OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches, 55114-55120 [2024-13960]

Agencies

• Office of the Comptroller of the Currency
• DEPARTMENT OF THE TREASURY

[Federal Register Volume 89, Number 128 (Wednesday, July 3, 2024)]
[Proposed Rules]
[Pages 55114-55120]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-13960]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Part 30

[Docket ID OCC-2024-0008]
RIN 1557-AF27


OCC Guidelines Establishing Standards for Recovery Planning by 
Certain Large Insured National Banks, Insured Federal Savings 
Associations, and Insured Federal Branches

AGENCY: Office of the Comptroller of the Currency, Treasury.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The Office of the Comptroller of the Currency (OCC) is 
proposing to amend its enforceable recovery planning guidelines 
(Guidelines) to expand the Guidelines to apply to insured national 
banks, Federal savings associations, and Federal branches (banks) with 
average total consolidated assets of $100 billion or more; incorporate 
a testing standard; and clarify the role of non-financial (including 
operational and strategic) risk in recovery planning.

DATES: Comments must be received by August 2, 2024.

ADDRESSES: Commenters are encouraged to submit comments through the 
Federal eRulemaking Portal. Please use the title ``OCC Guidelines 
Establishing Standards for Recovery Planning by Certain Large Insured 
National Banks, Insured Federal Savings Associations, and Insured 
Federal Branches'' to facilitate the organization and distribution of 
the comments. You may submit comments by any of the following methods:
     Federal eRulemaking Portal--Regulations.gov:
    Go to https://regulations.gov/. Enter ``Docket ID OCC-2024-0008'' 
in the Search Box and click ``Search.'' Public comments can be 
submitted via the ``Comment'' box below the displayed document 
information or by clicking on the document title and then clicking the 
``Comment'' box on the top-left side of the screen. For help with 
submitting effective comments, please click on ``Commenter's 
Checklist.'' For assistance with the Regulations.gov site, please call 
1-866-498-2945 (toll free) Monday-Friday, 8 a.m.-7 p.m. ET, or email 
[email protected].
     Mail: Chief Counsel's Office, Attention: Comment 
Processing, Office of the Comptroller of the Currency, 400 7th Street 
SW, Suite 3E-218, Washington, DC 20219.
     Hand Delivery/Courier: 400 7th Street SW, Suite 3E-218, 
Washington, DC 20219.
    Instructions: You must include ``OCC'' as the agency name and 
``Docket ID OCC-2024-0008'' in your comment. In general, the OCC will 
enter all comments received into the docket and publish the comments on 
the Regulations.gov website without change, including any business or 
personal information provided such as name and address information, 
email addresses, or phone numbers. Comments received, including 
attachments and other supporting materials, are part of the public 
record and subject to public disclosure. Do not include any information 
in your comment or supporting materials that you consider confidential 
or inappropriate for public disclosure.
    You may review comments and other related materials that pertain to 
this action by the following methods:
     Viewing Comments Electronically--Regulations.gov:
    Go to https://regulations.gov/. Enter ``Docket ID OCC-2024-0008'' 
in the Search Box and click ``Search.'' Click on the ``Dockets'' tab 
and then the document's title. After clicking the document's title, 
click the ``Browse All Comments'' tab. Comments can be viewed and 
filtered by clicking on the ``Sort By'' drop-down on the right side of 
the screen or the ``Refine Comments Results'' options on the left side 
of the screen. Supporting materials can be viewed by clicking on the 
``Browse Documents'' tab. Click on the ``Sort By'' drop-down on the 
right side of the screen or the ``Refine Results'' options on the left 
side of the screen checking the ``Supporting & Related Material'' 
checkbox. For assistance with the Regulations.gov site, please call 1-
866-498-2945 (toll free) Monday-Friday, 8 a.m.-7 p.m. ET, or email 
[email protected].
    The docket may be viewed after the close of the comment period in 
the same manner as during the comment period.

FOR FURTHER INFORMATION CONTACT: Kimberly Jameson, Lead Expert, Market 
Risk, (202) 322-8527; Andra Shuster, Senior Counsel, Karen McSweeney, 
Special Counsel, or Priscilla Benner, Counsel, Chief Counsel's Office, 
(202) 649-5490; 400 7th Street SW, Washington, DC 20219. If you are 
deaf, hard of hearing, or have a speech disability, please dial 7-1-1 
to access telecommunications relay services.

SUPPLEMENTARY INFORMATION:

I. Background

    Large-scale financial crises, including the 2008 crisis, have 
demonstrated the destabilizing effect that severe stress can have on 
financial entities, capital markets, the Federal banking system, and 
the U.S. and global economies. This is particularly true when a crisis 
places severe stress on large, complex financial institutions due to 
the systemic and contagion risks that they pose. During the 2008 
crisis, the OCC observed that many financial institutions were not 
prepared to respond effectively to the financial effects of the severe 
stress. The lack of or inadequate planning threatened the viability of 
some financial institutions, and many were

