Content area

Full Text

 

THE OFFICE OF the Comptroller of the Currency has issued its final guidelines for strengthening the governance and risk management practices of large financial institutions.

These guidelines provide that institutions with assets of at least $50 billion ( covered banks) should establish and adhere to a written risk governance framework for managing and controlling risk-taking activities. The guidelines also include minimum standards for the boards of these institutions in their oversight of the risk governance framework.

The OCC solicited public comment on this initiative in a Notice of Proposed Rulemaking (NPR) issued in January 2014. Because of its support for strengthening the governance and risk management practices of financial institutions, contrasted with its concern about certain matters proposed in the NPR, RMA chose to file a formal comment letter. A review of the final guidance reveals several instances where RMA's input served either to support or modify the proposal's initial direction.

In its comment letter, RMA agreed with the OCC's proposal that a covered bank be permitted to use its parent company's risk governance framework if the risk profiles of the two are substantially the same and the criteria for determining risk profile are similar. The final guidance retains the language supported by RMA.

The original proposal defined the chief risk executive as a single individual reporting directly to the chief executive officer. The OCC noted that some banks operate with one chief risk executive (CRE) while others designate riskspecific CREs. After soliciting comment on the advantages and disadvantages of each practice, the OCC reported that it favored a mechanism for providing an aggregated view of risks to the chief executive and the board of directors (or the board's risk committee).

RMA responded to the proposal by suggesting that a principles-based approach to overseeing the independent risk management function be adopted and that individual management discretion be used to determine the model best suited to the institution's unique business, risk culture, and risk appetite. The OCC has concurred with this view. The final guidance expressly states that a covered bank may have more than one CRE as long as effective processes exist for coordinating the activities of all independent risk management units to allow for an aggregated view of risks.

Meanwhile, the OCC requested...

Show less