Skip to Content

Proposed Rule

Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches

Document Details

Information about this document as published in the Federal Register.

Enhanced Content

Relevant information about this document from Regulations.gov provides additional context. This information is not part of the official Federal Register document.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Office of the Comptroller of the Currency, Treasury.

ACTION:

Proposed guidelines.

SUMMARY:

The Office of the Comptroller of the Currency (OCC) is requesting comment on proposed enforceable guidelines establishing standards for recovery planning by insured national banks, insured Federal savings associations, and insured Federal branches of foreign banks with average total consolidated assets of $50 billion or more (Guidelines). The OCC would issue the Guidelines as an appendix to its safety and soundness standards regulations, and the Guidelines would be enforceable by the terms of the Federal statute that authorizes the OCC to prescribe operational and managerial standards for national banks and Federal savings associations.

DATES:

Comments must be submitted by February 16, 2016.

Start Printed Page 78682

ADDRESSES:

Because paper mail in the Washington, DC area and at the OCC is subject to delay, commenters are encouraged to submit comments through the Federal eRulemaking Portal or email, if possible. Please use the title “Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches” to facilitate the organization and distribution of the comments. You may submit comments by any of the following methods:

  • Federal eRulemaking Portal—“Regulations.gov”: Go to http://www.regulations.gov. Enter “Docket ID OCC-2015-0017” in the Search Box and click “Search”. Results can be filtered using the filtering tools on the left side of the screen. Click on “Comment Now” to submit public comments.
  • Click on the “Help” tab on the Regulations.gov home page to get information on using Regulations.gov, including instructions for submitting public comments.
  • Email: regs.comments@occ.treas.gov.
  • Mail: Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, 400 7th Street SW., Suite 3E-218, Mail Stop 9W-11, Washington, DC 20219.
  • Hand Delivery/Courier: 400 7th Street SW., Suite 3E-218, Mail Stop 9W-11, Washington, DC 20219.
  • Fax: (571) 465-4326.

Instructions: You must include “OCC” as the agency name and “Docket ID OCC-2015-0017” in your comment. In general, the OCC will enter all comments received into the docket and publish them on the Regulations.gov Web site without change, including any business or personal information that you provide such as name and address, email addresses, or phone numbers. Comments received, including attachments and other supporting materials, are part of the public record and subject to public disclosure. Do not enclose any information in your comment or supporting materials that you consider confidential or inappropriate for public disclosure.

You may review comments and other related materials that pertain to this rulemaking action by any of the following methods:

  • Viewing Comments Electronically: Go to http://www.regulations.gov. Enter “Docket ID OCC-2015-0017” in the Search box and click “Search”. Comments can be filtered by agency name using the filtering tools on the left side of the screen.
  • Click on the “Help” tab on the Regulations.gov home page to get information on using Regulations.gov, including instructions for viewing public comments, viewing other supporting and related materials, and viewing the docket after the close of the comment period.
  • Viewing Comments Personally: You may personally inspect and photocopy comments at the OCC, 400 7th Street SW., Washington, DC. For security reasons, the OCC requires that visitors make an appointment to inspect comments. You may do so by calling (202) 649-6700 or, for persons who are deaf or hard of hearing, TTY, (202) 649-5597. Upon arrival, visitors will be required to present valid government-issued photo identification and to submit to a security screening in order to inspect and photocopy comments.
  • Docket: You may also view or request available background documents and project summaries using the methods described above.
Start Further Info

FOR FURTHER INFORMATION CONTACT:

For questions concerning the Guidelines, contact Lori Bittner, Large Bank Supervision—Resolution and Recovery, (202) 649-6093; Stuart Feldstein, Director, Andra Shuster, Senior Counsel, or Karen McSweeney, Counsel, Legislative & Regulatory Activities Division, (202) 649-5490 or, for persons who are deaf or hard of hearing, TTY, (202) 649-5597; or Valerie Song, Assistant Director, Bank Activities and Structure Division, (202) 649-5500, 400 7th Street SW., Washington, DC 20219.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

Background

The recent financial crisis demonstrated the destabilizing effect that severe stress at large, complex, interconnected financial companies can have on the national economy, capital markets, and the overall financial stability of the banking system. Following the crisis, Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act); among other purposes, the Dodd-Frank Act was intended to strengthen the framework for the supervision and regulation of large U.S. financial companies in order to address the significant impact that these institutions can have on capital markets and the economy.

One lesson learned from the crisis is the importance—especially in large or complex financial institutions—of strong risk management and corporate governance practices. In 2014, the OCC adopted heightened standards guidelines that address the risk management and corporate governance of large or complex banks.[1] These guidelines establish minimum standards for the design and implementation of a corporate governance framework and for a bank's board of directors in overseeing the framework's design and implementation. The OCC believes that these heightened standards further the goals of the Dodd-Frank Act by clarifying the OCC's expectation that banks have robust practices in areas where the crisis revealed substantial weaknesses.

