82 FR 48892 - Agency Information Collection Activities: Information Collection Renewal; Comment Request; OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency Federal Register Volume 82, Issue 202 (October 20, 2017)
Office of the Comptroller of the Currency
Federal Register Volume 82, Issue 202 (October 20, 2017)
| Page Range | 48892-48895 | |
| FR Document | 2017-22723 |
[Federal Register Volume 82, Number 202 (Friday, October 20, 2017)] [Notices] [Pages 48892-48895] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2017-22723] ======================================================================= ----------------------------------------------------------------------- DEPARTMENT OF THE TREASURY Office of the Comptroller of the Currency Agency Information Collection Activities: Information Collection Renewal; Comment Request; OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches AGENCY: Office of the Comptroller of the Currency (OCC), Treasury. ACTION: Notice and request for comment. ----------------------------------------------------------------------- SUMMARY: The OCC, as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal agencies to take this opportunity to comment on a continuing information collection, as required by the Paperwork Reduction Act of 1995 (PRA). In accordance with the requirements of the PRA, the OCC may not conduct or sponsor, and the respondent is not required to respond to, an information collection unless it displays a currently valid Office of Management and Budget (OMB) control number. The OCC is finalizing the renewal of its information collection titled, ``OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches.'' The OCC is also giving notice that it has sent the collection to OMB for review. DATES: Comments must be submitted on or before November 20, 2017. ADDRESSES: Because paper mail in the Washington, DC area and at the OCC is subject to delay, commenters are encouraged to submit comments by email, if possible. Comments may be sent to: Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, Attention: 1557-0321, 400 7th Street SW., Suite 3E-218, Washington, DC 20219. In addition, comments may be sent by fax to (571) 465-4326 or by electronic mail to [email protected]. You may personally inspect and photocopy comments at the OCC, 400 7th Street SW., Washington, DC 20219. For security reasons, the OCC requires that visitors make an appointment to inspect comments. You may do so by calling (202) 649-6700 or, for persons who are deaf or hearing impaired, TTY, (202) 649-5597. Upon arrival, visitors will be required to present valid government-issued photo identification and submit to security screening in order to inspect and photocopy comments. All comments received, including attachments and other supporting materials, are part of the public record and subject to public disclosure. Do not include any information in your comment or supporting materials that you consider confidential or inappropriate for public disclosure. Additionally, please send a copy of your comments by mail to: OCC Desk Officer, 1557-0319, U.S. Office of Management and Budget, 725 17th Street NW., #10235, Washington, DC 20503, or by email to: [email protected]. FOR FURTHER INFORMATION CONTACT: Shaquita Merritt, OCC Clearance Officer, (202) 649-5490 or, for persons who are deaf or hearing impaired, TTY, (202) 649-5597, Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, 400 7th Street SW., Suite 3E-218, Washington, DC 20219. SUPPLEMENTARY INFORMATION: Under the PRA (44 U.S.C. 3501-3520), Federal agencies must obtain approval from OMB for each collection of information that they conduct or sponsor. ``Collection of information'' is defined in 44 U.S.C. 3502(3) and 5 CFR 1320.3(c) to include agency requests or requirements that members of the public submit reports, keep records, or provide information to a third party. Section 3506(c)(2)(A) of title 44 requires Federal agencies to provide a 60-day notice in the Federal Register concerning each proposed collection of information, including each proposed extension of an existing collection of information, before submitting the collection to OMB for approval. To comply with this requirement, the OCC is publishing notice of the proposed collection of information set forth in this document. Title: OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches. OMB Control No.: 1557-0321. Description: The OCC's guidelines codified in 12 CFR part 30, appendix D establish minimum standards for the design and implementation of a risk governance framework for insured national banks, insured Federal savings associations, and insured Federal branches of a foreign bank (bank). The guidelines apply to a bank with average total consolidated assets: (i) Equal to or greater than $50 billion; (ii) less than $50 billion if that bank's parent company controls at least one insured national bank or insured Federal savings association that has average total consolidated assets of $50 billion or greater; or (iii) less than $50 billion, if the OCC determines such bank's operations are highly complex or otherwise present a heightened risk as to warrant the application of the guidelines (covered banks). The guidelines also establish minimum standards for a board of directors in overseeing the framework's design and implementation. These guidelines were finalized on September 11, 2014.\1\ The OCC proposed renewing the information collection associated with the guidelines on July 5, 2017.