Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches

OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches

Supplementary Information

I. Background

Large-scale financial crises, including the 2008 crisis, have demonstrated the destabilizing effect that severe stress can have on financial entities, capital markets, the Federal banking system, and the U.S. and global economies. This is particularly true when a crisis places severe stress on large, complex financial institutions due to the systemic and contagion risks that they pose. During the 2008 crisis, the OCC observed that many financial institutions were not prepared to respond effectively to the financial effects of the severe stress. The lack of or inadequate planning threatened the viability of some financial institutions, and many were forced to take significant actions without the benefit of a well-developed plan for recovery.

For the OCC, this experience further highlighted the importance of strong risk governance frameworks at large, complex banks, including plans for how to respond quickly and effectively to, and recover from, the financial effects of severe stress. The agency recognized that recovery planning would reduce a bank's risk of failure and increase the likelihood that the bank would return to a position of financial strength and viability following severe stress. It envisioned recovery planning-developing and maintaining a comprehensive recovery plan-as a dynamic and ongoing process that complemented a bank's other risk governance and planning functions and supported its safe and sound operation. The OCC expected recovery planning to enhance the focus of a bank's management and its board of directors (board) on risk governance, with a view toward lessening the negative effects of and recovering from future severe stress.

On September 19, 2016, the OCC issued Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches of Foreign Banks (Guidelines). ⁽¹⁾ Under the Guidelines, a bank subject to the standards (a covered bank) should have a recovery plan that includes (1) quantitative or qualitative indicators of the risk or existence of severe stress that reflect its particular vulnerabilities; (2) a wide range of credible options that it could undertake in response to the stress to restore its financial strength and viability; and (3) an assessment and description of how these options would affect it. The Guidelines provided that a recovery plan should also address (1) the covered bank's overall organizational and legal entity structure; (2) procedures for escalating decision-making to senior management or the board; (3) management reports; (4) communication procedures; and (5) any other information the OCC communicates in writing. The Guidelines also set forth the responsibilities of management and the board with respect to the covered bank's recovery plan.

The 2016 Guidelines applied to banks with total consolidated assets of $50 billion or more. In 2018, the OCC amended the Guidelines to raise the threshold to $250 billion based on its view, at that time, that these larger, more complex, and potentially more interconnected banks presented greater systemic risk to the financial system and would benefit most from recovery planning. ⁽²⁾

In March 2023, several insured depository institutions (IDIs) with total consolidated assets of $100 billion or more experienced significant withdrawals of uninsured deposits in response to underlying weaknesses in their financial position and failed. These institutions were not subject to recovery planning, which would likely have bolstered their resilience. For the OCC, these events highlighted the complexity and interconnectedness of some banks not covered by the Guidelines: banks with average total consolidated assets between $100 billion and $250 billion. The events, coupled with the OCC's supervisory experience, made clear the importance of ensuring that banks in this size range are adequately prepared and have developed a plan to respond to the financial effects of severe stress, particularly in light of the contagion effects and systemic risks they may pose. To address this issue, the OCC is proposing to expand the Guidelines to apply to banks with average total consolidated assets of $100 billion or more.

In addition, during the OCC's almost 10 years of supervisory experience with the Guidelines, the agency has examined covered banks' recovery planning processes and reviewed numerous recovery plans. Based on this experience, the OCC has identified areas where the Guidelines should be strengthened and, as such, proposes to amend them by establishing a testing standard and increasing the focus on non-financial (including operational and strategic) risk.

II. Proposed Changes

A. Covered bank threshold. The current Guidelines generally apply to banks with average total consolidated assets of $250 billion or more. Based on the OCC's observations during the 2023 financial institution failures, the agency proposes to expand the Guidelines to apply to banks with average total consolidated assets of $100 billion or more. ⁽³⁾ To make this change, the OCC proposes to revise the definition of "covered bank" in paragraph I.E.3. of the Guidelines.

The OCC is also proposing a clarifying change to the definition of "average total consolidated assets" in paragraph I.E.1. Currently, the Guidelines define "average total consolidated assets" as "the average total consolidated assets of the bank or the covered bank," as reported on the bank's or the covered bank's Consolidated Reports of Condition and Income (Call Report) for the four most recent consecutive quarters. The agency proposes to change the definition to refer to the average "of" total consolidated assets of the bank or covered bank. This change is intended to clarify that calculating "average total consolidated assets" for purposes of the Guidelines is based on the "total assets" line of the Call Report, not the "average total consolidated assets" line of the Call Report. ⁽⁴⁾ The clarifying change may affect the quarter in which a bank becomes a covered bank and is consistent with the OCC's Heightened Standards Guidelines. ⁽⁵⁾

Paragraph I.C.1. of the current Guidelines, "Reservation of Authority," provides that the OCC has the discretion to apply the Guidelines, in whole or in part, to a bank with average total consolidated assets of less than $250 billion if the agency determines that the bank is highly complex or otherwise presents a heightened risk that warrants the application of the Guidelines. ⁽⁶⁾ Consistent with the proposed threshold change, the OCC proposes a conforming change to the Reservation of Authority paragraph, which would allow the agency to apply the Guidelines to a bank with average total consolidated assets of less than $100 billion if the agency determines the bank is highly complex or otherwise presents a heightened risk that warrants application of the Guidelines. ⁽⁷⁾

Question: The OCC invites comments on the proposed $100 billion threshold. Alternatively, should the OCC expand the Guidelines further ( e.g., to all banks or to banks with $50 billion or more in average total consolidated assets), adopt a different threshold between $100 billion and $250 billion, or retain the $250 billion threshold? Why?

B. Testing. As stated above, the OCC has almost 10 years of experience in administering the Guidelines, including reviewing covered banks' recovery plans. During this period, the agency has observed that recovery plans would benefit from testing, which would aid covered banks in proactively identifying and addressing any weaknesses or deficiencies in their recovery plans before they experience severe stress. Testing would help ensure that a covered bank's recovery plan will be an effective tool that can realistically help restore the bank to financial strength and viability in response to severe stress. Not surprisingly, testing is already a key component of other regulatory frameworks addressing the stress continuum ( e.g., contingency funding planning  ⁽⁸⁾ and stress testing  ⁽⁹⁾ ). In addition, the FDIC has proposed amendments to its resolution planning rule to incorporate a testing requirement. ⁽¹⁰⁾

For these reasons, the OCC proposes to revise the Guidelines to include a testing provision as a new paragraph II.D. Under the proposed testing provision, a covered bank should test its overall recovery plan, and each element of the plan, to ensure that it will be an effective tool during periods of severe stress. ⁽¹¹⁾ To meet this standard, a covered bank may simulate severe financial and non-financial stress scenarios, such as the scenarios used to develop the plan, to confirm that the plan is likely to work as intended when the covered bank is experiencing severe stress. This testing should include, for example, ensuring that the plan's triggers appropriately reflect the covered bank's particular vulnerabilities and will, in practice, provide the covered bank with timely notice of a continuum of increasingly severe stress, ranging from warnings of the likely occurrence of severe stress to the actual existence of severe stress. Testing should also enable management and the board to verify that the bank has identified credible options and is adequately prepared to carry out these options, as needed, during a period of severe stress. Testing should be sufficient to provide management and the board with similar assurances regarding the other elements of the plan and, ultimately, the plan as a whole. Although the proposal does not include a specific testing format or methodology, testing should be risk-based and reflect the covered bank's size, risk profile, activities, and complexity.

Question: The OCC invites comment on the proposed testing standard, including the following questions:

• Should the OCC be more specific about how to test a recovery plan to validate whether the plan would effectively facilitate a covered bank's recovery from severe financial or non-financial stress? For example, should the OCC provide that a covered bank test the plan using a specific number of stress scenarios? If so, how many scenarios would be appropriate? Should the OCC provide that covered banks utilize different scenarios each year? Should the OCC provide that a covered bank include a quantitative and qualitative analysis as part of the testing provision?
• How would a covered bank implement testing for recovery options? Are there certain options which would be difficult or impossible to test?
• How would a covered bank implement testing for impact assessments? For example, would it be possible to test the effect on material entities, critical operations, and core business lines? Should impact assessments be scoped out of the testing provision? If so, why?
• Is the proposed scope of testing appropriate? Are there other aspects of a covered bank's recovery plan or recovery planning process that the covered bank should test, and if so, what are those? Should the OCC narrow the testing standard? How and why?
• How would a covered bank implement testing in its recovery planning process? For example, would a covered bank first develop (or update) its recovery plan and then separately test the completed plan, or would a covered bank integrate testing into its development (or updating) process? Please explain.