Another important component of an institution's risk management and corporate governance practices is how an institution plans to respond to severe stress in a manner that preserves its financial and operational strength and viability. In the aftermath of the crisis, it became clear that many financial institutions had insufficient plans for identifying and responding rapidly to significant stress events. As a result, many institutions were forced to take significant actions quickly without the benefit of a well-developed plan. In addition, recent large-scale operational events, such as destructive cyber attacks, demonstrate the need for institutions to plan how to respond to such occurrences.

The OCC believes that large, complex institutions should have a recovery plan that describes options for responding to stress events. Accordingly, the OCC is proposing to establish standards for recovery planning that would apply to insured national banks, insured Federal savings associations, and insured Federal branches of foreign banks (together, banks and each, a bank) with average total consolidated assets of $50 billion or more (together, covered banks and each, a covered bank).[2] An institution's recovery planning should be a dynamic, ongoing process. This process should complement the institution's risk management and corporate governance functions and support its safe and sound operation. The process of developing and maintaining a recovery plan also should cause covered banks' management and boards of directors to enhance their focus on risk management and corporate governance with a view toward lessening the financial or operational impact of future unforeseen events.

The OCC recognizes that many covered banks already engage in Start Printed Page 78683significant planning to respond to events such as cyber attacks, business interruptions, and leadership vacancies. They undertake strategic, operational, contingency, capital (including stress testing), liquidity, and resolution planning. We do not intend for the recovery planning required by these Guidelines to duplicate these efforts, and we encourage covered banks to leverage their existing planning. Rather, the purpose of the Guidelines is to provide a comprehensive framework for evaluating how severe stress may affect the covered bank as a whole and the options that will allow it to remain viable even under severe stress.

As described below, a covered bank should develop and maintain a recovery plan that identifies triggers based on severe stress scenarios. These scenarios should range from those that cause significant financial and operational hardship to those that bring the covered bank close to default, but no further; scenarios should not go so far as to push the covered bank into resolution. The plan should identify the credible options a covered bank could take to restore financial and operational strength and viability in a timely manner, while maintaining market confidence. Neither the plan nor the options may assume or rely on any extraordinary government support.

As part of the OCC's regular supervisory activities, OCC examiners will assess the appropriateness and adequacy of the covered bank's recovery planning process and the integration of that process into the covered bank's overall risk management and corporate governance functions. Examiners will also assess the quality and reasonableness of a covered bank's recovery plan, including its triggers and the stress scenarios upon which the triggers are based, recovery options, impact assessments, and execution strategies, as well as the covered bank's management and board responsibilities.

Enforcement of the Guidelines

The OCC is proposing these Guidelines pursuant to section 39 of the Federal Deposit Insurance Act (FDIA).[3] Section 39 authorizes the OCC to prescribe safety and soundness standards in the form of a regulation or guidelines. The OCC currently has four sets of these guidelines, issued as appendices to part 30 of the OCC's regulations. Appendix A contains operational and managerial standards that relate to internal controls, information systems, internal audit systems, loan documentation, credit underwriting, interest rate exposure, asset growth, asset quality, earnings, compensation, fees, and benefits. Appendix B contains standards on information security, and Appendix C contains standards that address residential mortgage lending practices. Appendix D contains standards for the design and implementation of a risk governance framework.

Section 39 prescribes different consequences depending on whether the standards are issued by regulation or guidelines. Pursuant to section 39, if a national bank or Federal savings association [4] fails to meet a standard prescribed by regulation, the OCC must require it to submit a plan specifying the steps it will take to comply with the standard. If a national bank or Federal savings association fails to meet a standard prescribed by a guideline, the OCC has the discretion to decide whether to require the submission of a plan.[5] Issuing these standards as guidelines rather than as a regulation provides the OCC with the flexibility to pursue the course of action that is most appropriate given the specific circumstances of a covered bank's noncompliance with one or more standards and the covered bank's self-corrective and remedial responses.

The procedural rules implementing the supervisory and enforcement remedies prescribed by section 39 are contained in part 30 of the OCC's rules. Under these provisions, the OCC may initiate a supervisory or enforcement process when it determines, by examination or otherwise, that a national bank or Federal savings association has failed to meet the standards set forth in the Guidelines.[6] Upon making that determination, the OCC may request, in writing, that the national bank or Federal savings association submit a compliance plan to the OCC detailing the steps the institution will take to correct the deficiencies and the time within which it will take those steps. This request is termed a Notice of Deficiency. Upon receiving a Notice of Deficiency from the OCC, the national bank or Federal savings association must submit a compliance plan to the OCC for approval within 30 days.

If a national bank or Federal savings association fails to submit an acceptable compliance plan or fails in any material respect to implement a compliance plan approved by the OCC, the OCC may issue a Notice of Intent to Issue an Order pursuant to section 39 (Notice of Intent). The bank or savings association then has 14 days to respond to the Notice of Intent. After considering the bank's or savings association's response, the OCC may issue the order, decide not to issue the order, or seek additional information from the bank or savings association before making a final decision. Alternatively, the OCC may issue an order without providing the bank or savings association with a Notice of Intent. In such a case, the bank or savings association may appeal after-the-fact to the OCC, and the OCC has 60 days to consider the appeal. Upon the issuance of an order, a bank or savings association is deemed to be in noncompliance with part 30. Orders are formal, public documents, and they may be enforced by the OCC in district court. The OCC may also assess a civil money penalty, pursuant to 12 U.S.C. 1818, against any bank or savings association that violates or otherwise fails to comply with any final order and against any institution-affiliated party who participates in such violation or noncompliance.

Description of the OCC's Guidelines for Recovery Planning

The proposed Guidelines consist of three sections. Section I provides an introduction to the Guidelines, explains the scope of the Guidelines, and defines key terms. Section II sets forth the standards for the design and execution of a covered bank's recovery plan. Section III provides the standards for management's and the board of directors' responsibilities in connection with the recovery plan.

Section I: Introduction

Scope. The Guidelines would apply to a bank with average total consolidated assets equal to or greater than $50 billion as of the effective date of the Guidelines (calculated by averaging the covered bank's total consolidated assets, as reported on the bank's Consolidated Reports of Condition and Income (Call Reports), for the four most recent consecutive quarters). This threshold is consistent with the scope of the regulations of the Federal Deposit Insurance Corporation (FDIC) and Board Start Printed Page 78684of Governors of the Federal Reserve System (Board) that require certain entities to prepare resolution plans.[7] For those banks that have average total consolidated assets less than $50 billion as of the effective date of the Guidelines, but subsequently have average total consolidated assets of $50 billion or greater, the date on which the Guidelines would apply is the as-of date of the most recent Call Report used in the calculation of the average.[8] Once a bank becomes subject to the Guidelines because its average total consolidated assets reach or exceed the $50 billion threshold, it would be required to continue to comply with the Guidelines, unless the OCC specifically determines that compliance is not required.

In order to maintain supervisory flexibility, the proposed Guidelines would reserve the OCC's authority to apply the Guidelines to a bank whose average total consolidated assets are less than $50 billion if the OCC determines such entity's operations are highly complex or otherwise present a heightened risk that warrants application of the Guidelines. The OCC expects to use this authority infrequently; it does not intend to apply the Guidelines to community banks.

In determining whether a bank's operations are highly complex or present a heightened risk, the OCC will consider the bank's risk profile, size, activities, and complexity, including the complexity of its organizational and legal entity structure. Additionally, as noted above, the OCC may determine that a covered bank is no longer required to comply with the Guidelines. The OCC would generally make this determination if a covered bank's operations are no longer highly complex or no longer present a heightened risk.

When exercising any of these reservations of authority, the OCC would apply notice and response procedures consistent with those set out in 12 CFR 3.404. In accordance with these procedures, the OCC would provide a bank or covered bank, as appropriate, with written notice of its proposed determination under this paragraph of the Guidelines, and the bank or covered bank would have 30 days to respond in writing. The OCC would consider failure to respond within this time frame a waiver of any objections. At the conclusion of the 30 days, the OCC would issue a written notice of its final determination.

As discussed above, the Guidelines would be enforceable pursuant to section 39 of the FDIA and part 30 of the OCC's rules. Section I of the Guidelines provides that nothing in section 39 or the Guidelines in any way limits the authority of the OCC to address unsafe or unsound practices or conditions or other violations of law.[9]

Definitions. Paragraph D of Section I defines certain terms used throughout the Guidelines, including “average total consolidated assets,” “bank,” “covered bank,” “recovery,” “recovery plan,” and “trigger.” The term “recovery” means timely and appropriate action that a covered bank takes to remain a going concern when it is experiencing or is likely to experience considerable financial or operational distress. A covered bank in recovery has not yet deteriorated to the point where liquidation or resolution is imminent. A “recovery plan” is a plan that identifies triggers and options for responding to a wide range of severe internal and external stress scenarios and for restoring a covered bank to financial and operational strength and viability in a timely manner, while maintaining the confidence of market participants. Neither the plan nor the options may assume or rely on any extraordinary government support. “Trigger” means a quantitative or qualitative indicator of the risk or existence of severe stress that should always be escalated to management or the board of directors, as appropriate, for purposes of initiating a response. The breach of any trigger should result in timely notice accompanied by sufficient information to enable management of the covered bank to take corrective action.

Section II: Recovery Plan

Each covered bank should develop and maintain a recovery plan appropriate for its individual risk profile, size, activities, and complexity, including the complexity of its organizational and legal entity structure. Section II sets forth the elements that the covered bank should include in a recovery plan.[10]

1. Overview of covered bank. It is important that a recovery plan provide a detailed description of the covered bank's overall organizational and legal structure, including its material entities, critical operations, core business lines, and core management information systems. The description should explain interconnections and interdependencies [11] (i) across business lines within the covered bank, (ii) with affiliates in a bank holding company structure, (iii) between a covered bank and its foreign subsidiaries, and (iv) with critical third parties. The description should address whether a disruption of these interconnections or interdependencies would materially affect the funding or operations of the covered bank and, if so, how. Examples include relationships with respect to credit exposures, investments, or funding commitments; guarantees including an acceptance, endorsement, or letter of credit issued for the benefit of an affiliate during normal periods, as opposed to during a crisis; and payment services, treasury operations, collateral management, information technology (IT), human resources (HR), or other operational functions. This overview is an essential part of the recovery plan.