[[Page 55115]]

forced to take significant actions without the benefit of a well-
developed plan for recovery.
    For the OCC, this experience further highlighted the importance of 
strong risk governance frameworks at large, complex banks, including 
plans for how to respond quickly and effectively to, and recover from, 
the financial effects of severe stress. The agency recognized that 
recovery planning would reduce a bank's risk of failure and increase 
the likelihood that the bank would return to a position of financial 
strength and viability following severe stress. It envisioned recovery 
planning--developing and maintaining a comprehensive recovery plan--as 
a dynamic and ongoing process that complemented a bank's other risk 
governance and planning functions and supported its safe and sound 
operation. The OCC expected recovery planning to enhance the focus of a 
bank's management and its board of directors (board) on risk 
governance, with a view toward lessening the negative effects of and 
recovering from future severe stress.
    On September 19, 2016, the OCC issued Guidelines Establishing 
Standards for Recovery Planning by Certain Large Insured National 
Banks, Insured Federal Savings Associations, and Insured Federal 
Branches of Foreign Banks (Guidelines).\1\ Under the Guidelines, a bank 
subject to the standards (a covered bank) should have a recovery plan 
that includes (1) quantitative or qualitative indicators of the risk or 
existence of severe stress that reflect its particular vulnerabilities; 
(2) a wide range of credible options that it could undertake in 
response to the stress to restore its financial strength and viability; 
and (3) an assessment and description of how these options would affect 
it. The Guidelines provided that a recovery plan should also address 
(1) the covered bank's overall organizational and legal entity 
structure; (2) procedures for escalating decision-making to senior 
management or the board; (3) management reports; (4) communication 
procedures; and (5) any other information the OCC communicates in 
writing. The Guidelines also set forth the responsibilities of 
management and the board with respect to the covered bank's recovery 
plan.
---------------------------------------------------------------------------

    \1\ 81 FR 66791 (Sep. 29, 2016). The Guidelines are codified at 
12 CFR part 30, appendix E. They were issued pursuant to section 39 
of the Federal Deposit Insurance Act, 12 U.S.C. 1831p-1, which 
authorizes the OCC to prescribe enforceable safety and soundness 
standards.
---------------------------------------------------------------------------

    The 2016 Guidelines applied to banks with total consolidated assets 
of $50 billion or more. In 2018, the OCC amended the Guidelines to 
raise the threshold to $250 billion based on its view, at that time, 
that these larger, more complex, and potentially more interconnected 
banks presented greater systemic risk to the financial system and would 
benefit most from recovery planning.\2\
---------------------------------------------------------------------------

    \2\ 83 FR 66604 (Dec. 27, 2018).
---------------------------------------------------------------------------

    In March 2023, several insured depository institutions (IDIs) with 
total consolidated assets of $100 billion or more experienced 
significant withdrawals of uninsured deposits in response to underlying 
weaknesses in their financial position and failed. These institutions 
were not subject to recovery planning, which would likely have 
bolstered their resilience. For the OCC, these events highlighted the 
complexity and interconnectedness of some banks not covered by the 
Guidelines: banks with average total consolidated assets between $100 
billion and $250 billion. The events, coupled with the OCC's 
supervisory experience, made clear the importance of ensuring that 
banks in this size range are adequately prepared and have developed a 
plan to respond to the financial effects of severe stress, particularly 
in light of the contagion effects and systemic risks they may pose. To 
address this issue, the OCC is proposing to expand the Guidelines to 
apply to banks with average total consolidated assets of $100 billion 
or more.
    In addition, during the OCC's almost 10 years of supervisory 
experience with the Guidelines, the agency has examined covered banks' 
recovery planning processes and reviewed numerous recovery plans. Based 
on this experience, the OCC has identified areas where the Guidelines 
should be strengthened and, as such, proposes to amend them by 
establishing a testing standard and increasing the focus on non-
financial (including operational and strategic) risk.

II. Proposed Changes

    A. Covered bank threshold. The current Guidelines generally apply 
to banks with average total consolidated assets of $250 billion or 
more. Based on the OCC's observations during the 2023 financial 
institution failures, the agency proposes to expand the Guidelines to 
apply to banks with average total consolidated assets of $100 billion 
or more.\3\ To make this change, the OCC proposes to revise the 
definition of ``covered bank'' in paragraph I.E.3. of the Guidelines.
---------------------------------------------------------------------------

    \3\ The proposed threshold would also be consistent with the 
Federal Deposit Insurance Corporation's (FDIC) proposed amendments 
to its resolution planning rule, which would require covered IDIs 
with $100 billion or more in total assets to submit full resolution 
plans. 88 FR 64579 (Sept. 19, 2023).
---------------------------------------------------------------------------

    The OCC is also proposing a clarifying change to the definition of 
``average total consolidated assets'' in paragraph I.E.1. Currently, 
the Guidelines define ``average total consolidated assets'' as ``the 
average total consolidated assets of the bank or the covered bank,'' as 
reported on the bank's or the covered bank's Consolidated Reports of 
Condition and Income (Call Report) for the four most recent consecutive 
quarters. The agency proposes to change the definition to refer to the 
average ``of'' total consolidated assets of the bank or covered bank. 
This change is intended to clarify that calculating ``average total 
consolidated assets'' for purposes of the Guidelines is based on the 
``total assets'' line of the Call Report, not the ``average total 
consolidated assets'' line of the Call Report.\4\ The clarifying change 
may affect the quarter in which a bank becomes a covered bank and is 
consistent with the OCC's Heightened Standards Guidelines.\5\
---------------------------------------------------------------------------

