Agency Information Collection Activities: Information Collection Renewal; Submission for OMB Review; OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches, 14145-14148 [2024-03816]
Download as PDF
<![CDATA[
khammond on DSKJM1Z7X2PROD with NOTICES
Federal Register / Vol. 89, No. 38 / Monday, February 26, 2024 / Notices
submit this data using the Monthly
Home Loan Activity Format form in
Appendix I to part 27 and the Home
Loan Data Submission Form in
Appendix IV to part 27 except that there
is an additional exclusion for national
banks with fewer than 75 applications.
Specifically, § 27.7(c)(3) states that a
bank with fewer than 75 home loan
applications in the preceding year is not
required to submit such forms unless
the home loan activity is concentrated
in the few months preceding the request
for data, indicating the likelihood of
increased activity over the subsequent
year, or there is cause to believe that a
bank is not in compliance with the fair
housing laws based on prior
examinations and/or complaints, among
other factors.
Section 27.7(d) provides that if there
is cause to believe that a national bank
is in noncompliance with fair housing
laws, the Comptroller may require
submission of additional Home Loan
Data Submission Forms. The
Comptroller may also require
submission of the information
maintained under § 27.3(a) and Home
Loan Data Submission Forms at more
frequent intervals than specified.
Burden Estimates:
Estimated Number of Respondents:
702.
Estimated Total Annual Burden:
12,632 hours.
Comments: On December 15, 2023,
the OCC published a 60-day notice for
this information collection, 88 FR
87052. No comments were received.
Comments continue to be invited on:
(a) Whether the collection of
information is necessary for the proper
performance of the functions of the
OCC, including whether the information
has practical utility;
(b) The accuracy of the OCC’s
estimate of the burden of the collection
of information;
(c) Ways to enhance the quality,
utility, and clarity of the information to
be collected;
(d) Ways to minimize the burden of
the collection on respondents, including
through the use of automated collection
techniques or other forms of information
technology; and
(e) Estimates of capital or start-up
costs and costs of operation,
maintenance, and purchase of services
to provide information.
Theodore J. Dowd,
Deputy Chief Counsel, Office of the
Comptroller of the Currency.
[FR Doc. 2024–03855 Filed 2–23–24; 8:45 am]
BILLING CODE 4810–33–P
VerDate Sep<11>2014
16:23 Feb 23, 2024
Jkt 262001
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the
Currency
Agency Information Collection
Activities: Information Collection
Renewal; Submission for OMB Review;
OCC Guidelines Establishing
Heightened Standards for Certain
Large Insured National Banks, Insured
Federal Savings Associations, and
Insured Federal Branches
Office of the Comptroller of the
Currency (OCC), Treasury.
ACTION: Notice and request for comment.
AGENCY:
The OCC, as part of its
continuing effort to reduce paperwork
and respondent burden, invites
comment on a continuing information
collection, as required by the Paperwork
Reduction Act of 1995 (PRA). In
accordance with the requirements of the
PRA, the OCC may not conduct or
sponsor, and the respondent is not
required to respond to, an information
collection unless it displays a currently
valid Office of Management and Budget
(OMB) control number. The OCC is
soliciting comment concerning the
renewal of its information collection
titled, ‘‘OCC Guidelines Establishing
Heightened Standards for Certain Large
Insured National Banks, Insured Federal
Savings Associations, and Insured
Federal Branches.’’ The OCC also is
giving notice that it has sent the
collection to OMB for review.
DATES: Comments must be received by
March 27, 2024.
ADDRESSES: Commenters are encouraged
to submit comments by email, if
possible. You may submit comments by
any of the following methods:
• Email: prainfo@occ.treas.gov.
• Mail: Chief Counsel’s Office,
Attention: Comment Processing, Office
of the Comptroller of the Currency,
Attention: 1557–0321, 400 7th Street
SW, Suite 3E–218, Washington, DC
20219.
• Hand Delivery/Courier: 400 7th
Street SW, Suite 3E–218, Washington,
DC 20219.
• Fax: (571) 293–4835.
Instructions: You must include
‘‘OCC’’ as the agency name and ‘‘1557–
0321’’ in your comment. In general, the
OCC will publish comments on
www.reginfo.gov without change,
including any business or personal
information provided, such as name and
address information, email addresses, or
phone numbers. Comments received,
including attachments and other
supporting materials, are part of the
public record and subject to public
SUMMARY:
PO 00000
Frm 00106
Fmt 4703
Sfmt 4703
14145
disclosure. Do not include any
information in your comment or
supporting materials that you consider
confidential or inappropriate for public
disclosure.
Written comments and
recommendations for the proposed
information collection should also be
sent within 30 days of publication of
this notice to www.reginfo.gov/public/
do/PRAMain. You can find this
information collection by selecting
‘‘Currently under 30-day Review—Open
for Public Comments’’ or by using the
search function.
You may review comments and other
related materials that pertain to this
information collection following the
close of the 30-day comment period for
this notice by the method set forth in
the next bullet.
• Viewing Comments Electronically:
Go to www.reginfo.gov. Hover over the
‘‘Information Collection Review’’ tab
and click on ‘‘Information Collection
Review’’ from the drop-down menu.
