OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches, 84255-84261 [2024-24402]

Agencies

• Office of the Comptroller of the Currency
• DEPARTMENT OF THE TREASURY

[Federal Register Volume 89, Number 204 (Tuesday, October 22, 2024)]
[Rules and Regulations]
[Pages 84255-84261]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-24402]



========================================================================
Rules and Regulations
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains regulatory documents 
having general applicability and legal effect, most of which are keyed 
to and codified in the Code of Federal Regulations, which is published 
under 50 titles pursuant to 44 U.S.C. 1510.

The Code of Federal Regulations is sold by the Superintendent of Documents. 

========================================================================


Federal Register / Vol. 89, No. 204 / Tuesday, October 22, 2024 / 
Rules and Regulations

[[Page 84255]]



DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Part 30

[Docket ID OCC-2024-0008]
RIN 1557-AF27


OCC Guidelines Establishing Standards for Recovery Planning by 
Certain Large Insured National Banks, Insured Federal Savings 
Associations, and Insured Federal Branches

AGENCY: Office of the Comptroller of the Currency, Treasury.

ACTION: Final guidelines.

-----------------------------------------------------------------------

SUMMARY: The Office of the Comptroller of the Currency is amending its 
enforceable recovery planning guidelines to apply them to insured 
national banks, insured Federal savings associations, and insured 
Federal branches of foreign banks with average total consolidated 
assets of $100 billion or more; incorporate a testing standard; and 
clarify the role of non-financial (including operational and strategic) 
risk in recovery planning.

DATES: The final guidelines are effective on January 1, 2025.

FOR FURTHER INFORMATION CONTACT: Kimberly Jameson, Lead Expert, Market 
Risk, (202) 322-8527; Andra Shuster, Senior Counsel, Karen McSweeney, 
Special Counsel, or Priscilla Benner, Counsel, Chief Counsel's Office, 
(202) 649-5490; 400 7th Street SW, Washington, DC 20219. If you are 
deaf or hard of hearing or have a speech disability, please dial 7-1-1 
to access telecommunications relay services.

SUPPLEMENTARY INFORMATION:

I. Background

    Large-scale financial crises have demonstrated the destabilizing 
effect that severe stress can have on financial entities, capital 
markets, the Federal banking system, and the U.S. and global economies. 
This is particularly true when a crisis places severe stress on large, 
complex financial institutions due to the systemic and contagion risks 
that they pose. For example, during the 2008 crisis, the Office of the 
Comptroller of the Currency (OCC) observed that many financial 
institutions were not prepared to respond effectively to the financial 
effects of severe stress. The lack of or inadequate planning threatened 
the viability of some financial institutions, and many were forced to 
take significant actions without the benefit of a well-developed plan 
for recovery.
    For the OCC, this experience highlighted the importance of large, 
complex banks having strong risk governance frameworks, including plans 
for how to respond quickly and effectively to, and recover from, the 
financial effects of severe stress. The agency recognized that this 
type of advance planning would reduce a bank's risk of failure and 
increase the likelihood that it would return to a position of financial 
strength and viability following severe stress.
    On September 29, 2016, the OCC issued Guidelines Establishing 
Standards for Recovery Planning by Certain Large Insured National 
Banks, Insured Federal Savings Associations, and Insured Federal 
Branches (Guidelines).\1\ Under the Guidelines, an insured national 
bank, insured Federal savings association, or insured Federal branch 
(bank) subject to the standards (covered bank) should have a recovery 
plan that includes (1) quantitative or qualitative indicators of the 
risk or existence of severe stress that reflect its particular 
vulnerabilities; (2) a wide range of credible options that it could 
undertake in response to the stress to restore its financial strength 
and viability; and (3) an assessment and description of how these 
options would affect it. The Guidelines provide that a recovery plan 
should also address (1) the covered bank's overall organizational and 
legal entity structure and its interconnections and interdependencies; 
(2) procedures for escalating decision-making to senior management or 
the board of directors or an appropriate committee thereof (board); (3) 
management reports; (4) communication procedures; and (5) any other 
information the OCC communicates in writing. The Guidelines also set 
forth the responsibilities of management and the board with respect to 
the covered bank's recovery plan.
---------------------------------------------------------------------------

    \1\ 81 FR 66791. The Guidelines are codified at 12 CFR part 30, 
appendix E. They were issued pursuant to section 39 of the Federal 
Deposit Insurance Act, 12 U.S.C. 1831p-1, which authorizes the OCC 
to prescribe enforceable safety and soundness standards.
---------------------------------------------------------------------------

    The 2016 Guidelines applied to banks with total consolidated assets 
of $50 billion or more. In 2018, the OCC amended the Guidelines to 
raise the threshold to $250 billion based on its view, at that time, 
that these larger, more complex, and potentially more interconnected 
banks presented greater systemic risk to the financial system and would 
benefit most from recovery planning.\2\
---------------------------------------------------------------------------

    \2\ 83 FR 66604 (Dec. 27, 2018).
---------------------------------------------------------------------------

    In March 2023, several insured depository institutions (IDIs) with 
total consolidated assets of $100 billion or more experienced 
significant withdrawals of uninsured deposits in response to underlying 
weaknesses in their financial position and failed. These events 
highlighted the risk, complexity, and interconnectedness of banks with 
average total consolidated assets between $100 billion and $250 billion 
and underscored that it is important for banks in this size range 
(which are not covered by the current Guidelines) to develop and 
maintain recovery plans to respond to the financial effects of severe 
stress.
    In addition, since the issuance of the Guidelines in 2016, the 
agency has examined covered banks' recovery planning processes and 
reviewed numerous recovery plans. Based on this experience, the OCC has 
identified areas where the current Guidelines should be strengthened.
    To address these issues, on July 3, 2024, the OCC published a 
proposal to expand the Guidelines to apply to banks with average total 
consolidated assets of $100 billion or more; incorporate a testing 
standard; and clarify the role of non-financial (including operational 
and strategic) risk in recovery planning.\3\ The OCC received five 
comments on the proposal. Two comments were from banks, one was from an 
individual, one was from two trade associations, and one was from a

[[Page 84256]]

non-profit organization.\4\ These comments are addressed in detail in 
the next section.
---------------------------------------------------------------------------

    \3\ 89 FR 55114.
    \4\ The OCC also received a comment letter from three trade 
associations requesting that the agency extend the comment period by 
30 days. The OCC denied this request on July 25, 2024. https://www.regulations.gov/document/OCC-2024-0008-0004.
---------------------------------------------------------------------------

II. Description of the Proposal, Comments, and Final Guidelines

A. Covered Bank Threshold

    Definition of covered bank. The current Guidelines generally apply 
to banks with average total consolidated assets of $250 billion or 
more. Based on the OCC's observations during the IDI failures in 2023, 
the agency proposed to expand the Guidelines to apply to banks with 
average total consolidated assets of $100 billion or more.\5\ To make 
this change, the OCC proposed to revise the definition of ``covered 
bank'' in paragraph I.E.3. of the current Guidelines.
---------------------------------------------------------------------------

    \5\ In addition, the Federal Deposit Insurance Corporation 
(FDIC) recently amended its resolution planning rule to require 
covered IDIs with $100 billion or more in total assets to submit 
comprehensive resolution plans. 89 FR 56620 (July 9, 2024).
---------------------------------------------------------------------------

    The OCC received several comments on this proposed change. While 
one commenter supported the proposed $100 billion threshold, another 
commenter suggested a $150 billion threshold. Commenters also 
recommended that the OCC include metrics in addition to asset size in 
its definition of covered bank, periodically adjust the threshold for 
inflation, notify covered banks when they become subject to the 
Guidelines, and tailor the Guidelines based on covered banks' size and 
complexity.
    The OCC continues to believe that the $100 billion threshold is 
appropriate. As noted above, the agency has observed that banks at or 
above this size generally have a level of risk, complexity, and 
interconnectedness at which recovery planning is most beneficial. 
Narrowing the threshold to $150 billion would exclude some of these 
banks. With respect to additional metrics, the reservation of authority 
in paragraph I.C. of the Guidelines provides the OCC with sufficient 
flexibility to determine, based on factors other than asset size, that 
a bank is highly complex or otherwise presents a heightened risk and, 
thus, should be subject to the Guidelines.\6\
---------------------------------------------------------------------------

    \6\ The OCC also has authority to determine that a covered bank 
is no longer highly complex or no longer presents a heightened risk 
and thus should not be subject to the Guidelines.
---------------------------------------------------------------------------

    Regarding an inflation adjustment, the OCC has determined that it 
does not need to include this provision in the Guidelines, as the 
agency can revisit and amend the threshold through the rulemaking 
process as appropriate. The OCC has also concluded that it is not 
necessary to notify a bank when it becomes a covered bank because this 
is determined based on a bank's own Consolidated Reports of Condition 
and Income (Call Report) data.\7\ Finally, the current Guidelines 
specifically state that each covered bank's recovery plan should be 
``appropriate for its individual size, risk profile, activities, and 
complexity,'' and thus, they are inherently tailored.\8\
---------------------------------------------------------------------------

    \7\ For banks that become subject to the Guidelines through the 
OCC's reservation of authority, the agency has already incorporated 
notice and response procedures at paragraph I.C.2.
    \8\ Paragraph II.A.
---------------------------------------------------------------------------

    Therefore, the OCC is adopting the changes to the definition of 
``covered bank'' as proposed.
    Calculation of the threshold. The current Guidelines define 
``average total consolidated assets'' in paragraph I.E.1. as ``the 
average total consolidated assets of the bank or the covered bank,'' as 
reported on its Call Report for the four most recent consecutive 
quarters. The OCC proposed a clarifying change to this definition to 
refer to the average ``of'' total consolidated assets of the bank or 
covered bank. This change was intended to clarify that the calculation 
of ``average total consolidated assets'' for purposes of the Guidelines 
is based on the ``total assets'' line, not the ``average total 
consolidated assets'' line, of the Call Report.\9\ This change could 
have affected the quarter in which a bank became a covered bank and 
would have been consistent with the OCC Guidelines Establishing 
Heightened Standards for Certain Large Insured National Banks, Insured 
Federal Savings Associations, and Insured Federal Branches.\10\ The OCC 
did not receive any comments on this proposed change and adopts it as 
proposed.
---------------------------------------------------------------------------

    \9\ Compare Schedule RC, item 12 and Schedule RC-R, item 27 of 
the Call Report.
    \10\ 12 CFR part 30, appendix D.
---------------------------------------------------------------------------

    Reservation of authority. The reservation of authority in paragraph 
I.C.1. of the current Guidelines provides that the OCC has the 
discretion to apply the Guidelines, in whole or in part, to a bank with 
average total consolidated assets of less than $250 billion if it 
determines that the bank is highly complex or otherwise presents a 
heightened risk that warrants application of the Guidelines.\11\ 
Consistent with the proposed threshold change described above, the 
proposal would have allowed the agency to apply the Guidelines to a 
bank with average total consolidated assets of less than $100 billion 
in these circumstances.\12\
---------------------------------------------------------------------------

    \11\ Paragraph I.C.1.a.
    \12\ The proposal did not include changes to paragraph I.C.1.b. 
of the Guidelines (which provides that the OCC can determine that 
the Guidelines should not apply to a covered bank) because this 
paragraph does not reference asset size.
---------------------------------------------------------------------------

    The OCC received one comment on this proposed change, which stated 
that the reservation of authority should not be used for banks with 
under $100 billion in average total consolidated assets because 
recovery planning addresses issues similar to those already addressed 
in other contexts (e.g., capital planning and stress testing). The OCC 
continues to believe that the agency should have the flexibility to 
apply the Guidelines to banks below the $100 billion threshold based on 
whether the bank is highly complex or otherwise presents a heightened 
risk. For this reason, the OCC is adopting this change as proposed.

B. Testing

    Testing generally. As stated above, the OCC has many years of 
experience with administering the Guidelines, including reviewing 
covered banks' recovery plans. During this period, the agency has 
observed that covered banks would benefit from testing their recovery 
plans, which would allow them to proactively identify and address any 
weaknesses or deficiencies before they experience severe stress. This 
process would help a covered bank determine that its recovery plan is 
an effective tool that can realistically help restore the bank to 
financial strength and viability in response to severe stress. Not 
surprisingly, testing is already a key component of other regulatory 
frameworks addressing the stress continuum (e.g., contingency funding 
planning \13\ and stress testing \14\).
---------------------------------------------------------------------------

    \13\ 75 FR 13656 (March 22, 2010); Addendum to the Interagency 
Policy Statement on Funding and Liquidity Risk Management: 
Importance of Contingency Funding Plan (July 28, 2023).
    \14\ 12 CFR part 46.
---------------------------------------------------------------------------

    For these reasons, the OCC proposed to add a testing provision as a 
new paragraph II.D. of the Guidelines, which stated that a covered bank 
should validate the effectiveness of its recovery plan. The preamble 
explained that a covered bank may do this by simulating severe 
financial and non-financial stress scenarios (e.g., the scenarios used 
to develop the plan) to confirm that the plan is likely to work as 
intended. This testing should include, for example, ensuring that the 
plan's triggers appropriately reflect the covered bank's particular 
vulnerabilities and will, in practice, provide timely notice of

[[Page 84257]]

increasingly severe stress, ranging from warnings of the likely 
occurrence of severe stress to its actual existence. Testing should 
also enable management and the board to verify that the covered bank 
has identified credible options that it is prepared to carry out during 
a period of severe stress. It should provide management and the board 
with similar assurances regarding other elements of the plan and, 
ultimately, the plan as a whole. The proposal did not specify a testing 
format or methodology but stated that testing should be risk-based and 
reflect the covered bank's size, risk profile, activities, and 
complexity.
    The OCC received three comments on its proposed testing provision. 
One commenter stated that testing should be a flexible, risk-based 
``capabilities assessment'' (i.e., an assessment of a covered bank's 
capability to implement its recovery plan in a timely manner). The 
commenter also expressed concern that validation was not defined or 
explained and could require a covered bank to prove its plan's 
effectiveness by, for example, actually executing a recovery plan 
option (e.g., divesting a business line). The commenter also argued 
that the inclusion of scenario analysis would duplicate the process 
that a covered bank used to develop or update a recovery plan. Another 
commenter supported the addition of testing to the Guidelines but 
stated that the OCC should provide more specific directions.
    The OCC disagrees with several of these comments. While a 
capabilities assessment is an important aspect of testing, it is 
insufficient on its own to achieve the purpose of testing. For example, 
a capabilities assessment would not necessarily help a covered bank 
identify gaps in its recovery plan (e.g., missing triggers or options) 
or determine if the plan can realistically help to restore the bank to 
financial strength and viability during periods of severe stress. With 
respect to the concept of validation, the OCC is using the term to 
convey that testing should confirm, to the extent possible, that the 
plan can accomplish its intended goals. Naturally, validation does not 
necessarily mean that a covered bank should actually execute a recovery 
option as part of testing. With respect to scenario analysis, the 
proposal would not have directed covered banks to use a specified 
testing format or methodology. Therefore, one covered bank could 
determine that a scenario analysis is an informative component of 
testing, while another may decide that it would unnecessarily duplicate 
its process for developing and updating its recovery plan. Accordingly, 
the OCC makes no change in the final Guidelines in response to these 
comments.
    However, the OCC agrees that testing should be risk-based. A risk-
based standard will provide each covered bank with the flexibility to 
develop and implement a testing framework that is consistent with its 
individual characteristics. To reflect this, the OCC is amending the 
final Guidelines to state that testing ``should be appropriate for the 
bank's individual size, risk profile, activities, and complexity, 
including the complexity of its organizational and legal entity 
structure'' and declines to establish a more prescriptive testing 
standard.
    Testing of elements. The proposal stated that testing should 
include validation of the effectiveness of each element of the 
plan.\15\ Two commenters questioned how a bank would validate the 
effectiveness of key aspects of recovery planning (e.g., the ``Overview 
of covered bank,'' which describes a covered bank's overall 
organizational and legal entity structure and its interconnections and 
interdependencies). The OCC agrees that it may not be possible to 
validate the effectiveness of each plan element, particularly 
descriptive elements (e.g., the covered bank's overview). The agency 
believes, however, that a covered bank should consider each element of 
its recovery plan as part of testing to validate the effectiveness of 
the overall plan. This consideration may include, for example, 
assessing the effectiveness, completeness, or accuracy of each element, 
as appropriate. To address any confusion, the OCC has revised the final 
Guidelines to state: ``Testing should validate the effectiveness of the 
recovery plan, including by considering each element set forth in 
paragraph II.B. of this appendix.''
---------------------------------------------------------------------------

    \15\ As set forth in paragraph II.B. of the Guidelines, the 
elements of a recovery plan are (1) Overview of covered bank; (2) 
Triggers; (3) Options for recovery; (4) Impact assessments; (5) 
Escalation procedures; (6) Management reports; (7) Communication 
procedures; and (8) Other information.
---------------------------------------------------------------------------

    Frequency of testing. The proposed testing provision provided that 
a covered bank should test its recovery plan periodically but not less 
than annually. Two commenters generally agreed that annual testing is 
appropriate while another commenter suggested that testing should be 
conducted at intervals and along timelines that are appropriate for 
each bank. In addition, a commenter said that the testing should be 
conducted in connection with, or as part of, resolution planning or 
other business-as-usual testing to avoid unnecessary duplication and 
that a provision for specific testing in response to a material change 
is unnecessary if testing is risk-based.
    The OCC continues to believe that annual testing is appropriate and 
has concluded that a covered bank should also test its recovery plan 
following any significant changes to the recovery plan made in response 
to a material event. This frequency will ensure that management and the 
board can consider the results of testing during their recovery plan 
reviews under paragraphs III.A. and B. of the Guidelines, 
respectively.\16\ Within this framework, the final Guidelines provide 
each bank with flexibility regarding when to test its plan, including 
whether to align this testing with other types of testing or to engage 
in continuous or regular testing throughout the testing cycle, provided 
that the bank meets the testing standard in the Guidelines. The OCC 
also reiterates that it does not expect a covered bank to consider 
every component of each element during each testing cycle (e.g., 
considering the trigger element during a cycle does not necessarily 
mean considering every trigger during that cycle). Rather, as noted 
above, testing should be risk-based. Therefore, the final Guidelines 
provide that ``Each covered bank should test its recovery plan 
periodically but not less than annually and following any significant 
changes to the recovery plan made in response to a material event.''
---------------------------------------------------------------------------

    \16\ Paragraph III.A. provides that management should review the 
recovery plan at least annually and in response to a material event. 
Paragraph III.B. provides that the board should review and approve 
the recovery plan at least annually and as needed to address 
significant changes made by management. The OCC did not propose and 
is making no changes to these paragraphs.
---------------------------------------------------------------------------

    Plan updates following testing. Finally, the proposed testing 
provision provided that a covered bank should revise its recovery plan 
as appropriate following testing. One commenter stated that the OCC 
should not require a bank to both test and make changes to its recovery 
plan based on the result of the testing in the same testing cycle. The 
OCC believes that covered banks should take a risk-based approach to 
updating their recovery plans following testing. For example, if 
testing reveals a critical deficiency in the plan, the covered bank 
should update it as soon as feasible. However, for less significant 
deficiencies, it may be appropriate to delay updates until the next 
annual review cycle. Therefore, the OCC adopts this provision of the 
Guidelines as proposed.

[[Page 84258]]

C. Non-Financial Risk

    In the OCC's experience with covered banks' implementation of the 
Guidelines, banks have generally been successful in considering and 
addressing financial risks in their recovery plans. For example, many 
covered banks' recovery plans address changes to the bank's financial 
position, such as profitability, funding sources, liquidity ratios, and 
capital ratios. The OCC has observed, however, that covered banks have 
been less consistent in considering or addressing non-financial risk, 
such as operational and strategic risks. By focusing a recovery plan 
exclusively on financial risks while neglecting non-financial risks, 
the covered bank may overlook the very real threats that non-financial 
risks can pose to its financial strength and viability.
    Because the current Guidelines do not specifically reference non-
financial risk, the proposal contained changes to ensure that covered 
banks appropriately address these risks in their recovery plans. 
Specifically, the OCC proposed to add language to paragraph II.A. 
stating that a covered bank ``should appropriately consider both 
financial risk and non-financial risk (including operational and 
strategic risk).'' The reference to financial risk was not because 
covered banks had not appropriately considered this type of risk but to 
highlight that both types of risk should be considered. The OCC also 
proposed conforming changes to the definitions of ``recovery'' and 
``trigger'' in paragraphs I.E.4. and I.E.6., respectively, and to the 
recovery plan elements of ``trigger'' and ``impact assessment'' in 
paragraphs II.B.2. and II.B.4., respectively.\17\ Finally, to provide 
an additional example of an operational risk plan with which a covered 
bank should align its recovery plan, the OCC proposed adding a 
reference to ``resilience program'' in paragraph II.C.
---------------------------------------------------------------------------

    \17\ The OCC did not propose any changes to the ``options for 
recovery'' element in paragraph II.B.3. of the Guidelines, which 
provides that recovery plans ``should explain how the covered bank 
would carry out each option and describe the timing required for 
carrying out each option.'' The OCC believes, however, it is 
important to emphasize that this process should include an 
understanding of, and plan for mitigating, the non-financial 
challenges and risks, including operational challenges and risks, 
associated with executing each recovery option during severe stress. 
Without this, a covered bank's management and board cannot 
accurately assess whether the options identified in the recovery 
plan are, in fact, credible options that the covered bank could 
undertake to restore financial strength and viability.
---------------------------------------------------------------------------

