OCC Proposes to Raise Threshold for Application of Heightened Standards Guidelines; Number of Covered Institutions Will Decline Sharply

Today, the Office of the Comptroller of the Currency (the “OCC”) issued a notice of proposed rulemaking (the “NPRM”) (available at this link) to amend the OCC’s guidelines relating to heightened standards for certain insured national banks, insured federal savings associations and insured federal branches found at 12 C.F.R. Part 30, Appendix D (available at this link) (the “Guidelines”). The Guidelines contain prescriptive requirements relating to covered institutions’ risk management, including requirements for front-line units, independent risk management, internal audit and the board of directors. Although the Guidelines are not regulations, noncompliance with the Guidelines can result in an informal enforcement action, and a failure to address the noncompliance after an informal enforcement action can result in a public enforcement order from the OCC.[1]

The NPRM would increase the average total consolidated assets threshold at which the Guidelines apply from $50 billion to $700 billion by amending the definition of “covered bank.” Under the NPRM, a “covered bank” would mean “any insured national bank, insured Federal savings association, or insured Federal branch of a foreign bank: (i) with average total consolidated assets equal to or greater than $700 billion; (ii) with average total consolidated assets less than $700 billion if that bank’s parent company controls at least one covered bank; or (iii) with average total consolidated assets less than $700 billion if the OCC determines such bank’s operations are highly complex or otherwise present a heightened risk.”[2] The NPRM solicits comment on whether the asset threshold for application of the Guidelines should be set at $700 billion, as the OCC proposed, or potentially at a different figure, such as $500 billion. The Guidelines currently apply to approximately 38 institutions; however, if finalized as proposed, the NPRM would reduce the number of institutions subject to the Guidelines to eight institutions.[3]

In light of “the extreme prescriptiveness of the Guidelines and their associated burden on covered banks,” institutions with average total consolidated assets of less than $700 billion would no longer fall within the scope of the Guidelines, permitting them to “design and implement a risk governance framework that is best suited to their banking organization” and that is “consistent with safety and soundness and tailored to their individual operations.” The NPRM also notes that removing these institutions from the scope of the Guidelines would permit their boards of directors to focus their resources on executing their core responsibilities[4] instead of on satisfying the Guidelines. The NPRM explains that the raised threshold for application of the Guidelines would permit the OCC to redirect supervisory resources from the excluded institutions to the larger banking organizations that present a greater risk to the U.S. economy.

The NPRM clarifies the compliance dates that would apply to covered banks if finalized as proposed:

• continued compliance for institutions that meet the $700 billion threshold as of the effective date (including those covered banks that meet the threshold because their parent companies control at least one other covered bank as of, or subsequent to, the effective date);
• an 18-month transition period for compliance for institutions that cross the $700 billion in average total consolidated assets threshold after the effective date; and
• immediate relief from compliance as of the effective date for institutions that have between $50 billion and $700 billion in average total consolidated assets and that no longer qualify as covered banks.

The NPRM contains 32 questions (many with sub-parts) soliciting feedback on the Guidelines and on numerous aspects of risk management and corporate governance. The questions include whether any aspects of the Guidelines should continue to apply to institutions with less than $700 billion in total consolidated assets and, if so, whether application of those aspects should be tailored based on size. The NPRM would enable examiners for those institutions to shift their supervisory efforts away from examining operational processes and refocus on material financial risks. The questions also solicit input on how the Guidelines can be revised to reduce regulatory burden, whether there are aspects of the Guidelines that overlap with the Enhanced Prudential Standards of the Board of Governors of the Federal Reserve System (the “Federal Reserve”), and whether the Guidelines should be rescinded entirely.[5] The NPRM also contains a number of questions on particular aspects of the Guidelines. The Federal Reserve’s Consolidated Supervision Framework for Large Institutions includes guidance regarding, among other things, risk management practices for large financial institutions, which are defined as U.S. firms with assets of $100 billion or more and foreign banking organizations with combined U.S. assets of $100 billion or more (available at this link). This guidance is less prescriptive than the Guidelines and continues to apply, although only at the holding company level with respect to national banks: the Federal Reserve has recently stated that “supervisory staff should not conduct their own examination of … depository institution subsidiaries unless it is impossible for the Federal Reserve to rely on the examination of such a depository institution’s primary state or federal supervisor.”[6]

Responses to the NPRM’s request for comment will be due 60 days after the date of publication in the Federal Register.