\2\ The OCC is now seeking OMB approval to renew the information collection associated with these guidelines. --------------------------------------------------------------------------- \1\ 79 FR 51518. \2\ 82 FR 31151. --------------------------------------------------------------------------- The standards contained in the guidelines are enforceable under section 39 of the Federal Deposit Insurance Act (FDIA),\3\ which authorizes the OCC to prescribe operational and managerial standards for insured national banks, insured Federal savings associations, and insured Federal branches of a foreign bank. --------------------------------------------------------------------------- \3\ 12 U.S.C. 1831p-1. Section 39 was enacted as part of the Federal Deposit Insurance Corporation Improvement Act of 1991, Public Law 102-242, section 132(a), 105 Stat. 2236, 2267-70 (Dec. 19, 1991). --------------------------------------------------------------------------- The guidelines formalize the OCC's heightened expectations program. They also further the goal of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 \4\ to strengthen the financial system by focusing management and boards of directors on improving and strengthening risk management practices and governance, thereby minimizing the probability and impact of future financial crises. --------------------------------------------------------------------------- \4\ Public Law 111-203, 124 Stat. 1376 (2010). --------------------------------------------------------------------------- The standards for the design and implementation of the risk governance framework, which contain collections of information, are as follows: [[Page 48893]] Standards for Risk Governance Framework Covered banks should establish and adhere to a formal, written risk governance framework designed by independent risk management. It should include delegations of authority from the board of directors to management committees and executive officers as well as risk limits established for material activities. It should be approved by the board of directors or the board's risk committee and reviewed and updated at least annually by independent risk management. Front Line Units Front line units should take responsibility and be held accountable by the Chief Executive Officer (CEO) and the board of directors for appropriately assessing and effectively managing all of the risks associated with their activities. In fulfilling this responsibility, each front line unit should, either alone or in conjunction with another organizational unit that has the purpose of assisting a front line unit: (i) Assess, on an ongoing basis, the material risks associated with its activities and use such risk assessments as the basis for fulfilling its responsibilities and for determining if actions need to be taken to strengthen risk management or reduce risk given changes in the unit's risk profile or other conditions; (ii) establish and adhere to a set of written policies that include front line unit risk limits (such policies should ensure risks associated with the front line unit's activities are effectively identified, measured, monitored, and controlled, consistent with the covered bank's risk appetite statement, concentration risk limits, and all policies established within the risk governance framework); (iii) establish and adhere to procedures and processes, as necessary to maintain compliance with the policies described in (ii); (iv) adhere to all applicable policies, procedures, and processes established by independent risk management; (v) develop, attract, and retain talent and maintain staffing levels required to carry out the unit's role and responsibilities effectively; (vi) establish and adhere to talent management processes; and (vii) establish and adhere to compensation and performance management programs. Independent Risk Management Independent risk management should oversee the covered bank's risk- taking activities and assess risks and issues independent of the front line units by: (i) Designing a comprehensive written risk governance framework commensurate with the size, complexity, and risk profile of the covered bank; (ii) identifying and assessing, on an ongoing basis, the covered bank's material aggregate risks and using such risk assessments as the basis for fulfilling its responsibilities and for determining if actions need to be taken to strengthen risk management or reduce risk given changes in the covered bank's risk profile or other conditions; (iii) establishing and adhering to enterprise policies that include concentration risk limits; (iv) establishing and adhering to procedures and processes to ensure compliance with policies in (iii); (v) identifying and communicating to the CEO and board of directors or board's risk committee material risks and significant instances where independent risk management's assessment of risk differs from that of a front line unit, and significant instances where a front line unit is not adhering to the risk governance framework; (vi) identifying and communicating to the board of directors or the board's risk committee material risks and significant instances where independent risk management's assessment of risk differs from the CEO, and significant instances where the CEO is not adhering to, or holding front line units accountable for adhering to, the risk governance framework; and (vii) developing, attracting, and retaining talent and maintaining staffing levels required to carry out the unit's role and responsibilities effectively while establishing and adhering to talent management processes and compensation and performance management programs. Internal Audit Internal audit should ensure that the covered bank's risk governance framework complies with the Guidelines and is appropriate for the size, complexity, and risk profile of the covered bank. It should maintain a complete and current inventory of all of the covered bank's material processes, product lines, services, and functions, and assess the risks, including emerging risks, associated with each, which collectively provide a basis for the audit