    \4\ Compare Schedule RC, item 12 and Schedule RC-R, item 27 of 
the Call Report.
    \5\ 12 CFR part 30, appendix D.
---------------------------------------------------------------------------

    Paragraph I.C.1. of the current Guidelines, ``Reservation of 
Authority,'' provides that the OCC has the discretion to apply the 
Guidelines, in whole or in part, to a bank with average total 
consolidated assets of less than $250 billion if the agency determines 
that the bank is highly complex or otherwise presents a heightened risk 
that warrants the application of the Guidelines.\6\ Consistent with the 
proposed threshold change, the OCC proposes a conforming change to the 
Reservation of Authority paragraph, which would allow the agency to 
apply the Guidelines to a bank with average total consolidated assets 
of less than $100 billion if the agency determines the bank is highly 
complex or otherwise presents a heightened risk that warrants 
application of the Guidelines.\7\
---------------------------------------------------------------------------

    \6\ Paragraph I.C.1.a.
    \7\ The OCC does not propose changes to its reservation of 
authority to determine that compliance should not be required for a 
covered bank in paragraph I.C.1.b. of the Guidelines because this 
section does not specifically reference a bank's asset size.
---------------------------------------------------------------------------

    Question: The OCC invites comments on the proposed $100 billion 
threshold. Alternatively, should the OCC expand the Guidelines further 
(e.g., to all banks or to banks with $50 billion or more in average 
total consolidated assets), adopt a different threshold between $100 
billion and $250 billion, or retain the $250 billion threshold? Why?

[[Page 55116]]

    B. Testing. As stated above, the OCC has almost 10 years of 
experience in administering the Guidelines, including reviewing covered 
banks' recovery plans. During this period, the agency has observed that 
recovery plans would benefit from testing, which would aid covered 
banks in proactively identifying and addressing any weaknesses or 
deficiencies in their recovery plans before they experience severe 
stress. Testing would help ensure that a covered bank's recovery plan 
will be an effective tool that can realistically help restore the bank 
to financial strength and viability in response to severe stress. Not 
surprisingly, testing is already a key component of other regulatory 
frameworks addressing the stress continuum (e.g., contingency funding 
planning \8\ and stress testing \9\). In addition, the FDIC has 
proposed amendments to its resolution planning rule to incorporate a 
testing requirement.\10\
---------------------------------------------------------------------------

    \8\ See 75 FR 13656 (March 22, 2010); Addendum to the 
Interagency Policy Statement on Funding and Liquidity Risk 
Management: Importance of Contingency Funding Plan (July 28, 2023).
    \9\ See 12 CFR part 46.
    \10\ 88 FR 64579 (Sept. 19, 2023).
---------------------------------------------------------------------------

    For these reasons, the OCC proposes to revise the Guidelines to 
include a testing provision as a new paragraph II.D. Under the proposed 
testing provision, a covered bank should test its overall recovery 
plan, and each element of the plan, to ensure that it will be an 
effective tool during periods of severe stress.\11\ To meet this 
standard, a covered bank may simulate severe financial and non-
financial stress scenarios, such as the scenarios used to develop the 
plan, to confirm that the plan is likely to work as intended when the 
covered bank is experiencing severe stress. This testing should 
include, for example, ensuring that the plan's triggers appropriately 
reflect the covered bank's particular vulnerabilities and will, in 
practice, provide the covered bank with timely notice of a continuum of 
increasingly severe stress, ranging from warnings of the likely 
occurrence of severe stress to the actual existence of severe stress. 
Testing should also enable management and the board to verify that the 
bank has identified credible options and is adequately prepared to 
carry out these options, as needed, during a period of severe stress. 
Testing should be sufficient to provide management and the board with 
similar assurances regarding the other elements of the plan and, 
ultimately, the plan as a whole. Although the proposal does not include 
a specific testing format or methodology, testing should be risk-based 
and reflect the covered bank's size, risk profile, activities, and 
complexity.
---------------------------------------------------------------------------

    \11\ As set forth in paragraph II.B. of the Guidelines, the 
elements of a recovery plan are Overview of covered bank; Triggers; 
Options for recovery; Impact assessments; Escalation procedures; 
Management reports; Communication procedures; and Other information.
---------------------------------------------------------------------------

