Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches, 78681-78689 [2015-31658]

Agencies

• Office of the Comptroller of the Currency
• DEPARTMENT OF THE TREASURY

[Federal Register Volume 80, Number 242 (Thursday, December 17, 2015)]
[Proposed Rules]
[Pages 78681-78689]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-31658]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Part 30

[Docket ID OCC-2015-0017]
RIN 1557-AD96


Guidelines Establishing Standards for Recovery Planning by 
Certain Large Insured National Banks, Insured Federal Savings 
Associations, and Insured Federal Branches

AGENCY: Office of the Comptroller of the Currency, Treasury.

ACTION: Proposed guidelines.

-----------------------------------------------------------------------

SUMMARY: The Office of the Comptroller of the Currency (OCC) is 
requesting comment on proposed enforceable guidelines establishing 
standards for recovery planning by insured national banks, insured 
Federal savings associations, and insured Federal branches of foreign 
banks with average total consolidated assets of $50 billion or more 
(Guidelines). The OCC would issue the Guidelines as an appendix to its 
safety and soundness standards regulations, and the Guidelines would be 
enforceable by the terms of the Federal statute that authorizes the OCC 
to prescribe operational and managerial standards for national banks 
and Federal savings associations.

DATES: Comments must be submitted by February 16, 2016.

[[Page 78682]]


ADDRESSES: Because paper mail in the Washington, DC area and at the OCC 
is subject to delay, commenters are encouraged to submit comments 
through the Federal eRulemaking Portal or email, if possible. Please 
use the title ``Guidelines Establishing Standards for Recovery Planning 
by Certain Large Insured National Banks, Insured Federal Savings 
Associations, and Insured Federal Branches'' to facilitate the 
organization and distribution of the comments. You may submit comments 
by any of the following methods:
     Federal eRulemaking Portal--``Regulations.gov'': Go to 
https://www.regulations.gov. Enter ``Docket ID OCC-2015-0017'' in the 
Search Box and click ``Search''. Results can be filtered using the 
filtering tools on the left side of the screen. Click on ``Comment 
Now'' to submit public comments.
     Click on the ``Help'' tab on the Regulations.gov home page 
to get information on using Regulations.gov, including instructions for 
submitting public comments.
     Email: regs.comments@occ.treas.gov.
     Mail: Legislative and Regulatory Activities Division, 
Office of the Comptroller of the Currency, 400 7th Street SW., Suite 
3E-218, Mail Stop 9W-11, Washington, DC 20219.
     Hand Delivery/Courier: 400 7th Street SW., Suite 3E-218, 
Mail Stop 9W-11, Washington, DC 20219.
     Fax: (571) 465-4326.
    Instructions: You must include ``OCC'' as the agency name and 
``Docket ID OCC-2015-0017'' in your comment. In general, the OCC will 
enter all comments received into the docket and publish them on the 
Regulations.gov Web site without change, including any business or 
personal information that you provide such as name and address, email 
addresses, or phone numbers. Comments received, including attachments 
and other supporting materials, are part of the public record and 
subject to public disclosure. Do not enclose any information in your 
comment or supporting materials that you consider confidential or 
inappropriate for public disclosure.
    You may review comments and other related materials that pertain to 
this rulemaking action by any of the following methods:
     Viewing Comments Electronically: Go to https://www.regulations.gov. Enter ``Docket ID OCC-2015-0017'' in the Search 
box and click ``Search''. Comments can be filtered by agency name using 
the filtering tools on the left side of the screen.
     Click on the ``Help'' tab on the Regulations.gov home page 
to get information on using Regulations.gov, including instructions for 
viewing public comments, viewing other supporting and related 
materials, and viewing the docket after the close of the comment 
period.
     Viewing Comments Personally: You may personally inspect 
and photocopy comments at the OCC, 400 7th Street SW., Washington, DC. 
For security reasons, the OCC requires that visitors make an 
appointment to inspect comments. You may do so by calling (202) 649-
6700 or, for persons who are deaf or hard of hearing, TTY, (202) 649-
5597. Upon arrival, visitors will be required to present valid 
government-issued photo identification and to submit to a security 
screening in order to inspect and photocopy comments.
     Docket: You may also view or request available background 
documents and project summaries using the methods described above.

FOR FURTHER INFORMATION CONTACT: For questions concerning the 
Guidelines, contact Lori Bittner, Large Bank Supervision--Resolution 
and Recovery, (202) 649-6093; Stuart Feldstein, Director, Andra 
Shuster, Senior Counsel, or Karen McSweeney, Counsel, Legislative & 
Regulatory Activities Division, (202) 649-5490 or, for persons who are 
deaf or hard of hearing, TTY, (202) 649-5597; or Valerie Song, 
Assistant Director, Bank Activities and Structure Division, (202) 649-
5500, 400 7th Street SW., Washington, DC 20219.