plan. It should establish and adhere to an audit plan, which is periodically reviewed and updated, that takes into account the covered bank's risk profile, emerging risks, issues, and establishes the frequency with which activities should be audited. The audit plan should require internal audit to evaluate the adequacy of and compliance with policies, procedures, and processes established by front line units and independent risk management under the risk governance framework. Significant changes to the audit plan should be communicated to the board's audit committee. Internal audit should report in writing, conclusions and material issues and recommendations from audit work carried out under the audit plan to the board's audit committee. Reports should identify the root cause of any material issues and include: (i) A determination of whether the root cause creates an issue that has an impact on one organizational unit or multiple organizational units within the covered bank; and (ii) a determination of the effectiveness of front line units and independent risk management in identifying and resolving issues in a timely manner. Internal audit should establish and adhere to processes for independently assessing the design and ongoing effectiveness of the risk governance framework on at least an annual basis. The independent assessment should include a conclusion on the covered bank's compliance with the standards set forth in the Guidelines. Internal audit should identify and communicate to the board's audit committee significant instances where front line units or independent risk management are not adhering to the risk governance framework. Internal audit should establish a quality assurance program that ensures internal audit's policies, procedures, and processes comply with applicable regulatory and industry guidance, are appropriate for the size, complexity, and risk profile of the covered bank, are updated to reflect changes to internal and external risk factors, emerging risks, and improvements in industry internal audit practices, and are consistently followed. Internal audit should develop, attract, and retain talent and maintain staffing levels required to effectively carry out its role and responsibilities. Internal audit should establish and adhere to talent management processes and compensation and performance management programs that comply with the guidelines. Strategic Plan The CEO, with input from front line units, independent risk management, and internal audit, should be responsible for the development of a written strategic plan that should cover, at a minimum, a three-year period. The board of directors should evaluate and approve the plan and monitor management's efforts to implement the strategic plan at least annually. The plan should include a comprehensive assessment of risks that impact the covered bank, an overall mission [[Page 48894]] statement and strategic objectives, an explanation of how the covered bank will update the risk governance framework to account for changes to its risk profile projected under the strategic plan, and be reviewed, updated, and approved due to changes in the covered bank's risk profile or operating environment that were not contemplated when the plan was developed. Risk Appetite Statement A covered bank should have a comprehensive written statement that articulates its risk appetite that serves as the basis for the risk governance framework. It should contain qualitative components that describe a safe and sound risk culture and how the covered bank will assess and accept risks and quantitative limits that include sound stress testing processes and address earnings, capital, and liquidity. Risk Limit Breaches A covered bank should establish and adhere to processes that require front line units and independent risk management to: (i) Identify breaches of the risk appetite statement, concentration risk limits, and front line unit risk limits; (ii) distinguish breaches based on the severity of their impact; (iii) establish protocols for disseminating information regarding a breach; (iv) provide a written description of the breach resolution; and (v) establish accountability for reporting and resolving breaches. Concentration Risk Management The risk governance framework should include policies and supporting processes appropriate for the covered bank's size, complexity, and risk profile for effectively identifying, measuring, monitoring, and controlling the covered bank's concentrations of risk. Risk Data Aggregation and Reporting The risk governance framework should include a set of policies, supported by appropriate procedures and processes, designed to provide risk data aggregation and reporting capabilities appropriate for the covered bank's size, complexity, and risk profile and to support supervisory reporting requirements. Collectively, these policies, procedures, and processes should provide for: (i) The design, implementation, and maintenance of a data architecture and information technology infrastructure that support the covered bank's risk aggregation and reporting needs during normal times and during times of stress; (ii) the capturing and aggregating of risk data and reporting of material risks, concentrations, and emerging risks in a timely manner to the board of directors and the OCC; and (iii) the distribution of risk reports to all relevant parties at a frequency that meets their needs for decision-making purposes. Talent and Compensation Management A covered bank should establish and adhere to processes for talent development, recruitment, and succession planning. The board of directors or appropriate committee should review and approve a written talent management program. A covered bank should also establish and adhere to compensation and performance management