    Question: The OCC invites comment on the proposed testing standard, 
including the following questions:
     Should the OCC be more specific about how to test a 
recovery plan to validate whether the plan would effectively facilitate 
a covered bank's recovery from severe financial or non-financial 
stress? For example, should the OCC provide that a covered bank test 
the plan using a specific number of stress scenarios? If so, how many 
scenarios would be appropriate? Should the OCC provide that covered 
banks utilize different scenarios each year? Should the OCC provide 
that a covered bank include a quantitative and qualitative analysis as 
part of the testing provision?
     How would a covered bank implement testing for recovery 
options? Are there certain options which would be difficult or 
impossible to test?
     How would a covered bank implement testing for impact 
assessments? For example, would it be possible to test the effect on 
material entities, critical operations, and core business lines? Should 
impact assessments be scoped out of the testing provision? If so, why?
     Is the proposed scope of testing appropriate? Are there 
other aspects of a covered bank's recovery plan or recovery planning 
process that the covered bank should test, and if so, what are those? 
Should the OCC narrow the testing standard? How and why?
     How would a covered bank implement testing in its recovery 
planning process? For example, would a covered bank first develop (or 
update) its recovery plan and then separately test the completed plan, 
or would a covered bank integrate testing into its development (or 
updating) process? Please explain.
    With respect to the frequency of testing, the OCC proposes that a 
covered bank test its recovery plan periodically but not less than 
annually, which aligns with management and board responsibilities to 
review a covered bank's recovery plan at least annually, under 
paragraphs III.A and III.B. of the Guidelines, respectively. As such, 
the proposed testing frequency would ensure that management and the 
board can consider the results of testing during their review. While 
the OCC expects that a covered bank would test each element of its 
recovery plan on an annual cycle, the agency does not expect that, for 
example, a covered bank would test all triggers or all options during 
each annual cycle. Rather, as noted above, annual testing should be 
risk-based. In addition, to provide covered banks with flexibility to 
engage in continuous or regular testing, the proposal also permits a 
covered bank to engage in periodic testing during an annual cycle. 
Finally, in the event that testing reveals weaknesses or deficiencies 
in a recovery plan, the proposal provides that a covered bank should 
revise its recovery plan as appropriate following testing.
    Question: The OCC invites comment on the proposed frequency of 
testing, including whether annual testing is appropriate, as well as 
whether and how this testing frequency will aid management and the 
board in fulfilling their recovery planning responsibilities. 
Alternatively, should the Guidelines provide for periodic testing 
without a specific frequency? Should the Guidelines also provide for 
testing in response to a material change to the recovery plan?
    Question: The OCC invites comment on whether the OCC should provide 
additional clarity regarding how covered banks should address 
weaknesses and deficiencies identified during testing.
    C. Non-financial risk. In the OCC's experience with covered banks' 
implementation of the Guidelines, banks have generally been successful 
in considering and addressing financial risks in their recovery plans. 
For example, many covered banks' recovery plans include triggers which 
cover changes to the bank's financial position, such as triggers for 
profitability, funding sources, liquidity ratios, and capital ratios.
    The OCC has observed, however, that covered banks have been less 
consistent in their consideration of non-financial risk, such as 
operational and strategic risks. As some covered banks have indicated, 
this inconsistent approach to non-financial risk may be because the 
goal of recovery planning is to return a covered bank to a position of 
financial strength and viability in the event of severe stress. 
Financial risk is, of course, critical to recovery planning. However, 
focusing a recovery plan exclusively on financial risks while 
neglecting non-financial risks overlooks the very real threats that 
non-financial risks can pose to a bank's financial strength and 
viability. For example, banks face elevated levels of risk from an 
increasingly complex operational and strategic environment. They are 
undergoing rapid and significant

[[Page 55117]]

changes in an effort to innovate, digitize, and meet rising consumer 
demands; to optimize risk management practices; and to respond to 
externalities such as economic and environmental uncertainties and 
financial pressures. These risks can lead to severe non-financial 
stress that affects a bank's financial strength and viability.\12\
---------------------------------------------------------------------------

    \12\ The Guidelines already recognize this fact, insofar as the 
definition of ``recovery'' refers to ``financial or operational 
stress.'' However, as noted above, the OCC believes that this issue 
warrants additional clarity.
---------------------------------------------------------------------------