SUPPLEMENTARY INFORMATION:

Background

    The recent financial crisis demonstrated the destabilizing effect 
that severe stress at large, complex, interconnected financial 
companies can have on the national economy, capital markets, and the 
overall financial stability of the banking system. Following the 
crisis, Congress passed the Dodd-Frank Wall Street Reform and Consumer 
Protection Act (Dodd-Frank Act); among other purposes, the Dodd-Frank 
Act was intended to strengthen the framework for the supervision and 
regulation of large U.S. financial companies in order to address the 
significant impact that these institutions can have on capital markets 
and the economy.
    One lesson learned from the crisis is the importance--especially in 
large or complex financial institutions--of strong risk management and 
corporate governance practices. In 2014, the OCC adopted heightened 
standards guidelines that address the risk management and corporate 
governance of large or complex banks.\1\ These guidelines establish 
minimum standards for the design and implementation of a corporate 
governance framework and for a bank's board of directors in overseeing 
the framework's design and implementation. The OCC believes that these 
heightened standards further the goals of the Dodd-Frank Act by 
clarifying the OCC's expectation that banks have robust practices in 
areas where the crisis revealed substantial weaknesses.
---------------------------------------------------------------------------

    \1\ 79 FR 54518 (Sept. 11, 2014) (OCC Guidelines Establishing 
Heightened Standards for Certain Large Insured National Banks, 
Insured Federal Savings Associations, and Insured Federal Branches; 
Integration of Regulations).
---------------------------------------------------------------------------

    Another important component of an institution's risk management and 
corporate governance practices is how an institution plans to respond 
to severe stress in a manner that preserves its financial and 
operational strength and viability. In the aftermath of the crisis, it 
became clear that many financial institutions had insufficient plans 
for identifying and responding rapidly to significant stress events. As 
a result, many institutions were forced to take significant actions 
quickly without the benefit of a well-developed plan. In addition, 
recent large-scale operational events, such as destructive cyber 
attacks, demonstrate the need for institutions to plan how to respond 
to such occurrences.
    The OCC believes that large, complex institutions should have a 
recovery plan that describes options for responding to stress events. 
Accordingly, the OCC is proposing to establish standards for recovery 
planning that would apply to insured national banks, insured Federal 
savings associations, and insured Federal branches of foreign banks 
(together, banks and each, a bank) with average total consolidated 
assets of $50 billion or more (together, covered banks and each, a 
covered bank).\2\ An institution's recovery planning should be a 
dynamic, ongoing process. This process should complement the 
institution's risk management and corporate governance functions and 
support its safe and sound operation. The process of developing and 
maintaining a recovery plan also should cause covered banks' management 
and boards of directors to enhance their focus on risk management and 
corporate governance with a view toward lessening the financial or 
operational impact of future unforeseen events.
---------------------------------------------------------------------------

    \2\ While the Dodd-Frank Act addresses resolution planning, it 
does not specifically address recovery planning.
---------------------------------------------------------------------------

    The OCC recognizes that many covered banks already engage in

[[Page 78683]]

significant planning to respond to events such as cyber attacks, 
business interruptions, and leadership vacancies. They undertake 
strategic, operational, contingency, capital (including stress 
testing), liquidity, and resolution planning. We do not intend for the 
recovery planning required by these Guidelines to duplicate these 
efforts, and we encourage covered banks to leverage their existing 
planning. Rather, the purpose of the Guidelines is to provide a 
comprehensive framework for evaluating how severe stress may affect the 
covered bank as a whole and the options that will allow it to remain 
viable even under severe stress.
    As described below, a covered bank should develop and maintain a 
recovery plan that identifies triggers based on severe stress 
scenarios. These scenarios should range from those that cause 
significant financial and operational hardship to those that bring the 
covered bank close to default, but no further; scenarios should not go 
so far as to push the covered bank into resolution. The plan should 
identify the credible options a covered bank could take to restore 
financial and operational strength and viability in a timely manner, 
while maintaining market confidence. Neither the plan nor the options 
may assume or rely on any extraordinary government support.
    As part of the OCC's regular supervisory activities, OCC examiners 
will assess the appropriateness and adequacy of the covered bank's 
recovery planning process and the integration of that process into the 
covered bank's overall risk management and corporate governance 
functions. Examiners will also assess the quality and reasonableness of 
a covered bank's recovery plan, including its triggers and the stress 
scenarios upon which the triggers are based, recovery options, impact 
assessments, and execution strategies, as well as the covered bank's 
management and board responsibilities.

Enforcement of the Guidelines

    The OCC is proposing these Guidelines pursuant to section 39 of the 
Federal Deposit Insurance Act (FDIA).\3\ Section 39 authorizes the OCC 
to prescribe safety and soundness standards in the form of a regulation 
or guidelines. The OCC currently has four sets of these guidelines, 
issued as appendices to part 30 of the OCC's regulations. Appendix A 
contains operational and managerial standards that relate to internal 
controls, information systems, internal audit systems, loan 
documentation, credit underwriting, interest rate exposure, asset 
growth, asset quality, earnings, compensation, fees, and benefits. 
Appendix B contains standards on information security, and Appendix C 
contains standards that address residential mortgage lending practices. 
Appendix D contains standards for the design and implementation of a 
risk governance framework.
---------------------------------------------------------------------------

    \3\ 12 U.S.C. 1831p-1. Section 39 was enacted as part of the 
Federal Deposit Insurance Corporation Improvement Act of 1991, 
Public Law 102-242, section 132(a), 105 Stat. 2236, 2267-70 (Dec. 
19, 1991).
---------------------------------------------------------------------------

    Section 39 prescribes different consequences depending on whether 
the standards are issued by regulation or guidelines. Pursuant to 
section 39, if a national bank or Federal savings association \4\ fails 
to meet a standard prescribed by regulation, the OCC must require it to 
submit a plan specifying the steps it will take to comply with the 
standard. If a national bank or Federal savings association fails to 
meet a standard prescribed by a guideline, the OCC has the discretion 
to decide whether to require the submission of a plan.\5\ Issuing these 
standards as guidelines rather than as a regulation provides the OCC 
with the flexibility to pursue the course of action that is most 
appropriate given the specific circumstances of a covered bank's 
noncompliance with one or more standards and the covered bank's self-
corrective and remedial responses.
---------------------------------------------------------------------------