From the ‘‘Currently under Review’’
drop-down menu, select ‘‘Department of
Treasury’’ and then click ‘‘submit.’’ This
information collection can be located by
searching OMB control number ‘‘1557–
0321’’ or ‘‘OCC Guidelines Establishing
Heightened Standards for Certain Large
Insured National Banks, Insured Federal
Savings Associations, and Insured
Federal Branches.’’ Upon finding the
appropriate information collection, click
on the related ‘‘ICR Reference Number.’’
On the next screen, select ‘‘View
Supporting Statement and Other
Documents’’ and then click on the link
to any comment listed at the bottom of
the screen.
• For assistance in navigating
www.reginfo.gov, please contact the
Regulatory Information Service Center
at (202) 482–7340.
FOR FURTHER INFORMATION CONTACT:
Shaquita Merritt, Clearance Officer,
(202) 649–5490, Chief Counsel’s Office,
Office of the Comptroller of the
Currency, 400 7th Street SW,
Washington, DC 20219. If you are deaf,
hard of hearing, or have a speech
disability, please dial 7–1–1 to access
telecommunications relay services.
SUPPLEMENTARY INFORMATION: Under the
PRA (44 U.S.C. 3501 et seq.), Federal
agencies must obtain approval from the
OMB for each collection of information
that they conduct or sponsor.
‘‘Collection of information’’ is defined
in 44 U.S.C. 3502(3) and 5 CFR
1320.3(c) to include agency requests or
requirements that members of the public
submit reports, keep records, or provide
information to a third party. The OCC
E:\FR\FM\26FEN1.SGM
26FEN1
khammond on DSKJM1Z7X2PROD with NOTICES
14146
Federal Register / Vol. 89, No. 38 / Monday, February 26, 2024 / Notices
asks the OMB to extend its approval of
the collection in this notice.
Title: OCC Guidelines Establishing
Heightened Standards for Certain Large
Insured National Banks, Insured Federal
Savings Associations, and Insured
Federal Branches.
OMB Control No.: 1557–0321.
Type of Review: Regular.
Affected Public: Businesses or other
for-profit.
Description: The OCC’s guidelines,
codified in 12 CFR part 30, appendix D,
establish minimum standards for the
design and implementation of a risk
governance framework for insured
national banks, insured Federal savings
associations, and insured Federal
branches of a foreign bank (banks). The
guidelines apply to covered banks. A
covered bank is a bank with average
total consolidated assets: (i) equal to or
greater than $50 billion; (ii) less than
$50 billion if that bank’s parent
company controls at least one insured
national bank or insured Federal savings
association that has average total
consolidated assets of $50 billion or
greater; or (iii) less than $50 billion, if
the OCC determines such bank’s
operations are highly complex or
otherwise present a heightened risk as
to warrant the application of the
guidelines. The guidelines also establish
minimum standards for a board of
directors in overseeing the framework’s
design and implementation. These
guidelines were finalized on September
11, 2014.1 The OCC is now seeking to
renew the information collection
associated with these guidelines. The
standards contained in the guidelines
are enforceable under section 39 of the
Federal Deposit Insurance Act (FDIA),2
which authorizes the OCC to prescribe
operational and managerial standards
for insured national banks, insured
Federal savings associations, and
insured Federal branches of a foreign
bank.
The guidelines formalize the OCC’s
heightened expectations program. The
guidelines also further the goal of the
Dodd-Frank Wall Street Reform and
Consumer Protection Act of 2010 to
strengthen the financial system by
focusing management and boards of
directors on improving and
strengthening risk management
practices and governance, thereby
minimizing the probability and impact
of future financial crises. The standards
for the design and implementation of
79 FR 54518.
2 12 U.S.C. 1831p–1. Section 39 was enacted as
part of the Federal Deposit Insurance Corporation
Improvement Act of 1991, Public Law 102–242,
section 132(a), 105 Stat. 2236, 2267–70.
1
VerDate Sep<11>2014
16:23 Feb 23, 2024
Jkt 262001
the risk governance framework, which
contain collections of information, are
as follows:
Standards for Risk Governance
Framework
Covered banks should establish and
adhere to a formal, written risk
governance framework designed by
independent risk management. The
framework should include delegations
of authority from the board of directors
to management committees and
executive officers and risk limits for
material activities. The framework
should be approved by the board of
directors or the board’s risk committee,
and it should be reviewed and updated,
at least annually, by independent risk
management.
Front Line Units
Front line units should take
responsibility and be held accountable
by the chief executive officer (CEO) and
the board of directors for appropriately
assessing and effectively managing the
risks associated with their activities. In
fulfilling this responsibility, each front
line unit should, either alone or in
conjunction with another organizational
unit that has the purpose of assisting a
front line unit: (i) assess, on an ongoing
basis, the material risks associated with
its activities and use such risk
assessments as the basis for fulfilling its
responsibilities and for determining if
actions need to be taken to strengthen
risk management or reduce risk given
changes in the unit’s risk profile or
other conditions; and (ii) establish and
adhere to a set of written policies that
include front line unit risk limits. Such
policies should ensure that risks
associated with the front line unit’s
activities are effectively identified,
measured, monitored, and controlled,
consistent with the covered bank’s risk
appetite statement, concentration risk
limits, and all policies established
within the risk governance framework.
Front line units should also establish
and adhere to procedures and processes,
as necessary to maintain compliance
with the policies described in (ii).
Furthermore, front line units should
adhere to all applicable policies,
procedures, and processes established
by independent risk management. Front
line units should also develop, attract,
and retain talent and maintain staffing
levels required to carry out the unit’s
role and responsibilities effectively;
establish and adhere to talent
management processes; and establish
and adhere to compensation and
performance management programs.
PO 00000
Frm 00107
Fmt 4703
Sfmt 4703
Independent Risk Management
Independent risk management should
oversee the covered bank’s risk-taking
activities and assess risks and issues
independent of the front line units. In
fulfilling these responsibilities,
independent risk management should:
(i) take responsibility and be held
responsible by the CEO and the board of
directors for designing a comprehensive
written risk governance framework that
meets the guidelines and is
commensurate with the size,
complexity, and risk profile of the
covered bank; (ii) identify and assess, on
an ongoing basis, the covered bank’s
material aggregate risks and use such
risk assessments as the basis for
fulfilling its responsibilities and for
determining if actions need to be taken
to strengthen risk management or
reduce risk given changes in the covered
bank’s risk profile or other conditions;
(iii) establish and adhere to enterprise
policies that include concentration risk
limits that state how aggregate risks
within the covered bank are effectively
identified, measured, monitored, and
controlled, consistent with the covered
bank’s risk appetite statement and all
policies and processes established
within the risk governance framework;
(iv) establish and adhere to procedures
and processes, as necessary, to ensure
compliance with policies in (iii); (v)
identify and communicate to the CEO
and either the board of directors or the
board’s risk committee any material
risks and significant instances where the
independent risk management’s
assessment of risk differs from that of a
front line unit and any significant
instances where a front line unit is not
adhering to the risk governance
framework; (vi) identify and
communicate to the board of directors
or the board’s risk committee material
risks and significant instances where
independent risk management’s
assessment of risk differs from that of
the CEO and significant instances where
the CEO is not adhering to, or not
holding front line units accountable for
adhering to, the risk governance
framework; and (vii) develop, attract,
and retain talent and maintain the
staffing levels required to carry out the
unit’s role and responsibilities
effectively while establishing and
adhering to talent management
processes and compensation and
performance management programs.
Internal Audit
Internal audit should ensure that the
covered bank’s risk governance
framework complies with the guidelines
and is appropriate for the size,
E:\FR\FM\26FEN1.SGM
26FEN1
khammond on DSKJM1Z7X2PROD with NOTICES
Federal Register / Vol. 89, No. 38 / Monday, February 26, 2024 / Notices
complexity, and risk profile of the
covered bank. It should maintain a
complete and current inventory of the
covered bank’s material processes,
product lines, services, and functions
and assess the risks, including emerging
risks, associated with each. These risks
collectively provide a basis for the audit
plan. Internal audit should establish and
adhere to an audit plan that: (i) is
periodically reviewed and updated; (ii)
takes into account the covered bank’s
risk profile, emerging risks, and issues;
and (iii) establishes the frequency with
which activities should be audited. The
audit plan should require internal audit
to evaluate the adequacy of and
compliance with policies, procedures,
and processes established by front line
units and independent risk management
under the risk governance framework.
Significant changes to the audit plan
should be communicated to the board’s
audit committee. Internal audit should
report, in writing, conclusions, material
issues, and recommendations from audit
work carried out under the audit plan to
the board’s audit committee. Reports
should identify the root cause of any
material issues and include: (i) a
determination of whether the root cause
creates an issue that has an impact on
one or more organizational units within
the covered bank; and (ii) a
determination of the effectiveness of
front line units and independent risk
management in identifying and
resolving issues in a timely manner.
Internal audit should establish and
adhere to processes for independently
assessing the design and ongoing
effectiveness of the risk governance
framework on at least an annual basis.
The independent assessment should
include a conclusion on the covered
bank’s compliance with the standards
set forth in the guidelines. Internal audit
should identify and communicate to the
board’s audit committee significant
instances where front line units or
independent risk management are not
adhering to the risk governance
framework. Internal audit should
establish a quality assurance program
that ensures internal audit’s policies,
procedures, and processes: (i) comply
with applicable regulatory and industry
guidance; (ii) are appropriate for the
size, complexity, and risk profile of the
covered bank; (iii) are updated to reflect
changes to internal and external risk
factors, emerging risks, and
improvements in industry internal audit
practices; and (iv) are consistently
followed. Internal audit should develop,
attract, and retain talent and maintain
staffing levels required to effectively
carry out its role and responsibilities.
VerDate Sep<11>2014
16:23 Feb 23, 2024
Jkt 262001
Internal audit should establish and
adhere to talent management processes
and compensation and performance
management programs that comply with
the guidelines.
Strategic Plan
The CEO, with input from front line
units, independent risk management,
and internal audit, should be
responsible for the development of a
written strategic plan that covers, at a
minimum, a three-year period. The
board of directors should evaluate and
approve the plan and monitor
management’s efforts to implement the
strategic plan at least annually. The plan
should: (i) include a comprehensive
assessment of risks that currently
impact the covered bank or that could
have an impact on the covered bank
during the period covered by the
strategic plan; (ii) articulate an overall
mission statement and strategic
objectives for the covered bank with an
explanation of how the covered bank
will update the risk governance
framework to account for changes to its
risk profile projected under the strategic
plan; and (iii) be reviewed, updated,
and approved due to changes in the
covered bank’s risk profile or operating
environment that were not
contemplated when the plan was
developed.
Risk Appetite Statement
A covered bank should have a
comprehensive written statement that
articulates its risk appetite and serves as
the basis for the risk governance
framework. The statement should
contain both qualitative components
that describe a safe and sound risk
culture and how the covered bank will
assess and accept risks and quantitative
limits that include sound stress testing
processes and address earnings, capital,
and liquidity.
Risk Limit Breaches
A covered bank should establish and
adhere to processes that require front
line units and independent risk
management to: (i) identify breaches of
the risk appetite statement,
concentration risk limits, and front line
unit risk limits; (ii) distinguish breaches
based on the severity of their impact;
(iii) establish protocols for when and
how to inform the board of directors,
front line unit management,
independent risk management, internal
audit, and the OCC regarding a breach;
(iv) provide a written description of the
breach resolution; and (v) establish
accountability for reporting and
resolving breaches that include
consequences for risk limit breaches
PO 00000
Frm 00108
Fmt 4703
Sfmt 4703
14147
that take into account the magnitude,
frequency, and recurrence of breaches.
Concentration Risk Management
The risk governance framework
should include policies and supporting
processes appropriate for the covered
bank’s size, complexity, and risk profile
for effectively identifying, measuring,
monitoring, and controlling the covered
bank’s concentrations of risk.
Risk Data Aggregation and Reporting
The risk governance framework
should include a set of policies,
supported by appropriate procedures
and processes, designed to provide risk
data aggregation and reporting
capabilities appropriate for the covered
bank’s size, complexity, and risk profile
and to support supervisory reporting
requirements. Collectively, these
policies, procedures, and processes
should provide for: (i) the design,
implementation, and maintenance of a
data architecture and information
technology infrastructure that support
the covered bank’s risk aggregation and
reporting needs during normal times
and during times of stress; (ii) the
capturing and aggregating of risk data
and reporting of material risks,
concentrations, and emerging risks in a
timely manner to the board of directors
and the OCC; and (iii) the distribution
of risk reports to all relevant parties at
a frequency that meets their needs for
decision-making purposes.
Talent and Compensation Management
A covered bank should establish and
adhere to processes for talent
development, recruitment, and
succession planning. The board of
directors or appropriate committee
should review and approve a written
talent management program. A covered
bank should also establish and adhere to
compensation and performance
management programs that comply with
any applicable statute or regulation.
Board of Directors Training and
Evaluation
The board of directors of a covered
bank should establish and adhere to a
formal, ongoing training program for all
directors. The board of directors should
also conduct an annual self-assessment.
Burden Estimates:
Estimated Number of Respondents:
27.
Estimated Burden per Respondent:
3,776 hours.
Estimated Total Annual Burden:
101,952 hours.
Comments: On December 13, 2023,
the OCC published a 60-day notice for
E:\FR\FM\26FEN1.SGM
26FEN1
14148
Federal Register / Vol. 89, No. 38 / Monday, February 26, 2024 / Notices
this information collection, (88 FR
86445). No comments were received.
Comments continue to be invited on:
(a) Whether the collection of
information is necessary for the proper
performance of the functions of the
OCC, including whether the information
has practical utility;
(b) The accuracy of the OCC’s
estimate of the burden of the collection
of information;
(c) Ways to enhance the quality,
utility, and clarity of the information to
be collected;
(d) Ways to minimize the burden of
the collection on respondents, including
through the use of automated collection
techniques or other forms of information
technology; and
(e) Estimates of capital or start-up
costs and costs of operation,
maintenance, and purchase of services
to provide information.
Theodore J. Dowd,
Deputy Chief Counsel, Office of the
Comptroller of the Currency.
[FR Doc. 2024–03816 Filed 2–23–24; 8:45 am]
BILLING CODE 4810–33–P
DEPARTMENT OF THE TREASURY
Financial Crimes Enforcement Network
Agency Information Collection
Activities; Proposed Renewal;
Comment Request; Renewal Without
Change of the Beneficial Ownership
Requirements for Legal Entity
Customers
Financial Crimes Enforcement
Network (FinCEN), Treasury.
ACTION: Notice and request for
comments.
AGENCY:
As part of its continuing effort
to reduce paperwork and respondent
burden, FinCEN invites comment on a
renewal, without change, of existing
information collection requirements
related to beneficial ownership
requirements for legal entity customers.
Under Bank Secrecy Act regulations,
covered financial institutions are
required to collect, and to maintain
records of, the information used to
identify and verify the identity of each
beneficial owner of their legal entity
customers, subject to certain exclusions
and exemptions. This request for
comment is made pursuant to the
Paperwork Reduction Act of 1995
(PRA).
khammond on DSKJM1Z7X2PROD with NOTICES
SUMMARY:
Written comments are welcome
and must be received on or before April
26, 2024.
DATES:
VerDate Sep<11>2014
16:23 Feb 23, 2024
Jkt 262001
Comments may be
submitted by any of the following
methods:
• Federal E-rulemaking Portal:
https://www.regulations.gov. Follow the
instructions for submitting comments.
Refer to Docket Number FINCEN–2024–
0008 and the specific Office of
Management and Budget (OMB) control
number 1506–0070.
• Mail: Policy Division, Financial
Crimes Enforcement Network, P.O. Box
39, Vienna, VA 22183. Refer to Docket
Number FINCEN–2024–0008 and OMB
control number 1506–0070.
Please submit comments by one
method only. Comments will be
reviewed consistent with the PRA and
applicable OMB regulations and
guidance. All comments submitted in
response to this notice will become a
matter of public record. Therefore, you
should submit only information that
you wish to make publicly available.
FOR FURTHER INFORMATION CONTACT:
FinCEN’s Regulatory Support Section at
1–800–767–2825 or electronically at
frc@fincen.gov.
SUPPLEMENTARY INFORMATION:
ADDRESSES:
I. Statutory and Regulatory Provisions
The legislative framework generally
referred to as the Bank Secrecy Act
(BSA) consists of the Currency and
Foreign Transactions Reporting Act of
1970, as amended by the Uniting and
Strengthening America by Providing
Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001
(USA PATRIOT Act) 1 and other
legislation, including the Anti-Money
Laundering Act of 2020 (AML Act).2
The BSA is codified at 12 U.S.C. 1829b
and 1951–1960 and 31 U.S.C. 5311–
5314 and 5316–5336, and notes thereto,
with implementing regulations at 31
CFR Chapter X.
The BSA authorizes the Secretary of
the Treasury (Secretary) to, inter alia,
require financial institutions to keep
records and file reports that are
determined to have a high degree of
usefulness in criminal, tax, or regulatory
matters, risk assessments or
proceedings, or in the conduct of
intelligence or counter-intelligence
activities to protect against terrorism,
and to implement anti-money
laundering (AML) programs and
compliance procedures.3 The authority
1 USA
PATRIOT Act, Public Law 107–56.
AML Act was enacted as Division F,
sections 6001–6511, of the William M. (Mac)
Thornberry National Defense Authorization Act for
Fiscal Year 2021, Public Law 116–283, 134 Stat.
3388 (NDAA).
3 Section 358 of the USA PATRIOT Act expanded
the purpose of the BSA by including a reference to
reports and records ‘‘that have a high degree of
2 The
PO 00000
Frm 00109
Fmt 4703
Sfmt 4703
of the Secretary to administer the BSA
has been delegated to the Director of
FinCEN.4
Subject to certain exclusions and
exemptions, 31 CFR 1010.230 requires
covered financial institutions 5 to
establish and maintain written
procedures that are reasonably designed
to identify and verify beneficial owners
of new accounts opened by legal entity
customers and to include such
procedures in their AML programs.
Covered financial institutions may
obtain the required identifying
information by either obtaining a
prescribed certification form from the
individual opening the account on
behalf of the legal entity customer, or by
obtaining from the individual the
information required by the form by
another means, provided the individual
certifies to the best of the individual’s
knowledge the accuracy of the
information. Covered financial
institutions must verify the identity of
each beneficial owner identified
according to risk-based procedures and
may rely on the information supplied by
the legal entity customer regarding the
identity of its beneficial owner or
owners, provided that it has no
knowledge of facts that would
reasonably call into question the
reliability of such information.
Covered financial institutions must
also maintain a record of the identifying
information obtained, and a description
of any document relied on for
verification, including a description of
any non-documentary methods and
results of any measures undertaken, and
the resolutions of substantive
discrepancies. Covered financial
institutions must retain records used to
identify each beneficial owner for five
years after the date the account is closed
and must also retain records used to
verify the identity of each beneficial
owner for five years after the record is
made.
As required by section 6403(d) of the
Corporate Transparency Act (CTA),
which was enacted as part of the AML
Act, FinCEN intends to revise the
requirements of 31 CFR 1010.230 to
bring them into conformance with the
usefulness in intelligence or counterintelligence
activities to protect against international terrorism.’’
See 12 U.S.C. 1829b(a). Section 6101 of the AML
Act further expanded the purpose of the BSA to
cover such matters as preventing money laundering,
tracking illicit funds, assessing risk, and
establishing appropriate frameworks for
information sharing. See 31 U.S.C. 5311.
4 Treasury Order 180–01 (Jan. 14, 2020).
5 Covered financial institutions include certain
banks, brokers or dealers in securities, mutual
funds, futures commission merchants, and
introducing brokers in commodities. See 31 CFR
1010.230(f), 1010.605(e)(1).
E:\FR\FM\26FEN1.SGM
26FEN1
]]>Agencies
[Federal Register Volume 89, Number 38 (Monday, February 26, 2024)]
[Notices]
[Pages 14145-14148]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-03816]
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
Agency Information Collection Activities: Information Collection
Renewal; Submission for OMB Review; OCC Guidelines Establishing
Heightened Standards for Certain Large Insured National Banks, Insured
Federal Savings Associations, and Insured Federal Branches
AGENCY: Office of the Comptroller of the Currency (OCC), Treasury.