programs that comply with any applicable statute or regulation. Board of Directors Training and Evaluation The board of directors of a covered bank should establish and adhere to a formal, ongoing training program for all directors. The board of directors should also conduct an annual self-assessment. Response to Comments The OCC received one comment from an individual in response to the proposed renewal. The commenter suggested that the OCC rescind and not renew the information collection associated with appendix D of 12 CFR part 30 for a number of reasons. The commenter suggested that almost one half of the banks subject to appendix D have total assets that are significantly less than $50 billion but the narrative surrounding ``heightened standards'' leads the public to believe that the guidelines are only applicable to the largest banks or banks that are highly complex or present a heightened risk. Appendix D applies to 34 OCC-supervised banks.\5\ Ten of these 34 banks have less than $50 billion in average total consolidated assets. Appendix D applies to banks with less than $50 billion in average total consolidated assets if a bank's parent company controls at least one other bank with average total consolidated assets equal to or greater than $50 billion or if the OCC determines such bank's operations are highly complex or otherwise present a heightened risk as to warrant the application of appendix D. Of the 10 banks covered by appendix D that have less than $50 billion in average total consolidated assets, eight are covered because their parent companies control another bank with average total consolidated assets equal to or greater than $50 billion.\6\ One of the two remaining banks is a covered bank because the OCC exercised its reservation of authority to apply appendix D to the bank.\7\ The other remaining bank is covered because that bank previously had average total consolidated assets equal to or greater than $50 billion. Appendix D applies to a bank with less than $50 billion in average total consolidated assets when that bank's parent company controls at least one bank with average total consolidated assets equal to or greater than $50 billion because, in some instances, the OCC has observed that a covered bank's parent company does not pay sufficient attention to the operations of these smaller entities in a holding company structure. Appendix D covers these entities because the OCC believes that a covered bank's parent company should devote adequate attention to assessing and managing the risk associated with these entities' activities. These smaller covered banks are affiliates of large banking organizations, which should have the compliance resources to cover all of their bank charters. --------------------------------------------------------------------------- \5\ In the July 5, 2017, Federal Register notice proposing a renewal of the information collection associated with appendix D to 12 CFR part 30, the OCC calculated that 41 OCC-supervised entities were subject to appendix D. The calculation has been updated. This reduced number of respondents is due in part to the fact that certain large banking organizations have consolidated the number of bank charters within their holding company structure. \6\ The commenter requested that the OCC disclose the number of banks with less than $10 billion in total assets that are subject to appendix D. There are five covered banks with average total consolidated assets less than $10 billion, all of which are covered banks because their parent companies control another bank with average total consolidated assets equal to or greater than $50 billion. \7\ https://www.occ.gov/news-issuances/news-releases/2015/nr-occ-2015-105a.pdf. --------------------------------------------------------------------------- The commenter also indicated that the OCC's annual burden estimate for appendix D was excessive, particularly for institutions that have less than $10 billion in total assets and that appendix D should be rescinded and revised to reduce the excessive costs. As discussed above, appendix D applies primarily to larger banks. The only covered banks that have less than $10 billion in average total consolidated assets are covered banks because their parent companies control another bank with average total consolidated assets equal to or greater than $50 billion. The OCC believes that the burden estimate is reasonable and that it is appropriate for these banks to devote sufficient resources to risk governance and the standards necessary to manage and control risk-taking activities. The burden on these smaller covered banks is not excessive because they have the resources of a larger affiliate bank to rely [[Page 48895]] on. Also, while the commenter recommended that the OCC rescind appendix D, the OCC cannot rescind regulations or guidelines through the PRA renewal process. The commenter also stated that the collection of information for appendix D is unnecessary and of little utility because appendix D has been ineffectual in fostering enterprise risk governance over large complex financial institutions since almost seven years after the introduction of the OCC's ``heightened expectations'' and three years after the issuance of appendix D, the OCC continues to identify enterprise risk governance as a key risk facing large banks in the OCC's spring 2017 Semiannual Risk Perspective.