    \4\ Section 39 of the FDIA applies to ``insured depository 
institutions,'' which includes insured Federal branches of foreign 
banks. While we do not specifically refer to these entities in this 
discussion, it should be read to include them. However, section 39 
does not apply to uninsured depository institutions.
    \5\ See 12 U.S.C. 1831p-1(e)(1)(A)(i) and (ii).
---------------------------------------------------------------------------

    The procedural rules implementing the supervisory and enforcement 
remedies prescribed by section 39 are contained in part 30 of the OCC's 
rules. Under these provisions, the OCC may initiate a supervisory or 
enforcement process when it determines, by examination or otherwise, 
that a national bank or Federal savings association has failed to meet 
the standards set forth in the Guidelines.\6\ Upon making that 
determination, the OCC may request, in writing, that the national bank 
or Federal savings association submit a compliance plan to the OCC 
detailing the steps the institution will take to correct the 
deficiencies and the time within which it will take those steps. This 
request is termed a Notice of Deficiency. Upon receiving a Notice of 
Deficiency from the OCC, the national bank or Federal savings 
association must submit a compliance plan to the OCC for approval 
within 30 days.
---------------------------------------------------------------------------

    \6\ The procedures governing the determination and notification 
of failure to satisfy a standard prescribed pursuant to section 39, 
the filing and review of compliance plans, and the issuance, if 
necessary, of orders currently are set forth in the OCC's 
regulations at 12 CFR 30.3, 30.4, and 30.5.
---------------------------------------------------------------------------

    If a national bank or Federal savings association fails to submit 
an acceptable compliance plan or fails in any material respect to 
implement a compliance plan approved by the OCC, the OCC may issue a 
Notice of Intent to Issue an Order pursuant to section 39 (Notice of 
Intent). The bank or savings association then has 14 days to respond to 
the Notice of Intent. After considering the bank's or savings 
association's response, the OCC may issue the order, decide not to 
issue the order, or seek additional information from the bank or 
savings association before making a final decision. Alternatively, the 
OCC may issue an order without providing the bank or savings 
association with a Notice of Intent. In such a case, the bank or 
savings association may appeal after-the-fact to the OCC, and the OCC 
has 60 days to consider the appeal. Upon the issuance of an order, a 
bank or savings association is deemed to be in noncompliance with part 
30. Orders are formal, public documents, and they may be enforced by 
the OCC in district court. The OCC may also assess a civil money 
penalty, pursuant to 12 U.S.C. 1818, against any bank or savings 
association that violates or otherwise fails to comply with any final 
order and against any institution-affiliated party who participates in 
such violation or noncompliance.

Description of the OCC's Guidelines for Recovery Planning

    The proposed Guidelines consist of three sections. Section I 
provides an introduction to the Guidelines, explains the scope of the 
Guidelines, and defines key terms. Section II sets forth the standards 
for the design and execution of a covered bank's recovery plan. Section 
III provides the standards for management's and the board of directors' 
responsibilities in connection with the recovery plan.

Section I: Introduction

    Scope. The Guidelines would apply to a bank with average total 
consolidated assets equal to or greater than $50 billion as of the 
effective date of the Guidelines (calculated by averaging the covered 
bank's total consolidated assets, as reported on the bank's 
Consolidated Reports of Condition and Income (Call Reports), for the 
four most recent consecutive quarters). This threshold is consistent 
with the scope of the regulations of the Federal Deposit Insurance 
Corporation (FDIC) and Board

[[Page 78684]]

of Governors of the Federal Reserve System (Board) that require certain 
entities to prepare resolution plans.\7\ For those banks that have 
average total consolidated assets less than $50 billion as of the 
effective date of the Guidelines, but subsequently have average total 
consolidated assets of $50 billion or greater, the date on which the 
Guidelines would apply is the as-of date of the most recent Call Report 
used in the calculation of the average.\8\ Once a bank becomes subject 
to the Guidelines because its average total consolidated assets reach 
or exceed the $50 billion threshold, it would be required to continue 
to comply with the Guidelines, unless the OCC specifically determines 
that compliance is not required.
---------------------------------------------------------------------------

    \7\ See 12 CFR 381.2(f) and 243.2(f), respectively. See also 12 
CFR 360.10.
    \8\ While the Guidelines would apply as of the date of the most 
recent Call Report used in the calculation of the average total 
consolidated assets of the covered bank, we understand that a newly 
covered bank will need time to formulate a recovery plan and expect 
the bank to work with its OCC examiners during this period.
---------------------------------------------------------------------------

    In order to maintain supervisory flexibility, the proposed 
Guidelines would reserve the OCC's authority to apply the Guidelines to 
a bank whose average total consolidated assets are less than $50 
billion if the OCC determines such entity's operations are highly 
complex or otherwise present a heightened risk that warrants 
application of the Guidelines. The OCC expects to use this authority 
infrequently; it does not intend to apply the Guidelines to community 
banks.
    In determining whether a bank's operations are highly complex or 
present a heightened risk, the OCC will consider the bank's risk 
profile, size, activities, and complexity, including the complexity of 
its organizational and legal entity structure. Additionally, as noted 
above, the OCC may determine that a covered bank is no longer required 
to comply with the Guidelines. The OCC would generally make this 
determination if a covered bank's operations are no longer highly 
complex or no longer present a heightened risk.
    When exercising any of these reservations of authority, the OCC 
would apply notice and response procedures consistent with those set 
out in 12 CFR 3.404. In accordance with these procedures, the OCC would 
provide a bank or covered bank, as appropriate, with written notice of 
its proposed determination under this paragraph of the Guidelines, and 
the bank or covered bank would have 30 days to respond in writing. The 
OCC would consider failure to respond within this time frame a waiver 
of any objections. At the conclusion of the 30 days, the OCC would 
issue a written notice of its final determination.
    As discussed above, the Guidelines would be enforceable pursuant to 
section 39 of the FDIA and part 30 of the OCC's rules. Section I of the 
Guidelines provides that nothing in section 39 or the Guidelines in any 
way limits the authority of the OCC to address unsafe or unsound 
practices or conditions or other violations of law.\9\
---------------------------------------------------------------------------