    To ensure that covered banks' appropriately address non-financial 
risks in their recovery plans, including by identifying non-financial 
stress and triggers, the OCC proposes certain changes to the 
Guidelines. The first proposed change is to paragraph II.A., which 
currently states that each covered bank should develop and maintain a 
recovery plan that is specific to and appropriate for its individual 
size, risk profile, activities, and complexity, including the 
complexity of its organizational and legal entity structure. The OCC 
proposes to add language to this paragraph stating that a covered 
bank's recovery plan should appropriately consider both financial risk 
and non-financial risk (including operational and strategic risk). The 
added reference to financial risk is not because covered banks have not 
been considering this type of risk but to highlight that both types of 
risk should be addressed. The OCC also proposes conforming changes to 
the definitions of ``recovery'' and ``trigger'' in paragraphs I.E.4. 
and I.E.6., respectively, and to the recovery plan elements of 
``trigger'' and ``impact assessment'' in paragraphs II.B.2. and 
II.B.4., respectively. These conforming changes are also intended to 
highlight the importance of both financial and non-financial risks 
throughout the recovery planning process.
    The OCC is not proposing any changes to the ``options for 
recovery'' element in paragraph II.B.3. of the Guidelines, which 
provides that recovery plan ``should explain how the covered bank would 
carry out each option and describe the timing required for carrying out 
each option.'' The OCC believes, however, it is important to emphasize 
that this process should include an understanding of, and plan for 
mitigating, the non-financial challenges and risks, including 
operational challenges and risks, associated with executing each 
recovery option during severe stress. Without this, a covered bank's 
management and board cannot accurately assess whether the options 
identified in the recovery plan are, in fact, credible options that the 
covered bank could undertake to restore financial strength and 
viability.
    Finally, paragraph II.C. of the Guidelines, ``Relationship to other 
processes; coordination with other plans,'' provides that a covered 
bank's recovery plan should be integrated into its other risk 
governance functions and aligned with its other plans. This provision 
is intended to make clear that recovery planning should complement, and 
not replace, these risk governance and planning functions at covered 
banks, including those that address non-financial risks. The paragraph 
lists examples of such other plans; to provide an additional example of 
an operational risk plan, the OCC proposes to add a reference to 
``resilience programs'' in paragraph II.C.
    Question: The OCC invites comment on its proposal to incorporate 
non-financial risks into the Guidelines, including the following:
     Are ``financial'' and ``non-financial'' risks sufficiently 
clear? Should the Guidelines define these terms or otherwise include 
more specificity? For example, should the OCC identify or define 
specific types of financial and non-financial risk, such as by 
incorporating the risk types and corresponding definitions used in the 
Comptroller's Handbook or another source? Please explain.
     Should the OCC revise any other provisions of the 
Guidelines, including the definition of ``recovery plan'' or any of the 
other elements of a recovery plan, to incorporate non-financial risk? 
If so, how?
     Is the proposal sufficiently clear about the relationship 
between non-financial risk and recovery planning? Is it sufficiently 
clear that inclusion of non-financial risk in a recovery plan should 
not replace a covered bank's other non-financial risk governance 
practices, such as its business continuity and operational resilience 
planning?
    D. Compliance. The OCC understands that it would take time for 
covered banks to implement the changes discussed above, particularly 
for banks that are not currently covered by the Guidelines but would 
become covered banks based on the proposed threshold change. To this 
end, the agency proposes to amend paragraph I.B. of the Guidelines, 
entitled ``Compliance date,'' to provide the banks with sufficient 
time. Specifically, a bank that is a covered bank under the current 
Guidelines would have 12 months from the effective date of the 
amendments to comply with the changes. These banks would continue to be 
obligated to comply with the current Guidelines during this 12-month 
period.
    Question: The OCC invites comment on whether a 12-month compliance 
date would be sufficient for a bank that is already a covered bank. 
Should the OCC adopt shorter a compliance date, such as 3 or 6 months, 
or a longer one, such as 18 or 24 months, for these banks? Should the 
OCC establish different compliance dates for updating a recovery plan 
to address non-financial risks and for testing the plan? If so, what 
compliance dates would be appropriate? Please explain.
    For a bank that has $100 billion or more but less than $250 billion 
in average total consolidated assets on the effective date of the 
amendments to the Guidelines, the proposal provides that the bank 
should comply with the Guidelines within 12 months of the effective 
date, except for the testing requirements with which the bank should 
comply within 18 months. A financial institution that is not a covered 
bank on the effective date of the amended Guidelines but that 
subsequently becomes a covered bank would continue to have 12 months 
from the date on which it becomes a covered bank to comply with the 
Guidelines, except that it would have 18 months to comply with the 
testing requirements.\13\
---------------------------------------------------------------------------

    \13\ A financial institution could become a covered bank after 
the effective date of the amended Guidelines, for example, if its 
average total consolidated assets grow to or above the threshold, if 
it is a State bank with average total consolidated assets of $100 
billion or more that converts to an OCC charter, or through the 
OCC's exercise of its reservation of authority under section I.C.
---------------------------------------------------------------------------

    Question: The OCC invites comments on these proposed compliance 
dates. Would a 12-month compliance date provide a bank or other 
financial institution that is newly covered by the Guidelines with 
adequate time to develop a plan? Should the OCC adopt a shorter 
compliance date, such as 3 or 6 months, or a longer one, such as 18 or 
24 months? How would this change if the OCC were to adopt a different 
threshold? Is 6 additional months an appropriate timeframe for testing, 
or would a shorter or longer timeframe be appropriate? Alternatively, 
should the OCC establish one compliance date for both developing and 
testing a recovery plan? Please explain.
    Question: Should the OCC include an additional reservation of 
authority that would permit it to apply the Guidelines to a bank or 
covered bank on a timeframe different than the otherwise-applicable 
compliance dates (e.g., following a merger or acquisition)? If so, what 
factors should the OCC consider

[[Page 55118]]

when deciding whether to exercise this reservation of authority?

III. Comment Invitation

    In addition to the specific questions asked above, the OCC invites 
comment on all aspects of the proposed revisions to the Guidelines.