2. Triggers. As defined above, a trigger is a quantitative or qualitative indicator of the risk or existence of severe stress that should always be escalated to management or the board of directors, as appropriate, for purposes of initiating a response. In order to identify triggers that appropriately reflect the particular vulnerabilities of each covered bank, the bank should begin by designing severe stress scenarios that would threaten the covered bank's critical operations or cause it to fail if one or more recovery options were not implemented in a timely manner. Because a recovery plan should demonstrate the ability of the covered bank to restore its financial and operational strength and viability, these scenarios should range from those that cause significant financial and operational hardship to those that bring the covered bank close to default, but not into resolution.[12]

The covered bank should consider a range of bank-specific and market-wide stress scenarios, individually and in the aggregate, that are immediate and prolonged. The stress scenarios should be designed to result in capital shortfalls, liquidity pressures, or other significant financial losses. Examples of Start Printed Page 78685bank-specific stress scenarios include fraud; portfolio shocks; a significant cyber attack [13] or other wide-scale operational event; accounting and tax issues; events that cause a reputational crisis that degrades customer or market confidence; and other key stresses that management identifies. Examples of market-wide stress scenarios include the disruption of domestic or global financial markets; the failure or impairment of systemically important financial industry participants, critical financial market infrastructure firms, and critical third-party relationships; significant changes in debt or equity valuations, currency rates, or interest rates; the widespread interruption of critical infrastructure that may degrade operational capability; [14] and general economic conditions.

As provided in the definition of “trigger,” the breach of a trigger should always be escalated to management or the board of directors, as appropriate, for its consideration of an appropriate response. The breach of any trigger should result in timely notice accompanied by sufficient information to enable management of the covered bank to take corrective action. A covered bank should select triggers that address a continuum of increasingly severe stress, ranging from those that provide a warning of the likely occurrence of severe stress to those that indicate the actual existence of severe stress. The number and nature of triggers should be appropriate for the covered bank's business and risk profile.

The nature of the trigger informs the nature of the response. For example, in some situations, the appropriate response to the breach of a trigger may be enhanced monitoring; in other situations, the breach of a trigger should result in activating a specific recovery option set forth in the plan or taking other corrective action. It should be noted, however, that the breach of a particular trigger does not necessarily correspond to a single recovery option; instead, more than one option may be appropriate when a particular trigger is breached.

A recovery plan should include both quantitative and qualitative triggers. Quantitative triggers include changes in covered bank-specific indicators that reflect the covered bank's capital or liquidity position. While capital or liquidity triggers may be the most critical, a covered bank should also consider other quantitative triggers that may have an impact on its condition, such as a rating downgrade; access to credit and borrowing lines; equity ratios; profitability; asset quality; or other macroeconomic indicators. Of course, a covered bank should be prepared to act to preserve the financial and operational strength and viability of the bank if it is at risk, regardless of whether a trigger has been breached or the recovery plan includes options to specifically address the problems the bank faces.

Qualitative triggers include the unexpected departure of senior leadership; the erosion of reputation or market standing; the impact of an adverse legal ruling; and a material operational event that affects the covered bank's ability to access critical services or to deliver products or services to its customers for a material period of time. It is important to note that the covered bank should review and update both qualitative and quantitative triggers, as necessary, to take into account changes in laws and regulations and other material events. In addition, a covered bank should consider the regulatory or legal consequences that may be associated with the breach of a particular trigger.

3. Options for recovery. The recovery plan should identify a wide range of credible options that a covered bank could undertake to restore financial and operational strength and viability, thereby allowing the bank to continue to operate as a going concern and to avoid liquidation or resolution. A covered bank should be able to execute the identified options within time frames that allow those options to be effective during periods of stress. Neither the plan nor the options may assume or rely on any extraordinary government support.

A recovery plan should explain how the covered bank would carry out each option. It should include a description of the decision-making process for implementing each option, including the steps to be followed and any timing considerations. It should also identify the critical parties needed to carry out each option. Options may include the conservation or restoration of liquidity and capital; the sale, transfer, or disposal of significant assets, portfolios, or business lines; the reduction of risk profile; the restructuring of liabilities; the activation of emergency protocols; and succession planning. Options may also include organizational restructuring, including divesting legal entities in order to simplify the covered bank's structure. The recovery plan should also identify obstacles that could impede the execution of an option and set out mitigation strategies for addressing these obstacles. The recovery plan should specifically identify recovery options that require regulatory or legal approval.