\8\ However, while appendix D is intended to promote enterprise risk governance, the OCC recognizes that appendix D cannot eliminate the possibility of all enterprise risk governance weaknesses. The OCC believes that appendix D is a valuable mechanism for promoting sound enterprise risk governance and has observed significant improvement in risk governance since the adoption of appendix D. However, we also realize that risk governance weaknesses may remain and can be a risk to the safety and soundness of banks. --------------------------------------------------------------------------- \8\ https://www.occ.gov/publications/publications-by-type/other-publications-reports/semiannual-risk-perspective/semiannual-risk-perspective-spring-2017.pdf. --------------------------------------------------------------------------- The commenter also indicated that there is a disconnect between the specific risks identified in the OCC's Semiannual Risk Perspectives and the ``abstract generalized'' standards in appendix D. According to the commenter, appendix D does not provide standards addressing the specific risks identified in the Semiannual Risk Perspectives, such as cyber security and Bank Secrecy Act (BSA) and Anti-Money Laundering risks (AML). The standards in appendix D are not intended to exhaustively address all of the risks facing OCC-regulated banks. Indeed, there is a separate appendix to 12 CFR part 30, appendix B that contains standards addressing information security. Banks are also subject to separate BSA and AML requirements.\9\ --------------------------------------------------------------------------- \9\ See 12 CFR part 21. --------------------------------------------------------------------------- The commenter also expressed the opinion that the standards in appendix D are not actually heightened or more robust than the standards the OCC applies to many banks with $1 billion or more in total assets and that the reality is the OCC applies the standards in appendix D to many midsize and community banks. The commenter pointed specifically to the Comptroller's Handbook on Corporate and Risk Governance (handbook), suggesting that OCC examiners use this handbook for all OCC supervised banks.\10\ Appendix D only applies to banks with average total consolidated assets equal to or greater than $50 billion, banks with average total consolidated assets less than $50 billion when a bank's parent company controls at least one other bank with average total consolidated assets equal to or greater than $50 billion, and banks with average total consolidated assets less than $50 billion if the OCC determines that a bank's operations are highly complex or otherwise present a heightened risk. The handbook referenced by the commenter specifically notes that only banks with average total consolidated assets of $50 billion or greater (or banks that are otherwise included as covered banks in appendix D) should adhere to the standards in appendix D. The handbook includes separate and specific criteria for the covered banks subject to appendix D. Appendix D contains various standards that are not applied to smaller banks. For example, appendix D specifically provides that at least two members of a covered bank's board of directors should qualify as independent and provides that boards should establish and adhere to a formal, ongoing training program. Appendix D also imposes specific requirements on covered banks' independent risk management that are not applied to all OCC-regulated banks, including requiring that banks covered by appendix D have written risk appetite statements that include quantitative limits. Additionally, the standards in appendix D are legally different than the standards contained in the handbook. The standards in Appendix D are legally enforceable standards adopted pursuant to section 39 of the FDIA while the handbook is a guidance document. --------------------------------------------------------------------------- \10\ https://www.occ.treas.gov/publications/publications-by-type/comptrollers-handbook/corporate-risk-governance/pub-ch-corporate-risk.pdf --------------------------------------------------------------------------- Type of Review: Regular review. Affected Public: Businesses or other for-profit. Estimated Number of Respondents: 34. Estimated Burden per Respondent: 3,776 hours. Estimated Total Annual Burden: 128,384 hours. Comments: Comments continue to be invited on: (a) Whether the collection of information is necessary for the proper performance of the functions of the OCC, including whether the information has practical utility; (b) The accuracy of the OCC's estimate of the burden of the information collection; (c) Ways to enhance the quality, utility, and clarity of the information to be collected; (d) Ways to minimize the burden of the collection on respondents, including through the use of automated collection techniques or other forms of information technology; and (e) Estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information. Dated: October 16, 2017. Karen Solomon, Deputy Chief Counsel, Office of the Comptroller of the Currency. [FR Doc. 2017-22723 Filed 10-19-17; 8:45 am] BILLING CODE 4810-33-P
![48892 Federal Register / Vol. 82, No. 202 / Friday, October 20, 2017 / Notices
comments in the request for OMB’s addition, comments may be sent by fax Description: The OCC’s guidelines
clearance of this information collection. to (571) 465–4326 or by electronic mail codified in 12 CFR part 30, appendix D
Authority: The Paperwork Reduction Act to prainfo@occ.treas.gov. You may establish minimum standards for the
of 1995; 44 U.S.C. Chapter 35, as amended; personally inspect and photocopy design and implementation of a risk
and 49 CFR 1:48. comments at the OCC, 400 7th Street governance framework for insured
Issued in Washington, DC, on October 17,
SW., Washington, DC 20219. For national banks, insured Federal savings
2017. security reasons, the OCC requires that associations, and insured Federal
Jeff Michael,
visitors make an appointment to inspect branches of a foreign bank (bank). The
comments. You may do so by calling guidelines apply to a bank with average
Associate Administrator, Research and
Program Development.