IV. Regulatory Analysis

Paperwork Reduction Act of 1995

    Under the Paperwork Reduction Act of 1995 (PRA),\14\ the OCC may 
not conduct or sponsor, and a respondent is not required to respond to, 
an information collection unless it displays a currently valid Office 
of Management and Budget (OMB) control number. This notice of proposed 
rulemaking includes changes to an approved collection of information 
pursuant to the provisions of the PRA. The OCC submitted the 
information collections contained in this notice of proposed rulemaking 
to OMB for review and approval, under section 3507(d) of the PRA and 
Sec.  1320.11 of OMB's implementing regulations (5 CFR part 1320).
---------------------------------------------------------------------------

    \14\ 44 U.S.C. 3501-3521.
---------------------------------------------------------------------------

    The Guidelines contain information collections previously approved 
by OMB, which are found in 12 CFR part 30, appendix E, sections II.B., 
II.C., and III. Section II.B. specifies the elements of the recovery 
plan, including an overview of the covered bank; triggers; options for 
recovery; impact assessments; escalation procedures; management 
reports; communication procedures; and any other information the OCC 
communicates in writing. Section II.C. addresses the relationship of 
the plan to other covered bank processes and coordination with other 
plans, including the processes and plans of its bank holding company. 
Section III outlines management's and the board's responsibilities.
    The proposed rulemaking contains additional information 
collections. Under the proposal, the threshold for applying the 
Guidelines to a bank would be reduced from $250 billion to $100 billion 
in average total consolidated assets. The proposal would also establish 
a testing standard, which would provide that a bank should test its 
overall recovery plan and each element of the plan. Additionally, the 
proposal would clarify the role of non-financial (including operational 
and strategic) risk in recovery planning.
    The following revised information collection was submitted to OMB 
for review.
    Title: OCC Guidelines Establishing Standards for Recovery Planning 
by Certain Large Insured National Banks, Insured Federal Savings 
Associations, and Insured Federal Branches.
    OMB Control No.: 1557-0333.
    Affected Public: Businesses or other for-profit organizations.
    Estimated Burden:
    Frequency of Response: On occasion.
    Total Number of Respondents: 21.
    Total Burden per Respondent: 32,017 hours.
    Total Burden for Collection: 672,360 hours.
    Comments are invited on: (a) Whether the collection of information 
is necessary for the proper performance of the functions of the OCC, 
including whether the information has practical utility; (b) The 
accuracy of the OCC's estimate of the burden of the collection of 
information; (c) Ways to enhance the quality, utility, and clarity of 
the information to be collected; (d) Ways to minimize the burden of the 
collection on respondents, including through the use of automated 
collection techniques or other forms of information technology; and (e) 
Estimates of capital or start-up costs and costs of operation, 
maintenance, and purchase of services to provide information.

Regulatory Flexibility Act

    In general, the Regulatory Flexibility Act (RFA) \15\ requires an 
agency, in connection with a proposed rule, to prepare an Initial 
Regulatory Flexibility Analysis describing the impact of the rule on 
small entities (defined by the U.S. Small Business Administration for 
purposes of the RFA to include commercial banks and savings 
institutions with total assets of $850 million or less and trust 
companies with total assets of $47 million or less). However, under 
section 605(b) of the RFA, this analysis is not required if an agency 
certifies that the proposed rule would not have a significant economic 
impact on a substantial number of small entities and publishes its 
certification and a short explanatory statement in the Federal Register 
along with its proposed rule.
---------------------------------------------------------------------------

    \15\ 5 U.S.C. 601 et seq.
---------------------------------------------------------------------------

    The OCC currently supervises approximately 947 IDIs \16\ of which 
636 are small entities.\17\ The proposed rule would not impact any 
small entities because it would only apply to IDIs with average total 
consolidated assets of $100 billion or more. Accordingly, the OCC 
certifies that the proposed rule, if implemented, would not have a 
significant economic impact on a substantial number of small entities.
---------------------------------------------------------------------------

    \16\ Based on data accessed using FINDRS on May 23, 2024.
    \17\ Consistent with the General Principles of Affiliation, 13 
CFR 121.103(a), the OCC counts the assets of affiliated financial 
institutions when determining if it should classify an institution 
as a small entity. The OCC used December 31, 2023, to determine size 
because a ``financial institution's assets are determined by 
averaging the assets reported on its four quarterly financial 
statements for the preceding year.'' See footnote 8 of the U.S. 
Small Business Administration's Table of Standards.
---------------------------------------------------------------------------

Unfunded Mandates Reform Act of 1995

    The OCC analyzed the proposed rule under the factors set forth in 
the Unfunded Mandates Reform Act of 1995 (UMRA).\18\ Under this 
analysis, the OCC considered whether the proposed rule includes a 
Federal mandate that may result in the expenditure by State, local, and 
Tribal governments, in the aggregate, or by the private sector, of $100 
million or more in any one year (adjusted for inflation, currently $183 
million). The OCC has determined that expenditures to comply with 
proposed rule's mandates would be approximately $86.7 million. 
Therefore, the OCC concludes that the proposed rule would not result in 
an expenditure of $183 million or more annually by State, local, and 
Tribal governments, or by the private sector. Accordingly, the OCC has 
not prepared the written statement described in section 202 of the 
UMRA.
---------------------------------------------------------------------------

    \18\ 2 U.S.C. 1532.
---------------------------------------------------------------------------

Riegle Community Development and Regulatory Improvement Act of 1994

    Pursuant to section 302(a) of the Riegle Community Development and 
Regulatory Improvement Act of 1994,\19\ in determining the effective 
date and administrative compliance requirements for new regulations 
that impose additional reporting, disclosure, or other requirements on 
insured depository institutions, the OCC will consider, consistent with 
the principles of safety and soundness and the public interest: (1) any 
administrative burdens that the proposed rule would place on depository 
institutions, including small depository institutions and customers of 
depository institutions and (2) the benefits of the proposed rule. The 
OCC requests comment on any administrative burdens that the proposed 
rule would place on depository institutions, including small depository 
institutions and their customers, and the benefits of the proposed rule 
that the OCC should consider in determining the effective date and 
administrative compliance requirements for a final rule.
---------------------------------------------------------------------------

    \19\ 12 U.S.C. 4802(a).

