a., removing the text “$250 billion” and adding the text “$100 billion” in its place; and
c. Revising and republishing paragraphs I.E. and II.
The revisions and republications read as follows:
Appendix E to Part 30—OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches
* * * * *I. Introduction
* * * * *B. Compliance Date
1. A covered bank with average total consolidated assets, calculated according to paragraph I.E.1. of this appendix, equal to or greater than $250 billion as of January 1, 2025, should be in compliance with this appendix on January 1, 2025, except that the bank should be in compliance with:
a. the amended provisions on non-financial risk within 12 months from January 1, 2025, and
b. paragraph II.D. of this appendix within 18 months from January 1, 2025.
2. A covered bank with average total consolidated assets, calculated according to paragraph I.E.1. of this appendix, equal to or greater than $100 billion but less than $250 billion as of January 1, 2025, should be in compliance with this appendix within 12 months from January 1, 2025, except that the bank should be in compliance with paragraph II.D. of this appendix within 24 months from January 1, 2025.
3. A financial institution that is not a covered bank as of January 1, 2025, but which subsequently becomes a covered bank should comply with this appendix within 12 months of becoming a covered bank, except that the bank should be in compliance with paragraph II.D. of this appendix within 24 months of becoming a covered bank.
* * * * *E. Definitions
1. Average total consolidated assets means the average of total consolidated assets of the bank or the covered bank, as reported on the bank's or the covered bank's Consolidated Reports of Condition and Income for the four most recent consecutive quarters.
2. Bank means any insured national bank, insured Federal savings association, or insured Federal branch of a foreign bank.
3. Covered bank means any bank:
a. With average total consolidated assets equal to or greater than $100 billion;
b. With average total consolidated assets less than $100 billion if the bank was previously a covered bank, unless the OCC determines otherwise; or
c. With average total consolidated assets less than $100 billion, if the OCC determines that such bank is highly complex or otherwise presents a heightened risk as to warrant the application of this appendix pursuant to paragraph I.C.1.a. of this appendix.
4. Recovery means timely and appropriate action that a covered bank takes to remain a going concern when it is experiencing or is likely to experience considerable financial stress or non-financial stress. A covered bank in recovery has not yet deteriorated to the point where liquidation or resolution is imminent.
5. Recovery plan means a plan that identifies triggers and options for responding to a wide range of severe internal and external stress scenarios to restore a covered bank that is in recovery to financial strength and viability in a timely manner. The options should maintain the confidence of market participants, and neither the plan nor the options may assume or rely on any extraordinary government support.
6. Trigger means a quantitative or qualitative indicator of the risk or existence of severe financial stress or non-financial stress, the breach of which should always be escalated to senior management or the board of directors (or appropriate committee of the board of directors), as appropriate, for purposes of initiating a response. The breach of any trigger should result in timely notice accompanied by sufficient information to enable management of the covered bank to take corrective action.
II. Recovery Plan
A. Recovery plan. Each covered bank should develop and maintain a recovery plan ( print page 84261) that is specific to that covered bank and appropriate for its individual size, risk profile, activities, and complexity, including the complexity of its organizational and legal entity structure. When developing and maintaining its recovery plan, each covered bank should appropriately consider both financial risk and non-financial risk (including operational and strategic risk).
B. Elements of recovery plan. A recovery plan under paragraph II.A. of this appendix should include the following elements:
1. Overview of covered bank. A recovery plan should describe the covered bank's overall organizational and legal entity structure, including its material entities, critical operations, core business lines, and core management information systems. The plan should describe interconnections and interdependencies:
(i) Across business lines within the covered bank;
(ii) With affiliates in a bank holding company structure;
(iii) Between a covered bank and its foreign subsidiaries; and
(iv) With critical third parties.
2. Triggers. A recovery plan should identify financial triggers and non-financial triggers that appropriately reflect the covered bank's particular vulnerabilities.
3. Options for recovery. A recovery plan should identify a wide range of credible options that a covered bank could undertake to restore financial strength and viability, thereby allowing the bank to continue to operate as a going concern and to avoid liquidation or resolution. A recovery plan should explain how the covered bank would carry out each option and describe the timing required for carrying out each option. The recovery plan should specifically identify the recovery options that require regulatory or legal approval.