    \9\ Section 39 preserves all authority otherwise available to 
the OCC, stating, ``The authority granted by this section is in 
addition to any other authority of the Federal banking agencies.'' 
See 12 U.S.C. 1831p-1(g).
---------------------------------------------------------------------------

    Definitions. Paragraph D of Section I defines certain terms used 
throughout the Guidelines, including ``average total consolidated 
assets,'' ``bank,'' ``covered bank,'' ``recovery,'' ``recovery plan,'' 
and ``trigger.'' The term ``recovery'' means timely and appropriate 
action that a covered bank takes to remain a going concern when it is 
experiencing or is likely to experience considerable financial or 
operational distress. A covered bank in recovery has not yet 
deteriorated to the point where liquidation or resolution is imminent. 
A ``recovery plan'' is a plan that identifies triggers and options for 
responding to a wide range of severe internal and external stress 
scenarios and for restoring a covered bank to financial and operational 
strength and viability in a timely manner, while maintaining the 
confidence of market participants. Neither the plan nor the options may 
assume or rely on any extraordinary government support. ``Trigger'' 
means a quantitative or qualitative indicator of the risk or existence 
of severe stress that should always be escalated to management or the 
board of directors, as appropriate, for purposes of initiating a 
response. The breach of any trigger should result in timely notice 
accompanied by sufficient information to enable management of the 
covered bank to take corrective action.

Section II: Recovery Plan

    Each covered bank should develop and maintain a recovery plan 
appropriate for its individual risk profile, size, activities, and 
complexity, including the complexity of its organizational and legal 
entity structure. Section II sets forth the elements that the covered 
bank should include in a recovery plan.\10\
---------------------------------------------------------------------------

    \10\ A covered bank can use information included in its 
resolution plan to prepare its recovery plan.
---------------------------------------------------------------------------

    1. Overview of covered bank. It is important that a recovery plan 
provide a detailed description of the covered bank's overall 
organizational and legal structure, including its material entities, 
critical operations, core business lines, and core management 
information systems. The description should explain interconnections 
and interdependencies \11\ (i) across business lines within the covered 
bank, (ii) with affiliates in a bank holding company structure, (iii) 
between a covered bank and its foreign subsidiaries, and (iv) with 
critical third parties. The description should address whether a 
disruption of these interconnections or interdependencies would 
materially affect the funding or operations of the covered bank and, if 
so, how. Examples include relationships with respect to credit 
exposures, investments, or funding commitments; guarantees including an 
acceptance, endorsement, or letter of credit issued for the benefit of 
an affiliate during normal periods, as opposed to during a crisis; and 
payment services, treasury operations, collateral management, 
information technology (IT), human resources (HR), or other operational 
functions. This overview is an essential part of the recovery plan.
---------------------------------------------------------------------------

    \11\ We are using the terms ``interconnections'' and 
``interdependencies'' in a manner consistent with FDIC and Board 
resolution plan regulations. See supra note 7.
---------------------------------------------------------------------------

    2. Triggers. As defined above, a trigger is a quantitative or 
qualitative indicator of the risk or existence of severe stress that 
should always be escalated to management or the board of directors, as 
appropriate, for purposes of initiating a response. In order to 
identify triggers that appropriately reflect the particular 
vulnerabilities of each covered bank, the bank should begin by 
designing severe stress scenarios that would threaten the covered 
bank's critical operations or cause it to fail if one or more recovery 
options were not implemented in a timely manner. Because a recovery 
plan should demonstrate the ability of the covered bank to restore its 
financial and operational strength and viability, these scenarios 
should range from those that cause significant financial and 
operational hardship to those that bring the covered bank close to 
default, but not into resolution.\12\
---------------------------------------------------------------------------

    \12\ Separate from these Guidelines, covered banks are required 
to conduct supervisory stress tests. While the scenarios used to 
conduct those tests may be appropriate for purposes of identifying 
triggers under these Guidelines, a covered bank should evaluate the 
appropriateness of those scenarios on a case-by-case basis.
---------------------------------------------------------------------------

    The covered bank should consider a range of bank-specific and 
market-wide stress scenarios, individually and in the aggregate, that 
are immediate and prolonged. The stress scenarios should be designed to 
result in capital shortfalls, liquidity pressures, or other significant 
financial losses. Examples of

[[Page 78685]]

bank-specific stress scenarios include fraud; portfolio shocks; a 
significant cyber attack \13\ or other wide-scale operational event; 
accounting and tax issues; events that cause a reputational crisis that 
degrades customer or market confidence; and other key stresses that 
management identifies. Examples of market-wide stress scenarios include 
the disruption of domestic or global financial markets; the failure or 
impairment of systemically important financial industry participants, 
critical financial market infrastructure firms, and critical third-
party relationships; significant changes in debt or equity valuations, 
currency rates, or interest rates; the widespread interruption of 
critical infrastructure that may degrade operational capability; \14\ 
and general economic conditions.
---------------------------------------------------------------------------

    \13\ An example of a significant cyber attack includes an event 
that has an impact on a bank's computer network(s) or the computer 
network(s) of one of its third-party providers and that undermines 
the covered bank's data or processes.
    \14\ An example of this type of interruption includes a 
disruption to a payment, clearing, or settlement system that affects 
the covered bank's ability to access that system.
---------------------------------------------------------------------------