(202) 649–6700 or, for persons who are total consolidated assets: (i) Equal to or
deaf or hearing impaired, TTY, (202) greater than $50 billion; (ii) less than
[FR Doc. 2017–22797 Filed 10–19–17; 8:45 am]
649–5597. Upon arrival, visitors will be $50 billion if that bank’s parent
BILLING CODE 4910–59–P
required to present valid government-
company controls at least one insured
issued photo identification and submit
national bank or insured Federal savings
to security screening in order to inspect
DEPARTMENT OF THE TREASURY and photocopy comments. association that has average total
All comments received, including consolidated assets of $50 billion or
Office of the Comptroller of the greater; or (iii) less than $50 billion, if
attachments and other supporting
Currency the OCC determines such bank’s
materials, are part of the public record
and subject to public disclosure. Do not operations are highly complex or
Agency Information Collection
include any information in your otherwise present a heightened risk as
Activities: Information Collection
comment or supporting materials that to warrant the application of the
Renewal; Comment Request; OCC
Guidelines Establishing Heightened you consider confidential or guidelines (covered banks). The
Standards for Certain Large Insured inappropriate for public disclosure. guidelines also establish minimum
National Banks, Insured Federal Additionally, please send a copy of standards for a board of directors in
Savings Associations, and Insured your comments by mail to: OCC Desk overseeing the framework’s design and
Federal Branches Officer, 1557–0319, U.S. Office of implementation. These guidelines were
Management and Budget, 725 17th finalized on September 11, 2014.1 The
AGENCY: Office of the Comptroller of the Street NW., #10235, Washington, DC OCC proposed renewing the information
Currency (OCC), Treasury. 20503, or by email to: collection associated with the
ACTION: Notice and request for comment. oiralsubmission@omb.eop.gov. guidelines on July 5, 2017.2 The OCC is
FOR FURTHER INFORMATION CONTACT: now seeking OMB approval to renew
SUMMARY: The OCC, as part of its Shaquita Merritt, OCC Clearance the information collection associated
continuing effort to reduce paperwork Officer, (202) 649–5490 or, for persons with these guidelines.
and respondent burden, invites the who are deaf or hearing impaired, TTY,
general public and other Federal The standards contained in the
(202) 649–5597, Legislative and
agencies to take this opportunity to Regulatory Activities Division, Office of guidelines are enforceable under section
comment on a continuing information the Comptroller of the Currency, 400 7th 39 of the Federal Deposit Insurance Act
collection, as required by the Paperwork Street SW., Suite 3E–218, Washington, (FDIA),3 which authorizes the OCC to
Reduction Act of 1995 (PRA). DC 20219. prescribe operational and managerial
In accordance with the requirements standards for insured national banks,
SUPPLEMENTARY INFORMATION: Under the
of the PRA, the OCC may not conduct insured Federal savings associations,
PRA (44 U.S.C. 3501–3520), Federal
or sponsor, and the respondent is not and insured Federal branches of a
agencies must obtain approval from
required to respond to, an information foreign bank.
OMB for each collection of information
collection unless it displays a currently The guidelines formalize the OCC’s
that they conduct or sponsor.
valid Office of Management and Budget
‘‘Collection of information’’ is defined heightened expectations program. They
(OMB) control number.
in 44 U.S.C. 3502(3) and 5 CFR also further the goal of the Dodd-Frank
The OCC is finalizing the renewal of
1320.3(c) to include agency requests or Wall Street Reform and Consumer
its information collection titled, ‘‘OCC
requirements that members of the public Protection Act of 2010 4 to strengthen
Guidelines Establishing Heightened
submit reports, keep records, or provide the financial system by focusing
Standards for Certain Large Insured
information to a third party. Section management and boards of directors on
National Banks, Insured Federal Savings
3506(c)(2)(A) of title 44 requires Federal improving and strengthening risk
Associations, and Insured Federal
agencies to provide a 60-day notice in management practices and governance,
Branches.’’ The OCC is also giving
the Federal Register concerning each thereby minimizing the probability and
notice that it has sent the collection to
proposed collection of information, impact of future financial crises.
