Federal banking agencies issue proposal on cyber risk management standards

Nearly one month after the New York State Department of Financial Services issued a proposal to establish prescriptive cyber requirements for New York-domiciled financial institutions,1 three three federal banking agencies—the Federal Reserve Board (FRB), Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) (collectively, the “agencies”)—issued an advance notice of proposed rulemaking (ANPR) on enhanced cyber risk management and resilience standards for large banking organizations.2

Specifically, the enhanced standards would apply to US bank holding companies, the US operations of foreign banking organizations, and US savings and loan holdings companies with more than $50 billion in total assets, as well as nonbank financial companies and financial market utilities designed for FRB supervision by the Financial Stability Oversight Council (FSOC), among others.

Continue reading “Federal banking agencies issue proposal on cyber risk management standards”

Agencies propose rule regarding Net Stable Funding Ratio for US banking organizations

House on top of stacked coins

On April 26, 2016, the Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC) (the “Agencies”) approved a proposed rule1 to implement the Net Stable Funding Ratio (NSFR)—a quantitative measure of a company’s one-year funding profile—for certain US bank holding companies (BHCs) and savings and loan holding companies (SLHCs).

The Federal Reserve Board (FRB) is scheduled2 to consider the proposal on May 3, 2016.

The proposed rule would become effective on January 1, 2018 and public comments on the proposal are due by August 5, 2016.

Continue reading “Agencies propose rule regarding Net Stable Funding Ratio for US banking organizations”

Agencies re-propose rule regarding incentive-based compensation at financial institutions

On April 21, 2016, the National Credit Union Administration (NCUA) became the first agency to re-propose1 a Dodd-Frank-mandated rule on incentive-based compensation arrangements for covered financial institutions (the original proposed rule was issued in 2011). The Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), and the Federal Housing Finance Agency adopted substantively identical versions of the proposal on April 26, 2016. The remaining two agencies required by Section 956 of Dodd-Frank to jointly issue the rule—the Federal Reserve Board (FRB) and Securities and Exchange Commission (SEC)—are expected to adopt the proposal shortly.
Continue reading “Agencies re-propose rule regarding incentive-based compensation at financial institutions”

OCC Proposes Guidelines to Expand Recovery Planning Requirements to the Largest National Banks

Recovery Planning
Posted by Robert Burns, Deloitte Advisory Director on January 21, 2016.

On December 17, 2015, the Office of the Comptroller of the Currency (OCC) proposed Guidelines to establish standards for recovery planning that would apply to insured national banks, insured federal savings associations, and insured federal branches of foreign banks with more than $50 billion in assets.
Continue reading “OCC Proposes Guidelines to Expand Recovery Planning Requirements to the Largest National Banks”

Heightened Risk Requirements: OCC Defines “Strong,” Now Banks Must Get There

On September 2, 2014, the Office of the Comptroller of the Currency (OCC) finalized new standards that formalize “heightened expectations” for risk governance on the banks over $50 billion it regulates — and in turn, impose new levels of responsibility on the board and executive leaderships of those institutions for the risk decisions they make.

Now, banks must codify “strong risk management practices” at the bank legal entity level, including governance policies, procedures, structures and even board composition. What some banks have had to do as the result of individually targeted Matters Requiring Attention (MRAs) is now applicable to all, albeit on a phased basis according to size. All banks with more than $50 billion in assets must comply with the new rules within 18 months. Those whose assets total between $100 billion and $750 billion have six months and those with more than $750 billion must comply within two.

Continue reading “Heightened Risk Requirements: OCC Defines “Strong,” Now Banks Must Get There”