    As provided in the definition of ``trigger,'' the breach of a 
trigger should always be escalated to management or the board of 
directors, as appropriate, for its consideration of an appropriate 
response. The breach of any trigger should result in timely notice 
accompanied by sufficient information to enable management of the 
covered bank to take corrective action. A covered bank should select 
triggers that address a continuum of increasingly severe stress, 
ranging from those that provide a warning of the likely occurrence of 
severe stress to those that indicate the actual existence of severe 
stress. The number and nature of triggers should be appropriate for the 
covered bank's business and risk profile.
    The nature of the trigger informs the nature of the response. For 
example, in some situations, the appropriate response to the breach of 
a trigger may be enhanced monitoring; in other situations, the breach 
of a trigger should result in activating a specific recovery option set 
forth in the plan or taking other corrective action. It should be 
noted, however, that the breach of a particular trigger does not 
necessarily correspond to a single recovery option; instead, more than 
one option may be appropriate when a particular trigger is breached.
    A recovery plan should include both quantitative and qualitative 
triggers. Quantitative triggers include changes in covered bank-
specific indicators that reflect the covered bank's capital or 
liquidity position. While capital or liquidity triggers may be the most 
critical, a covered bank should also consider other quantitative 
triggers that may have an impact on its condition, such as a rating 
downgrade; access to credit and borrowing lines; equity ratios; 
profitability; asset quality; or other macroeconomic indicators. Of 
course, a covered bank should be prepared to act to preserve the 
financial and operational strength and viability of the bank if it is 
at risk, regardless of whether a trigger has been breached or the 
recovery plan includes options to specifically address the problems the 
bank faces.
    Qualitative triggers include the unexpected departure of senior 
leadership; the erosion of reputation or market standing; the impact of 
an adverse legal ruling; and a material operational event that affects 
the covered bank's ability to access critical services or to deliver 
products or services to its customers for a material period of time. It 
is important to note that the covered bank should review and update 
both qualitative and quantitative triggers, as necessary, to take into 
account changes in laws and regulations and other material events. In 
addition, a covered bank should consider the regulatory or legal 
consequences that may be associated with the breach of a particular 
trigger.
    3. Options for recovery. The recovery plan should identify a wide 
range of credible options that a covered bank could undertake to 
restore financial and operational strength and viability, thereby 
allowing the bank to continue to operate as a going concern and to 
avoid liquidation or resolution. A covered bank should be able to 
execute the identified options within time frames that allow those 
options to be effective during periods of stress. Neither the plan nor 
the options may assume or rely on any extraordinary government support.
    A recovery plan should explain how the covered bank would carry out 
each option. It should include a description of the decision-making 
process for implementing each option, including the steps to be 
followed and any timing considerations. It should also identify the 
critical parties needed to carry out each option. Options may include 
the conservation or restoration of liquidity and capital; the sale, 
transfer, or disposal of significant assets, portfolios, or business 
lines; the reduction of risk profile; the restructuring of liabilities; 
the activation of emergency protocols; and succession planning. Options 
may also include organizational restructuring, including divesting 
legal entities in order to simplify the covered bank's structure. The 
recovery plan should also identify obstacles that could impede the 
execution of an option and set out mitigation strategies for addressing 
these obstacles. The recovery plan should specifically identify 
recovery options that require regulatory or legal approval.
    Set forth below are examples of how stress scenarios, triggers, and 
options relate to each other:

------------------------------------------------------------------------
 Example of a severe stress                          Possible options in
          scenario              Possible triggers   response to triggers
------------------------------------------------------------------------
Idiosyncratic stress:          Tier 1        Issue new
 Trading losses caused by a    capital falls below   capital.
 rogue trader.                 6%.                   Sell
                               Liquidity     nonstrategic assets
                               falls below           or businesses.
                               internal bank         Reduce loan
                               policy requirements.  originations or
                                                     commitments.
Systemic stress: Significant   Short-term    Sell
 decline in U.S. gross         credit rating falls   strategic assets or
 domestic product, coupled     below A-3.            businesses.
 with an increase in the                     Reduce
 U.S. unemployment rate and    Nonperforming loans   expenses (e.g.,
 a deterioration in U.S.       rise above a          business
 residential housing market.   specified             contractions).
                               percentage.           Access the
                               Market        Board's Discount
                               capitalization        Window.
                               falls below a
                               specific limit for
                               a certain period of
                               time.
------------------------------------------------------------------------

    4. Impact assessments. For each recovery option, a covered bank 
should assess and describe how the option would affect the covered 
bank. This impact assessment and description should specify the 
procedures the covered bank would use to maintain the financial and 
operational strength and viability of its material entities, critical

[[Page 78686]]