OMB for review.
including each proposed extension of an
DATES: Comments must be submitted on existing collection of information, The standards for the design and
or before November 20, 2017. before submitting the collection to OMB implementation of the risk governance
ADDRESSES: Because paper mail in the for approval. To comply with this framework, which contain collections of
Washington, DC area and at the OCC is requirement, the OCC is publishing information, are as follows:
subject to delay, commenters are
srobinson on DSKBC5CHB2PROD with NOTICES
notice of the proposed collection of
encouraged to submit comments by information set forth in this document. 1 79 FR 51518.
email, if possible. Comments may be Title: OCC Guidelines Establishing 2 82 FR 31151.
3 12 U.S.C. 1831p–1. Section 39 was enacted as
sent to: Legislative and Regulatory Heightened Standards for Certain Large
part of the Federal Deposit Insurance Corporation
Activities Division, Office of the Insured National Banks, Insured Federal Improvement Act of 1991, Public Law 102–242,
Comptroller of the Currency, Attention: Savings Associations, and Insured section 132(a), 105 Stat. 2236, 2267–70 (Dec. 19,
1557–0321, 400 7th Street SW., Suite Federal Branches. 1991).
3E–218, Washington, DC 20219. In OMB Control No.: 1557–0321. 4 Public Law 111–203, 124 Stat. 1376 (2010).
VerDate Sep<11>2014 16:22 Oct 19, 2017 Jkt 244001 PO 00000 Frm 00107 Fmt 4703 Sfmt 4703 E:\FR\FM\20OCN1.SGM 20OCN1](https://thefederalregister.org/doc/82_FR_49094/page/1.svg)
![Federal Register / Vol. 82, No. 202 / Friday, October 20, 2017 / Notices 48895
on. Also, while the commenter pointed specifically to the Comptroller’s OCC, including whether the information
recommended that the OCC rescind Handbook on Corporate and Risk has practical utility;
appendix D, the OCC cannot rescind Governance (handbook), suggesting that (b) The accuracy of the OCC’s
regulations or guidelines through the OCC examiners use this handbook for estimate of the burden of the
PRA renewal process. all OCC supervised banks.10 Appendix information collection;
The commenter also stated that the D only applies to banks with average (c) Ways to enhance the quality,
collection of information for appendix D total consolidated assets equal to or utility, and clarity of the information to
is unnecessary and of little utility greater than $50 billion, banks with be collected;
because appendix D has been ineffectual average total consolidated assets less (d) Ways to minimize the burden of
in fostering enterprise risk governance than $50 billion when a bank’s parent the collection on respondents, including
over large complex financial institutions company controls at least one other through the use of automated collection
since almost seven years after the bank with average total consolidated techniques or other forms of information
introduction of the OCC’s ‘‘heightened assets equal to or greater than $50 technology; and
expectations’’ and three years after the billion, and banks with average total (e) Estimates of capital or start-up
issuance of appendix D, the OCC consolidated assets less than $50 billion costs and costs of operation,
continues to identify enterprise risk if the OCC determines that a bank’s maintenance, and purchase of services
governance as a key risk facing large operations are highly complex or to provide information.
banks in the OCC’s spring 2017 otherwise present a heightened risk. The Dated: October 16, 2017.
Semiannual Risk Perspective.8 handbook referenced by the commenter Karen Solomon,
However, while appendix D is intended specifically notes that only banks with Deputy Chief Counsel, Office of the
to promote enterprise risk governance, average total consolidated assets of $50 Comptroller of the Currency.