ACTION: Notice and request for comment.
-----------------------------------------------------------------------
SUMMARY: The OCC, as part of its continuing effort to reduce paperwork
and respondent burden, invites comment on a continuing information
collection, as required by the Paperwork Reduction Act of 1995 (PRA).
In accordance with the requirements of the PRA, the OCC may not conduct
or sponsor, and the respondent is not required to respond to, an
information collection unless it displays a currently valid Office of
Management and Budget (OMB) control number. The OCC is soliciting
comment concerning the renewal of its information collection titled,
``OCC Guidelines Establishing Heightened Standards for Certain Large
Insured National Banks, Insured Federal Savings Associations, and
Insured Federal Branches.'' The OCC also is giving notice that it has
sent the collection to OMB for review.
DATES: Comments must be received by March 27, 2024.
ADDRESSES: Commenters are encouraged to submit comments by email, if
possible. You may submit comments by any of the following methods:
Email: [email protected].
Mail: Chief Counsel's Office, Attention: Comment
Processing, Office of the Comptroller of the Currency, Attention: 1557-
0321, 400 7th Street SW, Suite 3E-218, Washington, DC 20219.
Hand Delivery/Courier: 400 7th Street SW, Suite 3E-218,
Washington, DC 20219.
Fax: (571) 293-4835.
Instructions: You must include ``OCC'' as the agency name and
``1557-0321'' in your comment. In general, the OCC will publish
comments on www.reginfo.gov without change, including any business or
personal information provided, such as name and address information,
email addresses, or phone numbers. Comments received, including
attachments and other supporting materials, are part of the public
record and subject to public disclosure. Do not include any information
in your comment or supporting materials that you consider confidential
or inappropriate for public disclosure.
Written comments and recommendations for the proposed information
collection should also be sent within 30 days of publication of this
notice to www.reginfo.gov/public/do/PRAMain. You can find this
information collection by selecting ``Currently under 30-day Review--
Open for Public Comments'' or by using the search function.
You may review comments and other related materials that pertain to
this information collection following the close of the 30-day comment
period for this notice by the method set forth in the next bullet.
Viewing Comments Electronically: Go to www.reginfo.gov.
Hover over the ``Information Collection Review'' tab and click on
``Information Collection Review'' from the drop-down menu. From the
``Currently under Review'' drop-down menu, select ``Department of
Treasury'' and then click ``submit.'' This information collection can
be located by searching OMB control number ``1557-0321'' or ``OCC
Guidelines Establishing Heightened Standards for Certain Large Insured
National Banks, Insured Federal Savings Associations, and Insured
Federal Branches.'' Upon finding the appropriate information
collection, click on the related ``ICR Reference Number.'' On the next
screen, select ``View Supporting Statement and Other Documents'' and
then click on the link to any comment listed at the bottom of the
screen.
For assistance in navigating www.reginfo.gov, please
contact the Regulatory Information Service Center at (202) 482-7340.
FOR FURTHER INFORMATION CONTACT: Shaquita Merritt, Clearance Officer,
(202) 649-5490, Chief Counsel's Office, Office of the Comptroller of
the Currency, 400 7th Street SW, Washington, DC 20219. If you are deaf,
hard of hearing, or have a speech disability, please dial 7-1-1 to
access telecommunications relay services.
SUPPLEMENTARY INFORMATION: Under the PRA (44 U.S.C. 3501 et seq.),
Federal agencies must obtain approval from the OMB for each collection
of information that they conduct or sponsor. ``Collection of
information'' is defined in 44 U.S.C. 3502(3) and 5 CFR 1320.3(c) to
include agency requests or requirements that members of the public
submit reports, keep records, or provide information to a third party.
The OCC
[[Page 14146]]
asks the OMB to extend its approval of the collection in this notice.
Title: OCC Guidelines Establishing Heightened Standards for Certain
Large Insured National Banks, Insured Federal Savings Associations, and
Insured Federal Branches.
OMB Control No.: 1557-0321.
Type of Review: Regular.
Affected Public: Businesses or other for-profit.
Description: The OCC's guidelines, codified in 12 CFR part 30,
appendix D, establish minimum standards for the design and
implementation of a risk governance framework for insured national
banks, insured Federal savings associations, and insured Federal
branches of a foreign bank (banks). The guidelines apply to covered
banks. A covered bank is a bank with average total consolidated assets:
(i) equal to or greater than $50 billion; (ii) less than $50 billion if
that bank's parent company controls at least one insured national bank
or insured Federal savings association that has average total
consolidated assets of $50 billion or greater; or (iii) less than $50
billion, if the OCC determines such bank's operations are highly
complex or otherwise present a heightened risk as to warrant the
application of the guidelines. The guidelines also establish minimum
standards for a board of directors in overseeing the framework's design
and implementation. These guidelines were finalized on September 11,
2014.\1\ The OCC is now seeking to renew the information collection
associated with these guidelines. The standards contained in the
guidelines are enforceable under section 39 of the Federal Deposit
Insurance Act (FDIA),\2\ which authorizes the OCC to prescribe
operational and managerial standards for insured national banks,
insured Federal savings associations, and insured Federal branches of a
foreign bank.