Set forth below are examples of how stress scenarios, triggers, and options relate to each other:

Example of a severe stress scenarioPossible triggersPossible options in response to triggers
Idiosyncratic stress: Trading losses caused by a rogue trader• Tier 1 capital falls below 6% • Liquidity falls below internal bank policy requirements• Issue new capital. • Sell nonstrategic assets or businesses. • Reduce loan originations or commitments.
Systemic stress: Significant decline in U.S. gross domestic product, coupled with an increase in the U.S. unemployment rate and a deterioration in U.S. residential housing market• Short-term credit rating falls below A-3 • Nonperforming loans rise above a specified percentage • Market capitalization falls below a specific limit for a certain period of time• Sell strategic assets or businesses. • Reduce expenses (e.g., business contractions). • Access the Board's Discount Window.

4. Impact assessments. For each recovery option, a covered bank should assess and describe how the option would affect the covered bank. This impact assessment and description should specify the procedures the covered bank would use to maintain the financial and operational strength and viability of its material entities, critical Start Printed Page 78686operations, and core business lines for each recovery option. This assessment should include an analysis of both its internal operations (e.g., IT systems, suppliers, HR operations) and its access to market infrastructure (e.g., clearing and settlement facilities, payment systems, additional collateral requirements). A recovery plan should also specify actions a firm can take to sell entities, assets, or business lines to restore the financial condition of the covered bank. For each recovery option, a covered bank should identify any impediments or regulatory requirements that must be addressed to execute the option, including how to overcome those impediments or satisfy those requirements. Each recovery option also should address potential consequences, including the benefits and risks of that particular option. The assessment should address the impact on the covered bank's capital, liquidity, funding and profitability; and the effect on the covered bank's material entities, critical operations, and core business lines, including reputational impact.

5. Escalation procedures. A recovery plan should clearly outline the process for escalating decision-making to senior management or the board of directors, as appropriate, in response to the breach of a trigger. The recovery plan should also identify the departments and persons responsible for making and executing these decisions, including the process for informing necessary stakeholders (e.g., shareholders, counsel, accountants, regulators) to effect the action. At a minimum, the escalation procedures should result in the covered bank taking action before remedial supervisory action is necessary.

6. Management reports. A recovery plan should require reports that provide management or the board of directors with sufficient data and information to make timely decisions regarding the appropriate actions necessary to respond to the breach of a trigger. A recovery plan should identify the types of reports that the covered bank will provide to allow management or the board to monitor progress with respect to the actions taken under the recovery plan.

7. Communication procedures. A recovery plan should provide that the covered bank notify the OCC of any significant breach of a trigger and any action taken or to be taken in response to such breach and should explain the process for deciding when a breach of a trigger is significant. A covered bank should work closely with the OCC when executing a recovery plan.

A recovery plan also should address when and how the covered bank will notify persons within the organization and other external parties of its actions under the recovery plan. These elements will ensure that all stakeholders are informed in a timely manner of how the covered bank responds to a breach of a trigger. In addition, the recovery plan should specifically identify how the covered bank will obtain required regulatory or legal approvals in order to ensure that the covered bank receives such approval in a timely manner.

8. Other information. A recovery plan should include any other information that the OCC communicates in writing directly to the covered bank regarding the covered bank's recovery plan. A well-developed recovery plan should also consider relevant information included in other written OCC or Federal Financial Institutions Examination Council material.

C. Relationship to other processes; coordination with other plans. The covered bank should integrate its recovery plan into its corporate governance and risk management functions. The covered bank also should coordinate its recovery plan with its strategic; operational (including business continuity); contingency; capital (including stress testing); liquidity; and resolution planning. In many cases, these plans may be interconnected and would require the covered bank to coordinate among them. In addition, to the extent possible, a covered bank should align its recovery plan with any recovery and resolution planning efforts by the covered bank's holding company so that the plans are consistent with and do not contradict each other. We recognize that some inconsistency may be unavoidable because recovery planning and resolution planning differ in that recovery planning addresses a bank's ongoing financial and operational strength and viability while resolution planning starts from the point of non-viability.

The OCC notes that covered banks are an integral part of bank holding company recovery and resolution plans. As a result, a covered bank may be able to leverage certain elements in these other plans. For example, resolution plans typically require a bank to map its critical operations. A covered bank may find this resolution planning mapping exercise to be useful in describing its interconnections and interdependencies as set out in its recovery plan overview.

Section III: Management's and Board of Directors' Responsibilities

Section III of the proposed Guidelines addresses the responsibilities of both management and the board of directors with respect to the recovery plan.

Management of the covered bank should review the recovery plan at least annually and in response to a material event. It should revise the plan as necessary to reflect material changes in the covered bank's risk profile, complexity, size, and activities, as well as changes in external threats. During this review, management should consider the ongoing relevance and applicability of the stress scenarios and triggers and revise the recovery plan as needed. This review should evaluate the covered bank's organizational structure and its effectiveness in facilitating a recovery. The assessment should consider the legal structures, number of entities, geographical footprint, booking practices (e.g., guarantees, exposures), and servicing arrangements necessary to enable flexible operations. The board and management should provide justification for the covered bank's organizational and legal structures and outline changes that would enhance the board's and management's ability to oversee the covered bank in times of stress. A more rational legal structure can provide a clearer path to recovery and the operational flexibility to implement the recovery plan.

