OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches; Technical Amendments, 66791-66801 [2016-23366]

Download as PDF 66791 Rules and Regulations Federal Register Vol. 81, No. 189 Thursday, September 29, 2016 This section of the FEDERAL REGISTER contains regulatory documents having general applicability and legal effect, most of which are keyed to and codified in the Code of Federal Regulations, which is published under 50 titles pursuant to 44 U.S.C. 1510. The Code of Federal Regulations is sold by the Superintendent of Documents. Prices of new books are listed in the first FEDERAL REGISTER issue of each week. DEPARTMENT OF THE TREASURY Office of the Comptroller of the Currency 12 CFR Part 30 [Docket ID OCC–2015–0017] RIN 1557–AD96 OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches; Technical Amendments Office of the Comptroller of the Currency, Treasury. ACTION: Final rule and guidelines. AGENCY: The Office of the Comptroller of the Currency (OCC) is adopting enforceable guidelines establishing standards for recovery planning by insured national banks, insured Federal savings associations, and insured Federal branches of foreign banks with average total consolidated assets of $50 billion or more (Final Guidelines). The OCC is issuing the Final Guidelines as an appendix to its safety and soundness standards regulations, and the Final Guidelines will be enforceable by the terms of the Federal statute that authorizes the OCC to prescribe operational and managerial standards for national banks and Federal savings associations. The OCC is also adopting technical changes to the safety and soundness standards regulations that are made necessary by the addition of the Final Guidelines. DATES: This final rule and guidelines are effective on January 1, 2017. The compliance dates for the Final Guidelines in Appendix E to part 30 vary, as specified below. FOR FURTHER INFORMATION CONTACT: Lori Bittner, Large Bank Supervision— Resolution and Recovery, (202) 649– mstockstill on DSK3G9T082PROD with RULES SUMMARY: VerDate Sep<11>2014 22:57 Sep 28, 2016 Jkt 238001 6093; Stuart Feldstein, Director, Andra Shuster, Senior Counsel, Karen McSweeney, Counsel, or Priscilla Benner, Attorney, Legislative & Regulatory Activities Division, (202) 649–5490; or Valerie Song, Assistant Director, Bank Activities and Structure Division, (202) 649–5500; or, for persons who are deaf or hard of hearing, TTY, (202) 649–5597, 400 7th Street SW., Washington, DC 20219. SUPPLEMENTARY INFORMATION: Background The financial crisis demonstrated the destabilizing effect that severe stress at large, complex, interconnected financial companies can have on the national economy, capital markets, and the overall financial stability of the banking system. Following the crisis, Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act); 1 among other purposes, the Dodd-Frank Act was intended to strengthen the framework for the supervision and regulation of large U.S. financial companies in order to address the significant impact that these institutions can have on capital markets and the economy. One lesson learned from the crisis is the importance—especially in large, complex financial institutions—of a strong risk governance framework. In 2014, the OCC formally adopted heightened standards guidelines that address the risk governance of large, complex banks (Heightened Standards).2 The Heightened Standards establish minimum standards for the design and implementation of a risk governance framework and for a bank’s board of directors (board) in overseeing the framework’s design and implementation. The OCC believes that these Heightened Standards further the goals of the Dodd-Frank Act by clarifying the OCC’s expectation that its regulated institutions have robust practices in areas where the crisis revealed substantial weaknesses. Further, in the aftermath of the crisis, it became clear that many financial institutions had insufficient plans for identifying and responding rapidly to 1 Public Law 111–203, 124 Stat. 1376 (July 21, 2010). 2 79 FR 54518 (Sept. 11, 2014) (OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches; Integration of Regulations). PO 00000 Frm 00001 Fmt 4700 Sfmt 4700 significant stress events that affected their financial condition and threatened their viability. As a result, many institutions were forced to take significant actions quickly without the benefit of a well-developed plan. In addition, recent large-scale events, such as destructive cyber attacks, demonstrate the need for institutions to plan how to respond to the financial effects of such occurrences. Therefore, the OCC believes that a large, complex institution should undertake recovery planning to be able to respond quickly to and recover from the financial effects of severe stress on the institution.3 An institution’s recovery planning should be a dynamic, ongoing process that complements its risk governance functions and supports its safe and sound operation. The process of developing and maintaining a recovery plan also should cause a covered bank’s management and its board to enhance their focus on risk governance with a view toward lessening the negative impact of future events. In December 2015, the OCC invited public comment on proposed guidelines establishing minimum standards for recovery planning by insured national banks, insured Federal savings associations, and insured Federal branches of foreign banks (together, banks and each, a bank) with average total consolidated assets of $50 billion or more (together, covered banks and each, a covered bank).4 After carefully considering the comments we received on the proposed guidelines, the OCC is adopting these Final Guidelines as a new Appendix E to part 30 of our regulations. The OCC, as the primary financial regulatory agency for the covered banks, believes that the Final Guidelines will assist these banks with their recovery planning efforts, thereby minimizing the negative impact of severe stress. We have set forth below a detailed description of the proposal, the significant comments we received, and the standards contained in the Final Guidelines. Summary of Comments on the Notice of Proposed Rulemaking The OCC received six comment letters on the proposed guidelines from 3 While the Dodd-Frank Act addresses resolution planning, it does not specifically address recovery planning. 4 80 FR 78681 (Dec. 17, 2015). E:\FR\FM\29SER1.SGM 29SER1 66792 Federal Register / Vol. 81, No. 189 / Thursday, September 29, 2016 / Rules and Regulations mstockstill on DSK3G9T082PROD with RULES national banks, trade associations, and individuals. To improve our understanding of the issues raised by commenters, the OCC had a meeting with two trade groups and a number of their member institutions, and a summary of this meeting is available on a public Web site.5 The comments we received generally supported the proposed guidelines, acknowledging that recovery planning is an important part of risk management and that the use of guidelines, rather than regulations, provides both covered banks and the OCC with appropriate flexibility. However, the commenters asked the OCC to clarify various provisions in the proposal. For example, commenters requested that the OCC address the ability of a covered bank to leverage other processes in developing its recovery plan and to tailor its plan based on the size, risk profile, and complexity of the bank. They also asked the OCC to clarify the role of the board with respect to the plan. In addition, commenters suggested that the OCC consider tiered compliance dates. As discussed more fully below, the OCC has revised the Final Guidelines in response to the comments we received and has made other technical and clarifying changes. Enforcement of the Final Guidelines The OCC is adopting these Final Guidelines pursuant to section 39 of the Federal Deposit Insurance Act (FDIA).6 Section 39 authorizes the OCC to prescribe safety and soundness standards in the form of a regulation or guidelines. The OCC currently has four sets of these guidelines that are appendices to part 30 of the OCC’s regulations. Appendix A contains operational and managerial standards that relate to internal controls, information systems, internal audit systems, loan documentation, credit underwriting, interest rate exposure, asset growth, asset quality, earnings, compensation, fees, and benefits. Appendix B contains standards on information security, and Appendix C contains standards that address residential mortgage lending practices. Appendix D contains the Heightened Standards discussed above. Section 39 prescribes different consequences depending on whether an agency issues the standards by regulation or guideline. Pursuant to section 39, if a bank 7 fails to meet a 5 See http://www.regulations.gov/ index.jsp#!documentDetail;D=OCC-2015-00170001. 6 12 U.S.C. 1831p–1. 7 Section 39 of the FDIA applies to ‘‘insured depository institutions,’’ which, as defined in 12 VerDate Sep<11>2014 22:57 Sep 28, 2016 Jkt 238001 standard prescribed by regulation, the OCC must require it to submit a plan specifying the steps it will take to comply with the standard. If a bank fails to meet a standard prescribed by guidelines, the OCC has the discretion to decide whether to require the submission of a plan.8 The issuance of these standards as guidelines, rather than as regulations, provides the OCC with the flexibility to pursue the course of action that is most appropriate given the specific circumstances of a covered bank’s noncompliance with one or more standards and the covered bank’s selfcorrective and remedial responses. The procedural rules implementing the supervisory and enforcement remedies prescribed by section 39 are contained in part 30 of the OCC’s rules. Under these provisions, the OCC may initiate a supervisory or enforcement process when it determines, by examination or otherwise, that a bank has failed to meet the standards set forth in the Final Guidelines.9 Upon making that determination, the OCC may request in writing that the bank submit a compliance plan to the OCC detailing the steps the institution will take to correct the deficiencies and the time within which it will take those steps. This request is termed a Notice of Deficiency. Upon receiving a Notice of Deficiency from the OCC, the bank must submit a compliance plan to the OCC for approval within 30 days. If a bank fails to submit an acceptable compliance plan or fails in any material respect to implement a compliance plan approved by the OCC, the OCC shall issue a Notice of Intent to Issue an Order pursuant to section 39 (Notice of Intent). The bank then has 14 days to respond to the Notice of Intent. After considering the bank’s response, the OCC may issue the order, decide not to issue the order, or seek additional information from the bank before making a final decision. Alternatively, the OCC may issue an order without providing the bank with a Notice of Intent. In such a case, the bank may appeal after-the-fact to the OCC, and the OCC has 60 days to consider the appeal. Upon the issuance of an order, a bank is deemed to be in noncompliance with part 30. Orders are formal, public documents, and the OCC U.S.C. 1813, includes insured Federal branches of foreign banks. While we do not specifically refer to these entities in this discussion of the enforcement of the Final Guidelines, it should be read to include them. 8 See 12 U.S.C. 1831p–1(e)(1)(A)(i) and (ii). 9 The procedures governing the determination and notification of failure to satisfy a standard prescribed pursuant to section 39; the filing and review of compliance plans; and the issuance of orders, if necessary, are set forth in the OCC’s regulations at 12 CFR 30.3, 30.4, and 30.5. PO 00000 Frm 00002 Fmt 4700 Sfmt 4700 may enforce them in Federal district court. The OCC may also assess a civil money penalty, pursuant to 12 U.S.C. 1818, against any bank that violates or otherwise fails to comply with any final order and against any institutionaffiliated party who participates in such violation or noncompliance. Detailed Description of the Proposed Guidelines, Comments Received, and Final Guidelines Like the proposal, the Final Guidelines consist of three sections. Section I explains the scope of the Final Guidelines, sets forth the applicable compliance dates, and defines key terms. Section II sets forth the standards for the design and execution of a covered bank’s recovery plan. Section III describes the responsibilities of a covered bank’s management and board in connection with the bank’s recovery plan. Section I: Introduction Scope. As proposed, the guidelines would have applied to any bank with ‘‘average total consolidated assets’’ equal to or greater than $50 billion as of the effective date of the guidelines (calculated by averaging a bank’s total consolidated assets, as reported on the bank’s Consolidated Reports of Condition and Income (Call Reports), for the four most recent consecutive quarters). The preamble to the proposal noted that this threshold is consistent with the scope of Federal Deposit Insurance Corporation (FDIC) and Board of Governors of the Federal Reserve System (Board) regulations that require certain entities to prepare resolution plans.10 We note that this threshold also is consistent with the Heightened Standards threshold, as well as the threshold used in section 165 of the Dodd-Frank Act for the application of enhanced prudential standards to bank holding companies and foreign banking organizations. The proposal provided that for any bank with average total consolidated assets less than $50 billion as of the effective date of the guidelines, whose average total consolidated assets subsequently reached $50 billion or greater, the guidelines would apply on the as-of date of the bank’s most recent Call Report used in the calculation of the average total consolidated assets. Once a bank’s average total consolidated assets had reached or exceeded the $50 billion threshold, the preamble explained that the bank would have had to comply with the guidelines, unless 10 See 12 CFR 381.2(f) and 243.2(f), respectively. See also 12 CFR 360.10. E:\FR\FM\29SER1.SGM 29SER1 mstockstill on DSK3G9T082PROD with RULES Federal Register / Vol. 81, No. 189 / Thursday, September 29, 2016 / Rules and Regulations and until the OCC specifically determined that compliance was not required, even if the bank’s average total consolidated assets subsequently fell below the $50 billion threshold. The OCC received no comments on these provisions and adopts them as proposed. Compliance date. Although the OCC did not propose a specific compliance date, several commenters requested a phased-in compliance period. Some commenters suggested a compliance date of 2017 for the largest, most complex covered banks and a subsequent compliance date of 2018 for the remaining covered banks. These commenters stated that the phase-in dates should account for the size, risk profile, and complexity of a covered bank. Other commenters requested an initial compliance date for all covered banks of no earlier than 2018. Another commenter suggested that the OCC use a flexible approach when setting a compliance date for banks that reach or exceed the $50 billion threshold after the effective date of the Final Guidelines. The OCC agrees that a phased-in compliance period is appropriate and adopts the compliance schedule set forth below, which we believe gives covered banks, including those likely to have the least experience with recovery planning, sufficient time to prepare their plans. Under this schedule, a covered bank with average total consolidated assets equal to or greater than $750 billion on the effective date of these Final Guidelines should comply within 6 months of the effective date. A covered bank with average total consolidated assets equal to or greater than $100 billion but less than $750 billion on the effective date should comply within 12 months of the effective date. A covered bank with average total consolidated assets equal to or greater than $50 billion but less than $100 billion on the effective date should comply within 18 months of the effective date. Finally, a bank with less than $50 billion in average total consolidated assets on the effective date, which subsequently becomes a covered bank, should comply with the Final Guidelines within 18 months of becoming a covered bank. Reservation of authority. In order to preserve supervisory flexibility, the proposed guidelines reserved the OCC’s authority to apply the guidelines to a bank with average total consolidated assets of less than $50 billion if the agency determined that the bank’s operations were highly complex or otherwise presented a heightened risk. The preamble explained that the OCC VerDate Sep<11>2014 22:57 Sep 28, 2016 Jkt 238001 expected to use this authority infrequently and did not intend to apply the guidelines to community banks. The proposed guidelines also reserved the OCC’s authority to determine that compliance with the guidelines was no longer required for a covered bank whose operations no longer were highly complex or otherwise no longer presented a heightened risk. In either case, when determining whether a bank’s or covered bank’s operations were highly complex or otherwise presented a heightened risk, the proposed guidelines stated that the OCC would consider an institution’s size, risk profile, activities, and complexity, including the complexity of its organizational and legal entity structure. The guidelines also stated that, when exercising the authority reserved by this provision, the OCC would apply notice and response procedures consistent with those set out in 12 CFR 3.404.11 Commenters had no substantive comments on this subsection. However, we have added ‘‘scope of operations’’ to the factors that we will consider in determining whether a bank’s or covered bank’s operations are highly complex or otherwise present a heightened risk. Otherwise, the OCC is adopting these provisions as proposed and reiterates that we expect to use this authority infrequently and do not intend to apply the Final Guidelines to community banks. Preservation of existing authority. The proposed guidelines stated that neither section 39 of the FDIA nor the OCC’s part 30 rules in any way limited the authority of the OCC to address unsafe or unsound practices or conditions or other violations of law.12 We received no comments on this provision, and we are adopting it as proposed. Definitions. The proposed guidelines included definitions of ‘‘average total consolidated assets,’’ ‘‘bank,’’ ‘‘covered bank,’’ ‘‘recovery,’’ ‘‘recovery plan,’’ and ‘‘trigger.’’ The proposal defined the term ‘‘recovery’’ to mean timely and appropriate action that a covered bank 11 As explained in the proposal, these procedures require the OCC to provide a bank or covered bank, as appropriate, with written notice of its determination to use its reservation of authority, and the bank or covered bank would have 30 days to respond in writing. The proposal provided that the OCC would consider the failure of a bank or covered bank to respond within this 30-day period to be a waiver of any objections. At the conclusion of the 30 days, the proposed guidelines stated that the OCC would issue a written notice of its final determination. 12 Section 39 preserves all authority otherwise available to the OCC, stating ‘‘The authority granted by this section is in addition to any other authority of the Federal banking agencies.’’ See 12 U.S.C. 1831p–1(g). PO 00000 Frm 00003 Fmt 4700 Sfmt 4700 66793 takes to remain a going concern when it is experiencing or is likely to experience considerable financial or operational distress and provided that a covered bank in recovery had not yet deteriorated to the point where liquidation or resolution is imminent. The proposal defined ‘‘recovery plan’’ as a plan that identified triggers and options for a covered bank to respond to a wide range of severe internal and external stress scenarios and to restore a covered bank that is in recovery to financial and operational strength and viability in a timely manner while maintaining the confidence of market participants. This definition further stated that neither the plan nor the options could assume or rely on any extraordinary government support. The proposal defined ‘‘trigger’’ as a ‘‘quantitative or qualitative indicator of the risk or existence of severe stress that should always be escalated to management or the board, as appropriate, for purposes of initiating a response.’’ It stated that the breach of any trigger should result in timely notice, accompanied by sufficient information, to enable management of the covered bank to take corrective action. The OCC received one comment regarding references to the ‘‘operational’’ effects of severe stress in the proposal. The commenter stated that a covered bank’s recovery plan should address the effects of operational stress events (e.g., cyber events, natural disasters, unanticipated changes in senior management) only to the extent that such stress events affect the bank’s financial strength and viability. The commenter noted that a covered bank addresses the operational effects of stress events in its other risk management plans (e.g., disaster recovery, business continuity). The commenter also stated that the Final Guidelines would be inconsistent with Board, Financial Stability Board, and European Banking Authority recovery planning provisions if they stated that a covered bank’s recovery plan should address the operational effects of severe stress. The OCC agrees—a recovery plan should address the financial, not the operational, effects of severe stress. The proposal defined the term ‘‘recovery plan’’ to include restoring a covered bank’s ‘‘financial and operational strength and viability.’’ The same commenter noted that the purpose of a recovery plan is to help a covered bank restore its financial, not its operational, strength and viability. The commenter stated that covered banks address the restoration of operational strength and viability in other risk E:\FR\FM\29SER1.SGM 29SER1 66794 Federal Register / Vol. 81, No. 189 / Thursday, September 29, 2016 / Rules and Regulations mstockstill on DSK3G9T082PROD with RULES management plans (e.g., disaster recovery, business continuity). The OCC agrees and has revised the definition of ‘‘recovery plan’’ by removing ‘‘and operational’’ to clarify that the purpose of a recovery plan is to help a covered bank restore its financial strength and viability. While a recovery plan might address operational stress scenarios and identify recovery options that are operational in nature, the triggers in the recovery plan should alert the bank to the possible or actual financial effects of stress, and the recovery options should be designed to restore the bank’s financial strength and viability. We made conforming changes throughout the document to reflect this change. The proposal prohibited reliance on extraordinary government support in a recovery plan. The OCC received a comment asking it to clarify how this prohibition would apply when a foreign government controls a covered bank. While we have not changed the prohibition set forth in the definition of ‘‘recovery plan,’’ the OCC acknowledges that exceptions to this prohibition may exist with respect to support of a covered bank by a foreign government. We recommend that an affected covered bank discuss this situation with its OCC examiner. The OCC received no other comments on these definitions. We have clarified, however, several terms defined in the Final Guidelines. First, we revised the definition of ‘‘covered bank’’ to reflect the proposal’s preamble statement that ‘‘covered bank’’ includes a bank with average total consolidated assets of less than $50 billion if it was previously a covered bank, unless the OCC determines otherwise. Second, we changed the word ‘‘distress’’ in the definition of ‘‘recovery’’ to ‘‘stress.’’ While the term ‘‘distress’’ can be used to describe either stress itself or the effect of stress, we intended in this context to refer to stress itself. Third, we revised the definition of ‘‘trigger’’ to clarify that the breach of a trigger, not the trigger itself, should be escalated and that the escalation should be to senior management. Finally, we have clarified that a trigger breach can be escalated to either the board or an appropriate committee of the board,13 13 We received a comment requesting that the OCC be flexible in applying provisions of the Final Guidelines referencing the board or an appropriate committee of the board to Federal branches, which do not have boards of directors. In applying the Final Guidelines to insured Federal branches that are covered banks, OCC examiners will consult with the branch to determine the appropriate person or committee to undertake the responsibilities assigned to the board of directors or an appropriate committee of the board under the Final Guidelines. VerDate Sep<11>2014 22:57 Sep 28, 2016 Jkt 238001 and we have made conforming changes throughout the document where necessary to address the role of an appropriate committee of the board. Except as otherwise noted above, we are adopting these definitions as proposed. Section II: Recovery Plan A. Recovery plan. Subsection A of the proposal stated that each covered bank should develop and maintain a recovery plan appropriate for its individual size, risk profile, activities, and complexity, including the complexity of its organizational and legal entity structure. In response to this statement, commenters requested that the OCC clarify its expectations with regard to the length and detail of recovery plans and asked that the Final Guidelines elaborate on a covered bank’s ability to tailor its recovery plan to its particular operations. We note that a covered bank’s recovery plan need only be as long and as detailed as is necessary to satisfy these Final Guidelines. The OCC does not have any expectations regarding a plan’s length or detail, nor does it expect that recovery plans will mirror the length or detail of resolution plans. Further, the OCC agrees that a covered bank may tailor its recovery plan to its unique size, risk profile, activities, and complexity. Therefore, a smaller, less complex bank may have a shorter, less complex recovery plan. The stress scenarios, triggers, and recovery options appropriate for a covered bank that engages primarily in retail and commercial banking are likely to be different from those for a covered bank that engages in significant trading or capital market activities. Those appropriate for a covered bank that engages primarily in domestic activities are likely to be different from those for a covered bank with extensive foreign activities. For the sake of clarity, we have added language to this description stating that a recovery plan should be specific to the unique characteristics of each covered bank. We have otherwise adopted this subsection as proposed. B. Elements of recovery plan. Subsection B set forth the eight elements of a recovery plan. 1. Overview of covered bank. The proposed guidelines stated that a recovery plan should include a detailed description of the covered bank’s overall organizational and legal structure, including its material entities, critical operations, core business lines, and core management information systems. The proposal stated that this description should explain interconnections and interdependencies: (i) Across business lines within the covered bank; (ii) with PO 00000 Frm 00004 Fmt 4700 Sfmt 4700 affiliates in a bank holding company structure; (iii) between a covered bank and its foreign subsidiaries; and (iv) with critical third parties. As explained in the proposal’s preamble, the OCC used the terms ‘‘interconnections’’ and ‘‘interdependencies’’ in a manner consistent with FDIC and Board resolution plan regulations. The preamble cited the following as examples of interconnections and interdependencies: (i) Relationships with respect to credit exposures, investments, or funding commitments; (ii) guarantees including an acceptance, endorsement, or letter of credit issued for the benefit of an affiliate during normal periods, as opposed to during a crisis; and (iii) payment services, treasury operations, collateral management, information technology (IT), human resources (HR), and other operational functions. It explained that the plan should address whether a disruption of these interconnections or interdependencies would materially affect the covered bank and, if so, how. Commenters asked the OCC to confirm in the Final Guidelines that other terms, including ‘‘material entities,’’ ‘‘critical operations,’’ and ‘‘core business lines,’’ may be interpreted consistent with the use of those terms elsewhere, such as resolution planning regulations and Heightened Standards. The OCC confirms that a covered bank may include in its recovery plan concepts and terms used elsewhere, provided the bank’s resulting recovery plan is consistent with the Final Guidelines. In order to facilitate the OCC’s understanding of a covered bank’s recovery planning process, a bank’s recovery plan should indicate which key terms are drawn from other sources and identify the sources. Otherwise, we adopt this element as proposed. 2. Triggers. The proposal stated that a recovery plan should identify triggers that appropriately reflected a covered bank’s particular vulnerabilities. As explained in the preamble, in order for a covered bank to identify such triggers, the bank should design severe stress scenarios that would threaten its critical operations or cause it to fail if the bank did not implement one or more recovery options in a timely manner. The preamble further explained that these scenarios should range from those that cause significant hardship to those that bring the covered bank close to default, but not into resolution. As explained in the proposal, in designing stress scenarios, a covered bank should consider a range of bankspecific and market-wide scenarios, individually and in the aggregate, that E:\FR\FM\29SER1.SGM 29SER1 Federal Register / Vol. 81, No. 189 / Thursday, September 29, 2016 / Rules and Regulations mstockstill on DSK3G9T082PROD with RULES are immediate and prolonged. The proposal explained that a covered bank should design the stress scenarios to result in capital shortfalls, liquidity pressures, or other significant financial losses. The preamble included as examples of bank-specific stress scenarios: Fraud; a portfolio shock; a significant cyber attack 14 or other widescale operational event; an accounting and tax issue; an event that caused a reputational crisis and degraded customer or market confidence; and other key stresses that management identified. Although not mentioned in the proposal, another example of a covered bank-specific stress scenario is the failure of the bank’s parent company or a significant affiliate. Examples of market-wide stress scenarios included: A disruption of domestic or global financial markets; a failure or impairment of systemically important financial industry participants, critical financial market infrastructure firms, and critical thirdparty relationships; significant changes in debt or equity valuations, currency rates, or interest rates; the widespread interruption of critical infrastructure that significantly degraded operational capability; 15 and other unfavorable economic conditions. It should also be noted that stress scenarios are important tools that a covered bank uses to determine areas of vulnerability and to help it identify the appropriate triggers. While they need not be included in the plan itself, they are a critical part of the planning process and should be documented for OCC examiners to consider and discuss with a covered bank as part of the agency’s overall evaluation of a bank’s plan. With respect to the development of stress scenarios, commenters requested that the Final Guidelines not require a covered bank to develop stress scenarios other than those required for supervisory stress tests (i.e., Comprehensive Capital Analysis and Review (CCAR) and Dodd-Frank Act Stress Testing (DFAST)). We recognize that the scenarios used to conduct supervisory stress tests may be appropriate for purposes of identifying triggers under these Final Guidelines. However, a covered bank should evaluate those scenarios in the context 14 As explained in the proposal, a significant cyber attack includes an event that has an impact on a covered bank’s computer network(s) or the computer network(s) of one of its third-party service providers and that significantly undermines the covered bank’s data or processes. 15 As explained in the proposal, an example of this type of interruption includes a disruption to a payment, clearing, or settlement system that significantly affects the covered bank’s ability to access that system. VerDate Sep<11>2014 22:57 Sep 28, 2016 Jkt 238001 of these Final Guidelines and consider whether different or additional scenarios are appropriate, including whether these specific scenarios are sufficiently severe to cause the bank to be in recovery—i.e., scenarios that bring the bank to the brink of resolution. The proposal’s discussion of the triggers that a covered bank should include in its recovery plan explained that these triggers should address a continuum of increasingly severe stress, ranging from triggers that provide a warning of the likely occurrence of severe stress to those that indicate the actual existence of severe stress. It stated that the number and nature of triggers should be appropriate for the covered bank’s size, risk profile, activities, and complexity. As the proposal further explained, the nature of a trigger should inform the nature of the response. For example, the preamble stated that, in some situations, the appropriate response to the breach of a trigger should be enhanced monitoring; in other situations, the breach of a trigger should result in activating a more specific recovery option set forth in the plan or taking other corrective action. As the proposal noted, however, the breach of a particular trigger does not necessarily correspond to a single recovery option; instead, more than one option may be appropriate when a particular trigger is breached. The preamble to the proposal stated that quantitative triggers included changes in covered bank-specific indicators that reflect the covered bank’s capital or liquidity position. The proposal stated that a covered bank should also consider quantitative triggers other than capital or liquidity that may have an impact on its condition, such as a rating downgrade; access to credit and borrowing lines; equity ratios; profitability; asset quality; or other macroeconomic indicators. It also noted that a covered bank should be prepared to act if it is at risk, regardless of whether a trigger has been breached or the recovery plan includes options that specifically addressed the problems the bank faced. The proposal also stated that qualitative triggers would include the unexpected departure of senior leadership; the erosion of reputation or market standing; the impact of an adverse legal ruling; and a material operational event that affects the covered bank’s ability to access critical services or to deliver products or services to its customers for a material period of time. In retrospect, we believe these scenarios more accurately describe stress events that may affect a covered bank’s financial strength and viability PO 00000 Frm 00005 Fmt 4700 Sfmt 4700 66795 than triggers that indicate the stress. However, while we anticipate that most triggers will be quantitative indicators, we have retained the reference to qualitative indicators that have a financial effect on a bank to allow for those that a bank may identify. The proposal noted that a covered bank should review and update its triggers, as necessary, to take into account changes in laws and regulations and other material events. In addition, it stated that a covered bank should consider any regulatory or legal consequences resulting from the breach of a particular trigger. We made no changes to this element and adopt it as proposed. 3. Options for recovery. The proposed guidelines stated that a recovery plan should identify a wide range of credible options that a covered bank could undertake to restore its financial and operational strength and viability, thereby allowing the bank to continue to operate as a going concern and avoid liquidation or resolution. The proposed guidelines further provided that a recovery plan should explain how the covered bank would carry out each recovery option, describe the timing for each option, and identify options that require regulatory or legal approval. The preamble to the proposal explained that the recovery plan should include a description of the decisionmaking process for implementing each option, outline the steps the bank will follow, identify the critical parties to carry out each option, and address timing considerations. It also stated that a recovery plan should identify obstacles to executing an option and set out mitigation strategies to address these obstacles. Finally, the preamble provided that the plan should identify those options that would require regulatory or legal approval and, consistent with the proposal’s definition of ‘‘recovery plan,’’ that neither the plan nor the options may assume or rely on any extraordinary government support.16 The preamble noted that a covered bank should be able to execute plan options within time frames that would allow the options to be effective during periods of stress. It also provided examples of recovery options, including the conservation or restoration of liquidity and capital; the sale, transfer, or disposal of significant assets, portfolios, or business lines; steps that reduce the covered bank’s risk profile; 16 The role of extraordinary governmental support in the recovery plans of covered banks that are controlled by a foreign government is discussed above. E:\FR\FM\29SER1.SGM 29SER1 66796 Federal Register / Vol. 81, No. 189 / Thursday, September 29, 2016 / Rules and Regulations the restructuring of liabilities; the activation of emergency protocols; organizational restructuring, including divesting legal entities in order to simplify the covered bank’s structure; and implementing succession planning. To facilitate an understanding of how the stress scenarios, triggers, and options relate to each other, the proposal included the following chart: Examples of severe stress scenarios Possible triggers Idiosyncratic stress: Trading losses caused by a rogue trader. • Tier 1 capital falls below 6%. • Liquidity falls below internal bank policy requirements. • Short-term credit rating falls below A–3. • Nonperforming loans rise above a specified percentage. • Market capitalization falls below a specific limit for a certain period of time. • • • • • bank, including its internal operations (e.g., IT systems, suppliers, HR operations) and its access to market infrastructure (e.g., clearing and settlement facilities, payment systems, additional collateral requirements). The OCC received no comments on this provision. Consistent with the discussion above, however, we have removed ‘‘and operational.’’ Otherwise, we make no material changes to this element as proposed. 5. Escalation procedures. The proposed guidelines stated that a recovery plan should clearly outline the process for escalating decision-making to senior management or the board, as appropriate, in response to the breach of a trigger. The proposal also stated that the plan should identify the departments and persons responsible for making and executing these decisions and describe the process for informing stakeholders (e.g., shareholders, counsel, accountants, regulators) when necessary. As the preamble explained, at a minimum, the escalation procedures should result in the covered bank taking action before remedial supervisory action is necessary. The OCC received no substantive comments on this element of the plan. However, we have clarified that the breach of any trigger should be escalated, which is consistent with the definition of ‘‘trigger.’’ In addition, we have clarified that the recovery plan should identify the departments and persons responsible for executing the decisions of senior management or the board (or an appropriate committee of the board). Otherwise, we have adopted this element as proposed. 6. Management reports. The proposed guidelines stated that a recovery plan should require reports that provide management or the board with sufficient data and information to make timely decisions regarding the appropriate actions necessary to respond to the breach of a trigger. As explained in the preamble, the reports to management or the board should allow them to monitor the covered bank’s progress in response to the actions taken under the recovery plan. The OCC received no comments on this element of the plan. As a clarification, however, the OCC has amended the Final Guidelines to state that reports should be made to senior management. Otherwise, we adopt the language as proposed. 7. Communication procedures. As provided in the proposed guidelines, a recovery plan should provide that the covered bank notify the OCC of any significant breach of a trigger and any action taken or to be taken in response to such breach and explain the process for deciding when a breach of a trigger is significant. The preamble noted that a covered bank should work closely with the OCC when executing its recovery plan. The proposal also stated that a recovery plan should address when and how the covered bank will notify persons within the organization and other external parties of its actions under the recovery plan. This notice is to ensure that all stakeholders are informed in a timely manner of how the covered bank has responded or is responding to a breach of a trigger. In addition, the proposed guidelines stated that the recovery plan should identify how the covered bank would obtain required regulatory or legal approvals, in order to ensure that the bank receives such approval(s) in a timely manner. The OCC received no comments on this element of a recovery plan, and we adopt it as proposed. 8. Other information. As set forth in the proposed guidelines, a recovery plan should include any other information that the OCC communicates in writing directly to the covered bank regarding the bank’s recovery plan. The preamble also stated that a well-developed recovery plan should consider relevant information included in other written mstockstill on DSK3G9T082PROD with RULES Systemic stress: Significant decline in U.S. gross domestic product, coupled with an increase in the U.S. unemployment rate and a deterioration in U.S. residential housing market. As discussed above, the OCC has clarified that the recovery options detailed in a recovery plan are those that respond to the financial effects of severe stress. To effect this clarification in this element of the plan, we have removed ‘‘and operational’’ from the description of the options for recovery in the Final Guidelines. We otherwise adopt this element as proposed. The OCC also notes that a covered bank should not view the options in its plan as exclusive or a specific trigger as necessitating the execution of a particular option. Rather, a covered bank should use its judgment to determine the most appropriate options for the bank to take during a period of severe stress. 4. Impact assessments. The proposed guidelines provided that, for each recovery option, a covered bank should assess and describe how the option would affect the covered bank. The guidelines stated that this impact assessment and description should specify the procedures the covered bank would use to maintain the financial and operational strength and viability of its material entities, critical operations, and core business lines for each recovery option. For each option, the recovery plan’s impact assessment should address: (i) The effect on the covered bank’s capital, liquidity, funding, and profitability; (ii) the effect on its material entities, critical operations, and core business lines, including reputational impact; and (iii) any legal or market impediment or regulatory requirement that the bank would need to address or satisfy to implement the option.17 As the preamble explained, the assessment should analyze the effect each option would have on the covered 17 Although not mentioned in the proposal, we note that a covered bank’s assessment of the legal or market impediments or regulatory requirements relevant to its recovery options should address any timing issues presented by these impediments or requirements. VerDate Sep<11>2014 22:57 Sep 28, 2016 Jkt 238001 PO 00000 Frm 00006 Fmt 4700 Sfmt 4700 Possible options in response to triggers Issue new capital. Sell nonstrategic assets or businesses. Reduce loan originations or commitments. Sell strategic assets or businesses. Reduce expenses (e.g., business contractions). • Access the Board’s Discount Window. E:\FR\FM\29SER1.SGM 29SER1 mstockstill on DSK3G9T082PROD with RULES Federal Register / Vol. 81, No. 189 / Thursday, September 29, 2016 / Rules and Regulations OCC or Federal Financial Institutions Examination Council material. The OCC received no comments on this element of a recovery plan, and we adopt it as proposed. C. Relationship to other processes; coordination with other plans. The proposed guidelines stated that a covered bank should integrate its recovery plan into its corporate governance and risk management functions and coordinate its recovery planning with its strategic; operational (including business continuity); contingency; capital (including stress testing); liquidity; and resolution planning. As the OCC explained in the preamble, in many cases, these plans may be interconnected and require the covered bank to coordinate among them. The proposed guidelines also stated that, to the extent possible, a covered bank should align its recovery plan with any recovery and resolution planning efforts by the covered bank’s holding company, so that the plans are consistent with and do not contradict each other. As the OCC stated in the preamble, some inconsistencies may be unavoidable because recovery planning and resolution planning differ: Recovery planning addresses a bank as a going concern; resolution planning starts from the point of an entity’s non-viability. In addition, the preamble noted that covered banks are an integral part of bank holding company recovery and resolution plans; as a result, it stated that a covered bank might be able to leverage certain elements in these other plans. As an example, the proposal referenced resolution plans, which typically require a bank to map its critical operations. It noted that this mapping exercise might be useful to the bank’s recovery plan description of interconnections and interdependencies. The OCC received several comments on this element of the plan requesting the OCC to confirm that covered banks are permitted to leverage existing processes, such as those for stress testing, resolution planning, contingency planning, risk governance, and holding company recovery plans, when developing recovery plans. One commenter requested that the Final Guidelines permit a covered bank to use its holding company’s recovery plan to satisfy its obligations under the Final Guidelines, if the risk profiles of both entities are substantially the same. Another commenter asserted that a covered bank should be permitted to leverage its existing governance structure to satisfy its management and board responsibilities under these Final Guidelines. VerDate Sep<11>2014 22:57 Sep 28, 2016 Jkt 238001 As explained in the preamble to the proposal, the OCC recognizes that many covered banks already engage in significant planning, including planning responses to cyber attacks, business interruptions, and leadership vacancies. Some banks also undertake a range of other planning, including strategic, contingency, capital (including stress testing), liquidity, and resolution. The same is true for their parent holding companies or affiliates. As also noted in the proposal, we do not intend for the recovery planning described in these Final Guidelines to be needlessly burdensome or duplicative of these other planning processes. The OCC expects, however, that a covered bank’s recovery plan will identify the recovery strategies that are specific to that bank and, as appropriate, distinguishable from the recovery strategies of its holding company or affiliates. Furthermore, while we encourage covered banks to leverage their existing processes, including by incorporating or cross-referencing portions or elements of relevant plans, in most cases, it is unlikely that a covered bank will be able to use a plan prepared for another purpose or entity to satisfy the Final Guidelines.18 As we have noted previously, the purpose of these Final Guidelines is to provide a comprehensive framework for evaluating how severe stress would financially affect a covered bank specifically and the recovery options that would allow that bank to remain viable under such stress. The OCC is making several changes to this provision as proposed. First, we have revised this subsection so that the Final Guidelines themselves state that a covered bank’s recovery plan should be specific to the unique characteristics of that bank. Second, we are clarifying that the other plans identified in the proposed guidelines with which a covered bank should coordinate its recovery planning is not an exclusive list. Instead, these are examples of other types of plans. Third, we are replacing the phrase ‘‘risk management and corporate governance’’ with ‘‘risk governance,’’ which we believe incorporates the concepts of both risk management and corporate governance as it relates to risk management. Other than these and other minor changes, we adopt this provision as proposed. 18 When a covered bank comprises a substantial percentage of its holding company’s assets (i.e., 95%), the holding company’s recovery plan, if any, may serve as the bank’s recovery plan, provided that such plan satisfies these Final Guidelines. PO 00000 Frm 00007 Fmt 4700 Sfmt 4700 66797 Section III: Management’s and the Board’s Responsibilities Section III of the proposed guidelines addressed the responsibilities of a covered bank’s management and board with respect to the recovery plan and stated that these responsibilities should be included in the bank’s recovery plan. The proposed guidelines provided that management should review its bank’s recovery plan at least annually and in response to a material event. It further stated that management should revise the plan as necessary to reflect material changes in the covered bank’s size, risk profile, activities, and complexity, as well as changes in external threats. The preamble explained that during this review, management should consider the ongoing relevance and applicability of the stress scenarios used to identify the plan’s triggers and revise the recovery plan as needed. The proposed guidelines also stated that management’s review should include evaluating the covered bank’s organizational structure and its effectiveness in facilitating recovery. The preamble explained that this review should include its legal structure, number of entities, geographical footprint, booking practices (e.g., guarantees, exposures), and servicing arrangements. The preamble stated that both management and the board should provide justification for the covered bank’s organizational and legal structures and outline changes that would enhance their ability to oversee the covered bank in times of stress. As explained in the preamble, a more rational legal structure can provide a clearer path to recovery and the operational flexibility necessary to implement a recovery plan. Several commenters requested that the OCC recognize the need for a covered bank to have flexibility regarding the timing of management’s annual review of its recovery plan. These commenters explained that this flexibility would facilitate a covered bank’s ability to meet deadlines associated with other requirements, such as stress testing. The OCC agrees that management should have flexibility to conduct its annual reviews on its preferred schedule. As noted in the proposal, OCC examiners will assess the appropriateness and adequacy of the covered bank’s ongoing recovery planning process as part of the agency’s regular supervisory activities, which we believe will provide covered banks with the flexibility they need. Commenters also requested the OCC to clarify that it is not necessary for E:\FR\FM\29SER1.SGM 29SER1 66798 Federal Register / Vol. 81, No. 189 / Thursday, September 29, 2016 / Rules and Regulations management to recommend changes to a covered bank’s organizational and legal entity structure as part of every annual review of the bank’s recovery plan. The OCC agrees that a covered bank’s management should only recommend changes to a bank’s organizational and legal entity structure when such changes are necessary or appropriate. The proposed guidelines also stated that the board is responsible for overseeing the covered bank’s recovery planning process. As part of this oversight, the preamble explained that the board should work closely with the bank’s senior management in developing and executing the recovery plan. The proposed guidelines also stated that a covered bank’s board, or an appropriate committee of the board, should review and approve the bank’s recovery plan at least annually and as needed to address any changes made by management. A number of commenters expressed concern that the preamble’s use of ‘‘developing and executing’’ to describe a covered bank board’s role with respect to a recovery plan is inconsistent with a board’s traditional oversight role. It is not the OCC’s intent to expand the board’s role, and we note that the regulatory text in both the proposal and Final Guidelines describe the role of the board as ‘‘oversight.’’ Commenters also asked the OCC to clarify that a covered bank’s board need only review and approve a bank’s plan yearly, and as necessary to address significant, as opposed to all, changes to a plan. We have amended the Final Guidelines to reflect this and otherwise adopt this section as proposed. Description of Technical Amendments to Part 30 We also are including with these Final Guidelines technical and conforming amendments to the part 30 regulations to add references to new Appendix E, which contains the Final Guidelines, where appropriate. Regulatory Analysis mstockstill on DSK3G9T082PROD with RULES Paperwork Reduction Act The OCC has determined that the Final Guidelines include collections of information pursuant to the provisions of the Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501 et seq.). In accordance with PRA, the OCC may not conduct or sponsor, and an organization is not required to respond to, an information collection unless the information collection displays a currently valid Office of Management and Budget (OMB) control number. The VerDate Sep<11>2014 22:57 Sep 28, 2016 Jkt 238001 OCC submitted the information collections contained in the proposed guidelines to OMB for review and approval, pursuant to 44 U.S.C. 3506 and section 1320.11 of the OMB implementing regulations (5 CFR part 1320). OMB instructed the OCC to examine any public comments it received in response to the proposed PRA estimate and to describe in the supporting statement of its next collection any relevant comments, as well as the OCC’s response to such comments. The OCC has re-submitted the information collections to OMB in connection with the final rule. The collections of information that are subject to the PRA in these Final Guidelines are found in 12 CFR part 30, appendix E, sections II.B., II.C., and III. Section II.B. of this appendix specifies the elements of the recovery plan, including an overview of the covered bank; triggers; options for recovery; impact assessments; escalation procedures; management reports; and communication procedures. Section II.C. of this appendix addresses the relationship of the plan to other covered bank processes and coordination with other plans, including the processes and plans of its bank holding company. Section III of this appendix outlines management’s and the board’s responsibilities. We received one comment on our proposed information collection from an individual, which addressed all four of the questions below. First, the commenter argued that a stress event that threatens the viability of a covered bank is the result of either an event that the bank could not have foreseen or failed prudential supervision by the OCC. In either case, the commenter argued, a recovery plan will be useless. In addition, this commenter argued that if a covered bank treats its recovery plan like a prescriptive playbook, the plan will fail and, alternatively, if a recovery plan only provides guidelines, the plan will have no practical utility. In response, as noted above, the OCC believes that stress scenarios are important tools that a covered bank uses to determine areas of vulnerability and help it identify the appropriate triggers. The OCC understands that a covered bank’s recovery planning process will not result in a plan that identifies every trigger and option for every possible scenario—but we do believe that the processes of recovery planning and codification of a plan will help a covered bank manage the stresses it encounters. With respect to the role of a recovery plan during a period of severe stress, as noted above, a covered bank should use its judgment to PO 00000 Frm 00008 Fmt 4700 Sfmt 4700 determine the most appropriate options for the bank to take to preserve its financial strength and viability. The commenter also stated that the OCC’s burden estimate was too low. The OCC believes that its original estimate was realistic given the requirements of the proposed guidelines and has included the same estimate in the Final Guidelines. We have adjusted, however, the estimate of respondents to reflect the most recent data available. In addition, the commenter stated that the agency could enhance the quality and utility of the information collection by requiring only triggers and response options in its plans. In response, as noted above, the OCC believes that stress scenarios are important tools that a covered bank uses to determine areas of vulnerability and identify appropriate triggers. We include the overview of the covered bank as a plan element because a covered bank’s organizational and legal entity structure is likely to change often; its inclusion will both ensure that the bank consider the entire organization in the development of its plan and assist the bank in understanding the recovery plan’s relationship with its other planning efforts. The commenter also stated that the proposed information collection is duplicative of and redundant to information that the OCC currently collects. In response, the OCC recognizes that some information necessary for recovery planning may have been compiled or provided to the OCC for other purposes. However, we believe that it is necessary for a covered bank to assemble this information in the context of recovery planning in order to develop an appropriate plan to respond to future stresses. We encourage, however, covered banks to leverage, including by cross-referencing if appropriate, this prior work. Finally, the commenter argued that it is burdensome to ask a covered bank to connect its recovery plan with its other plans. In response, the OCC notes that a covered bank’s various plans are not intended to operate in a vacuum and must be compatible with each other in order to be effective. Title: OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches OMB Control No.: To be assigned by OMB. Frequency of Response: On occasion. Affected Public: Businesses or other for-profit organizations. Burden Estimates: Total Number of Respondents: 25. E:\FR\FM\29SER1.SGM 29SER1 mstockstill on DSK3G9T082PROD with RULES Federal Register / Vol. 81, No. 189 / Thursday, September 29, 2016 / Rules and Regulations Total Burden per Respondent: 7,543 hours. Total Burden for Collection: 188,575 hours. Comments should be submitted as provided below and continue to be invited on: (1) Whether the proposed collection of information is necessary for the proper performance of the OCC’s functions, including whether the information has practical utility; (2) the accuracy of the OCC’s estimate of the burden of the proposed information collection, including the cost of compliance; (3) ways to enhance the quality, utility, and clarity of the information to be collected; and (4) ways to minimize the burden of information collection on respondents, including through the use of automated collection techniques or other forms of IT. Because paper mail may be subject to delay, commenters are encouraged to submit comments by email to regs.comments@occ.treas.gov, if possible. Alternatively, comments may be mailed to Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, Attention: 1557–0321, 400 7th Street SW., Suite 3E–218, Mail Stop 9W–11, Washington, DC 20219 or faxed to (571) 465–4326. Additionally, commenters should send a copy of their comments to the OCC’s OMB desk officer by: mail to Office of Information and Regulatory Affairs, U.S. Office of Management and Budget, New Executive Office Building, Room 10235, 725 17th Street NW., Washington, DC 20503; fax to (202) 395–6974; or email to oira.submission@omb.eop.gov. You may personally inspect and photocopy comments at the OCC, 400 7th Street SW., Washington, DC 20219. For security reasons, the OCC requires that visitors make an appointment to inspect comments. You may do so by calling (202) 649–6700. Upon arrival, visitors will be required to present valid government-issued photo identification and submit to a security screening. All comments received, including attachments and other supporting materials, are part of the public record and subject to public disclosure. Do not enclose any information in your comment or supporting materials that you consider confidential or inappropriate for public disclosure. You may request additional information on the collection from Shaquita Merritt, Program Specialist, at (202) 649–6302 or, for persons who are deaf or hard of hearing, TTY, (202) 649– 5597, Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, 400 7th VerDate Sep<11>2014 22:57 Sep 28, 2016 Jkt 238001 66799 Street SW., Suite 3E–218, Mail Stop 9W–11, Washington, DC 20219. Consideration of Administrative Burdens and Benefits and Effective Date Regulatory Flexibility Analysis Section 302(a) of the Riegle Community Development and Regulatory Improvement Act of 1994 (CDRI) (12 U.S.C. 4802(a)) requires the OCC, in determining the effective date and administrative compliance requirements for new regulations that impose additional reporting, disclosure, or other requirements on insured depository institutions, to consider, consistent with the principles of safety and soundness and the public interest, (1) any administrative burdens that such regulations would place on depository institutions, including small depository institutions and customers of depository institutions; and (2) the benefits of such regulations. In determining the effective date and administrative compliance requirements for these Final Guidelines, the OCC has considered these burdens and benefits, including the requests of commenters for a phased-in compliance period. To this end, the Final Guidelines include phased-in compliance dates and recognize the need for flexibility with respect to the timing of management’s annual recovery plan review. Section 302(b) of CDRI (12 U.S.C. 4802(a)) requires that new OCC regulations, which impose additional reporting, disclosures, or other new requirements on insured depository institutions, take effect on the first day of a calendar quarter which begins on or after the date on which the regulations are published in final form, subject to certain exceptions not relevant here. This is in addition to the requirement in section 553(d) (5 U.S.C. 553(d)) of the Administrative Procedure Act, which requires that a substantive rule be effective no fewer than 30 days after its publication, subject to certain exceptions not relevant here. The effective date of these Final Guidelines is consistent with these requirements. Pursuant to section 605(b) of the Regulatory Flexibility Act, 5 U.S.C. 605(b) (RFA), the regulatory flexibility analysis otherwise required under section 603 of the RFA is not required if the agency certifies that a rule will not have a significant economic impact on a substantial number of small entities (defined for purposes of the RFA to include commercial banks and savings institutions with assets less than or equal to $550 million and trust companies with assets less than or equal to $38.5 million) and publishes this certification and a short, explanatory statement in the Federal Register with the rule. The OCC has determined that the Final Guidelines will have no impact on small entities. The Final Guidelines apply only to insured national banks, insured Federal savings associations, and insured Federal branches of foreign banks with $50 billion or more in average total consolidated assets. Although the Final Guidelines reserve the OCC’s authority to apply them to an insured national bank, insured Federal savings association, or insured Federal branch of a foreign bank with less than $50 billion in average total consolidated assets if the OCC determines such entity is highly complex or otherwise presents a heightened risk, the OCC does not expect to determine any small entities to be highly complex or otherwise to present a heightened risk. Therefore, the OCC certifies that these Final Guidelines will not have a significant economic impact on a substantial number of small entities. Unfunded Mandates Reform Act Analysis In accordance with section 202 of the Unfunded Mandates Reform Act of 1995 (2 U.S.C. 1532), the OCC prepares a budgetary impact statement before promulgating any rule that includes a Federal mandate that may result in the expenditure by State, local, and tribal governments, in the aggregate, or by the private sector, of $100 million or more in any one year (adjusted annually for inflation). The OCC has determined that these Final Guidelines will not result in expenditures by State, local, and tribal governments, in the aggregate, or by the private sector, of $100 million or more in any one year (adjusted annually for inflation). Accordingly, the OCC has not prepared a budgetary impact statement. PO 00000 Frm 00009 Fmt 4700 Sfmt 4700 List of Subjects in 12 CFR Part 30 Banks, Banking, Consumer protection, National banks, Privacy, Safety and soundness, Reporting and recordkeeping requirements. For the reasons set forth in the preamble, and under the authority of 12 U.S.C. 93a, chapter I of title 12 of the Code of Federal Regulations is amended as follows: PART 30—SAFETY AND SOUNDNESS STANDARDS 1. The authority citation for part 30 continues to read as follows: ■ E:\FR\FM\29SER1.SGM 29SER1 66800 Federal Register / Vol. 81, No. 189 / Thursday, September 29, 2016 / Rules and Regulations Authority: 12 U.S.C. 1, 93a, 371, 1462a, 1463, 1464, 1467a, 1818, 1828, 1831p–1, 1881–1884, 3102(b) and 5412(b)(2)(B); 15 U.S.C. 1681s, 1681w, 6801, and 6805(b)(1). § 30.1 [Amended] 2. Section 30.1 is amended by removing, in paragraph (a), ‘‘appendices A, B, C, and D’’ and adding in its place ‘‘appendices A, B, C, D, and E’’. ■ 3. Section 30.2 is amended by adding a sentence at the end of the paragraph to read as follows: ■ § 30.2 Purpose. * * * The OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches are set forth in appendix E to this part. § 30.3 [Amended] 4. Section 30.3 is amended in paragraph (a) by removing ‘‘the OCC Guidelines Establishing Standards for Residential Mortgage Lending Practices set forth in appendix C to this part, or the OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches set forth in appendix D to this part’’ and adding in its place ‘‘the OCC Guidelines Establishing Standards for Residential Mortgage Lending Practices set forth in appendix C to this part, the OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches set forth in appendix D to this part, or the OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches set forth in appendix E to this part’’. ■ 5. Appendix E is added to part 30 to read as follows: ■ mstockstill on DSK3G9T082PROD with RULES Appendix E to Part 30—OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches Table of Contents I. Introduction A. Scope B. Compliance date C. Reservation of authority D. Preservation of existing authority E. Definitions II. Recovery Plan A. Recovery plan B. Elements of recovery plan 1. Overview of covered bank VerDate Sep<11>2014 22:57 Sep 28, 2016 Jkt 238001 2. Triggers 3. Options for recovery 4. Impact assessments 5. Escalation procedures 6. Management reports 7. Communication procedures 8. Other information C. Relationship to other processes; coordination with other plans III. Management’s and Board of Directors’ Responsibilities A. Management B. Board of directors I. Introduction A. Scope. This appendix applies to a covered bank, as defined in paragraph I.E.3. of this appendix. B. Compliance date. 1. A covered bank with average total consolidated assets, calculated according to paragraph I.E.1. of this appendix, equal to or greater than $750 billion as of January 1, 2017 should comply with this appendix within 6 months from January 1, 2017. 2. A covered bank with average total consolidated assets, calculated according to paragraph I.E.1. of this appendix, equal to or greater than $100 billion but less than $750 billion as of January 1, 2017 should comply with this appendix within 12 months from January 1, 2017. 3. A covered bank with average total consolidated assets, calculated according to paragraph I.E.1. of this appendix, equal to or greater than $50 billion but less than $100 billion as of January 1, 2017 should comply with this appendix within 18 months from January 1, 2017. 4. A bank with average total consolidated assets, calculated according to paragraph I.E.1. of this appendix, of less than $50 billion as of January 1, 2017 but which subsequently becomes a covered bank should comply with this appendix within 18 months of becoming a covered bank. C. Reservation of authority. 1. The OCC reserves the authority: a. To apply this appendix, in whole or in part, to a bank that has average total consolidated assets of less than $50 billion, if the OCC determines such bank is highly complex or otherwise presents a heightened risk that warrants the application of this appendix; or b. To determine that compliance with this appendix should not be required for a covered bank. The OCC will generally make this determination if a covered bank’s operations are no longer highly complex or no longer present a heightened risk. 2. In determining whether a bank or covered bank is highly complex or presents a heightened risk, the OCC will consider the bank’s size, risk profile, PO 00000 Frm 00010 Fmt 4700 Sfmt 4700 scope of operations, activities, and complexity, including the complexity of its organizational and legal entity structure. Before exercising the authority reserved by paragraph I.C.1. of this appendix, the OCC will apply notice and response procedures in the same manner and to the same extent as the notice and response procedures in 12 CFR 3.404. D. Preservation of existing authority. Neither section 39 of the Federal Deposit Insurance Act (12 U.S.C. 1831p–1) nor this appendix in any way limits the authority of the OCC to address unsafe or unsound practices or conditions or other violations of law. The OCC may take action under section 39 and this appendix independently of, in conjunction with, or in addition to any other enforcement action available to the OCC. E. Definitions. 1. Average total consolidated assets means the average total consolidated assets of the bank or the covered bank, as reported on the bank’s or the covered bank’s Consolidated Reports of Condition and Income for the four most recent consecutive quarters. 2. Bank means any insured national bank, insured Federal savings association, or insured Federal branch of a foreign bank. 3. Covered bank means any bank: a. With average total consolidated assets equal to or greater than $50 billion; b. With average total consolidated assets of less than $50 billion if the bank was previously a covered bank, unless the OCC determines otherwise; or c. With average total consolidated assets less than $50 billion, if the OCC determines that such bank is highly complex or otherwise presents a heightened risk as to warrant the application of this appendix pursuant to paragraph I.C.1.a. of this appendix. 4. Recovery means timely and appropriate action that a covered bank takes to remain a going concern when it is experiencing or is likely to experience considerable financial or operational stress. A covered bank in recovery has not yet deteriorated to the point where liquidation or resolution is imminent. 5. Recovery plan means a plan that identifies triggers and options for responding to a wide range of severe internal and external stress scenarios to restore a covered bank that is in recovery to financial strength and viability in a timely manner. The options should maintain the confidence of market participants, and neither the plan nor the options may assume or rely on any extraordinary government support. E:\FR\FM\29SER1.SGM 29SER1 Federal Register / Vol. 81, No. 189 / Thursday, September 29, 2016 / Rules and Regulations mstockstill on DSK3G9T082PROD with RULES 6. Trigger means a quantitative or qualitative indicator of the risk or existence of severe stress, the breach of which should always be escalated to senior management or the board of directors (or appropriate committee of the board of directors), as appropriate, for purposes of initiating a response. The breach of any trigger should result in timely notice accompanied by sufficient information to enable management of the covered bank to take corrective action. II. Recovery Plan A. Recovery plan. Each covered bank should develop and maintain a recovery plan that is specific to that covered bank and appropriate for its individual size, risk profile, activities, and complexity, including the complexity of its organizational and legal entity structure. B. Elements of recovery plan. A recovery plan under paragraph II.A. of this appendix should include the following elements: 1. Overview of covered bank. A recovery plan should describe the covered bank’s overall organizational and legal entity structure, including its material entities, critical operations, core business lines, and core management information systems. The plan should describe interconnections and interdependencies (i) across business lines within the covered bank, (ii) with affiliates in a bank holding company structure, (iii) between a covered bank and its foreign subsidiaries, and (iv) with critical third parties. 2. Triggers. A recovery plan should identify triggers that appropriately reflect the covered bank’s particular vulnerabilities. 3. Options for recovery. A recovery plan should identify a wide range of credible options that a covered bank could undertake to restore financial strength and viability, thereby allowing the bank to continue to operate as a going concern and to avoid liquidation or resolution. A recovery plan should explain how the covered bank would carry out each option and describe the timing required for carrying out each option. The recovery plan should specifically identify the recovery options that require regulatory or legal approval. 4. Impact assessments. For each recovery option, a covered bank should assess and describe how the option would affect the covered bank. This impact assessment and description should specify the procedures the covered bank would use to maintain the financial strength and viability of its material entities, critical operations, and VerDate Sep<11>2014 22:57 Sep 28, 2016 Jkt 238001 core business lines for each recovery option. For each option, the recovery plan’s impact assessment should address the following: a. The effect on the covered bank’s capital, liquidity, funding, and profitability; b. The effect on the covered bank’s material entities, critical operations, and core business lines, including reputational impact; and c. Any legal or market impediment or regulatory requirement that must be addressed or satisfied in order to implement the option. 5. Escalation procedures. A recovery plan should clearly outline the process for escalating decision-making to senior management or the board of directors (or an appropriate committee of the board of directors), as appropriate, in response to the breach of any trigger. The recovery plan should also identify the departments and persons responsible for executing the decisions of senior management or the board of directors (or an appropriate committee of the board of directors). 6. Management reports. A recovery plan should require reports that provide senior management or the board of directors (or an appropriate committee of the board of directors) with sufficient data and information to make timely decisions regarding the appropriate actions necessary to respond to the breach of a trigger. 7. Communication procedures. A recovery plan should provide that the covered bank notify the OCC of any significant breach of a trigger and any action taken or to be taken in response to such breach and should explain the process for deciding when a breach of a trigger is significant. A recovery plan also should address when and how the covered bank will notify persons within the organization and other external parties of its action under the recovery plan. The recovery plan should specifically identify how the covered bank will obtain required regulatory or legal approvals. 8. Other information. A recovery plan should include any other information that the OCC communicates in writing directly to the covered bank regarding the covered bank’s recovery plan. C. Relationship to other processes; coordination with other plans. The covered bank should integrate its recovery plan into its risk governance functions. The covered bank also should align its recovery plan with its other plans, such as its strategic; operational (including business continuity); contingency; capital (including stress testing); liquidity; and resolution planning. The covered bank’s recovery PO 00000 Frm 00011 Fmt 4700 Sfmt 4700 66801 plan should be specific to that covered bank. The covered bank also should coordinate its recovery plan with any recovery and resolution planning efforts by the covered bank’s holding company, so that the plans are consistent with and do not contradict each other. III. Management’s and Board of Directors’ Responsibilities The recovery plan should address the following management and board responsibilities: A. Management. Management should review the recovery plan at least annually and in response to a material event. It should revise the plan as necessary to reflect material changes in the covered bank’s size, risk profile, activities, and complexity, as well as changes in external threats. This review should evaluate the organizational structure and its effectiveness in facilitating a recovery. B. Board of directors. The board is responsible for overseeing the covered bank’s recovery planning process. The board of directors (or an appropriate committee of the board of directors) of a covered bank should review and approve the recovery plan at least annually, and as needed to address significant changes made by management. Dated: September 21, 2016. Thomas J. Curry, Comptroller of the Currency. [FR Doc. 2016–23366 Filed 9–28–16; 8:45 am] BILLING CODE 4810–33–P DEPARTMENT OF TRANSPORTATION Federal Aviation Administration 14 CFR Part 39 [Docket No. FAA–2016–9116; Directorate Identifier 2016–NM–130–AD; Amendment 39–18672; AD 2016–20–06] RIN 2120–AA64 Airworthiness Directives; Gulfstream Aerospace Corporation Airplanes Federal Aviation Administration (FAA), DOT. ACTION: Final rule; request for comments. AGENCY: We are adopting a new airworthiness directive (AD) for all Gulfstream Aerospace Corporation Model G–1159, G–1159A, G–1159B, and G–IV airplanes. This AD requires revision of the maintenance or inspection program to establish the life limit of all elevator assemblies and skins on affected airplanes. This AD was SUMMARY: E:\FR\FM\29SER1.SGM 29SER1

Agencies

[Federal Register Volume 81, Number 189 (Thursday, September 29, 2016)]
[Rules and Regulations]
[Pages 66791-66801]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-23366]



========================================================================
Rules and Regulations
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains regulatory documents 
having general applicability and legal effect, most of which are keyed 
to and codified in the Code of Federal Regulations, which is published 
under 50 titles pursuant to 44 U.S.C. 1510.

The Code of Federal Regulations is sold by the Superintendent of Documents. 
Prices of new books are listed in the first FEDERAL REGISTER issue of each 
week.

========================================================================


Federal Register / Vol. 81, No. 189 / Thursday, September 29, 2016 / 
Rules and Regulations

[[Page 66791]]



DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Part 30

[Docket ID OCC-2015-0017]
RIN 1557-AD96


OCC Guidelines Establishing Standards for Recovery Planning by 
Certain Large Insured National Banks, Insured Federal Savings 
Associations, and Insured Federal Branches; Technical Amendments

AGENCY: Office of the Comptroller of the Currency, Treasury.

ACTION: Final rule and guidelines.

-----------------------------------------------------------------------

SUMMARY: The Office of the Comptroller of the Currency (OCC) is 
adopting enforceable guidelines establishing standards for recovery 
planning by insured national banks, insured Federal savings 
associations, and insured Federal branches of foreign banks with 
average total consolidated assets of $50 billion or more (Final 
Guidelines). The OCC is issuing the Final Guidelines as an appendix to 
its safety and soundness standards regulations, and the Final 
Guidelines will be enforceable by the terms of the Federal statute that 
authorizes the OCC to prescribe operational and managerial standards 
for national banks and Federal savings associations. The OCC is also 
adopting technical changes to the safety and soundness standards 
regulations that are made necessary by the addition of the Final 
Guidelines.

DATES: This final rule and guidelines are effective on January 1, 2017. 
The compliance dates for the Final Guidelines in Appendix E to part 30 
vary, as specified below.

FOR FURTHER INFORMATION CONTACT: Lori Bittner, Large Bank Supervision--
Resolution and Recovery, (202) 649-6093; Stuart Feldstein, Director, 
Andra Shuster, Senior Counsel, Karen McSweeney, Counsel, or Priscilla 
Benner, Attorney, Legislative & Regulatory Activities Division, (202) 
649-5490; or Valerie Song, Assistant Director, Bank Activities and 
Structure Division, (202) 649-5500; or, for persons who are deaf or 
hard of hearing, TTY, (202) 649-5597, 400 7th Street SW., Washington, 
DC 20219.

SUPPLEMENTARY INFORMATION: 

Background

    The financial crisis demonstrated the destabilizing effect that 
severe stress at large, complex, interconnected financial companies can 
have on the national economy, capital markets, and the overall 
financial stability of the banking system. Following the crisis, 
Congress passed the Dodd-Frank Wall Street Reform and Consumer 
Protection Act (Dodd-Frank Act); \1\ among other purposes, the Dodd-
Frank Act was intended to strengthen the framework for the supervision 
and regulation of large U.S. financial companies in order to address 
the significant impact that these institutions can have on capital 
markets and the economy.
---------------------------------------------------------------------------

    \1\ Public Law 111-203, 124 Stat. 1376 (July 21, 2010).
---------------------------------------------------------------------------

    One lesson learned from the crisis is the importance--especially in 
large, complex financial institutions--of a strong risk governance 
framework. In 2014, the OCC formally adopted heightened standards 
guidelines that address the risk governance of large, complex banks 
(Heightened Standards).\2\ The Heightened Standards establish minimum 
standards for the design and implementation of a risk governance 
framework and for a bank's board of directors (board) in overseeing the 
framework's design and implementation. The OCC believes that these 
Heightened Standards further the goals of the Dodd-Frank Act by 
clarifying the OCC's expectation that its regulated institutions have 
robust practices in areas where the crisis revealed substantial 
weaknesses.
---------------------------------------------------------------------------

    \2\ 79 FR 54518 (Sept. 11, 2014) (OCC Guidelines Establishing 
Heightened Standards for Certain Large Insured National Banks, 
Insured Federal Savings Associations, and Insured Federal Branches; 
Integration of Regulations).
---------------------------------------------------------------------------

    Further, in the aftermath of the crisis, it became clear that many 
financial institutions had insufficient plans for identifying and 
responding rapidly to significant stress events that affected their 
financial condition and threatened their viability. As a result, many 
institutions were forced to take significant actions quickly without 
the benefit of a well-developed plan. In addition, recent large-scale 
events, such as destructive cyber attacks, demonstrate the need for 
institutions to plan how to respond to the financial effects of such 
occurrences. Therefore, the OCC believes that a large, complex 
institution should undertake recovery planning to be able to respond 
quickly to and recover from the financial effects of severe stress on 
the institution.\3\ An institution's recovery planning should be a 
dynamic, ongoing process that complements its risk governance functions 
and supports its safe and sound operation. The process of developing 
and maintaining a recovery plan also should cause a covered bank's 
management and its board to enhance their focus on risk governance with 
a view toward lessening the negative impact of future events.
---------------------------------------------------------------------------

    \3\ While the Dodd-Frank Act addresses resolution planning, it 
does not specifically address recovery planning.
---------------------------------------------------------------------------

    In December 2015, the OCC invited public comment on proposed 
guidelines establishing minimum standards for recovery planning by 
insured national banks, insured Federal savings associations, and 
insured Federal branches of foreign banks (together, banks and each, a 
bank) with average total consolidated assets of $50 billion or more 
(together, covered banks and each, a covered bank).\4\ After carefully 
considering the comments we received on the proposed guidelines, the 
OCC is adopting these Final Guidelines as a new Appendix E to part 30 
of our regulations. The OCC, as the primary financial regulatory agency 
for the covered banks, believes that the Final Guidelines will assist 
these banks with their recovery planning efforts, thereby minimizing 
the negative impact of severe stress. We have set forth below a 
detailed description of the proposal, the significant comments we 
received, and the standards contained in the Final Guidelines.
---------------------------------------------------------------------------

    \4\ 80 FR 78681 (Dec. 17, 2015).
---------------------------------------------------------------------------

Summary of Comments on the Notice of Proposed Rulemaking

    The OCC received six comment letters on the proposed guidelines 
from

[[Page 66792]]

national banks, trade associations, and individuals. To improve our 
understanding of the issues raised by commenters, the OCC had a meeting 
with two trade groups and a number of their member institutions, and a 
summary of this meeting is available on a public Web site.\5\
---------------------------------------------------------------------------

    \5\ See http://www.regulations.gov/index.jsp#!documentDetail;D=OCC-2015-0017-0001.
---------------------------------------------------------------------------

    The comments we received generally supported the proposed 
guidelines, acknowledging that recovery planning is an important part 
of risk management and that the use of guidelines, rather than 
regulations, provides both covered banks and the OCC with appropriate 
flexibility. However, the commenters asked the OCC to clarify various 
provisions in the proposal. For example, commenters requested that the 
OCC address the ability of a covered bank to leverage other processes 
in developing its recovery plan and to tailor its plan based on the 
size, risk profile, and complexity of the bank. They also asked the OCC 
to clarify the role of the board with respect to the plan. In addition, 
commenters suggested that the OCC consider tiered compliance dates. As 
discussed more fully below, the OCC has revised the Final Guidelines in 
response to the comments we received and has made other technical and 
clarifying changes.

Enforcement of the Final Guidelines

    The OCC is adopting these Final Guidelines pursuant to section 39 
of the Federal Deposit Insurance Act (FDIA).\6\ Section 39 authorizes 
the OCC to prescribe safety and soundness standards in the form of a 
regulation or guidelines. The OCC currently has four sets of these 
guidelines that are appendices to part 30 of the OCC's regulations. 
Appendix A contains operational and managerial standards that relate to 
internal controls, information systems, internal audit systems, loan 
documentation, credit underwriting, interest rate exposure, asset 
growth, asset quality, earnings, compensation, fees, and benefits. 
Appendix B contains standards on information security, and Appendix C 
contains standards that address residential mortgage lending practices. 
Appendix D contains the Heightened Standards discussed above.
---------------------------------------------------------------------------

    \6\ 12 U.S.C. 1831p-1.
---------------------------------------------------------------------------

    Section 39 prescribes different consequences depending on whether 
an agency issues the standards by regulation or guideline. Pursuant to 
section 39, if a bank \7\ fails to meet a standard prescribed by 
regulation, the OCC must require it to submit a plan specifying the 
steps it will take to comply with the standard. If a bank fails to meet 
a standard prescribed by guidelines, the OCC has the discretion to 
decide whether to require the submission of a plan.\8\ The issuance of 
these standards as guidelines, rather than as regulations, provides the 
OCC with the flexibility to pursue the course of action that is most 
appropriate given the specific circumstances of a covered bank's 
noncompliance with one or more standards and the covered bank's self-
corrective and remedial responses.
---------------------------------------------------------------------------

    \7\ Section 39 of the FDIA applies to ``insured depository 
institutions,'' which, as defined in 12 U.S.C. 1813, includes 
insured Federal branches of foreign banks. While we do not 
specifically refer to these entities in this discussion of the 
enforcement of the Final Guidelines, it should be read to include 
them.
    \8\ See 12 U.S.C. 1831p-1(e)(1)(A)(i) and (ii).
---------------------------------------------------------------------------

    The procedural rules implementing the supervisory and enforcement 
remedies prescribed by section 39 are contained in part 30 of the OCC's 
rules. Under these provisions, the OCC may initiate a supervisory or 
enforcement process when it determines, by examination or otherwise, 
that a bank has failed to meet the standards set forth in the Final 
Guidelines.\9\ Upon making that determination, the OCC may request in 
writing that the bank submit a compliance plan to the OCC detailing the 
steps the institution will take to correct the deficiencies and the 
time within which it will take those steps. This request is termed a 
Notice of Deficiency. Upon receiving a Notice of Deficiency from the 
OCC, the bank must submit a compliance plan to the OCC for approval 
within 30 days.
---------------------------------------------------------------------------

    \9\ The procedures governing the determination and notification 
of failure to satisfy a standard prescribed pursuant to section 39; 
the filing and review of compliance plans; and the issuance of 
orders, if necessary, are set forth in the OCC's regulations at 12 
CFR 30.3, 30.4, and 30.5.
---------------------------------------------------------------------------

    If a bank fails to submit an acceptable compliance plan or fails in 
any material respect to implement a compliance plan approved by the 
OCC, the OCC shall issue a Notice of Intent to Issue an Order pursuant 
to section 39 (Notice of Intent). The bank then has 14 days to respond 
to the Notice of Intent. After considering the bank's response, the OCC 
may issue the order, decide not to issue the order, or seek additional 
information from the bank before making a final decision. 
Alternatively, the OCC may issue an order without providing the bank 
with a Notice of Intent. In such a case, the bank may appeal after-the-
fact to the OCC, and the OCC has 60 days to consider the appeal. Upon 
the issuance of an order, a bank is deemed to be in noncompliance with 
part 30. Orders are formal, public documents, and the OCC may enforce 
them in Federal district court. The OCC may also assess a civil money 
penalty, pursuant to 12 U.S.C. 1818, against any bank that violates or 
otherwise fails to comply with any final order and against any 
institution-affiliated party who participates in such violation or 
noncompliance.

Detailed Description of the Proposed Guidelines, Comments Received, and 
Final Guidelines

    Like the proposal, the Final Guidelines consist of three sections. 
Section I explains the scope of the Final Guidelines, sets forth the 
applicable compliance dates, and defines key terms. Section II sets 
forth the standards for the design and execution of a covered bank's 
recovery plan. Section III describes the responsibilities of a covered 
bank's management and board in connection with the bank's recovery 
plan.

Section I: Introduction

    Scope. As proposed, the guidelines would have applied to any bank 
with ``average total consolidated assets'' equal to or greater than $50 
billion as of the effective date of the guidelines (calculated by 
averaging a bank's total consolidated assets, as reported on the bank's 
Consolidated Reports of Condition and Income (Call Reports), for the 
four most recent consecutive quarters). The preamble to the proposal 
noted that this threshold is consistent with the scope of Federal 
Deposit Insurance Corporation (FDIC) and Board of Governors of the 
Federal Reserve System (Board) regulations that require certain 
entities to prepare resolution plans.\10\ We note that this threshold 
also is consistent with the Heightened Standards threshold, as well as 
the threshold used in section 165 of the Dodd-Frank Act for the 
application of enhanced prudential standards to bank holding companies 
and foreign banking organizations.
---------------------------------------------------------------------------

    \10\ See 12 CFR 381.2(f) and 243.2(f), respectively. See also 12 
CFR 360.10.
---------------------------------------------------------------------------

    The proposal provided that for any bank with average total 
consolidated assets less than $50 billion as of the effective date of 
the guidelines, whose average total consolidated assets subsequently 
reached $50 billion or greater, the guidelines would apply on the as-of 
date of the bank's most recent Call Report used in the calculation of 
the average total consolidated assets. Once a bank's average total 
consolidated assets had reached or exceeded the $50 billion threshold, 
the preamble explained that the bank would have had to comply with the 
guidelines, unless

[[Page 66793]]

and until the OCC specifically determined that compliance was not 
required, even if the bank's average total consolidated assets 
subsequently fell below the $50 billion threshold.
    The OCC received no comments on these provisions and adopts them as 
proposed.
    Compliance date. Although the OCC did not propose a specific 
compliance date, several commenters requested a phased-in compliance 
period. Some commenters suggested a compliance date of 2017 for the 
largest, most complex covered banks and a subsequent compliance date of 
2018 for the remaining covered banks. These commenters stated that the 
phase-in dates should account for the size, risk profile, and 
complexity of a covered bank. Other commenters requested an initial 
compliance date for all covered banks of no earlier than 2018. Another 
commenter suggested that the OCC use a flexible approach when setting a 
compliance date for banks that reach or exceed the $50 billion 
threshold after the effective date of the Final Guidelines.
    The OCC agrees that a phased-in compliance period is appropriate 
and adopts the compliance schedule set forth below, which we believe 
gives covered banks, including those likely to have the least 
experience with recovery planning, sufficient time to prepare their 
plans. Under this schedule, a covered bank with average total 
consolidated assets equal to or greater than $750 billion on the 
effective date of these Final Guidelines should comply within 6 months 
of the effective date. A covered bank with average total consolidated 
assets equal to or greater than $100 billion but less than $750 billion 
on the effective date should comply within 12 months of the effective 
date. A covered bank with average total consolidated assets equal to or 
greater than $50 billion but less than $100 billion on the effective 
date should comply within 18 months of the effective date. Finally, a 
bank with less than $50 billion in average total consolidated assets on 
the effective date, which subsequently becomes a covered bank, should 
comply with the Final Guidelines within 18 months of becoming a covered 
bank.
    Reservation of authority. In order to preserve supervisory 
flexibility, the proposed guidelines reserved the OCC's authority to 
apply the guidelines to a bank with average total consolidated assets 
of less than $50 billion if the agency determined that the bank's 
operations were highly complex or otherwise presented a heightened 
risk. The preamble explained that the OCC expected to use this 
authority infrequently and did not intend to apply the guidelines to 
community banks. The proposed guidelines also reserved the OCC's 
authority to determine that compliance with the guidelines was no 
longer required for a covered bank whose operations no longer were 
highly complex or otherwise no longer presented a heightened risk.
    In either case, when determining whether a bank's or covered bank's 
operations were highly complex or otherwise presented a heightened 
risk, the proposed guidelines stated that the OCC would consider an 
institution's size, risk profile, activities, and complexity, including 
the complexity of its organizational and legal entity structure. The 
guidelines also stated that, when exercising the authority reserved by 
this provision, the OCC would apply notice and response procedures 
consistent with those set out in 12 CFR 3.404.\11\
---------------------------------------------------------------------------

    \11\ As explained in the proposal, these procedures require the 
OCC to provide a bank or covered bank, as appropriate, with written 
notice of its determination to use its reservation of authority, and 
the bank or covered bank would have 30 days to respond in writing. 
The proposal provided that the OCC would consider the failure of a 
bank or covered bank to respond within this 30-day period to be a 
waiver of any objections. At the conclusion of the 30 days, the 
proposed guidelines stated that the OCC would issue a written notice 
of its final determination.
---------------------------------------------------------------------------

    Commenters had no substantive comments on this subsection. However, 
we have added ``scope of operations'' to the factors that we will 
consider in determining whether a bank's or covered bank's operations 
are highly complex or otherwise present a heightened risk. Otherwise, 
the OCC is adopting these provisions as proposed and reiterates that we 
expect to use this authority infrequently and do not intend to apply 
the Final Guidelines to community banks.
    Preservation of existing authority. The proposed guidelines stated 
that neither section 39 of the FDIA nor the OCC's part 30 rules in any 
way limited the authority of the OCC to address unsafe or unsound 
practices or conditions or other violations of law.\12\ We received no 
comments on this provision, and we are adopting it as proposed.
---------------------------------------------------------------------------

    \12\ Section 39 preserves all authority otherwise available to 
the OCC, stating ``The authority granted by this section is in 
addition to any other authority of the Federal banking agencies.'' 
See 12 U.S.C. 1831p-1(g).
---------------------------------------------------------------------------

    Definitions. The proposed guidelines included definitions of 
``average total consolidated assets,'' ``bank,'' ``covered bank,'' 
``recovery,'' ``recovery plan,'' and ``trigger.'' The proposal defined 
the term ``recovery'' to mean timely and appropriate action that a 
covered bank takes to remain a going concern when it is experiencing or 
is likely to experience considerable financial or operational distress 
and provided that a covered bank in recovery had not yet deteriorated 
to the point where liquidation or resolution is imminent. The proposal 
defined ``recovery plan'' as a plan that identified triggers and 
options for a covered bank to respond to a wide range of severe 
internal and external stress scenarios and to restore a covered bank 
that is in recovery to financial and operational strength and viability 
in a timely manner while maintaining the confidence of market 
participants. This definition further stated that neither the plan nor 
the options could assume or rely on any extraordinary government 
support.
    The proposal defined ``trigger'' as a ``quantitative or qualitative 
indicator of the risk or existence of severe stress that should always 
be escalated to management or the board, as appropriate, for purposes 
of initiating a response.'' It stated that the breach of any trigger 
should result in timely notice, accompanied by sufficient information, 
to enable management of the covered bank to take corrective action.
    The OCC received one comment regarding references to the 
``operational'' effects of severe stress in the proposal. The commenter 
stated that a covered bank's recovery plan should address the effects 
of operational stress events (e.g., cyber events, natural disasters, 
unanticipated changes in senior management) only to the extent that 
such stress events affect the bank's financial strength and viability. 
The commenter noted that a covered bank addresses the operational 
effects of stress events in its other risk management plans (e.g., 
disaster recovery, business continuity). The commenter also stated that 
the Final Guidelines would be inconsistent with Board, Financial 
Stability Board, and European Banking Authority recovery planning 
provisions if they stated that a covered bank's recovery plan should 
address the operational effects of severe stress. The OCC agrees--a 
recovery plan should address the financial, not the operational, 
effects of severe stress.
    The proposal defined the term ``recovery plan'' to include 
restoring a covered bank's ``financial and operational strength and 
viability.'' The same commenter noted that the purpose of a recovery 
plan is to help a covered bank restore its financial, not its 
operational, strength and viability. The commenter stated that covered 
banks address the restoration of operational strength and viability in 
other risk

[[Page 66794]]

management plans (e.g., disaster recovery, business continuity). The 
OCC agrees and has revised the definition of ``recovery plan'' by 
removing ``and operational'' to clarify that the purpose of a recovery 
plan is to help a covered bank restore its financial strength and 
viability. While a recovery plan might address operational stress 
scenarios and identify recovery options that are operational in nature, 
the triggers in the recovery plan should alert the bank to the possible 
or actual financial effects of stress, and the recovery options should 
be designed to restore the bank's financial strength and viability. We 
made conforming changes throughout the document to reflect this change.
    The proposal prohibited reliance on extraordinary government 
support in a recovery plan. The OCC received a comment asking it to 
clarify how this prohibition would apply when a foreign government 
controls a covered bank. While we have not changed the prohibition set 
forth in the definition of ``recovery plan,'' the OCC acknowledges that 
exceptions to this prohibition may exist with respect to support of a 
covered bank by a foreign government. We recommend that an affected 
covered bank discuss this situation with its OCC examiner.
    The OCC received no other comments on these definitions. We have 
clarified, however, several terms defined in the Final Guidelines. 
First, we revised the definition of ``covered bank'' to reflect the 
proposal's preamble statement that ``covered bank'' includes a bank 
with average total consolidated assets of less than $50 billion if it 
was previously a covered bank, unless the OCC determines otherwise. 
Second, we changed the word ``distress'' in the definition of 
``recovery'' to ``stress.'' While the term ``distress'' can be used to 
describe either stress itself or the effect of stress, we intended in 
this context to refer to stress itself. Third, we revised the 
definition of ``trigger'' to clarify that the breach of a trigger, not 
the trigger itself, should be escalated and that the escalation should 
be to senior management. Finally, we have clarified that a trigger 
breach can be escalated to either the board or an appropriate committee 
of the board,\13\ and we have made conforming changes throughout the 
document where necessary to address the role of an appropriate 
committee of the board. Except as otherwise noted above, we are 
adopting these definitions as proposed.
---------------------------------------------------------------------------

    \13\ We received a comment requesting that the OCC be flexible 
in applying provisions of the Final Guidelines referencing the board 
or an appropriate committee of the board to Federal branches, which 
do not have boards of directors. In applying the Final Guidelines to 
insured Federal branches that are covered banks, OCC examiners will 
consult with the branch to determine the appropriate person or 
committee to undertake the responsibilities assigned to the board of 
directors or an appropriate committee of the board under the Final 
Guidelines.
---------------------------------------------------------------------------

Section II: Recovery Plan

    A. Recovery plan. Subsection A of the proposal stated that each 
covered bank should develop and maintain a recovery plan appropriate 
for its individual size, risk profile, activities, and complexity, 
including the complexity of its organizational and legal entity 
structure. In response to this statement, commenters requested that the 
OCC clarify its expectations with regard to the length and detail of 
recovery plans and asked that the Final Guidelines elaborate on a 
covered bank's ability to tailor its recovery plan to its particular 
operations.
    We note that a covered bank's recovery plan need only be as long 
and as detailed as is necessary to satisfy these Final Guidelines. The 
OCC does not have any expectations regarding a plan's length or detail, 
nor does it expect that recovery plans will mirror the length or detail 
of resolution plans. Further, the OCC agrees that a covered bank may 
tailor its recovery plan to its unique size, risk profile, activities, 
and complexity. Therefore, a smaller, less complex bank may have a 
shorter, less complex recovery plan. The stress scenarios, triggers, 
and recovery options appropriate for a covered bank that engages 
primarily in retail and commercial banking are likely to be different 
from those for a covered bank that engages in significant trading or 
capital market activities. Those appropriate for a covered bank that 
engages primarily in domestic activities are likely to be different 
from those for a covered bank with extensive foreign activities. For 
the sake of clarity, we have added language to this description stating 
that a recovery plan should be specific to the unique characteristics 
of each covered bank. We have otherwise adopted this subsection as 
proposed.
    B. Elements of recovery plan. Subsection B set forth the eight 
elements of a recovery plan.
    1. Overview of covered bank. The proposed guidelines stated that a 
recovery plan should include a detailed description of the covered 
bank's overall organizational and legal structure, including its 
material entities, critical operations, core business lines, and core 
management information systems. The proposal stated that this 
description should explain interconnections and interdependencies: (i) 
Across business lines within the covered bank; (ii) with affiliates in 
a bank holding company structure; (iii) between a covered bank and its 
foreign subsidiaries; and (iv) with critical third parties. As 
explained in the proposal's preamble, the OCC used the terms 
``interconnections'' and ``interdependencies'' in a manner consistent 
with FDIC and Board resolution plan regulations. The preamble cited the 
following as examples of interconnections and interdependencies: (i) 
Relationships with respect to credit exposures, investments, or funding 
commitments; (ii) guarantees including an acceptance, endorsement, or 
letter of credit issued for the benefit of an affiliate during normal 
periods, as opposed to during a crisis; and (iii) payment services, 
treasury operations, collateral management, information technology 
(IT), human resources (HR), and other operational functions. It 
explained that the plan should address whether a disruption of these 
interconnections or interdependencies would materially affect the 
covered bank and, if so, how.
    Commenters asked the OCC to confirm in the Final Guidelines that 
other terms, including ``material entities,'' ``critical operations,'' 
and ``core business lines,'' may be interpreted consistent with the use 
of those terms elsewhere, such as resolution planning regulations and 
Heightened Standards. The OCC confirms that a covered bank may include 
in its recovery plan concepts and terms used elsewhere, provided the 
bank's resulting recovery plan is consistent with the Final Guidelines. 
In order to facilitate the OCC's understanding of a covered bank's 
recovery planning process, a bank's recovery plan should indicate which 
key terms are drawn from other sources and identify the sources. 
Otherwise, we adopt this element as proposed.
    2. Triggers. The proposal stated that a recovery plan should 
identify triggers that appropriately reflected a covered bank's 
particular vulnerabilities. As explained in the preamble, in order for 
a covered bank to identify such triggers, the bank should design severe 
stress scenarios that would threaten its critical operations or cause 
it to fail if the bank did not implement one or more recovery options 
in a timely manner. The preamble further explained that these scenarios 
should range from those that cause significant hardship to those that 
bring the covered bank close to default, but not into resolution.
    As explained in the proposal, in designing stress scenarios, a 
covered bank should consider a range of bank-specific and market-wide 
scenarios, individually and in the aggregate, that

[[Page 66795]]

are immediate and prolonged. The proposal explained that a covered bank 
should design the stress scenarios to result in capital shortfalls, 
liquidity pressures, or other significant financial losses. The 
preamble included as examples of bank-specific stress scenarios: Fraud; 
a portfolio shock; a significant cyber attack \14\ or other wide-scale 
operational event; an accounting and tax issue; an event that caused a 
reputational crisis and degraded customer or market confidence; and 
other key stresses that management identified. Although not mentioned 
in the proposal, another example of a covered bank-specific stress 
scenario is the failure of the bank's parent company or a significant 
affiliate.
---------------------------------------------------------------------------

    \14\ As explained in the proposal, a significant cyber attack 
includes an event that has an impact on a covered bank's computer 
network(s) or the computer network(s) of one of its third-party 
service providers and that significantly undermines the covered 
bank's data or processes.
---------------------------------------------------------------------------

    Examples of market-wide stress scenarios included: A disruption of 
domestic or global financial markets; a failure or impairment of 
systemically important financial industry participants, critical 
financial market infrastructure firms, and critical third-party 
relationships; significant changes in debt or equity valuations, 
currency rates, or interest rates; the widespread interruption of 
critical infrastructure that significantly degraded operational 
capability; \15\ and other unfavorable economic conditions. It should 
also be noted that stress scenarios are important tools that a covered 
bank uses to determine areas of vulnerability and to help it identify 
the appropriate triggers. While they need not be included in the plan 
itself, they are a critical part of the planning process and should be 
documented for OCC examiners to consider and discuss with a covered 
bank as part of the agency's overall evaluation of a bank's plan.
---------------------------------------------------------------------------

    \15\ As explained in the proposal, an example of this type of 
interruption includes a disruption to a payment, clearing, or 
settlement system that significantly affects the covered bank's 
ability to access that system.
---------------------------------------------------------------------------

    With respect to the development of stress scenarios, commenters 
requested that the Final Guidelines not require a covered bank to 
develop stress scenarios other than those required for supervisory 
stress tests (i.e., Comprehensive Capital Analysis and Review (CCAR) 
and Dodd-Frank Act Stress Testing (DFAST)). We recognize that the 
scenarios used to conduct supervisory stress tests may be appropriate 
for purposes of identifying triggers under these Final Guidelines. 
However, a covered bank should evaluate those scenarios in the context 
of these Final Guidelines and consider whether different or additional 
scenarios are appropriate, including whether these specific scenarios 
are sufficiently severe to cause the bank to be in recovery--i.e., 
scenarios that bring the bank to the brink of resolution.
    The proposal's discussion of the triggers that a covered bank 
should include in its recovery plan explained that these triggers 
should address a continuum of increasingly severe stress, ranging from 
triggers that provide a warning of the likely occurrence of severe 
stress to those that indicate the actual existence of severe stress. It 
stated that the number and nature of triggers should be appropriate for 
the covered bank's size, risk profile, activities, and complexity. As 
the proposal further explained, the nature of a trigger should inform 
the nature of the response. For example, the preamble stated that, in 
some situations, the appropriate response to the breach of a trigger 
should be enhanced monitoring; in other situations, the breach of a 
trigger should result in activating a more specific recovery option set 
forth in the plan or taking other corrective action. As the proposal 
noted, however, the breach of a particular trigger does not necessarily 
correspond to a single recovery option; instead, more than one option 
may be appropriate when a particular trigger is breached.
    The preamble to the proposal stated that quantitative triggers 
included changes in covered bank-specific indicators that reflect the 
covered bank's capital or liquidity position. The proposal stated that 
a covered bank should also consider quantitative triggers other than 
capital or liquidity that may have an impact on its condition, such as 
a rating downgrade; access to credit and borrowing lines; equity 
ratios; profitability; asset quality; or other macroeconomic 
indicators. It also noted that a covered bank should be prepared to act 
if it is at risk, regardless of whether a trigger has been breached or 
the recovery plan includes options that specifically addressed the 
problems the bank faced.
    The proposal also stated that qualitative triggers would include 
the unexpected departure of senior leadership; the erosion of 
reputation or market standing; the impact of an adverse legal ruling; 
and a material operational event that affects the covered bank's 
ability to access critical services or to deliver products or services 
to its customers for a material period of time. In retrospect, we 
believe these scenarios more accurately describe stress events that may 
affect a covered bank's financial strength and viability than triggers 
that indicate the stress. However, while we anticipate that most 
triggers will be quantitative indicators, we have retained the 
reference to qualitative indicators that have a financial effect on a 
bank to allow for those that a bank may identify.
    The proposal noted that a covered bank should review and update its 
triggers, as necessary, to take into account changes in laws and 
regulations and other material events. In addition, it stated that a 
covered bank should consider any regulatory or legal consequences 
resulting from the breach of a particular trigger. We made no changes 
to this element and adopt it as proposed.
    3. Options for recovery. The proposed guidelines stated that a 
recovery plan should identify a wide range of credible options that a 
covered bank could undertake to restore its financial and operational 
strength and viability, thereby allowing the bank to continue to 
operate as a going concern and avoid liquidation or resolution. The 
proposed guidelines further provided that a recovery plan should 
explain how the covered bank would carry out each recovery option, 
describe the timing for each option, and identify options that require 
regulatory or legal approval.
    The preamble to the proposal explained that the recovery plan 
should include a description of the decision-making process for 
implementing each option, outline the steps the bank will follow, 
identify the critical parties to carry out each option, and address 
timing considerations. It also stated that a recovery plan should 
identify obstacles to executing an option and set out mitigation 
strategies to address these obstacles. Finally, the preamble provided 
that the plan should identify those options that would require 
regulatory or legal approval and, consistent with the proposal's 
definition of ``recovery plan,'' that neither the plan nor the options 
may assume or rely on any extraordinary government support.\16\
---------------------------------------------------------------------------

    \16\ The role of extraordinary governmental support in the 
recovery plans of covered banks that are controlled by a foreign 
government is discussed above.
---------------------------------------------------------------------------

    The preamble noted that a covered bank should be able to execute 
plan options within time frames that would allow the options to be 
effective during periods of stress. It also provided examples of 
recovery options, including the conservation or restoration of 
liquidity and capital; the sale, transfer, or disposal of significant 
assets, portfolios, or business lines; steps that reduce the covered 
bank's risk profile;

[[Page 66796]]

the restructuring of liabilities; the activation of emergency 
protocols; organizational restructuring, including divesting legal 
entities in order to simplify the covered bank's structure; and 
implementing succession planning. To facilitate an understanding of how 
the stress scenarios, triggers, and options relate to each other, the 
proposal included the following chart:

------------------------------------------------------------------------
                                                       Possible options
    Examples of severe stress      Possible triggers    in response to
            scenarios                                      triggers
------------------------------------------------------------------------
Idiosyncratic stress: Trading      Tier 1      Issue new
 losses caused by a rogue trader.  capital falls       capital.
                                   below 6%.           Sell
                                   Liquidity   nonstrategic
                                   falls below         assets or
                                   internal bank       businesses.
                                   policy              Reduce
                                   requirements.       loan originations
                                                       or commitments.
Systemic stress: Significant       Short-      Sell
 decline in U.S. gross domestic    term credit         strategic assets
 product, coupled with an          rating falls        or businesses.
 increase in the U.S.              below A-3.          Reduce
 unemployment rate and a                       expenses (e.g.,
 deterioration in U.S.             Nonperforming       business
 residential housing market.       loans rise above    contractions).
                                   a specified         Access
                                   percentage.         the Board's
                                   Market      Discount Window.
                                   capitalization
                                   falls below a
                                   specific limit
                                   for a certain
                                   period of time.
------------------------------------------------------------------------

    As discussed above, the OCC has clarified that the recovery options 
detailed in a recovery plan are those that respond to the financial 
effects of severe stress. To effect this clarification in this element 
of the plan, we have removed ``and operational'' from the description 
of the options for recovery in the Final Guidelines. We otherwise adopt 
this element as proposed. The OCC also notes that a covered bank should 
not view the options in its plan as exclusive or a specific trigger as 
necessitating the execution of a particular option. Rather, a covered 
bank should use its judgment to determine the most appropriate options 
for the bank to take during a period of severe stress.
    4. Impact assessments. The proposed guidelines provided that, for 
each recovery option, a covered bank should assess and describe how the 
option would affect the covered bank. The guidelines stated that this 
impact assessment and description should specify the procedures the 
covered bank would use to maintain the financial and operational 
strength and viability of its material entities, critical operations, 
and core business lines for each recovery option. For each option, the 
recovery plan's impact assessment should address: (i) The effect on the 
covered bank's capital, liquidity, funding, and profitability; (ii) the 
effect on its material entities, critical operations, and core business 
lines, including reputational impact; and (iii) any legal or market 
impediment or regulatory requirement that the bank would need to 
address or satisfy to implement the option.\17\
---------------------------------------------------------------------------

    \17\ Although not mentioned in the proposal, we note that a 
covered bank's assessment of the legal or market impediments or 
regulatory requirements relevant to its recovery options should 
address any timing issues presented by these impediments or 
requirements.
---------------------------------------------------------------------------

    As the preamble explained, the assessment should analyze the effect 
each option would have on the covered bank, including its internal 
operations (e.g., IT systems, suppliers, HR operations) and its access 
to market infrastructure (e.g., clearing and settlement facilities, 
payment systems, additional collateral requirements). The OCC received 
no comments on this provision. Consistent with the discussion above, 
however, we have removed ``and operational.'' Otherwise, we make no 
material changes to this element as proposed.
    5. Escalation procedures. The proposed guidelines stated that a 
recovery plan should clearly outline the process for escalating 
decision-making to senior management or the board, as appropriate, in 
response to the breach of a trigger. The proposal also stated that the 
plan should identify the departments and persons responsible for making 
and executing these decisions and describe the process for informing 
stakeholders (e.g., shareholders, counsel, accountants, regulators) 
when necessary. As the preamble explained, at a minimum, the escalation 
procedures should result in the covered bank taking action before 
remedial supervisory action is necessary.
    The OCC received no substantive comments on this element of the 
plan. However, we have clarified that the breach of any trigger should 
be escalated, which is consistent with the definition of ``trigger.'' 
In addition, we have clarified that the recovery plan should identify 
the departments and persons responsible for executing the decisions of 
senior management or the board (or an appropriate committee of the 
board). Otherwise, we have adopted this element as proposed.
    6. Management reports. The proposed guidelines stated that a 
recovery plan should require reports that provide management or the 
board with sufficient data and information to make timely decisions 
regarding the appropriate actions necessary to respond to the breach of 
a trigger. As explained in the preamble, the reports to management or 
the board should allow them to monitor the covered bank's progress in 
response to the actions taken under the recovery plan. The OCC received 
no comments on this element of the plan. As a clarification, however, 
the OCC has amended the Final Guidelines to state that reports should 
be made to senior management. Otherwise, we adopt the language as 
proposed.
    7. Communication procedures. As provided in the proposed 
guidelines, a recovery plan should provide that the covered bank notify 
the OCC of any significant breach of a trigger and any action taken or 
to be taken in response to such breach and explain the process for 
deciding when a breach of a trigger is significant. The preamble noted 
that a covered bank should work closely with the OCC when executing its 
recovery plan.
    The proposal also stated that a recovery plan should address when 
and how the covered bank will notify persons within the organization 
and other external parties of its actions under the recovery plan. This 
notice is to ensure that all stakeholders are informed in a timely 
manner of how the covered bank has responded or is responding to a 
breach of a trigger. In addition, the proposed guidelines stated that 
the recovery plan should identify how the covered bank would obtain 
required regulatory or legal approvals, in order to ensure that the 
bank receives such approval(s) in a timely manner. The OCC received no 
comments on this element of a recovery plan, and we adopt it as 
proposed.
    8. Other information. As set forth in the proposed guidelines, a 
recovery plan should include any other information that the OCC 
communicates in writing directly to the covered bank regarding the 
bank's recovery plan. The preamble also stated that a well-developed 
recovery plan should consider relevant information included in other 
written

[[Page 66797]]

OCC or Federal Financial Institutions Examination Council material. The 
OCC received no comments on this element of a recovery plan, and we 
adopt it as proposed.
    C. Relationship to other processes; coordination with other plans. 
The proposed guidelines stated that a covered bank should integrate its 
recovery plan into its corporate governance and risk management 
functions and coordinate its recovery planning with its strategic; 
operational (including business continuity); contingency; capital 
(including stress testing); liquidity; and resolution planning. As the 
OCC explained in the preamble, in many cases, these plans may be 
interconnected and require the covered bank to coordinate among them.
    The proposed guidelines also stated that, to the extent possible, a 
covered bank should align its recovery plan with any recovery and 
resolution planning efforts by the covered bank's holding company, so 
that the plans are consistent with and do not contradict each other. As 
the OCC stated in the preamble, some inconsistencies may be unavoidable 
because recovery planning and resolution planning differ: Recovery 
planning addresses a bank as a going concern; resolution planning 
starts from the point of an entity's non-viability. In addition, the 
preamble noted that covered banks are an integral part of bank holding 
company recovery and resolution plans; as a result, it stated that a 
covered bank might be able to leverage certain elements in these other 
plans. As an example, the proposal referenced resolution plans, which 
typically require a bank to map its critical operations. It noted that 
this mapping exercise might be useful to the bank's recovery plan 
description of interconnections and interdependencies.
    The OCC received several comments on this element of the plan 
requesting the OCC to confirm that covered banks are permitted to 
leverage existing processes, such as those for stress testing, 
resolution planning, contingency planning, risk governance, and holding 
company recovery plans, when developing recovery plans. One commenter 
requested that the Final Guidelines permit a covered bank to use its 
holding company's recovery plan to satisfy its obligations under the 
Final Guidelines, if the risk profiles of both entities are 
substantially the same. Another commenter asserted that a covered bank 
should be permitted to leverage its existing governance structure to 
satisfy its management and board responsibilities under these Final 
Guidelines.
    As explained in the preamble to the proposal, the OCC recognizes 
that many covered banks already engage in significant planning, 
including planning responses to cyber attacks, business interruptions, 
and leadership vacancies. Some banks also undertake a range of other 
planning, including strategic, contingency, capital (including stress 
testing), liquidity, and resolution. The same is true for their parent 
holding companies or affiliates. As also noted in the proposal, we do 
not intend for the recovery planning described in these Final 
Guidelines to be needlessly burdensome or duplicative of these other 
planning processes. The OCC expects, however, that a covered bank's 
recovery plan will identify the recovery strategies that are specific 
to that bank and, as appropriate, distinguishable from the recovery 
strategies of its holding company or affiliates. Furthermore, while we 
encourage covered banks to leverage their existing processes, including 
by incorporating or cross-referencing portions or elements of relevant 
plans, in most cases, it is unlikely that a covered bank will be able 
to use a plan prepared for another purpose or entity to satisfy the 
Final Guidelines.\18\ As we have noted previously, the purpose of these 
Final Guidelines is to provide a comprehensive framework for evaluating 
how severe stress would financially affect a covered bank specifically 
and the recovery options that would allow that bank to remain viable 
under such stress.
---------------------------------------------------------------------------

    \18\ When a covered bank comprises a substantial percentage of 
its holding company's assets (i.e., 95%), the holding company's 
recovery plan, if any, may serve as the bank's recovery plan, 
provided that such plan satisfies these Final Guidelines.
---------------------------------------------------------------------------

    The OCC is making several changes to this provision as proposed. 
First, we have revised this subsection so that the Final Guidelines 
themselves state that a covered bank's recovery plan should be specific 
to the unique characteristics of that bank. Second, we are clarifying 
that the other plans identified in the proposed guidelines with which a 
covered bank should coordinate its recovery planning is not an 
exclusive list. Instead, these are examples of other types of plans. 
Third, we are replacing the phrase ``risk management and corporate 
governance'' with ``risk governance,'' which we believe incorporates 
the concepts of both risk management and corporate governance as it 
relates to risk management. Other than these and other minor changes, 
we adopt this provision as proposed.

Section III: Management's and the Board's Responsibilities

    Section III of the proposed guidelines addressed the 
responsibilities of a covered bank's management and board with respect 
to the recovery plan and stated that these responsibilities should be 
included in the bank's recovery plan.
    The proposed guidelines provided that management should review its 
bank's recovery plan at least annually and in response to a material 
event. It further stated that management should revise the plan as 
necessary to reflect material changes in the covered bank's size, risk 
profile, activities, and complexity, as well as changes in external 
threats. The preamble explained that during this review, management 
should consider the ongoing relevance and applicability of the stress 
scenarios used to identify the plan's triggers and revise the recovery 
plan as needed.
    The proposed guidelines also stated that management's review should 
include evaluating the covered bank's organizational structure and its 
effectiveness in facilitating recovery. The preamble explained that 
this review should include its legal structure, number of entities, 
geographical footprint, booking practices (e.g., guarantees, 
exposures), and servicing arrangements. The preamble stated that both 
management and the board should provide justification for the covered 
bank's organizational and legal structures and outline changes that 
would enhance their ability to oversee the covered bank in times of 
stress. As explained in the preamble, a more rational legal structure 
can provide a clearer path to recovery and the operational flexibility 
necessary to implement a recovery plan.
    Several commenters requested that the OCC recognize the need for a 
covered bank to have flexibility regarding the timing of management's 
annual review of its recovery plan. These commenters explained that 
this flexibility would facilitate a covered bank's ability to meet 
deadlines associated with other requirements, such as stress testing. 
The OCC agrees that management should have flexibility to conduct its 
annual reviews on its preferred schedule. As noted in the proposal, OCC 
examiners will assess the appropriateness and adequacy of the covered 
bank's ongoing recovery planning process as part of the agency's 
regular supervisory activities, which we believe will provide covered 
banks with the flexibility they need.
    Commenters also requested the OCC to clarify that it is not 
necessary for

[[Page 66798]]

management to recommend changes to a covered bank's organizational and 
legal entity structure as part of every annual review of the bank's 
recovery plan. The OCC agrees that a covered bank's management should 
only recommend changes to a bank's organizational and legal entity 
structure when such changes are necessary or appropriate.
    The proposed guidelines also stated that the board is responsible 
for overseeing the covered bank's recovery planning process. As part of 
this oversight, the preamble explained that the board should work 
closely with the bank's senior management in developing and executing 
the recovery plan. The proposed guidelines also stated that a covered 
bank's board, or an appropriate committee of the board, should review 
and approve the bank's recovery plan at least annually and as needed to 
address any changes made by management.
    A number of commenters expressed concern that the preamble's use of 
``developing and executing'' to describe a covered bank board's role 
with respect to a recovery plan is inconsistent with a board's 
traditional oversight role. It is not the OCC's intent to expand the 
board's role, and we note that the regulatory text in both the proposal 
and Final Guidelines describe the role of the board as ``oversight.''
    Commenters also asked the OCC to clarify that a covered bank's 
board need only review and approve a bank's plan yearly, and as 
necessary to address significant, as opposed to all, changes to a plan. 
We have amended the Final Guidelines to reflect this and otherwise 
adopt this section as proposed.

Description of Technical Amendments to Part 30

    We also are including with these Final Guidelines technical and 
conforming amendments to the part 30 regulations to add references to 
new Appendix E, which contains the Final Guidelines, where appropriate.

Regulatory Analysis

Paperwork Reduction Act

    The OCC has determined that the Final Guidelines include 
collections of information pursuant to the provisions of the Paperwork 
Reduction Act of 1995 (PRA) (44 U.S.C. 3501 et seq.). In accordance 
with PRA, the OCC may not conduct or sponsor, and an organization is 
not required to respond to, an information collection unless the 
information collection displays a currently valid Office of Management 
and Budget (OMB) control number. The OCC submitted the information 
collections contained in the proposed guidelines to OMB for review and 
approval, pursuant to 44 U.S.C. 3506 and section 1320.11 of the OMB 
implementing regulations (5 CFR part 1320). OMB instructed the OCC to 
examine any public comments it received in response to the proposed PRA 
estimate and to describe in the supporting statement of its next 
collection any relevant comments, as well as the OCC's response to such 
comments. The OCC has re-submitted the information collections to OMB 
in connection with the final rule.
    The collections of information that are subject to the PRA in these 
Final Guidelines are found in 12 CFR part 30, appendix E, sections 
II.B., II.C., and III. Section II.B. of this appendix specifies the 
elements of the recovery plan, including an overview of the covered 
bank; triggers; options for recovery; impact assessments; escalation 
procedures; management reports; and communication procedures. Section 
II.C. of this appendix addresses the relationship of the plan to other 
covered bank processes and coordination with other plans, including the 
processes and plans of its bank holding company. Section III of this 
appendix outlines management's and the board's responsibilities.
    We received one comment on our proposed information collection from 
an individual, which addressed all four of the questions below. First, 
the commenter argued that a stress event that threatens the viability 
of a covered bank is the result of either an event that the bank could 
not have foreseen or failed prudential supervision by the OCC. In 
either case, the commenter argued, a recovery plan will be useless. In 
addition, this commenter argued that if a covered bank treats its 
recovery plan like a prescriptive playbook, the plan will fail and, 
alternatively, if a recovery plan only provides guidelines, the plan 
will have no practical utility.
    In response, as noted above, the OCC believes that stress scenarios 
are important tools that a covered bank uses to determine areas of 
vulnerability and help it identify the appropriate triggers. The OCC 
understands that a covered bank's recovery planning process will not 
result in a plan that identifies every trigger and option for every 
possible scenario--but we do believe that the processes of recovery 
planning and codification of a plan will help a covered bank manage the 
stresses it encounters. With respect to the role of a recovery plan 
during a period of severe stress, as noted above, a covered bank should 
use its judgment to determine the most appropriate options for the bank 
to take to preserve its financial strength and viability.
    The commenter also stated that the OCC's burden estimate was too 
low. The OCC believes that its original estimate was realistic given 
the requirements of the proposed guidelines and has included the same 
estimate in the Final Guidelines. We have adjusted, however, the 
estimate of respondents to reflect the most recent data available.
    In addition, the commenter stated that the agency could enhance the 
quality and utility of the information collection by requiring only 
triggers and response options in its plans. In response, as noted 
above, the OCC believes that stress scenarios are important tools that 
a covered bank uses to determine areas of vulnerability and identify 
appropriate triggers. We include the overview of the covered bank as a 
plan element because a covered bank's organizational and legal entity 
structure is likely to change often; its inclusion will both ensure 
that the bank consider the entire organization in the development of 
its plan and assist the bank in understanding the recovery plan's 
relationship with its other planning efforts.
    The commenter also stated that the proposed information collection 
is duplicative of and redundant to information that the OCC currently 
collects. In response, the OCC recognizes that some information 
necessary for recovery planning may have been compiled or provided to 
the OCC for other purposes. However, we believe that it is necessary 
for a covered bank to assemble this information in the context of 
recovery planning in order to develop an appropriate plan to respond to 
future stresses. We encourage, however, covered banks to leverage, 
including by cross-referencing if appropriate, this prior work. 
Finally, the commenter argued that it is burdensome to ask a covered 
bank to connect its recovery plan with its other plans. In response, 
the OCC notes that a covered bank's various plans are not intended to 
operate in a vacuum and must be compatible with each other in order to 
be effective.
    Title: OCC Guidelines Establishing Standards for Recovery Planning 
by Certain Large Insured National Banks, Insured Federal Savings 
Associations, and Insured Federal Branches
    OMB Control No.: To be assigned by OMB.
    Frequency of Response: On occasion.
    Affected Public: Businesses or other for-profit organizations.
    Burden Estimates:
    Total Number of Respondents: 25.

[[Page 66799]]

    Total Burden per Respondent: 7,543 hours.
    Total Burden for Collection: 188,575 hours.
    Comments should be submitted as provided below and continue to be 
invited on: (1) Whether the proposed collection of information is 
necessary for the proper performance of the OCC's functions, including 
whether the information has practical utility; (2) the accuracy of the 
OCC's estimate of the burden of the proposed information collection, 
including the cost of compliance; (3) ways to enhance the quality, 
utility, and clarity of the information to be collected; and (4) ways 
to minimize the burden of information collection on respondents, 
including through the use of automated collection techniques or other 
forms of IT.
    Because paper mail may be subject to delay, commenters are 
encouraged to submit comments by email to regs.comments@occ.treas.gov, 
if possible. Alternatively, comments may be mailed to Legislative and 
Regulatory Activities Division, Office of the Comptroller of the 
Currency, Attention: 1557-0321, 400 7th Street SW., Suite 3E-218, Mail 
Stop 9W-11, Washington, DC 20219 or faxed to (571) 465-4326. 
Additionally, commenters should send a copy of their comments to the 
OCC's OMB desk officer by: mail to Office of Information and Regulatory 
Affairs, U.S. Office of Management and Budget, New Executive Office 
Building, Room 10235, 725 17th Street NW., Washington, DC 20503; fax to 
(202) 395-6974; or email to oira.submission@omb.eop.gov.
    You may personally inspect and photocopy comments at the OCC, 400 
7th Street SW., Washington, DC 20219. For security reasons, the OCC 
requires that visitors make an appointment to inspect comments. You may 
do so by calling (202) 649-6700. Upon arrival, visitors will be 
required to present valid government-issued photo identification and 
submit to a security screening.
    All comments received, including attachments and other supporting 
materials, are part of the public record and subject to public 
disclosure. Do not enclose any information in your comment or 
supporting materials that you consider confidential or inappropriate 
for public disclosure.
    You may request additional information on the collection from 
Shaquita Merritt, Program Specialist, at (202) 649-6302 or, for persons 
who are deaf or hard of hearing, TTY, (202) 649-5597, Legislative and 
Regulatory Activities Division, Office of the Comptroller of the 
Currency, 400 7th Street SW., Suite 3E-218, Mail Stop 9W-11, 
Washington, DC 20219.

Regulatory Flexibility Analysis

    Pursuant to section 605(b) of the Regulatory Flexibility Act, 5 
U.S.C. 605(b) (RFA), the regulatory flexibility analysis otherwise 
required under section 603 of the RFA is not required if the agency 
certifies that a rule will not have a significant economic impact on a 
substantial number of small entities (defined for purposes of the RFA 
to include commercial banks and savings institutions with assets less 
than or equal to $550 million and trust companies with assets less than 
or equal to $38.5 million) and publishes this certification and a 
short, explanatory statement in the Federal Register with the rule. The 
OCC has determined that the Final Guidelines will have no impact on 
small entities. The Final Guidelines apply only to insured national 
banks, insured Federal savings associations, and insured Federal 
branches of foreign banks with $50 billion or more in average total 
consolidated assets. Although the Final Guidelines reserve the OCC's 
authority to apply them to an insured national bank, insured Federal 
savings association, or insured Federal branch of a foreign bank with 
less than $50 billion in average total consolidated assets if the OCC 
determines such entity is highly complex or otherwise presents a 
heightened risk, the OCC does not expect to determine any small 
entities to be highly complex or otherwise to present a heightened 
risk. Therefore, the OCC certifies that these Final Guidelines will not 
have a significant economic impact on a substantial number of small 
entities.

Unfunded Mandates Reform Act Analysis

    In accordance with section 202 of the Unfunded Mandates Reform Act 
of 1995 (2 U.S.C. 1532), the OCC prepares a budgetary impact statement 
before promulgating any rule that includes a Federal mandate that may 
result in the expenditure by State, local, and tribal governments, in 
the aggregate, or by the private sector, of $100 million or more in any 
one year (adjusted annually for inflation). The OCC has determined that 
these Final Guidelines will not result in expenditures by State, local, 
and tribal governments, in the aggregate, or by the private sector, of 
$100 million or more in any one year (adjusted annually for inflation). 
Accordingly, the OCC has not prepared a budgetary impact statement.

Consideration of Administrative Burdens and Benefits and Effective Date

    Section 302(a) of the Riegle Community Development and Regulatory 
Improvement Act of 1994 (CDRI) (12 U.S.C. 4802(a)) requires the OCC, in 
determining the effective date and administrative compliance 
requirements for new regulations that impose additional reporting, 
disclosure, or other requirements on insured depository institutions, 
to consider, consistent with the principles of safety and soundness and 
the public interest, (1) any administrative burdens that such 
regulations would place on depository institutions, including small 
depository institutions and customers of depository institutions; and 
(2) the benefits of such regulations. In determining the effective date 
and administrative compliance requirements for these Final Guidelines, 
the OCC has considered these burdens and benefits, including the 
requests of commenters for a phased-in compliance period. To this end, 
the Final Guidelines include phased-in compliance dates and recognize 
the need for flexibility with respect to the timing of management's 
annual recovery plan review.
    Section 302(b) of CDRI (12 U.S.C. 4802(a)) requires that new OCC 
regulations, which impose additional reporting, disclosures, or other 
new requirements on insured depository institutions, take effect on the 
first day of a calendar quarter which begins on or after the date on 
which the regulations are published in final form, subject to certain 
exceptions not relevant here. This is in addition to the requirement in 
section 553(d) (5 U.S.C. 553(d)) of the Administrative Procedure Act, 
which requires that a substantive rule be effective no fewer than 30 
days after its publication, subject to certain exceptions not relevant 
here. The effective date of these Final Guidelines is consistent with 
these requirements.

List of Subjects in 12 CFR Part 30

    Banks, Banking, Consumer protection, National banks, Privacy, 
Safety and soundness, Reporting and recordkeeping requirements.

    For the reasons set forth in the preamble, and under the authority 
of 12 U.S.C. 93a, chapter I of title 12 of the Code of Federal 
Regulations is amended as follows:

PART 30--SAFETY AND SOUNDNESS STANDARDS

0
1. The authority citation for part 30 continues to read as follows:


[[Page 66800]]


    Authority:  12 U.S.C. 1, 93a, 371, 1462a, 1463, 1464, 1467a, 
1818, 1828, 1831p-1, 1881-1884, 3102(b) and 5412(b)(2)(B); 15 U.S.C. 
1681s, 1681w, 6801, and 6805(b)(1).


Sec.  30.1   [Amended]

0
2. Section 30.1 is amended by removing, in paragraph (a), ``appendices 
A, B, C, and D'' and adding in its place ``appendices A, B, C, D, and 
E''.

0
3. Section 30.2 is amended by adding a sentence at the end of the 
paragraph to read as follows:


Sec.  30.2   Purpose.

    * * * The OCC Guidelines Establishing Standards for Recovery 
Planning by Certain Large Insured National Banks, Insured Federal 
Savings Associations, and Insured Federal Branches are set forth in 
appendix E to this part.


Sec.  30.3   [Amended]

0
4. Section 30.3 is amended in paragraph (a) by removing ``the OCC 
Guidelines Establishing Standards for Residential Mortgage Lending 
Practices set forth in appendix C to this part, or the OCC Guidelines 
Establishing Heightened Standards for Certain Large Insured National 
Banks, Insured Federal Savings Associations, and Insured Federal 
Branches set forth in appendix D to this part'' and adding in its place 
``the OCC Guidelines Establishing Standards for Residential Mortgage 
Lending Practices set forth in appendix C to this part, the OCC 
Guidelines Establishing Heightened Standards for Certain Large Insured 
National Banks, Insured Federal Savings Associations, and Insured 
Federal Branches set forth in appendix D to this part, or the OCC 
Guidelines Establishing Standards for Recovery Planning by Certain 
Large Insured National Banks, Insured Federal Savings Associations, and 
Insured Federal Branches set forth in appendix E to this part''.

0
5. Appendix E is added to part 30 to read as follows:

Appendix E to Part 30--OCC Guidelines Establishing Standards for 
Recovery Planning by Certain Large Insured National Banks, Insured 
Federal Savings Associations, and Insured Federal Branches

Table of Contents

I. Introduction
    A. Scope
    B. Compliance date
    C. Reservation of authority
    D. Preservation of existing authority
    E. Definitions
II. Recovery Plan
    A. Recovery plan
    B. Elements of recovery plan
    1. Overview of covered bank
    2. Triggers
    3. Options for recovery
    4. Impact assessments
    5. Escalation procedures
    6. Management reports
    7. Communication procedures
    8. Other information
    C. Relationship to other processes; coordination with other 
plans
III. Management's and Board of Directors' Responsibilities
    A. Management
    B. Board of directors

I. Introduction

    A. Scope. This appendix applies to a covered bank, as defined in 
paragraph I.E.3. of this appendix.
    B. Compliance date.
    1. A covered bank with average total consolidated assets, 
calculated according to paragraph I.E.1. of this appendix, equal to or 
greater than $750 billion as of January 1, 2017 should comply with this 
appendix within 6 months from January 1, 2017.
    2. A covered bank with average total consolidated assets, 
calculated according to paragraph I.E.1. of this appendix, equal to or 
greater than $100 billion but less than $750 billion as of January 1, 
2017 should comply with this appendix within 12 months from January 1, 
2017.
    3. A covered bank with average total consolidated assets, 
calculated according to paragraph I.E.1. of this appendix, equal to or 
greater than $50 billion but less than $100 billion as of January 1, 
2017 should comply with this appendix within 18 months from January 1, 
2017.
    4. A bank with average total consolidated assets, calculated 
according to paragraph I.E.1. of this appendix, of less than $50 
billion as of January 1, 2017 but which subsequently becomes a covered 
bank should comply with this appendix within 18 months of becoming a 
covered bank.
    C. Reservation of authority.
    1. The OCC reserves the authority:
    a. To apply this appendix, in whole or in part, to a bank that has 
average total consolidated assets of less than $50 billion, if the OCC 
determines such bank is highly complex or otherwise presents a 
heightened risk that warrants the application of this appendix; or
    b. To determine that compliance with this appendix should not be 
required for a covered bank. The OCC will generally make this 
determination if a covered bank's operations are no longer highly 
complex or no longer present a heightened risk.
    2. In determining whether a bank or covered bank is highly complex 
or presents a heightened risk, the OCC will consider the bank's size, 
risk profile, scope of operations, activities, and complexity, 
including the complexity of its organizational and legal entity 
structure. Before exercising the authority reserved by paragraph I.C.1. 
of this appendix, the OCC will apply notice and response procedures in 
the same manner and to the same extent as the notice and response 
procedures in 12 CFR 3.404.
    D. Preservation of existing authority. Neither section 39 of the 
Federal Deposit Insurance Act (12 U.S.C. 1831p-1) nor this appendix in 
any way limits the authority of the OCC to address unsafe or unsound 
practices or conditions or other violations of law. The OCC may take 
action under section 39 and this appendix independently of, in 
conjunction with, or in addition to any other enforcement action 
available to the OCC.
    E. Definitions.
    1. Average total consolidated assets means the average total 
consolidated assets of the bank or the covered bank, as reported on the 
bank's or the covered bank's Consolidated Reports of Condition and 
Income for the four most recent consecutive quarters.
    2. Bank means any insured national bank, insured Federal savings 
association, or insured Federal branch of a foreign bank.
    3. Covered bank means any bank:
    a. With average total consolidated assets equal to or greater than 
$50 billion;
    b. With average total consolidated assets of less than $50 billion 
if the bank was previously a covered bank, unless the OCC determines 
otherwise; or
    c. With average total consolidated assets less than $50 billion, if 
the OCC determines that such bank is highly complex or otherwise 
presents a heightened risk as to warrant the application of this 
appendix pursuant to paragraph I.C.1.a. of this appendix.
    4. Recovery means timely and appropriate action that a covered bank 
takes to remain a going concern when it is experiencing or is likely to 
experience considerable financial or operational stress. A covered bank 
in recovery has not yet deteriorated to the point where liquidation or 
resolution is imminent.
    5. Recovery plan means a plan that identifies triggers and options 
for responding to a wide range of severe internal and external stress 
scenarios to restore a covered bank that is in recovery to financial 
strength and viability in a timely manner. The options should maintain 
the confidence of market participants, and neither the plan nor the 
options may assume or rely on any extraordinary government support.

[[Page 66801]]

    6. Trigger means a quantitative or qualitative indicator of the 
risk or existence of severe stress, the breach of which should always 
be escalated to senior management or the board of directors (or 
appropriate committee of the board of directors), as appropriate, for 
purposes of initiating a response. The breach of any trigger should 
result in timely notice accompanied by sufficient information to enable 
management of the covered bank to take corrective action.

II. Recovery Plan

    A. Recovery plan. Each covered bank should develop and maintain a 
recovery plan that is specific to that covered bank and appropriate for 
its individual size, risk profile, activities, and complexity, 
including the complexity of its organizational and legal entity 
structure.
    B. Elements of recovery plan. A recovery plan under paragraph II.A. 
of this appendix should include the following elements:
    1. Overview of covered bank. A recovery plan should describe the 
covered bank's overall organizational and legal entity structure, 
including its material entities, critical operations, core business 
lines, and core management information systems. The plan should 
describe interconnections and interdependencies (i) across business 
lines within the covered bank, (ii) with affiliates in a bank holding 
company structure, (iii) between a covered bank and its foreign 
subsidiaries, and (iv) with critical third parties.
    2. Triggers. A recovery plan should identify triggers that 
appropriately reflect the covered bank's particular vulnerabilities.
    3. Options for recovery. A recovery plan should identify a wide 
range of credible options that a covered bank could undertake to 
restore financial strength and viability, thereby allowing the bank to 
continue to operate as a going concern and to avoid liquidation or 
resolution. A recovery plan should explain how the covered bank would 
carry out each option and describe the timing required for carrying out 
each option. The recovery plan should specifically identify the 
recovery options that require regulatory or legal approval.
    4. Impact assessments. For each recovery option, a covered bank 
should assess and describe how the option would affect the covered 
bank. This impact assessment and description should specify the 
procedures the covered bank would use to maintain the financial 
strength and viability of its material entities, critical operations, 
and core business lines for each recovery option. For each option, the 
recovery plan's impact assessment should address the following:
    a. The effect on the covered bank's capital, liquidity, funding, 
and profitability;
    b. The effect on the covered bank's material entities, critical 
operations, and core business lines, including reputational impact; and
    c. Any legal or market impediment or regulatory requirement that 
must be addressed or satisfied in order to implement the option.
    5. Escalation procedures. A recovery plan should clearly outline 
the process for escalating decision-making to senior management or the 
board of directors (or an appropriate committee of the board of 
directors), as appropriate, in response to the breach of any trigger. 
The recovery plan should also identify the departments and persons 
responsible for executing the decisions of senior management or the 
board of directors (or an appropriate committee of the board of 
directors).
    6. Management reports. A recovery plan should require reports that 
provide senior management or the board of directors (or an appropriate 
committee of the board of directors) with sufficient data and 
information to make timely decisions regarding the appropriate actions 
necessary to respond to the breach of a trigger.
    7. Communication procedures. A recovery plan should provide that 
the covered bank notify the OCC of any significant breach of a trigger 
and any action taken or to be taken in response to such breach and 
should explain the process for deciding when a breach of a trigger is 
significant. A recovery plan also should address when and how the 
covered bank will notify persons within the organization and other 
external parties of its action under the recovery plan. The recovery 
plan should specifically identify how the covered bank will obtain 
required regulatory or legal approvals.
    8. Other information. A recovery plan should include any other 
information that the OCC communicates in writing directly to the 
covered bank regarding the covered bank's recovery plan.
    C. Relationship to other processes; coordination with other plans. 
The covered bank should integrate its recovery plan into its risk 
governance functions. The covered bank also should align its recovery 
plan with its other plans, such as its strategic; operational 
(including business continuity); contingency; capital (including stress 
testing); liquidity; and resolution planning. The covered bank's 
recovery plan should be specific to that covered bank. The covered bank 
also should coordinate its recovery plan with any recovery and 
resolution planning efforts by the covered bank's holding company, so 
that the plans are consistent with and do not contradict each other.

III. Management's and Board of Directors' Responsibilities

    The recovery plan should address the following management and board 
responsibilities:
    A. Management. Management should review the recovery plan at least 
annually and in response to a material event. It should revise the plan 
as necessary to reflect material changes in the covered bank's size, 
risk profile, activities, and complexity, as well as changes in 
external threats. This review should evaluate the organizational 
structure and its effectiveness in facilitating a recovery.
    B. Board of directors. The board is responsible for overseeing the 
covered bank's recovery planning process. The board of directors (or an 
appropriate committee of the board of directors) of a covered bank 
should review and approve the recovery plan at least annually, and as 
needed to address significant changes made by management.

    Dated: September 21, 2016.
Thomas J. Curry,
Comptroller of the Currency.
[FR Doc. 2016-23366 Filed 9-28-16; 8:45 am]
 BILLING CODE 4810-33-P