    The OCC received one comment on the proposed non-financial risk 
language, which agreed that this type of risk should be considered but 
also observed that financial risk and non-financial risk have distinct 
roles in recovery planning. In particular, the commenter noted that the 
role of, and a covered bank's response to, non-financial risk differs 
from its response to financial risk and that breaches of non-financial 
triggers should not automatically lead to activation of the recovery 
plan and execution of recovery options.
    The OCC agrees that financial risk and non-financial risk differ. 
However, both are important aspects of recovery planning, and the 
Guidelines provide covered banks with sufficient flexibility to account 
for these differences. Each covered bank's recovery plan can and should 
address financial risk and non-financial risk in a manner appropriate 
for that bank, including by ensuring that its recovery plan reflects 
their differences. Moreover, while the breach of any trigger (whether 
financial or non-financial) should always be escalated for purposes of 
initiating a response, a covered bank should not view a specific 
trigger as necessitating the execution of a particular option. Rather, 
a covered bank should use its judgment to determine what options, if 
any, to undertake during a period of severe stress. Therefore, the OCC 
is adopting these changes as proposed.

D. Compliance

    When the OCC issued the proposal, it understood that covered banks 
would need time to implement the proposed changes. To this end, the 
agency proposed to amend paragraph I.B. of the Guidelines, entitled 
``Compliance date,'' to provide affected banks with sufficient time to 
comply.
    Specifically, under the proposal, a bank that is a covered bank 
under the current Guidelines would have had 12 months from the 
effective date of the amendments to comply with the changes. A bank 
that has $100 billion or more but less than $250 billion in average 
total consolidated assets on the effective date of the amendments to 
the Guidelines would have had to comply with the Guidelines within 12 
months of the effective date, except for the testing requirements with 
which the bank would have had to comply within 18 months. A bank or 
other financial institution that is not a covered bank on the effective 
date of the amended Guidelines but that subsequently becomes a covered 
bank would have had 12 months from the date on which it became a 
covered bank to comply with the Guidelines, except that it would have 
had 18 months to comply with the testing requirements.\18\
---------------------------------------------------------------------------

    \18\ A financial institution could become a covered bank after 
the effective date of the amended Guidelines, for example, (1) if 
its average total consolidated assets grow to or above the 
threshold, (2) if it is a State bank with average total consolidated 
assets of $100 billion or more that converts to an OCC charter, or 
(3) through the OCC's exercise of its reservation of authority under 
paragraph I.C.
---------------------------------------------------------------------------

    The OCC received several comments on this topic. Two commenters 
stated that newly covered banks should have more time to comply (e.g., 
24 months), while another suggested that the proposal provided newly 
covered banks with too much time because of synergies with resolution 
and contingency planning requirements. One commenter said that the 
final Guidelines should have (1) one compliance date for a covered bank 
to develop the testing framework and (2) another compliance date to 
conduct the testing and, if necessary, revise its recovery plan based 
on the testing results. Finally, one commenter suggested that the OCC's 
compliance dates should not overlap with the FDIC's resolution planning 
rule.
    The OCC agrees with commenters that covered banks should have time 
to both develop a testing framework and conduct testing. In order to 
provide sufficient time for both, the OCC is revising the proposed 
compliance dates. Specifically, under the final Guidelines, banks that 
are currently covered banks will have 12 months to amend their recovery 
plans to address non-financial risk and an additional 6 months to 
comply with the new testing provision. Banks that are not covered by 
the current Guidelines but that become covered banks on the effective 
date of the final Guidelines will have 12 months to develop their 
recovery plan and an additional 12 months to comply with the testing 
provision. Banks or other financial institutions that become covered 
banks after the effective date of the final Guidelines will have 12 
months to develop their recovery plan and an additional 12 months to 
comply with the testing provision. These compliance dates provide banks 
and other financial institutions that are or become covered banks under 
the final Guidelines with sufficient time and flexibility to both 
develop a testing framework and conduct testing, and based on our 
supervisory experience, they strike the appropriate balance between the 
time needed to satisfy the final Guidelines and the risks that recovery 
planning is designed to address. The agency believes this addresses the 
other comments about the

[[Page 84259]]

proposed compliance dates discussed above.\19\
---------------------------------------------------------------------------

    \19\ One commenter asked a bank-specific question about how the 
proposed compliance dates would affect a bank that recently became 
subject to the current Guidelines (i.e., crossed the $250 billion 
threshold) but has not yet completed its recovery plan under the 
currently applicable compliance date. Any bank in this unique 
situation may contact the appropriate OCC Supervisory Office for 
assistance in determining the applicable compliance dates.
---------------------------------------------------------------------------

    In the proposal, the OCC also asked whether it should reserve 
authority to adjust an otherwise-applicable compliance date. In 
response, one commenter noted that if the OCC did so, it should reserve 
authority to both lengthen and shorten the applicable timeframes but 
should not specifically reference the context in which it might be 
appropriate to use this reservation of authority because the referenced 
examples could be interpreted as highly risky.
    The OCC has determined that an additional reservation of authority 
for compliance date adjustments is unnecessary, as the agency already 
has sufficient tools to address this issue. For example, as a condition 
of approving a merger, the OCC can require that a bank comply with the 
Guidelines on a timeline other than the one specified in paragraph I.B. 
Therefore, the final Guidelines do not contain any changes in response 
to this question.

E. Other

    In addition to the changes discussed above, the OCC has made 
technical and clarifying changes to the final Guidelines.

III. Regulatory Analysis

Paperwork Reduction Act of 1995

    Under the Paperwork Reduction Act of 1995 (PRA),\20\ the OCC may 
not conduct or sponsor, and a respondent is not required to respond to, 
an information collection unless it displays a currently valid Office 
of Management and Budget (OMB) control number. The OMB previously 
approved the collection of information in the current Guidelines, which 
are found in 12 CFR part 30, appendix E, at paragraphs II.B., II.C., 
and III. Specifically, paragraph II.B. lists the elements of the 
recovery plan, which are an overview of the covered bank; triggers; 
options for recovery; impact assessments; escalation procedures; 
management reports; communication procedures; and other information. 
Paragraph II.C. addresses the relationship of the plan to other covered 
bank processes and coordination with other plans, including the 
processes and plans of its bank holding company. Paragraph III. 
outlines management's and the board's responsibilities.
---------------------------------------------------------------------------

    \20\ 44 U.S.C. 3501-3521.
---------------------------------------------------------------------------

    The final Guidelines include changes to the information 
collection.\21\ Specifically, the threshold for applying the final 
Guidelines is reduced from $250 billion to $100 billion in average 
total consolidated assets. The final Guidelines also establish a 
testing standard, which provides that a covered bank should test its 
recovery plan. Additionally, the final Guidelines clarify the role of 
non-financial risk (including operational and strategic risk) in 
recovery planning.
---------------------------------------------------------------------------

    \21\ When the OCC proposed changes to the current Guidelines, as 
required, the agency submitted the changes to the OMB. Pursuant to 5 
CFR 1320.11(c), the OMB filed a comment on the submission, 
instructing that the proposed changes would be reviewed again upon 
finalization of the Guidelines.
---------------------------------------------------------------------------

    The OCC has submitted the following revised information collection 
to the OMB for review.
    Title: OCC Guidelines Establishing Standards for Recovery Planning 
by Certain Large Insured National Banks, Insured Federal Savings 
Associations, and Insured Federal Branches.
    OMB Control No.: 1557-0333.
    Affected Public: Businesses or other for-profit organizations.
    Estimated Burden:
    Frequency of Response: On occasion.
    Total Number of Respondents: 21.
    Total Burden per Respondent: 32,017 hours.\22\
---------------------------------------------------------------------------

    \22\ This number includes burden hours for the implementation of 
the testing standard, which may occur during or after the 12-month 
period following the effective date of the final Guidelines.
---------------------------------------------------------------------------

    Total Burden for Collection: 672,360 hours.
    The OCC did not receive any PRA-related comments. The agency has a 
continuing interest in the public's opinions of information 
collections. Within 30 days of publication of this document, commenters 
may submit comments regarding the burden estimate, or any other aspect 
of this collection of information, including suggestions for reducing 
the burden, to the address listed in the ADDRESSES caption in the 
Notice of Proposed Rulemaking. All comments will become a matter of 
public record. Written comments and recommendations for the information 
collection should be sent within 30 days of publication of this 
document to www.reginfo.gov/public/do/PRAMain. Find this information 
collection by selecting ``Currently under 30-day Review--Open for 
Public Comments'' or using the search function.

Regulatory Flexibility Act

    In general, the Regulatory Flexibility Act (RFA) \23\ requires an 
agency, in connection with a proposed and final rulemaking, to prepare 
a Regulatory Flexibility Analysis describing the impact of the rule on 
small entities, which are defined by the U.S. Small Business 
Administration for purposes of the RFA to include commercial banks and 
savings institutions with total assets of $850 million or less and 
trust companies with total assets of $47 million or less. However, a 
Regulatory Flexibility Analysis is not required if the agency certifies 
that the rulemaking would not have a significant economic impact on a 
substantial number of small entities and publishes its certification 
and a short explanatory statement in the Federal Register along with 
its rulemaking.
---------------------------------------------------------------------------

    \23\ 5 U.S.C. 601 et seq.
---------------------------------------------------------------------------

    The OCC currently supervises approximately 942 IDIs,\24\ of which 
636 are small entities.\25\ The final Guidelines do not impact any 
small entities because they only apply to banks with average total 
consolidated assets of $100 billion or more. Accordingly, the OCC 
certifies that the final Guidelines will not have a significant 
economic impact on a substantial number of small entities.
---------------------------------------------------------------------------

    \24\ Based on data accessed using FINDRS on September 12, 2024.
    \25\ Consistent with the General Principles of Affiliation, 13 
CFR 121.103(a), the OCC counts the assets of affiliated financial 
institutions when determining if it should classify an institution 
as a small entity. The OCC used December 31, 2023, to determine size 
because a ``financial institution's assets are determined by 
averaging the assets reported on its four quarterly financial 
statements for the preceding year.'' See footnote 8 of the U.S. 
Small Business Administration's Table of Standards.
---------------------------------------------------------------------------

Unfunded Mandates Reform Act of 1995

    Under section 202 of the Unfunded Mandates Reform Act of 1995 
(UMRA),\26\ the OCC prepares a budgetary impact statement before 
promulgating a rulemaking that includes any Federal mandate that may 
result in the expenditure by State, local, and Tribal governments, in 
the aggregate, or by the private sector, of $100 million or more 
(currently $183 million, as adjusted annually for inflation) in any one 
year. The OCC has determined that the expenditures associated with the 
final Guidelines' mandates will be approximately $86.7 million. 
Therefore, the OCC concludes that the final Guidelines will not result 
in an expenditure of $183 million or more annually by State, local, and 
Tribal governments, in the aggregate, or by the private sector. 
Accordingly, the

[[Page 84260]]

OCC has not prepared the budgetary impact statement described above.
---------------------------------------------------------------------------

    \26\ 2 U.S.C. 1532.
---------------------------------------------------------------------------

Congressional Review Act

    For purposes of the Congressional Review Act,\27\ the OMB 
determines whether a final rule constitutes a major rule. If a rule is 
deemed a major rule by the OMB, the Congressional Review Act generally 
provides that the rule may not take effect until at least 60 days 
following its publication. The Congressional Review Act defines a 
``major rule'' as any rule that the Administrator of the Office of 
Information and Regulatory Affairs of the OMB finds has resulted in or 
is likely to result in (1) an annual effect on the economy of $100 
million or more; (2) a major increase in costs or prices for consumers, 
individual industries, Federal, State, or local government agencies or 
geographic regions; or (3) significant adverse effects on competition, 
employment, investment, productivity, innovation, or on the ability of 
United States-based enterprises to compete with foreign-based 
enterprises in domestic and export markets. The OCC submitted the final 
Guidelines to the OMB for this major rule determination, and the OMB 
determined that the final Guidelines are not a major rule. As required 
by the Congressional Review Act, the OCC is submitting the appropriate 
report to Congress and the Government Accountability Office for review.
---------------------------------------------------------------------------

    \27\ 5 U.S.C. 801 et seq.
---------------------------------------------------------------------------

Administrative Procedure Act

    The Administrative Procedure Act \28\ requires that publication of 
a substantive rule generally be made not less than 30 days before its 
effective date. Consistent with this requirement, the final Guidelines 
will be effective on January 1, 2025, which is more than 30 days after 
their publication in the Federal Register.
---------------------------------------------------------------------------

    \28\ 5 U.S.C. 553(d).
---------------------------------------------------------------------------

Riegle Community Development and Regulatory Improvement Act of 1994

    Pursuant to section 302(a) of the Riegle Community Development and 
Regulatory Improvement Act of 1994,\29\ in determining the effective 
date and administrative compliance requirements for new regulations 
that impose additional reporting, disclosure, or other requirements on 
IDIs, the OCC considers, consistent with the principles of safety and 
soundness and the public interest: (1) any administrative burdens that 
the rule will place on depository institutions, including small 
depository institutions and customers of depository institutions and 
(2) the benefits of a rulemaking. The OCC has considered the 
administrative burdens that the final Guidelines will place on IDIs, 
including small depository institutions and their customers, and the 
benefits of the final Guidelines. The agency believes that the 
effective date of January 1, 2025, is appropriate.
---------------------------------------------------------------------------

    \29\ 12 U.S.C. 4802(a).
---------------------------------------------------------------------------

List of Subjects in 12 CFR Part 30

    Banks, Banking, Consumer protection, National banks, Privacy, 
Safety and soundness, Reporting and recordkeeping requirements.

Authority and Issuance

    For the reasons set forth in the preamble, and under the authority 
of 12 U.S.C. 93a and 12 U.S.C. 1831p-1, chapter I of title 12 of the 
Code of Federal Regulations is amended as follows:

PART 30--SAFETY AND SOUNDESS STANDARDS

0
1. The authority citation for part 30 continues to read as follows:

    Authority: 12 U.S.C. 1, 93a, 371, 1462a, 1463, 1464, 1467a, 
1818, 1828, 1831p-1, 1881-1884, 3102(b) and 5412(b)(2)(B); 15 U.S.C. 
1681s, 1681w, 6801, and 6805(b)(1).


0
2. Amend appendix E by:
0
a. Revising and republishing paragraph I.B.
0
b. In paragraph I.C.1.a., removing the text ``$250 billion'' and adding 
the text ``$100 billion'' in its place; and
0
c. Revising and republishing paragraphs I.E. and II.
    The revisions and republications read as follows:

Appendix E to Part 30--OCC Guidelines Establishing Standards for 
Recovery Planning by Certain Large Insured National Banks, Insured 
Federal Savings Associations, and Insured Federal Branches

* * * * *

I. Introduction

* * * * *

B. Compliance Date

    1. A covered bank with average total consolidated assets, 
calculated according to paragraph I.E.1. of this appendix, equal to 
or greater than $250 billion as of January 1, 2025, should be in 
compliance with this appendix on January 1, 2025, except that the 
bank should be in compliance with:
    a. the amended provisions on non-financial risk within 12 months 
from January 1, 2025, and
    b. paragraph II.D. of this appendix within 18 months from 
January 1, 2025.
    2. A covered bank with average total consolidated assets, 
calculated according to paragraph I.E.1. of this appendix, equal to 
or greater than $100 billion but less than $250 billion as of 
January 1, 2025, should be in compliance with this appendix within 
12 months from January 1, 2025, except that the bank should be in 
compliance with paragraph II.D. of this appendix within 24 months 
from January 1, 2025.
    3. A financial institution that is not a covered bank as of 
January 1, 2025, but which subsequently becomes a covered bank 
should comply with this appendix within 12 months of becoming a 
covered bank, except that the bank should be in compliance with 
paragraph II.D. of this appendix within 24 months of becoming a 
covered bank.
* * * * *

E. Definitions

    1. Average total consolidated assets means the average of total 
consolidated assets of the bank or the covered bank, as reported on 
the bank's or the covered bank's Consolidated Reports of Condition 
and Income for the four most recent consecutive quarters.
    2. Bank means any insured national bank, insured Federal savings 
association, or insured Federal branch of a foreign bank.
    3. Covered bank means any bank:
    a. With average total consolidated assets equal to or greater 
than $100 billion;
    b. With average total consolidated assets less than $100 billion 
if the bank was previously a covered bank, unless the OCC determines 
otherwise; or
    c. With average total consolidated assets less than $100 
billion, if the OCC determines that such bank is highly complex or 
otherwise presents a heightened risk as to warrant the application 
of this appendix pursuant to paragraph I.C.1.a. of this appendix.
    4. Recovery means timely and appropriate action that a covered 
bank takes to remain a going concern when it is experiencing or is 
likely to experience considerable financial stress or non-financial 
stress. A covered bank in recovery has not yet deteriorated to the 
point where liquidation or resolution is imminent.
    5. Recovery plan means a plan that identifies triggers and 
options for responding to a wide range of severe internal and 
external stress scenarios to restore a covered bank that is in 
recovery to financial strength and viability in a timely manner. The 
options should maintain the confidence of market participants, and 
neither the plan nor the options may assume or rely on any 
extraordinary government support.
    6. Trigger means a quantitative or qualitative indicator of the 
risk or existence of severe financial stress or non-financial 
stress, the breach of which should always be escalated to senior 
management or the board of directors (or appropriate committee of 
the board of directors), as appropriate, for purposes of initiating 
a response. The breach of any trigger should result in timely notice 
accompanied by sufficient information to enable management of the 
covered bank to take corrective action.

II. Recovery Plan

    A. Recovery plan. Each covered bank should develop and maintain 
a recovery plan

[[Page 84261]]

that is specific to that covered bank and appropriate for its 
individual size, risk profile, activities, and complexity, including 
the complexity of its organizational and legal entity structure. 
When developing and maintaining its recovery plan, each covered bank 
should appropriately consider both financial risk and non-financial 
risk (including operational and strategic risk).
    B. Elements of recovery plan. A recovery plan under paragraph 
II.A. of this appendix should include the following elements:
    1. Overview of covered bank. A recovery plan should describe the 
covered bank's overall organizational and legal entity structure, 
including its material entities, critical operations, core business 
lines, and core management information systems. The plan should 
describe interconnections and interdependencies:
    (i) Across business lines within the covered bank;
    (ii) With affiliates in a bank holding company structure;
    (iii) Between a covered bank and its foreign subsidiaries; and
    (iv) With critical third parties.
    2. Triggers. A recovery plan should identify financial triggers 
and non-financial triggers that appropriately reflect the covered 
bank's particular vulnerabilities.
    3. Options for recovery. A recovery plan should identify a wide 
range of credible options that a covered bank could undertake to 
restore financial strength and viability, thereby allowing the bank 
to continue to operate as a going concern and to avoid liquidation 
or resolution. A recovery plan should explain how the covered bank 
would carry out each option and describe the timing required for 
carrying out each option. The recovery plan should specifically 
identify the recovery options that require regulatory or legal 
approval.
    4. Impact assessments. For each recovery option, a covered bank 
should assess and describe how the option would affect the covered 
bank. This impact assessment and description should specify the 
procedures the covered bank would use to maintain the financial 
strength and viability of its material entities, critical 
operations, and core business lines for each recovery option. For 
each option, the recovery plan's impact assessment should address 
the following:
    a. The effect on the covered bank's capital, liquidity, funding, 
and profitability;
    b. The effect on the covered bank's material entities, critical 
operations, and core business lines, including reputational impact;
    c. The effect on the covered bank's risk profile as a result of 
changes to its financial risk and non-financial risk; and
    d. Any legal or market impediment or regulatory requirement that 
must be addressed or satisfied in order to implement the option.
    5. Escalation procedures. A recovery plan should clearly outline 
the process for escalating decision-making to senior management or 
the board of directors (or an appropriate committee of the board of 
directors), as appropriate, in response to the breach of any 
trigger. The recovery plan should also identify the departments and 
persons responsible for executing the decisions of senior management 
or the board of directors (or an appropriate committee of the board 
of directors).
    6. Management reports. A recovery plan should require reports 
that provide senior management or the board of directors (or an 
appropriate committee of the board of directors) with sufficient 
data and information to make timely decisions regarding the 
appropriate actions necessary to respond to the breach of a trigger.
    7. Communication procedures. A recovery plan should provide that 
the covered bank notify the OCC of any significant breach of a 
trigger and any action taken or to be taken in response to such 
breach and should explain the process for deciding when a breach of 
a trigger is significant. A recovery plan also should address when 
and how the covered bank will notify persons within the organization 
and other external parties of its action under the recovery plan. 
The recovery plan should specifically identify how the covered bank 
will obtain required regulatory or legal approvals.
    8. Other information. A recovery plan should include any other 
information that the OCC communicates in writing directly to the 
covered bank regarding the covered bank's recovery plan.
    C. Relationship to other processes; coordination with other 
plans. The covered bank should integrate its recovery plan into its 
risk governance functions. The covered bank also should align its 
recovery plan with its other plans, such as its strategic; 
operational (including business continuity and resilience program); 
contingency; capital (including stress testing); liquidity; and 
resolution planning. The covered bank's recovery plan should be 
specific to that covered bank. The covered bank also should 
coordinate its recovery plan with any recovery and resolution 
planning efforts by the covered bank's holding company, so that the 
plans are consistent with and do not contradict each other.
    D. Testing. Each covered bank should test its recovery plan 
periodically but not less than annually and following any 
significant changes to the recovery plan made in response to a 
material event. Testing should validate the effectiveness of the 
recovery plan, including by considering each element set forth in 
paragraph II.B. of this appendix, and should be appropriate for the 
bank's individual size, risk profile, activities, and complexity, 
including the complexity of its organizational and legal entity 
structure. Each covered bank should revise its recovery plan as 
appropriate following completion of testing.
* * * * *

Michael J. Hsu,
Acting Comptroller of the Currency.
[FR Doc. 2024-24402 Filed 10-21-24; 8:45 am]
BILLING CODE 4810-33-P