With respect to the frequency of testing, the OCC proposes that a covered bank test its recovery plan periodically but not less than annually, which aligns with management and board responsibilities to review a covered bank's recovery plan at least annually, under paragraphs III.A and III.B. of the Guidelines, respectively. As such, the proposed testing frequency would ensure that management and the board can consider the results of testing during their review. While the OCC expects that a covered bank would test each element of its recovery plan on an annual cycle, the agency does not expect that, for example, a covered bank would test all triggers or all options during each annual cycle. Rather, as noted above, annual testing should be risk-based. In addition, to provide covered banks with flexibility to engage in continuous or regular testing, the proposal also permits a covered bank to engage in periodic testing during an annual cycle. Finally, in the event that testing reveals weaknesses or deficiencies in a recovery plan, the proposal provides that a covered bank should revise its recovery plan as appropriate following testing.

Question: The OCC invites comment on the proposed frequency of testing, including whether annual testing is appropriate, as well as whether and how this testing frequency will aid management and the board in fulfilling their recovery planning responsibilities. Alternatively, should the Guidelines provide for periodic testing without a specific frequency? Should the Guidelines also provide for testing in response to a material change to the recovery plan?

Question: The OCC invites comment on whether the OCC should provide additional clarity regarding how covered banks should address weaknesses and deficiencies identified during testing.

C. Non-financial risk. In the OCC's experience with covered banks' implementation of the Guidelines, banks have generally been successful in considering and addressing financial risks in their recovery plans. For example, many covered banks' recovery plans include triggers which cover changes to the bank's financial position, such as triggers for profitability, funding sources, liquidity ratios, and capital ratios.

The OCC has observed, however, that covered banks have been less consistent in their consideration of non-financial risk, such as operational and strategic risks. As some covered banks have indicated, this inconsistent approach to non-financial risk may be because the goal of recovery planning is to return a covered bank to a position of financial strength and viability in the event of severe stress. Financial risk is, of course, critical to recovery planning. However, focusing a recovery plan exclusively on financial risks while neglecting non-financial risks overlooks the very real threats that non-financial risks can pose to a bank's financial strength and viability. For example, banks face elevated levels of risk from an increasingly complex operational and strategic environment. They are undergoing rapid and significant changes in an effort to innovate, digitize, and meet rising consumer demands; to optimize risk management practices; and to respond to externalities such as economic and environmental uncertainties and financial pressures. These risks can lead to severe non-financial stress that affects a bank's financial strength and viability. ⁽¹²⁾

To ensure that covered banks' appropriately address non-financial risks in their recovery plans, including by identifying non-financial stress and triggers, the OCC proposes certain changes to the Guidelines. The first proposed change is to paragraph II.A., which currently states that each covered bank should develop and maintain a recovery plan that is specific to and appropriate for its individual size, risk profile, activities, and complexity, including the complexity of its organizational and legal entity structure. The OCC proposes to add language to this paragraph stating that a covered bank's recovery plan should appropriately consider both financial risk and non-financial risk (including operational and strategic risk). The added reference to financial risk is not because covered banks have not been considering this type of risk but to highlight that both types of risk should be addressed. The OCC also proposes conforming changes to the definitions of "recovery" and "trigger" in paragraphs I.E.4. and I.E.6., respectively, and to the recovery plan elements of "trigger" and "impact assessment" in paragraphs II.B.2. and II.B.4., respectively. These conforming changes are also intended to highlight the importance of both financial and non-financial risks throughout the recovery planning process.

The OCC is not proposing any changes to the "options for recovery" element in paragraph II.B.3. of the Guidelines, which provides that recovery plan "should explain how the covered bank would carry out each option and describe the timing required for carrying out each option." The OCC believes, however, it is important to emphasize that this process should include an understanding of, and plan for mitigating, the non-financial challenges and risks, including operational challenges and risks, associated with executing each recovery option during severe stress. Without this, a covered bank's management and board cannot accurately assess whether the options identified in the recovery plan are, in fact, credible options that the covered bank could undertake to restore financial strength and viability.

Finally, paragraph II.C. of the Guidelines, "Relationship to other processes; coordination with other plans," provides that a covered bank's recovery plan should be integrated into its other risk governance functions and aligned with its other plans. This provision is intended to make clear that recovery planning should complement, and not replace, these risk governance and planning functions at covered banks, including those that address non-financial risks. The paragraph lists examples of such other plans; to provide an additional example of an operational risk plan, the OCC proposes to add a reference to "resilience programs" in paragraph II.C.