---------------------------------------------------------------------------
\1\ 79 FR 54518.
\2\ 12 U.S.C. 1831p-1. Section 39 was enacted as part of the
Federal Deposit Insurance Corporation Improvement Act of 1991,
Public Law 102-242, section 132(a), 105 Stat. 2236, 2267-70.
---------------------------------------------------------------------------
The guidelines formalize the OCC's heightened expectations program.
The guidelines also further the goal of the Dodd-Frank Wall Street
Reform and Consumer Protection Act of 2010 to strengthen the financial
system by focusing management and boards of directors on improving and
strengthening risk management practices and governance, thereby
minimizing the probability and impact of future financial crises. The
standards for the design and implementation of the risk governance
framework, which contain collections of information, are as follows:
Standards for Risk Governance Framework
Covered banks should establish and adhere to a formal, written risk
governance framework designed by independent risk management. The
framework should include delegations of authority from the board of
directors to management committees and executive officers and risk
limits for material activities. The framework should be approved by the
board of directors or the board's risk committee, and it should be
reviewed and updated, at least annually, by independent risk
management.
Front Line Units
Front line units should take responsibility and be held accountable
by the chief executive officer (CEO) and the board of directors for
appropriately assessing and effectively managing the risks associated
with their activities. In fulfilling this responsibility, each front
line unit should, either alone or in conjunction with another
organizational unit that has the purpose of assisting a front line
unit: (i) assess, on an ongoing basis, the material risks associated
with its activities and use such risk assessments as the basis for
fulfilling its responsibilities and for determining if actions need to
be taken to strengthen risk management or reduce risk given changes in
the unit's risk profile or other conditions; and (ii) establish and
adhere to a set of written policies that include front line unit risk
limits. Such policies should ensure that risks associated with the
front line unit's activities are effectively identified, measured,
monitored, and controlled, consistent with the covered bank's risk
appetite statement, concentration risk limits, and all policies
established within the risk governance framework. Front line units
should also establish and adhere to procedures and processes, as
necessary to maintain compliance with the policies described in (ii).
Furthermore, front line units should adhere to all applicable policies,
procedures, and processes established by independent risk management.
Front line units should also develop, attract, and retain talent and
maintain staffing levels required to carry out the unit's role and
responsibilities effectively; establish and adhere to talent management
processes; and establish and adhere to compensation and performance
management programs.
Independent Risk Management
Independent risk management should oversee the covered bank's risk-
taking activities and assess risks and issues independent of the front
line units. In fulfilling these responsibilities, independent risk
management should: (i) take responsibility and be held responsible by
the CEO and the board of directors for designing a comprehensive
written risk governance framework that meets the guidelines and is
commensurate with the size, complexity, and risk profile of the covered
bank; (ii) identify and assess, on an ongoing basis, the covered bank's
material aggregate risks and use such risk assessments as the basis for
fulfilling its responsibilities and for determining if actions need to
be taken to strengthen risk management or reduce risk given changes in
the covered bank's risk profile or other conditions; (iii) establish
and adhere to enterprise policies that include concentration risk
limits that state how aggregate risks within the covered bank are
effectively identified, measured, monitored, and controlled, consistent
with the covered bank's risk appetite statement and all policies and
processes established within the risk governance framework; (iv)
establish and adhere to procedures and processes, as necessary, to
ensure compliance with policies in (iii); (v) identify and communicate
to the CEO and either the board of directors or the board's risk
committee any material risks and significant instances where the
independent risk management's assessment of risk differs from that of a
front line unit and any significant instances where a front line unit
is not adhering to the risk governance framework; (vi) identify and
communicate to the board of directors or the board's risk committee
material risks and significant instances where independent risk
management's assessment of risk differs from that of the CEO and
significant instances where the CEO is not adhering to, or not holding
front line units accountable for adhering to, the risk governance
framework; and (vii) develop, attract, and retain talent and maintain
the staffing levels required to carry out the unit's role and
responsibilities effectively while establishing and adhering to talent
management processes and compensation and performance management
programs.
Internal Audit
Internal audit should ensure that the covered bank's risk
governance framework complies with the guidelines and is appropriate
for the size,
[[Page 14147]]
complexity, and risk profile of the covered bank. It should maintain a
complete and current inventory of the covered bank's material
processes, product lines, services, and functions and assess the risks,
including emerging risks, associated with each. These risks
collectively provide a basis for the audit plan. Internal audit should
establish and adhere to an audit plan that: (i) is periodically
reviewed and updated; (ii) takes into account the covered bank's risk
profile, emerging risks, and issues; and (iii) establishes the
frequency with which activities should be audited. The audit plan
should require internal audit to evaluate the adequacy of and
compliance with policies, procedures, and processes established by
front line units and independent risk management under the risk
governance framework. Significant changes to the audit plan should be
communicated to the board's audit committee. Internal audit should
report, in writing, conclusions, material issues, and recommendations
from audit work carried out under the audit plan to the board's audit
committee. Reports should identify the root cause of any material
issues and include: (i) a determination of whether the root cause
creates an issue that has an impact on one or more organizational units
within the covered bank; and (ii) a determination of the effectiveness
of front line units and independent risk management in identifying and
resolving issues in a timely manner. Internal audit should establish
and adhere to processes for independently assessing the design and
ongoing effectiveness of the risk governance framework on at least an
annual basis. The independent assessment should include a conclusion on
the covered bank's compliance with the standards set forth in the
guidelines. Internal audit should identify and communicate to the
board's audit committee significant instances where front line units or
independent risk management are not adhering to the risk governance
framework. Internal audit should establish a quality assurance program
that ensures internal audit's policies, procedures, and processes: (i)
comply with applicable regulatory and industry guidance; (ii) are
appropriate for the size, complexity, and risk profile of the covered
bank; (iii) are updated to reflect changes to internal and external
risk factors, emerging risks, and improvements in industry internal
audit practices; and (iv) are consistently followed. Internal audit
should develop, attract, and retain talent and maintain staffing levels
required to effectively carry out its role and responsibilities.