The board is responsible for overseeing the covered bank's recovery planning process. As part of the board's oversight of a covered bank's safe and sound operations, the board also should work closely with the bank's senior management in developing and executing the recovery plan. Accordingly, the Guidelines provide that a covered bank's board of directors, or an appropriate committee of the board, should review and approve the recovery plan at least annually and as needed to address any changes made by management.

Request for Comments

The OCC requests comment on all aspects of the proposed Guidelines.

Regulatory Analysis

Paperwork Reduction Act

The OCC has determined that this proposal involves collections of information pursuant to the provisions of the Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501 et seq.). The OCC may not conduct or sponsor, and an organization is not required to respond to, these information collection requirements unless the information collection displays a currently valid Office of Management and Budget (OMB) control number. The OCC is seeking a control number for this Start Printed Page 78687collection from OMB and has submitted this collection to OMB.

The collections of information that are subject to the PRA in this proposal are found in 12 CFR part 30, appendix E, sections II.B., II.C., and III. Section II.B. specifies the elements of the recovery plan, including an overview of the covered bank; triggers; options for recovery; impact assessments; escalation procedures; management reports; and communication procedures. Section II.C. addresses the relationship of the plan to other covered bank processes and plans, as well as those of its bank holding company. Section III outlines management's and board of directors' responsibilities.

Title: OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches.

OMB Control No.: To be assigned by OMB.

Frequency of Response: On occasion.

Affected Public: Businesses or other for-profit organizations.

Burden Estimates:

Total Number of Respondents: 23.

Total Burden per Respondent: 7,543 hours.

Total Burden for Collection: 173,489 hours.

Comments should be submitted as provided in the ADDRESSES section and are invited on: (1) Whether the proposed collection of information is necessary for the proper performance of the OCC's functions; including whether the information has practical utility; (2) the accuracy of the OCC's estimate of the burden of the proposed information collection, including the cost of compliance; (3) ways to enhance the quality, utility, and clarity of the information to be collected; and (4) ways to minimize the burden of information collection on respondents, including through the use of automated collection techniques or other forms of IT.

Regulatory Flexibility Analysis

Pursuant to section 605(b) of the Regulatory Flexibility Act, 5 U.S.C. 605(b) (RFA), the regulatory flexibility analysis otherwise required under section 603 of the RFA is not required if the agency certifies that the proposal will not, if promulgated, have a significant economic impact on a substantial number of small entities (defined for purposes of the RFA to include commercial banks and savings institutions with assets less than or equal to $550 million and trust companies with assets less than or equal to $38.5 million) and publishes its certification and a short, explanatory statement in the Federal Register along with its proposal.

The proposed Guidelines would have no impact on any small entities. The proposed Guidelines would apply only to insured national banks, insured Federal savings associations, and insured Federal branches of foreign banks with $50 billion or more in average total consolidated assets. The proposed Guidelines reserve the OCC's authority to apply them to an insured national bank, insured Federal savings association, or insured Federal branch of a foreign bank with less than $50 billion in average total consolidated assets if the OCC determines such entity's operations are highly complex or otherwise present a heightened risk. We do not expect any small entities will be determined to have highly complex operations or present heightened risk by the OCC. Therefore, the OCC certifies that the proposed Guidelines would not, if issued, have a significant economic impact on a substantial number of small entities.

Unfunded Mandates Reform Act Analysis

Section 202 of the Unfunded Mandates Reform Act of 1995 (2 U.S.C. 1532), requires the OCC to prepare a budgetary impact statement before promulgating a rule that includes a Federal mandate that may result in the expenditure by State, local, and tribal governments, in the aggregate, or by the private sector, of $100 million or more in any one year (adjusted annually for inflation). The OCC has determined that this proposal will not result in expenditures by State, local, and tribal governments, or the private sector, of $100 million or more in any one year. Accordingly, the OCC has not prepared a budgetary impact statement.

Start List of Subjects

List of Subjects in 12 CFR Part 30

  • Banks
  • Banking
  • Consumer protection
  • National banks
  • Privacy
  • Safety and soundness
  • Reporting and recordkeeping requirements
End List of Subjects

For the reasons set forth in the preamble, and under the authority of 12 U.S.C. 93a, chapter I of title 12 of the Code of Federal Regulations is proposed to be amended as follows:

Start Part

PART 30—SAFETY AND SOUNDNESS STANDARDS

End Part Start Amendment Part

1. The authority citation for part 30 continues to read as follows:

End Amendment Part Start Authority

Authority: 12 U.S.C. 1, 93a, 371, 1462a, 1463, 1464, 1467a, 1818, 1828, 1831p-1, 1881-1884. 3102(b) and 5412(b)(2)(B); 15 U.S.C. 1681s, 1681w, 6801, and 6805(b)(1).

End Authority Start Amendment Part

2. Add Appendix E to part 30 to read as follows:

End Amendment Part

Appendix E to Part 30—OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches

Table of Contents

I. Introduction

A. Scope

B. Reservation of Authority

C. Preservation of Existing Authority

D. Definitions

II. Recovery Plan

A. Recovery Plan

B. Elements of Recovery Plan

1. Overview of Covered Bank

2. Triggers

3. Options for Recovery

4. Impact Assessments

5. Escalation Procedures

6. Management Reports

7. Communication Procedures

8. Other Information

C. Relationship to Other Processes; Coordination With Other Plans

III. Management's and Board of Directors' Responsibilities

A. Management

B. Board of Directors

I. Introduction

A. Scope. This appendix applies to a covered bank, as defined in paragraph I.D.3.

B. Reservation of authority.

1. The OCC reserves the authority:

a. To apply this appendix, in whole or in part, to a bank that has average total consolidated assets of less than $50 billion, if the OCC determines such bank is highly complex or otherwise presents a heightened risk that warrants the application of this appendix; or

b. To determine that compliance with this appendix should not be required for a covered bank. The OCC will generally make the determination under this paragraph I.B.1.b. if a covered bank's operations are no longer highly complex or no longer present a heightened risk.

2. In determining whether a covered bank is highly complex or presents a heightened risk, the OCC will consider the bank's risk profile, size, activities, and complexity, including the complexity of its organizational and legal entity structure. Before exercising the authority reserved by this paragraph I.B, the OCC will apply notice and response procedures in the same manner and to the same extent as the notice and response procedures in 12 CFR 3.404.

C. Preservation of existing authority. Neither section 39 of the Federal Deposit Insurance Act (12 U.S.C. 1831p-1) nor this appendix in any way limits the authority of the OCC to Start Printed Page 78688address unsafe or unsound practices or conditions or other violations of law. The OCC may take action under section 39 and this appendix independently of, in conjunction with, or in addition to any other enforcement action available to the OCC.

D. Definitions.

1. Average total consolidated assets means the average total consolidated assets of the bank or the covered bank, as reported on the bank's or covered bank's Call Reports for the four most recent consecutive quarters.

2. Bank means any insured national bank, insured Federal savings association, or insured Federal branch of a foreign bank.

3. Covered bank means any bank—

(a) With average total consolidated assets equal to or greater than $50 billion; or

(b) With average total consolidated assets less than $50 billion, if the OCC determines that such bank is highly complex or otherwise presents a heightened risk as to warrant the application of this appendix pursuant to paragraph I.B.1.a.

4. Recovery means timely and appropriate action that a covered bank takes to remain a going concern when it is experiencing or is likely to experience considerable financial or operational distress. A covered bank in recovery has not yet deteriorated to the point where liquidation or resolution is imminent.

5. Recovery plan means a plan that identifies triggers and options for responding to a wide range of severe internal and external stress scenarios and to restore a covered bank that is in recovery to financial and operational strength and viability in a timely manner. The options should maintain the confidence of market participants, and neither the plan nor the options may assume or rely on any extraordinary government support.

6. Trigger means a quantitative or qualitative indicator of the risk or existence of severe stress that should always be escalated to management or the board of directors, as appropriate, for purposes of initiating a response. The breach of any trigger should result in timely notice accompanied by sufficient information to enable management of the covered bank to take corrective action.

II. Recovery Plan

A. Recovery plan. Each covered bank should develop and maintain a recovery plan that is appropriate for its individual risk profile, size, activities, and complexity, including the complexity of its organizational and legal entity structure.

B. Elements of recovery plan. A recovery plan under paragraph II.A. should include the following elements:

1. Overview of covered bank. A recovery plan should describe the covered bank's overall organizational and legal structure, including its material entities, critical operations, core business lines, and core management informational systems. The plan should describe interconnections and interdependencies (i) across business lines within the covered bank, (ii) with affiliates in a bank holding company structure, (iii) between a covered bank and its foreign subsidiaries, and (iv) with critical third parties.

2. Triggers. A recovery plan should identify triggers that appropriately reflect the covered bank's particular vulnerabilities.

3. Options for recovery. A recovery plan should identify a wide range of credible options that a covered bank could undertake to restore financial and operational strength and viability, thereby allowing the bank to continue to operate as a going concern and to avoid liquidation or resolution. A recovery plan should explain how the covered bank would carry out each option and describe the timing required for carrying out each option. The recovery plan should specifically identify the recovery options that require regulatory or legal approval.

4. Impact assessments. For each recovery option, a covered bank should assess and describe how the option would affect the covered bank. This impact assessment and description should specify the procedures the covered bank would use to maintain the financial and operational strength and viability of its material entities, critical operations, and core business lines for each recovery option. For each option, the recovery plan should address the following:

a. The effect on the covered bank's capital, liquidity, funding and profitability;

b. The effect on the covered bank's material entities, critical operations and core business lines, including reputational impact; and

c. Any legal or market impediment or regulatory requirement that must be addressed or satisfied in order to implement the option.

