OCC’s Final “Heightened Expectations”: An Overview Focusing on How the OCC Responded to Industry Comments
View Client Update
Key takeaways:
- On September 2, 2014, the Office of the Comptroller of the Currency (“OCC”) issued final guidelines (“Guidelines”) establishing heightened risk governance standards for certain large financial institutions (“covered banks”). The OCC responded to a number of industry comments by making revisions to the proposed form of the Guidelines, which are intended to make the Guidelines less prescriptive and to clarify that boards of directors are not responsible for “management” duties.
- The core element of the Guidelines is the requirement for a formal, written risk governance framework approved by the board of directors or the risk committee of the board of directors which must include, among other things, definitions of risk management roles and responsibilities for the “three lines of defense”: (i) front line unit, (ii) independent risk management and (iii) internal audit.
- The Guidelines also set forth minimum standards for a covered bank’s board of directors to provide oversight of the risk governance framework’s design and implementation, including a requirement that directors, when necessary and appropriate, challenge and oppose management’s recommendations and decisions.