operations, and core business lines for each recovery option. This 
assessment should include an analysis of both its internal operations 
(e.g., IT systems, suppliers, HR operations) and its access to market 
infrastructure (e.g., clearing and settlement facilities, payment 
systems, additional collateral requirements). A recovery plan should 
also specify actions a firm can take to sell entities, assets, or 
business lines to restore the financial condition of the covered bank. 
For each recovery option, a covered bank should identify any 
impediments or regulatory requirements that must be addressed to 
execute the option, including how to overcome those impediments or 
satisfy those requirements. Each recovery option also should address 
potential consequences, including the benefits and risks of that 
particular option. The assessment should address the impact on the 
covered bank's capital, liquidity, funding and profitability; and the 
effect on the covered bank's material entities, critical operations, 
and core business lines, including reputational impact.
    5. Escalation procedures. A recovery plan should clearly outline 
the process for escalating decision-making to senior management or the 
board of directors, as appropriate, in response to the breach of a 
trigger. The recovery plan should also identify the departments and 
persons responsible for making and executing these decisions, including 
the process for informing necessary stakeholders (e.g., shareholders, 
counsel, accountants, regulators) to effect the action. At a minimum, 
the escalation procedures should result in the covered bank taking 
action before remedial supervisory action is necessary.
    6. Management reports. A recovery plan should require reports that 
provide management or the board of directors with sufficient data and 
information to make timely decisions regarding the appropriate actions 
necessary to respond to the breach of a trigger. A recovery plan should 
identify the types of reports that the covered bank will provide to 
allow management or the board to monitor progress with respect to the 
actions taken under the recovery plan.
    7. Communication procedures. A recovery plan should provide that 
the covered bank notify the OCC of any significant breach of a trigger 
and any action taken or to be taken in response to such breach and 
should explain the process for deciding when a breach of a trigger is 
significant. A covered bank should work closely with the OCC when 
executing a recovery plan.
    A recovery plan also should address when and how the covered bank 
will notify persons within the organization and other external parties 
of its actions under the recovery plan. These elements will ensure that 
all stakeholders are informed in a timely manner of how the covered 
bank responds to a breach of a trigger. In addition, the recovery plan 
should specifically identify how the covered bank will obtain required 
regulatory or legal approvals in order to ensure that the covered bank 
receives such approval in a timely manner.
    8. Other information. A recovery plan should include any other 
information that the OCC communicates in writing directly to the 
covered bank regarding the covered bank's recovery plan. A well-
developed recovery plan should also consider relevant information 
included in other written OCC or Federal Financial Institutions 
Examination Council material.
    C. Relationship to other processes; coordination with other plans. 
The covered bank should integrate its recovery plan into its corporate 
governance and risk management functions. The covered bank also should 
coordinate its recovery plan with its strategic; operational (including 
business continuity); contingency; capital (including stress testing); 
liquidity; and resolution planning. In many cases, these plans may be 
interconnected and would require the covered bank to coordinate among 
them. In addition, to the extent possible, a covered bank should align 
its recovery plan with any recovery and resolution planning efforts by 
the covered bank's holding company so that the plans are consistent 
with and do not contradict each other. We recognize that some 
inconsistency may be unavoidable because recovery planning and 
resolution planning differ in that recovery planning addresses a bank's 
ongoing financial and operational strength and viability while 
resolution planning starts from the point of non-viability.
    The OCC notes that covered banks are an integral part of bank 
holding company recovery and resolution plans. As a result, a covered 
bank may be able to leverage certain elements in these other plans. For 
example, resolution plans typically require a bank to map its critical 
operations. A covered bank may find this resolution planning mapping 
exercise to be useful in describing its interconnections and 
interdependencies as set out in its recovery plan overview.

Section III: Management's and Board of Directors' Responsibilities

    Section III of the proposed Guidelines addresses the 
responsibilities of both management and the board of directors with 
respect to the recovery plan.
    Management of the covered bank should review the recovery plan at 
least annually and in response to a material event. It should revise 
the plan as necessary to reflect material changes in the covered bank's 
risk profile, complexity, size, and activities, as well as changes in 
external threats. During this review, management should consider the 
ongoing relevance and applicability of the stress scenarios and 
triggers and revise the recovery plan as needed. This review should 
evaluate the covered bank's organizational structure and its 
effectiveness in facilitating a recovery. The assessment should 
consider the legal structures, number of entities, geographical 
footprint, booking practices (e.g., guarantees, exposures), and 
servicing arrangements necessary to enable flexible operations. The 
board and management should provide justification for the covered 
bank's organizational and legal structures and outline changes that 
would enhance the board's and management's ability to oversee the 
covered bank in times of stress. A more rational legal structure can 
provide a clearer path to recovery and the operational flexibility to 
implement the recovery plan.
    The board is responsible for overseeing the covered bank's recovery 
planning process. As part of the board's oversight of a covered bank's 
safe and sound operations, the board also should work closely with the 
bank's senior management in developing and executing the recovery plan. 
Accordingly, the Guidelines provide that a covered bank's board of 
directors, or an appropriate committee of the board, should review and 
approve the recovery plan at least annually and as needed to address 
any changes made by management.

Request for Comments

    The OCC requests comment on all aspects of the proposed Guidelines.

Regulatory Analysis

Paperwork Reduction Act

    The OCC has determined that this proposal involves collections of 
information pursuant to the provisions of the Paperwork Reduction Act 
of 1995 (PRA) (44 U.S.C. 3501 et seq.). The OCC may not conduct or 
sponsor, and an organization is not required to respond to, these 
information collection requirements unless the information collection 
displays a currently valid Office of Management and Budget (OMB) 
control number. The OCC is seeking a control number for this

[[Page 78687]]

collection from OMB and has submitted this collection to OMB.
    The collections of information that are subject to the PRA in this 
proposal are found in 12 CFR part 30, appendix E, sections II.B., 
II.C., and III. Section II.B. specifies the elements of the recovery 
plan, including an overview of the covered bank; triggers; options for 
recovery; impact assessments; escalation procedures; management 
reports; and communication procedures. Section II.C. addresses the 
relationship of the plan to other covered bank processes and plans, as 
well as those of its bank holding company. Section III outlines 
management's and board of directors' responsibilities.
    Title: OCC Guidelines Establishing Standards for Recovery Planning 
by Certain Large Insured National Banks, Insured Federal Savings 
Associations, and Insured Federal Branches.
    OMB Control No.: To be assigned by OMB.
    Frequency of Response: On occasion.
    Affected Public: Businesses or other for-profit organizations.
    Burden Estimates:
    Total Number of Respondents: 23.
    Total Burden per Respondent: 7,543 hours.
    Total Burden for Collection: 173,489 hours.
    Comments should be submitted as provided in the ADDRESSES section 
and are invited on: (1) Whether the proposed collection of information 
is necessary for the proper performance of the OCC's functions; 
including whether the information has practical utility; (2) the 
accuracy of the OCC's estimate of the burden of the proposed 
information collection, including the cost of compliance; (3) ways to 
enhance the quality, utility, and clarity of the information to be 
collected; and (4) ways to minimize the burden of information 
collection on respondents, including through the use of automated 
collection techniques or other forms of IT.