the OCC recognizes that appendix D billion or greater (or banks that are [FR Doc. 2017–22723 Filed 10–19–17; 8:45 am]
cannot eliminate the possibility of all otherwise included as covered banks in BILLING CODE 4810–33–P
enterprise risk governance weaknesses. appendix D) should adhere to the
The OCC believes that appendix D is a standards in appendix D. The handbook
valuable mechanism for promoting includes separate and specific criteria DEPARTMENT OF THE TREASURY
sound enterprise risk governance and for the covered banks subject to
has observed significant improvement appendix D. Appendix D contains Office of the Comptroller of the
in risk governance since the adoption of various standards that are not applied to Currency
appendix D. However, we also realize smaller banks. For example, appendix D
that risk governance weaknesses may specifically provides that at least two Agency Information Collection
remain and can be a risk to the safety members of a covered bank’s board of Activities: Information Collection
and soundness of banks. directors should qualify as independent Revision; Submission for OMB
The commenter also indicated that and provides that boards should Review; Comptroller’s Licensing
there is a disconnect between the establish and adhere to a formal, Manual
specific risks identified in the OCC’s ongoing training program. Appendix D AGENCY: Office of the Comptroller of the
Semiannual Risk Perspectives and the also imposes specific requirements on Currency (OCC), Treasury.
‘‘abstract generalized’’ standards in covered banks’ independent risk ACTION: Notice and request for comment.
appendix D. According to the management that are not applied to all
commenter, appendix D does not OCC-regulated banks, including SUMMARY: The OCC, as part of its
provide standards addressing the requiring that banks covered by continuing effort to reduce paperwork
specific risks identified in the appendix D have written risk appetite and respondent burden, invites the
Semiannual Risk Perspectives, such as statements that include quantitative general public and other federal
cyber security and Bank Secrecy Act limits. Additionally, the standards in agencies to take this opportunity to
(BSA) and Anti-Money Laundering risks appendix D are legally different than the comment on an information collection
(AML). The standards in appendix D are standards contained in the handbook. revision, as required by the Paperwork
not intended to exhaustively address all The standards in Appendix D are legally Reduction Act of 1995 (PRA).
of the risks facing OCC-regulated banks. enforceable standards adopted pursuant An agency may not conduct or
Indeed, there is a separate appendix to to section 39 of the FDIA while the sponsor, and a respondent is not
12 CFR part 30, appendix B that handbook is a guidance document. required to respond to, an information
contains standards addressing Type of Review: Regular review. collection unless it displays a currently
information security. Banks are also Affected Public: Businesses or other valid Office of Management and Budget
subject to separate BSA and AML for-profit. (OMB) control number.
requirements.9 Estimated Number of Respondents: The OCC is soliciting comment
The commenter also expressed the 34. concerning a revision to its information
opinion that the standards in appendix Estimated Burden per Respondent: collection titled, ‘‘Comptroller’s
D are not actually heightened or more 3,776 hours. Licensing Manual.’’ The OCC also is
robust than the standards the OCC Estimated Total Annual Burden: giving notice that it has sent the
applies to many banks with $1 billion 128,384 hours. collection to OMB for review.
or more in total assets and that the Comments: Comments continue to be DATES: You should submit written
reality is the OCC applies the standards invited on: comments by November 20, 2017.
srobinson on DSKBC5CHB2PROD with NOTICES
in appendix D to many midsize and (a) Whether the collection of ADDRESSES: Because paper mail in the
community banks. The commenter information is necessary for the proper Washington, DC area and at the OCC is
performance of the functions of the subject to delay, commenters are
8 https://www.occ.gov/publications/publications-
encouraged to submit comments by
by-type/other-publications-reports/semiannual-risk- 10 https://www.occ.treas.gov/publications/
perspective/semiannual-risk-perspective-spring- publications-by-type/comptrollers-handbook/
email, if possible. Comments may be
2017.pdf. corporate-risk-governance/pub-ch-corporate- sent to: Legislative and Regulatory
9 See 12 CFR part 21. risk.pdf Activities Division, Office of the
VerDate Sep<11>2014 16:22 Oct 19, 2017 Jkt 244001 PO 00000 Frm 00110 Fmt 4703 Sfmt 4703 E:\FR\FM\20OCN1.SGM 20OCN1](https://thefederalregister.org/doc/82_FR_49094/page/4.svg)
Document Created: 2017-10-20 00:06:29
Document Modified: 2017-10-20 00:06:29
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice and request for comment. | |
| Dates | Comments must be submitted on or before November 20, 2017. | |
| Contact | Shaquita Merritt, OCC Clearance Officer, (202) 649-5490 or, for persons who are deaf or hearing impaired, TTY, (202) 649-5597, Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, 400 7th Street SW., Suite 3E-218, Washington, DC 20219. | |
| FR Citation | 82 FR 48892 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR