Welcome!

News Feed Item

OCC Proposes Formal Guidelines for Its Heightened Expectations for Large Banks

WASHINGTON, Jan. 16, 2014 /PRNewswire-USNewswire/ -- The Office of the Comptroller of the Currency (OCC) today released a proposal setting forth new standards, based on the agency's heightened expectations program, for large national banks and federal savings associations that would be enforceable under part 30 of its regulations.

Following the financial crisis, the OCC developed a set of "heightened expectations" to strengthen the governance and risk management practices of large national banks and federal savings associations and to enhance the agency's supervision of those institutions.  The guidelines build upon and formalize those expectations to provide additional clarity and specificity to the large financial institutions that the OCC oversees.

"The standards announced today build on lessons learned from the financial crisis," said Comptroller of the Currency Thomas J. Curry.  "They will contribute to a safer financial system for all of us by providing clear and enforceable standards for the risk management and governance of our largest institutions.  They provide additional supervisory tools to examiners of large national banks and federal savings associations, and they will measurably enhance our supervision of these institutions."

The proposed standards, in the form of guidelines under 12 CFR part 30 of the agency's regulations, would apply to any insured national bank, insured federal savings association, or insured federal branch of a foreign bank, with average total consolidated assets of $50 billion or more. The proposal would reserve the OCC's authority to apply the guidelines to an institution with less than $50 billion in assets if the OCC determines that it is highly complex or otherwise presents a heightened risk.

The proposed guidelines set forth the minimum standards for the design and implementation of an institution's risk governance framework and provide minimum standards for oversight of that framework by the board of directors.  The guidelines include provisions regarding:

  • The roles and responsibilities of those organizational units that are fundamental to the design and implementation of the risk governance framework. These units are front line units, independent risk management, and internal audit. Together, these units should establish an appropriate system to manage risk taking.
  • A comprehensive written statement that articulates the bank's risk appetite, which serves as a basis for the risk governance framework. This statement should include both qualitative components and quantitative limits.
  • Board of directors' oversight of a bank's compliance with safe and sound banking practices.  The board should ensure that the bank establishes and implements an effective risk governance framework that complies with the guidelines.
  • Active board oversight of a bank's risk-taking activities. This includes establishing accountability for management's adherence to the risk governance framework.  The board should also evaluate management's recommendations and decisions by questioning, challenging, and, when necessary, opposing, management proposals that could lead to excessive risk taking or pose a threat to safety and soundness.
  • Composition of the board of directors.  A board of directors should have at least two independent members who are not part of the bank's or the parent company's management.

The OCC is proposing these guidelines pursuant to section 39 of the Federal Deposit Insurance Act (FDIA), which authorizes the OCC to prescribe safety and soundness standards in the form of a regulation or guidelines.  If a bank or savings association fails to meet a prescribed standard, the OCC may require the institution to submit a plan specifying the steps it will take to comply with the standard.  The OCC may issue an enforceable order under section 8 of the FDIA, 12 U.S.C. section 1818(b), if the institution, after being notified that it is in violation of a safety and soundness standard, fails to submit an acceptable compliance plan or fails materially to comply with an OCC-approved plan.

As part of the agency's efforts to integrate the former Office of Thrift Supervision's regulations, the OCC is also requesting comment on its proposal to make part 30 and all of its appendices applicable to federal savings associations and to remove part 170, which contains comparable regulations that apply to federal savings associations.

Related Link:

SOURCE Office of the Comptroller of the Currency

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Many private cloud projects were built to deliver self-service access to development and test resources. While those clouds delivered faster access to resources, they lacked visibility, control and security needed for production deployments. In their session at 18th Cloud Expo, Steve Anderson, Product Manager at BMC Software, and Rick Lefort, Principal Technical Marketing Consultant at BMC Software, will discuss how a cloud designed for production operations not only helps accelerate developer...
In his session at 18th Cloud Expo, Sagi Brody, Chief Technology Officer at Webair Internet Development Inc., will focus on real world deployments of DDoS mitigation strategies in every layer of the network. He will give an overview of methods to prevent these attacks and best practices on how to provide protection in complex cloud platforms. He will also outline what we have found in our experience managing and running thousands of Linux and Unix managed service platforms and what specifically c...
Much of the value of DevOps comes from a (renewed) focus on measurement, sharing, and continuous feedback loops. In increasingly complex DevOps workflows and environments, and especially in larger, regulated, or more crystallized organizations, these core concepts become even more critical. In his session at @DevOpsSummit at 18th Cloud Expo, Andi Mann, Chief Technology Advocate at Splunk, will show how, by focusing on 'metrics that matter,' you can provide objective, transparent, and meaningfu...
trust and privacy in their ecosystem. Assurance and protection of device identity, secure data encryption and authentication are the key security challenges organizations are trying to address when integrating IoT devices. This holds true for IoT applications in a wide range of industries, for example, healthcare, consumer devices, and manufacturing. In his session at @ThingsExpo, Lancen LaChance, vice president of product management, IoT solutions at GlobalSign, will teach IoT developers how t...
As enterprises around the world struggle with their digital transformation efforts, many are finding that innovative digital teams are moving much faster than their hidebound IT organizations. Rather than struggling to convince traditional IT to get with the digital program, executives are taking advice from IT research firm Gartner, and encouraging existing IT to continue in their desultory ways. However, many CIOs are realizing the dangers of following Gartner’s advice. The central challenge ...
A critical component of any IoT project is the back-end systems that capture data from remote IoT devices and structure it in a way to answer useful questions. Traditional data warehouse and analytical systems are mature technologies that can be used to handle large data sets, but they are not well suited to many IoT-scale products and the need for real-time insights. At Fuze, we have developed a backend platform as part of our mobility-oriented cloud service that uses Big Data-based approache...
The pace of innovation, vendor lock-in, production sustainability, cost-effectiveness, and managing risk… In his session at 18th Cloud Expo, Dan Choquette, Founder of RackN, will discuss how CIOs are challenged finding the balance of finding the right tools, technology and operational model that serves the business the best. He will discuss how clouds, open source software and infrastructure solutions have benefits but also drawbacks and how workload and operational portability between vendors...
Cloud Object Storage is effectively infinitely scalable and boasts the lowest total costs. But cloud SLAs and T&Cs are traditionally optimized for huge customers like Netflix, so applications demanding better confidentiality or higher availability typically can’t reap the benefits of public cloud storage. In his session at 18th Cloud Expo, Don Martin, CTO of Security First Corp, will provide an overview of innovative technologies available today – secret sharing and information dispersal algori...
We're entering the post-smartphone era, where wearable gadgets from watches and fitness bands to glasses and health aids will power the next technological revolution. With mass adoption of wearable devices comes a new data ecosystem that must be protected. Wearables open new pathways that facilitate the tracking, sharing and storing of consumers’ personal health, location and daily activity data. Consumers have some idea of the data these devices capture, but most don’t realize how revealing and...
As the rapid adoption of containers continues, companies are finding that they lack the operational tools to understand the behavior of applications deployed in these containers, and how to identify issues in their application infrastructure. For example, how are multiple containers within an application impacting each other’s performance? If an application’s service is degraded, which container is to blame? In the case of an application outage, what was the root cause of the outage?
When it comes to IoT in the enterprise, namely the commercial building and hospitality markets, a benefit not getting the attention it deserves is energy efficiency, and IoT's direct impact on a cleaner, greener environment when installed in smart buildings. Until now clean technology was offered piecemeal and led with point solutions that require significant systems integration to orchestrate and deploy. There didn't exist a 'top down' approach that can manage and monitor the way a Smart Buildi...
Cloud-based NCLC (No-code/low code) application builder platforms empower everyone in the organization to quickly build applications and executable processes that broaden access, deepen collaboration, and enhance transparency for all team members. Line of business owners (LOBO) and operations managers know best their part of the business and their processes. IT departments are beginning to leverage NCLC platforms to empower and enable LOBOs to lead the innovation, transform the organization, an...
Unless you don’t use the internet, don’t live in California, or haven’t been paying attention to the recent news… you should be aware that self-driving cars are on their way to becoming a reality. I have seen them – they are real. If you believe in the future reality of self-driving cars, then continue reading on. If you don’t believe in the future possibilities, then I am not sure what to do to convince you other than discuss the very real changes that will roll out with the consumer producti...
There is an ever-growing explosion of new devices that are connected to the Internet using “cloud” solutions. This rapid growth is creating a massive new demand for efficient access to data. And it’s not just about connecting to that data anymore. This new demand is bringing new issues and challenges and it is important for companies to scale for the coming growth. And with that scaling comes the need for greater security, gathering and data analysis, storage, connectivity and, of course, the...
The IETF draft standard for M2M certificates is a security solution specifically designed for the demanding needs of IoT/M2M applications. In his session at @ThingsExpo, Brian Romansky, VP of Strategic Technology at TrustPoint Innovation, will explain how M2M certificates can efficiently enable confidentiality, integrity, and authenticity on highly constrained devices.