Regulatory Flexibility Analysis

    Pursuant to section 605(b) of the Regulatory Flexibility Act, 5 
U.S.C. 605(b) (RFA), the regulatory flexibility analysis otherwise 
required under section 603 of the RFA is not required if the agency 
certifies that the proposal will not, if promulgated, have a 
significant economic impact on a substantial number of small entities 
(defined for purposes of the RFA to include commercial banks and 
savings institutions with assets less than or equal to $550 million and 
trust companies with assets less than or equal to $38.5 million) and 
publishes its certification and a short, explanatory statement in the 
Federal Register along with its proposal.
    The proposed Guidelines would have no impact on any small entities. 
The proposed Guidelines would apply only to insured national banks, 
insured Federal savings associations, and insured Federal branches of 
foreign banks with $50 billion or more in average total consolidated 
assets. The proposed Guidelines reserve the OCC's authority to apply 
them to an insured national bank, insured Federal savings association, 
or insured Federal branch of a foreign bank with less than $50 billion 
in average total consolidated assets if the OCC determines such 
entity's operations are highly complex or otherwise present a 
heightened risk. We do not expect any small entities will be determined 
to have highly complex operations or present heightened risk by the 
OCC. Therefore, the OCC certifies that the proposed Guidelines would 
not, if issued, have a significant economic impact on a substantial 
number of small entities.

Unfunded Mandates Reform Act Analysis

    Section 202 of the Unfunded Mandates Reform Act of 1995 (2 U.S.C. 
1532), requires the OCC to prepare a budgetary impact statement before 
promulgating a rule that includes a Federal mandate that may result in 
the expenditure by State, local, and tribal governments, in the 
aggregate, or by the private sector, of $100 million or more in any one 
year (adjusted annually for inflation). The OCC has determined that 
this proposal will not result in expenditures by State, local, and 
tribal governments, or the private sector, of $100 million or more in 
any one year. Accordingly, the OCC has not prepared a budgetary impact 
statement.

List of Subjects in 12 CFR Part 30

    Banks, Banking, Consumer protection, National banks, Privacy, 
Safety and soundness, Reporting and recordkeeping requirements.

    For the reasons set forth in the preamble, and under the authority 
of 12 U.S.C. 93a, chapter I of title 12 of the Code of Federal 
Regulations is proposed to be amended as follows:

PART 30--SAFETY AND SOUNDNESS STANDARDS

0
1. The authority citation for part 30 continues to read as follows:

    Authority: 12 U.S.C. 1, 93a, 371, 1462a, 1463, 1464, 1467a, 
1818, 1828, 1831p-1, 1881-1884. 3102(b) and 5412(b)(2)(B); 15 U.S.C. 
1681s, 1681w, 6801, and 6805(b)(1).

0
2. Add Appendix E to part 30 to read as follows:

Appendix E to Part 30--OCC Guidelines Establishing Standards for 
Recovery Planning by Certain Large Insured National Banks, Insured 
Federal Savings Associations, and Insured Federal Branches

Table of Contents

I. Introduction
    A. Scope
    B. Reservation of Authority
    C. Preservation of Existing Authority
    D. Definitions
II. Recovery Plan
    A. Recovery Plan
    B. Elements of Recovery Plan
    1. Overview of Covered Bank
    2. Triggers
    3. Options for Recovery
     4. Impact Assessments
     5. Escalation Procedures
     6. Management Reports
     7. Communication Procedures
     8. Other Information
     C. Relationship to Other Processes; Coordination With Other 
Plans
 III. Management's and Board of Directors' Responsibilities
     A. Management
     B. Board of Directors

I. Introduction

    A. Scope. This appendix applies to a covered bank, as defined in 
paragraph I.D.3.
    B. Reservation of authority.
    1. The OCC reserves the authority:
    a. To apply this appendix, in whole or in part, to a bank that has 
average total consolidated assets of less than $50 billion, if the OCC 
determines such bank is highly complex or otherwise presents a 
heightened risk that warrants the application of this appendix; or
    b. To determine that compliance with this appendix should not be 
required for a covered bank. The OCC will generally make the 
determination under this paragraph I.B.1.b. if a covered bank's 
operations are no longer highly complex or no longer present a 
heightened risk.
    2. In determining whether a covered bank is highly complex or 
presents a heightened risk, the OCC will consider the bank's risk 
profile, size, activities, and complexity, including the complexity of 
its organizational and legal entity structure. Before exercising the 
authority reserved by this paragraph I.B, the OCC will apply notice and 
response procedures in the same manner and to the same extent as the 
notice and response procedures in 12 CFR 3.404.
    C. Preservation of existing authority. Neither section 39 of the 
Federal Deposit Insurance Act (12 U.S.C. 1831p-1) nor this appendix in 
any way limits the authority of the OCC to

[[Page 78688]]

address unsafe or unsound practices or conditions or other violations 
of law. The OCC may take action under section 39 and this appendix 
independently of, in conjunction with, or in addition to any other 
enforcement action available to the OCC.
    D. Definitions.
    1. Average total consolidated assets means the average total 
consolidated assets of the bank or the covered bank, as reported on the 
bank's or covered bank's Call Reports for the four most recent 
consecutive quarters.
    2. Bank means any insured national bank, insured Federal savings 
association, or insured Federal branch of a foreign bank.
    3. Covered bank means any bank--
    (a) With average total consolidated assets equal to or greater than 
$50 billion; or
    (b) With average total consolidated assets less than $50 billion, 
if the OCC determines that such bank is highly complex or otherwise 
presents a heightened risk as to warrant the application of this 
appendix pursuant to paragraph I.B.1.a.
    4. Recovery means timely and appropriate action that a covered bank 
takes to remain a going concern when it is experiencing or is likely to 
experience considerable financial or operational distress. A covered 
bank in recovery has not yet deteriorated to the point where 
liquidation or resolution is imminent.
    5. Recovery plan means a plan that identifies triggers and options 
for responding to a wide range of severe internal and external stress 
scenarios and to restore a covered bank that is in recovery to 
financial and operational strength and viability in a timely manner. 
The options should maintain the confidence of market participants, and 
neither the plan nor the options may assume or rely on any 
extraordinary government support.
    6. Trigger means a quantitative or qualitative indicator of the 
risk or existence of severe stress that should always be escalated to 
management or the board of directors, as appropriate, for purposes of 
initiating a response. The breach of any trigger should result in 
timely notice accompanied by sufficient information to enable 
management of the covered bank to take corrective action.

II. Recovery Plan

    A. Recovery plan. Each covered bank should develop and maintain a 
recovery plan that is appropriate for its individual risk profile, 
size, activities, and complexity, including the complexity of its 
organizational and legal entity structure.
    B. Elements of recovery plan. A recovery plan under paragraph II.A. 
should include the following elements:
    1. Overview of covered bank. A recovery plan should describe the 
covered bank's overall organizational and legal structure, including 
its material entities, critical operations, core business lines, and 
core management informational systems. The plan should describe 
interconnections and interdependencies (i) across business lines within 
the covered bank, (ii) with affiliates in a bank holding company 
structure, (iii) between a covered bank and its foreign subsidiaries, 
and (iv) with critical third parties.
    2. Triggers. A recovery plan should identify triggers that 
appropriately reflect the covered bank's particular vulnerabilities.
    3. Options for recovery. A recovery plan should identify a wide 
range of credible options that a covered bank could undertake to 
restore financial and operational strength and viability, thereby 
allowing the bank to continue to operate as a going concern and to 
avoid liquidation or resolution. A recovery plan should explain how the 
covered bank would carry out each option and describe the timing 
required for carrying out each option. The recovery plan should 
specifically identify the recovery options that require regulatory or 
legal approval.
    4. Impact assessments. For each recovery option, a covered bank 
should assess and describe how the option would affect the covered 
bank. This impact assessment and description should specify the 
procedures the covered bank would use to maintain the financial and 
operational strength and viability of its material entities, critical 
operations, and core business lines for each recovery option. For each 
option, the recovery plan should address the following:
    a. The effect on the covered bank's capital, liquidity, funding and 
profitability;
    b. The effect on the covered bank's material entities, critical 
operations and core business lines, including reputational impact; and
    c. Any legal or market impediment or regulatory requirement that 
must be addressed or satisfied in order to implement the option.
    5. Escalation procedures. A recovery plan should clearly outline 
the process for escalating decision-making to senior management or the 
board of directors, as appropriate, in response to the breach of a 
trigger. The recovery plan should also identify the departments and 
persons responsible for making and executing these decisions.
    6. Management reports. A recovery plan should require reports that 
provide management or the board of directors with sufficient data and 
information to make timely decisions regarding the appropriate actions 
necessary to respond to the breach of a trigger.
    7. Communication procedures. A recovery plan should provide that 
the covered bank notify the OCC of any significant breach of a trigger 
and any action taken or to be taken in response to such breach and 
should explain the process for deciding when a breach of a trigger is 
significant. A recovery plan also should address when and how the 
covered bank will notify persons within the organization and other 
external parties of its action under the recovery plan. The recovery 
plan should specifically identify how the covered bank will obtain 
required regulatory or legal approvals.
    8. Other information. A recovery plan should include any other 
information that the OCC communicates in writing directly to the 
covered bank regarding the covered bank's recovery plan.
    C. Relationship to other processes; coordination with other plans. 
The covered bank should integrate its recovery plan into its risk 
management and corporate governance functions. The covered bank also 
should coordinate its recovery plan with its strategic; operational 
(including business continuity); contingency; capital (including stress 
testing); liquidity; and resolution planning. To the extent possible, 
the covered bank also should align its recovery plan with any recovery 
and resolution planning efforts by the covered bank's holding company, 
so that the plans are consistent with and do not contradict each other.

III. Management's and Board of Directors' Responsibilities

    The recovery plan should address the following management and board 
responsibilities:
    A. Management. Management should review the recovery plan at least 
annually and in response to a material event. It should revise the plan 
as necessary to reflect material changes in the covered bank's risk 
profile, complexity, size, and activities, as well as changes in 
external threats. This review should evaluate the organizational 
structure and its effectiveness in facilitating a recovery.
    B. Board of directors. The board is responsible for overseeing the 
covered bank's recovery planning process. The board of directors or an 
appropriate

[[Page 78689]]

committee of the board of directors of a covered bank should review and 
approve the recovery plan at least annually and as needed to address 
any changes made by management.

    Dated: December 10, 2015.
Thomas J. Curry,
Comptroller of the Currency.
[FR Doc. 2015-31658 Filed 12-16-15; 8:45 am]
 BILLING CODE 4810-33-P