---------------------------------------------------------------------------

[[Page 55119]]

Providing Accountability Through Transparency Act of 2023

    The Providing Accountability Through Transparency Act of 2023 \20\ 
requires that a notice of proposed rulemaking include the internet 
address of a summary of not more than 100 words in length of a proposed 
rule, in plain language, that shall be posted on the internet website 
www.regulations.gov.
---------------------------------------------------------------------------

    \20\ 12 U.S.C. 553(b)(4).
---------------------------------------------------------------------------

    The Office of the Comptroller of the Currency is proposing to amend 
its enforceable recovery planning guidelines to expand them to apply to 
insured national banks, Federal savings associations, and Federal 
branches with average total consolidated assets of $100 billion or 
more; incorporate a testing standard; and clarify the role of non-
financial (including operational and strategic) risk in recovery 
planning.

List of Subjects in 12 CFR Part 30

    Banks, Banking, Consumer protection, National banks, Privacy, 
Safety and soundness, Reporting and recordkeeping requirements.

Authority and Issuance

    For the reasons set forth in the preamble, and under the authority 
of 12 U.S.C. 93a, chapter I of title 12 of the Code of Federal 
Regulations is proposed to be amended as follows:

PART 30--SAFETY AND SOUNDESS STANDARDS

0
1. The authority citation for part 30 continues to read as follows:

    Authority: 12 U.S.C. 1, 93a, 371, 1462a, 1463, 1464, 1467a, 
1818, 1828, 1831p-1, 1881-1884, 3102(b) and 5412(b)(2)(B); 15 U.S.C. 
1681s, 1681w, 6801, and 6805(b)(1).

0
2. Amend appendix E by:
0
a. Revising and republishing paragraph I.B.
0
b. In paragraph I.C.1.a, removing the text ``$250 billion'' and adding 
the text ``$100 billion'' in its place; and
0
c. Revising and republishing paragraphs I.E. and II.
    The revisions read as follows:

Appendix E to Part 30--OCC Guidelines Establishing Standards for 
Recovery Planning by Certain Large Insured National Banks, Insured 
Federal Savings Associations, and Insured Federal Branches

* * * * *

I. Introduction

* * * * *
    B. Compliance date.
    1. A covered bank with average total consolidated assets, 
calculated according to paragraph I.E.1. of this appendix, equal to 
or greater than $250 billion as of [EFFECTIVE DATE OF FINAL RULE] 
should be in compliance with this appendix on [EFFECTIVE DATE OF 
FINAL RULE] except for paragraph II.D. of this appendix and the 
amended provisions on non-financial risk, with which the bank should 
be in compliance by 12 months from [EFFECTIVE DATE OF FINAL RULE].
    2. A covered bank with average total consolidated assets, 
calculated according to paragraph I.E.1. of this appendix, equal to 
or greater than $100 billion but less than $250 billion as of 
[EFFECTIVE DATE OF FINAL RULE] should be in compliance with this 
appendix on 12 months from [EFFECTIVE DATE OF FINAL RULE], except 
for paragraph II.D. of this appendix with which the covered bank 
should be in compliance by 18 months from [EFFECTIVE DATE OF FINAL 
RULE].
    3. A financial institution that is not a covered bank as of 
[EFFECTIVE DATE OF FINAL RULE] but which subsequently becomes a 
covered bank should comply with this appendix within 12 months of 
becoming a covered bank, except for paragraph II.D. of this appendix 
with which the covered bank should be in compliance by 18 months of 
becoming a covered bank.
* * * * *
    E. Definitions.
    1. Average total consolidated assets means the average of total 
consolidated assets of the bank or the covered bank, as reported on 
the bank's or the covered bank's Consolidated Reports of Condition 
and Income for the four most recent consecutive quarters.
    2. Bank means any insured national bank, insured Federal savings 
association, or insured Federal branch of a foreign bank.
    3. Covered bank means any bank:
    a. With average total consolidated assets equal to or greater 
than $100 billion;
    b. With average total consolidated assets of less than $100 
billion if the bank was previously a covered bank, unless the OCC 
determines otherwise; or
    c. With average total consolidated assets less than $100 
billion, if the OCC determines that such bank is highly complex or 
otherwise presents a heightened risk as to warrant the application 
of this appendix pursuant to paragraph I.C.1.a. of this appendix.
    4. Recovery means timely and appropriate action that a covered 
bank takes to remain a going concern when it is experiencing or is 
likely to experience considerable financial and non-financial 
stress. A covered bank in recovery has not yet deteriorated to the 
point where liquidation or resolution is imminent.
    5. Recovery plan means a plan that identifies triggers and 
options for responding to a wide range of severe internal and 
external stress scenarios to restore a covered bank that is in 
recovery to financial strength and viability in a timely manner. The 
options should maintain the confidence of market participants, and 
neither the plan nor the options may assume or rely on any 
extraordinary government support.
    6. Trigger means a quantitative or qualitative indicator of the 
risk or existence of severe financial and non-financial stress, the 
breach of which should always be escalated to senior management or 
the board of directors (or appropriate committee of the board of 
directors), as appropriate, for purposes of initiating a response. 
The breach of any trigger should result in timely notice accompanied 
by sufficient information to enable management of the covered bank 
to take corrective action.