Internal audit should establish and adhere to talent management
processes and compensation and performance management programs that
comply with the guidelines.
Strategic Plan
The CEO, with input from front line units, independent risk
management, and internal audit, should be responsible for the
development of a written strategic plan that covers, at a minimum, a
three-year period. The board of directors should evaluate and approve
the plan and monitor management's efforts to implement the strategic
plan at least annually. The plan should: (i) include a comprehensive
assessment of risks that currently impact the covered bank or that
could have an impact on the covered bank during the period covered by
the strategic plan; (ii) articulate an overall mission statement and
strategic objectives for the covered bank with an explanation of how
the covered bank will update the risk governance framework to account
for changes to its risk profile projected under the strategic plan; and
(iii) be reviewed, updated, and approved due to changes in the covered
bank's risk profile or operating environment that were not contemplated
when the plan was developed.
Risk Appetite Statement
A covered bank should have a comprehensive written statement that
articulates its risk appetite and serves as the basis for the risk
governance framework. The statement should contain both qualitative
components that describe a safe and sound risk culture and how the
covered bank will assess and accept risks and quantitative limits that
include sound stress testing processes and address earnings, capital,
and liquidity.
Risk Limit Breaches
A covered bank should establish and adhere to processes that
require front line units and independent risk management to: (i)
identify breaches of the risk appetite statement, concentration risk
limits, and front line unit risk limits; (ii) distinguish breaches
based on the severity of their impact; (iii) establish protocols for
when and how to inform the board of directors, front line unit
management, independent risk management, internal audit, and the OCC
regarding a breach; (iv) provide a written description of the breach
resolution; and (v) establish accountability for reporting and
resolving breaches that include consequences for risk limit breaches
that take into account the magnitude, frequency, and recurrence of
breaches.
Concentration Risk Management
The risk governance framework should include policies and
supporting processes appropriate for the covered bank's size,
complexity, and risk profile for effectively identifying, measuring,
monitoring, and controlling the covered bank's concentrations of risk.
Risk Data Aggregation and Reporting
The risk governance framework should include a set of policies,
supported by appropriate procedures and processes, designed to provide
risk data aggregation and reporting capabilities appropriate for the
covered bank's size, complexity, and risk profile and to support
supervisory reporting requirements. Collectively, these policies,
procedures, and processes should provide for: (i) the design,
implementation, and maintenance of a data architecture and information
technology infrastructure that support the covered bank's risk
aggregation and reporting needs during normal times and during times of
stress; (ii) the capturing and aggregating of risk data and reporting
of material risks, concentrations, and emerging risks in a timely
manner to the board of directors and the OCC; and (iii) the
distribution of risk reports to all relevant parties at a frequency
that meets their needs for decision-making purposes.
Talent and Compensation Management
A covered bank should establish and adhere to processes for talent
development, recruitment, and succession planning. The board of
directors or appropriate committee should review and approve a written
talent management program. A covered bank should also establish and
adhere to compensation and performance management programs that comply
with any applicable statute or regulation.
Board of Directors Training and Evaluation
The board of directors of a covered bank should establish and
adhere to a formal, ongoing training program for all directors. The
board of directors should also conduct an annual self-assessment.
Burden Estimates:
Estimated Number of Respondents: 27.
Estimated Burden per Respondent: 3,776 hours.
Estimated Total Annual Burden: 101,952 hours.
Comments: On December 13, 2023, the OCC published a 60-day notice
for
[[Page 14148]]
this information collection, (88 FR 86445). No comments were received.
Comments continue to be invited on:
(a) Whether the collection of information is necessary for the
proper performance of the functions of the OCC, including whether the
information has practical utility;
(b) The accuracy of the OCC's estimate of the burden of the
collection of information;
(c) Ways to enhance the quality, utility, and clarity of the
information to be collected;
(d) Ways to minimize the burden of the collection on respondents,
including through the use of automated collection techniques or other
forms of information technology; and
(e) Estimates of capital or start-up costs and costs of operation,
maintenance, and purchase of services to provide information.
Theodore J. Dowd,
Deputy Chief Counsel, Office of the Comptroller of the Currency.
[FR Doc. 2024-03816 Filed 2-23-24; 8:45 am]
BILLING CODE 4810-33-P