4. Impact assessments. For each recovery option, a covered bank should assess and describe how the option would affect the covered bank. This impact assessment and description should specify the procedures the covered bank would use to maintain the financial strength and viability of its material entities, critical operations, and core business lines for each recovery option. For each option, the recovery plan's impact assessment should address the following:
a. The effect on the covered bank's capital, liquidity, funding, and profitability;
b. The effect on the covered bank's material entities, critical operations, and core business lines, including reputational impact;
c. The effect on the covered bank's risk profile as a result of changes to its financial risk and non-financial risk; and
d. Any legal or market impediment or regulatory requirement that must be addressed or satisfied in order to implement the option.
5. Escalation procedures. A recovery plan should clearly outline the process for escalating decision-making to senior management or the board of directors (or an appropriate committee of the board of directors), as appropriate, in response to the breach of any trigger. The recovery plan should also identify the departments and persons responsible for executing the decisions of senior management or the board of directors (or an appropriate committee of the board of directors).
6. Management reports. A recovery plan should require reports that provide senior management or the board of directors (or an appropriate committee of the board of directors) with sufficient data and information to make timely decisions regarding the appropriate actions necessary to respond to the breach of a trigger.
7. Communication procedures. A recovery plan should provide that the covered bank notify the OCC of any significant breach of a trigger and any action taken or to be taken in response to such breach and should explain the process for deciding when a breach of a trigger is significant. A recovery plan also should address when and how the covered bank will notify persons within the organization and other external parties of its action under the recovery plan. The recovery plan should specifically identify how the covered bank will obtain required regulatory or legal approvals.
8. Other information. A recovery plan should include any other information that the OCC communicates in writing directly to the covered bank regarding the covered bank's recovery plan.
C. Relationship to other processes; coordination with other plans. The covered bank should integrate its recovery plan into its risk governance functions. The covered bank also should align its recovery plan with its other plans, such as its strategic; operational (including business continuity and resilience program); contingency; capital (including stress testing); liquidity; and resolution planning. The covered bank's recovery plan should be specific to that covered bank. The covered bank also should coordinate its recovery plan with any recovery and resolution planning efforts by the covered bank's holding company, so that the plans are consistent with and do not contradict each other.
D. Testing. Each covered bank should test its recovery plan periodically but not less than annually and following any significant changes to the recovery plan made in response to a material event. Testing should validate the effectiveness of the recovery plan, including by considering each element set forth in paragraph II.B. of this appendix, and should be appropriate for the bank's individual size, risk profile, activities, and complexity, including the complexity of its organizational and legal entity structure. Each covered bank should revise its recovery plan as appropriate following completion of testing.
* * * * *Michael J. Hsu,
Acting Comptroller of the Currency.
Footnotes
1. 81 FR 66791. The Guidelines are codified at 12 CFR part 30, appendix E. They were issued pursuant to section 39 of the Federal Deposit Insurance Act, 12 U.S.C. 1831p-1, which authorizes the OCC to prescribe enforceable safety and soundness standards.
Back to Citation2. 83 FR 66604 (Dec. 27, 2018).
Back to Citation4. The OCC also received a comment letter from three trade associations requesting that the agency extend the comment period by 30 days. The OCC denied this request on July 25, 2024. https://www.regulations.gov/document/OCC-2024-0008-0004.
Back to Citation5. In addition, the Federal Deposit Insurance Corporation (FDIC) recently amended its resolution planning rule to require covered IDIs with $100 billion or more in total assets to submit comprehensive resolution plans. 89 FR 56620 (July 9, 2024).
Back to Citation6. The OCC also has authority to determine that a covered bank is no longer highly complex or no longer presents a heightened risk and thus should not be subject to the Guidelines.
Back to Citation7. For banks that become subject to the Guidelines through the OCC's reservation of authority, the agency has already incorporated notice and response procedures at paragraph I.C.2.
Back to Citation8. Paragraph II.A.
Back to Citation9. Compare Schedule RC, item 12 and Schedule RC-R, item 27 of the Call Report.
Back to Citation11. Paragraph I.C.1.a.
Back to Citation12. The proposal did not include changes to paragraph I.C.1.b. of the Guidelines (which provides that the OCC can determine that the Guidelines should not apply to a covered bank) because this paragraph does not reference asset size.
Back to Citation13. 75 FR 13656 (March 22, 2010); Addendum to the Interagency Policy Statement on Funding and Liquidity Risk Management: Importance of Contingency Funding Plan (July 28, 2023).
Back to Citation15. As set forth in paragraph II.B. of the Guidelines, the elements of a recovery plan are (1) Overview of covered bank; (2) Triggers; (3) Options for recovery; (4) Impact assessments; (5) Escalation procedures; (6) Management reports; (7) Communication procedures; and (8) Other information.
Back to Citation16. Paragraph III.A. provides that management should review the recovery plan at least annually and in response to a material event. Paragraph III.B. provides that the board should review and approve the recovery plan at least annually and as needed to address significant changes made by management. The OCC did not propose and is making no changes to these paragraphs.
Back to Citation17. The OCC did not propose any changes to the “options for recovery” element in paragraph II.B.3. of the Guidelines, which provides that recovery plans “should explain how the covered bank would carry out each option and describe the timing required for carrying out each option.” The OCC believes, however, it is important to emphasize that this process should include an understanding of, and plan for mitigating, the non-financial challenges and risks, including operational challenges and risks, associated with executing each recovery option during severe stress. Without this, a covered bank's management and board cannot accurately assess whether the options identified in the recovery plan are, in fact, credible options that the covered bank could undertake to restore financial strength and viability.
Back to Citation18. A financial institution could become a covered bank after the effective date of the amended Guidelines, for example, (1) if its average total consolidated assets grow to or above the threshold, (2) if it is a State bank with average total consolidated assets of $100 billion or more that converts to an OCC charter, or (3) through the OCC's exercise of its reservation of authority under paragraph I.C.
Back to Citation19. One commenter asked a bank-specific question about how the proposed compliance dates would affect a bank that recently became subject to the current Guidelines ( i.e., crossed the $250 billion threshold) but has not yet completed its recovery plan under the currently applicable compliance date. Any bank in this unique situation may contact the appropriate OCC Supervisory Office for assistance in determining the applicable compliance dates.
Back to Citation21. When the OCC proposed changes to the current Guidelines, as required, the agency submitted the changes to the OMB. Pursuant to 5 CFR 1320.11(c), the OMB filed a comment on the submission, instructing that the proposed changes would be reviewed again upon finalization of the Guidelines.
Back to Citation22. This number includes burden hours for the implementation of the testing standard, which may occur during or after the 12-month period following the effective date of the final Guidelines.
Back to Citation23. 5 U.S.C. 601 et seq.
Back to Citation24. Based on data accessed using FINDRS on September 12, 2024.
Back to Citation25. Consistent with the General Principles of Affiliation, 13 CFR 121.103(a), the OCC counts the assets of affiliated financial institutions when determining if it should classify an institution as a small entity. The OCC used December 31, 2023, to determine size because a “financial institution's assets are determined by averaging the assets reported on its four quarterly financial statements for the preceding year.” See footnote 8 of the U.S. Small Business Administration's Table of Standards.
Back to Citation27. 5 U.S.C. 801 et seq.
Back to Citation[FR Doc. 2024-24402 Filed 10-21-24; 8:45 am]
BILLING CODE 4810-33-P
Document Information
- Effective Date:
- 1/1/2025
- Published:
- 10/22/2024
- Department:
- Comptroller of the Currency
- Entry Type:
- Rule
- Action:
- Final guidelines.
- Document Number:
- 2024-24402
- Dates:
- The final guidelines are effective on January 1, 2025.
- Pages:
- 84255-84261 (7 pages)
- Docket Numbers:
- Docket ID OCC-2024-0008
- RINs:
- 1557-AF27
- Topics:
- Banks, banking, Banks, banking, Banks, banking, Banks, banking, Consumer protection, National banks, Privacy, Reporting and recordkeeping requirements
- PDF File:
- 2024-24402.pdf
- Supporting Documents:
- » Summary of 9.25.2024 Meeting with ABA & BPI
- » Response to Request for Comment Period Extension
- CFR: (1)
- 12 CFR 30