5. Escalation procedures. A recovery plan should clearly outline the process for escalating decision-making to senior management or the board of directors, as appropriate, in response to the breach of a trigger. The recovery plan should also identify the departments and persons responsible for making and executing these decisions.

6. Management reports. A recovery plan should require reports that provide management or the board of directors with sufficient data and information to make timely decisions regarding the appropriate actions necessary to respond to the breach of a trigger.

7. Communication procedures. A recovery plan should provide that the covered bank notify the OCC of any significant breach of a trigger and any action taken or to be taken in response to such breach and should explain the process for deciding when a breach of a trigger is significant. A recovery plan also should address when and how the covered bank will notify persons within the organization and other external parties of its action under the recovery plan. The recovery plan should specifically identify how the covered bank will obtain required regulatory or legal approvals.

8. Other information. A recovery plan should include any other information that the OCC communicates in writing directly to the covered bank regarding the covered bank's recovery plan.

C. Relationship to other processes; coordination with other plans. The covered bank should integrate its recovery plan into its risk management and corporate governance functions. The covered bank also should coordinate its recovery plan with its strategic; operational (including business continuity); contingency; capital (including stress testing); liquidity; and resolution planning. To the extent possible, the covered bank also should align its recovery plan with any recovery and resolution planning efforts by the covered bank's holding company, so that the plans are consistent with and do not contradict each other.

III. Management's and Board of Directors' Responsibilities

The recovery plan should address the following management and board responsibilities:

A. Management. Management should review the recovery plan at least annually and in response to a material event. It should revise the plan as necessary to reflect material changes in the covered bank's risk profile, complexity, size, and activities, as well as changes in external threats. This review should evaluate the organizational structure and its effectiveness in facilitating a recovery.

B. Board of directors. The board is responsible for overseeing the covered bank's recovery planning process. The board of directors or an appropriate Start Printed Page 78689committee of the board of directors of a covered bank should review and approve the recovery plan at least annually and as needed to address any changes made by management.

Start Signature

Dated: December 10, 2015.

Thomas J. Curry,

Comptroller of the Currency.

End Signature End Supplemental Information

Footnotes

1.  79 FR 54518 (Sept. 11, 2014) (OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches; Integration of Regulations).

Back to Citation

2.  While the Dodd-Frank Act addresses resolution planning, it does not specifically address recovery planning.

Back to Citation

3.  12 U.S.C. 1831p-1. Section 39 was enacted as part of the Federal Deposit Insurance Corporation Improvement Act of 1991, Public Law 102-242, section 132(a), 105 Stat. 2236, 2267-70 (Dec. 19, 1991).

Back to Citation

4.  Section 39 of the FDIA applies to “insured depository institutions,” which includes insured Federal branches of foreign banks. While we do not specifically refer to these entities in this discussion, it should be read to include them. However, section 39 does not apply to uninsured depository institutions.

Back to Citation

5.  See 12 U.S.C. 1831p-1(e)(1)(A)(i) and (ii).

Back to Citation

6.  The procedures governing the determination and notification of failure to satisfy a standard prescribed pursuant to section 39, the filing and review of compliance plans, and the issuance, if necessary, of orders currently are set forth in the OCC's regulations at 12 CFR 30.3, 30.4, and 30.5.

Back to Citation

7.  See 12 CFR 381.2(f) and 243.2(f), respectively. See also 12 CFR 360.10.

Back to Citation

8.  While the Guidelines would apply as of the date of the most recent Call Report used in the calculation of the average total consolidated assets of the covered bank, we understand that a newly covered bank will need time to formulate a recovery plan and expect the bank to work with its OCC examiners during this period.

Back to Citation

9.  Section 39 preserves all authority otherwise available to the OCC, stating, “The authority granted by this section is in addition to any other authority of the Federal banking agencies.” See 12 U.S.C. 1831p-1(g).

Back to Citation

10.  A covered bank can use information included in its resolution plan to prepare its recovery plan.

Back to Citation

11.  We are using the terms “interconnections” and “interdependencies” in a manner consistent with FDIC and Board resolution plan regulations. See supra note 7.

Back to Citation

12.  Separate from these Guidelines, covered banks are required to conduct supervisory stress tests. While the scenarios used to conduct those tests may be appropriate for purposes of identifying triggers under these Guidelines, a covered bank should evaluate the appropriateness of those scenarios on a case-by-case basis.

Back to Citation

13.  An example of a significant cyber attack includes an event that has an impact on a bank's computer network(s) or the computer network(s) of one of its third-party providers and that undermines the covered bank's data or processes.

Back to Citation

14.  An example of this type of interruption includes a disruption to a payment, clearing, or settlement system that affects the covered bank's ability to access that system.

Back to Citation

[FR Doc. 2015-31658 Filed 12-16-15; 8:45 am]

BILLING CODE 4810-33-P