II. Recovery Plan

    A. Recovery plan. Each covered bank should develop and maintain 
a recovery plan that is specific to that covered bank and 
appropriate for its individual size, risk profile, activities, and 
complexity, including the complexity of its organizational and legal 
entity structure. When developing and maintaining its recovery plan, 
each covered bank should appropriately consider both financial risk 
and non-financial risk (including operational and strategic risk).
    B. Elements of recovery plan. A recovery plan under paragraph 
II.A. of this appendix should include the following elements:
    1. Overview of covered bank. A recovery plan should describe the 
covered bank's overall organizational and legal entity structure, 
including its material entities, critical operations, core business 
lines, and core management information systems. The plan should 
describe interconnections and interdependencies:
    (i) Across business lines within the covered bank;
    (ii) With affiliates in a bank holding company structure;
    (iii) Between a covered bank and its foreign subsidiaries; and
    (iv) With critical third parties.
    2. Triggers. A recovery plan should identify financial and non-
financial triggers that appropriately reflect the covered bank's 
particular vulnerabilities.
    3. Options for recovery. A recovery plan should identify a wide 
range of credible options that a covered bank could undertake to 
restore financial strength and viability, thereby allowing the bank 
to continue to operate as a going concern and to avoid liquidation 
or resolution. A recovery plan should explain how the covered bank 
would carry out each option and describe the timing required for 
carrying out each option. The recovery plan should specifically 
identify the recovery options that require regulatory or legal 
approval.
    4. Impact assessments. For each recovery option, a covered bank 
should assess and describe how the option would affect the covered 
bank. This impact assessment and description should specify the 
procedures the covered bank would use to maintain the financial 
strength and viability of its material entities, critical 
operations, and core business lines for each recovery option. For 
each option, the recovery plan's impact assessment should address 
the following:
    a. The effect on the covered bank's capital, liquidity, funding, 
and profitability;
    b. The effect on the covered bank's material entities, critical 
operations, and core business lines, including reputational impact;
    c. The effect on the covered bank's risk profile as a result of 
changes to its financial and non-financial risk; and

[[Page 55120]]

    d. Any legal or market impediment or regulatory requirement that 
must be addressed or satisfied in order to implement the option.
    5. Escalation procedures. A recovery plan should clearly outline 
the process for escalating decision-making to senior management or 
the board of directors (or an appropriate committee of the board of 
directors), as appropriate, in response to the breach of any 
trigger. The recovery plan should also identify the departments and 
persons responsible for executing the decisions of senior management 
or the board of directors (or an appropriate committee of the board 
of directors).
    6. Management reports. A recovery plan should require reports 
that provide senior management or the board of directors (or an 
appropriate committee of the board of directors) with sufficient 
data and information to make timely decisions regarding the 
appropriate actions necessary to respond to the breach of a trigger.
    7. Communication procedures. A recovery plan should provide that 
the covered bank notify the OCC of any significant breach of a 
trigger and any action taken or to be taken in response to such 
breach and should explain the process for deciding when a breach of 
a trigger is significant. A recovery plan also should address when 
and how the covered bank will notify persons within the organization 
and other external parties of its action under the recovery plan. 
The recovery plan should specifically identify how the covered bank 
will obtain required regulatory or legal approvals.
    8. Other information. A recovery plan should include any other 
information that the OCC communicates in writing directly to the 
covered bank regarding the covered bank's recovery plan.
    C. Relationship to other processes; coordination with other 
plans. The covered bank should integrate its recovery plan into its 
risk governance functions. The covered bank also should align its 
recovery plan with its other plans, such as its strategic; 
operational (including business continuity and resilience program); 
contingency; capital (including stress testing); liquidity; and 
resolution planning. The covered bank's recovery plan should be 
specific to that covered bank. The covered bank also should 
coordinate its recovery plan with any recovery and resolution 
planning efforts by the covered bank's holding company, so that the 
plans are consistent with and do not contradict each other.
    D. Testing. Each covered bank should test its recovery plan 
periodically but not less than annually. The test should validate 
the effectiveness of the recovery plan, including each element set 
forth in paragraph II.B. of this appendix. Each covered bank should 
revise its recovery plan as appropriate following completion of the 
test.
* * * * *

Michael J. Hsu,
Acting Comptroller of the Currency.

[FR Doc. 2024-13960 Filed 7-2-24; 8:45 am]
BILLING CODE 4810-33-P