Question: The OCC invites comment on its proposal to incorporate non-financial risks into the Guidelines, including the following:

• Are "financial" and "non-financial" risks sufficiently clear? Should the Guidelines define these terms or otherwise include more specificity? For example, should the OCC identify or define specific types of financial and non-financial risk, such as by incorporating the risk types and corresponding definitions used in the Comptroller's Handbook or another source? Please explain.
• Should the OCC revise any other provisions of the Guidelines, including the definition of "recovery plan" or any of the other elements of a recovery plan, to incorporate non-financial risk? If so, how?
• Is the proposal sufficiently clear about the relationship between non-financial risk and recovery planning? Is it sufficiently clear that inclusion of non-financial risk in a recovery plan should not replace a covered bank's other non-financial risk governance practices, such as its business continuity and operational resilience planning?

D. Compliance. The OCC understands that it would take time for covered banks to implement the changes discussed above, particularly for banks that are not currently covered by the Guidelines but would become covered banks based on the proposed threshold change. To this end, the agency proposes to amend paragraph I.B. of the Guidelines, entitled "Compliance date," to provide the banks with sufficient time. Specifically, a bank that is a covered bank under the current Guidelines would have 12 months from the effective date of the amendments to comply with the changes. These banks would continue to be obligated to comply with the current Guidelines during this 12-month period.

Question: The OCC invites comment on whether a 12-month compliance date would be sufficient for a bank that is already a covered bank. Should the OCC adopt shorter a compliance date, such as 3 or 6 months, or a longer one, such as 18 or 24 months, for these banks? Should the OCC establish different compliance dates for updating a recovery plan to address non-financial risks and for testing the plan? If so, what compliance dates would be appropriate? Please explain.

For a bank that has $100 billion or more but less than $250 billion in average total consolidated assets on the effective date of the amendments to the Guidelines, the proposal provides that the bank should comply with the Guidelines within 12 months of the effective date, except for the testing requirements with which the bank should comply within 18 months. A financial institution that is not a covered bank on the effective date of the amended Guidelines but that subsequently becomes a covered bank would continue to have 12 months from the date on which it becomes a covered bank to comply with the Guidelines, except that it would have 18 months to comply with the testing requirements. ⁽¹³⁾

Question: The OCC invites comments on these proposed compliance dates. Would a 12-month compliance date provide a bank or other financial institution that is newly covered by the Guidelines with adequate time to develop a plan? Should the OCC adopt a shorter compliance date, such as 3 or 6 months, or a longer one, such as 18 or 24 months? How would this change if the OCC were to adopt a different threshold? Is 6 additional months an appropriate timeframe for testing, or would a shorter or longer timeframe be appropriate? Alternatively, should the OCC establish one compliance date for both developing and testing a recovery plan? Please explain.

Question: Should the OCC include an additional reservation of authority that would permit it to apply the Guidelines to a bank or covered bank on a timeframe different than the otherwise-applicable compliance dates ( e.g., following a merger or acquisition)? If so, what factors should the OCC consider when deciding whether to exercise this reservation of authority?

III. Comment Invitation

In addition to the specific questions asked above, the OCC invites comment on all aspects of the proposed revisions to the Guidelines.

IV. Regulatory Analysis

Paperwork Reduction Act of 1995

Under the Paperwork Reduction Act of 1995 (PRA), ⁽¹⁴⁾ the OCC may not conduct or sponsor, and a respondent is not required to respond to, an information collection unless it displays a currently valid Office of Management and Budget (OMB) control number. This notice of proposed rulemaking includes changes to an approved collection of information pursuant to the provisions of the PRA. The OCC submitted the information collections contained in this notice of proposed rulemaking to OMB for review and approval, under section 3507(d) of the PRA and § 1320.11 of OMB's implementing regulations (5 CFR part 1320).

The Guidelines contain information collections previously approved by OMB, which are found in 12 CFR part 30, appendix E, sections II.B., II.C., and III. Section II.B. specifies the elements of the recovery plan, including an overview of the covered bank; triggers; options for recovery; impact assessments; escalation procedures; management reports; communication procedures; and any other information the OCC communicates in writing. Section II.C. addresses the relationship of the plan to other covered bank processes and coordination with other plans, including the processes and plans of its bank holding company. Section III outlines management's and the board's responsibilities.

The proposed rulemaking contains additional information collections. Under the proposal, the threshold for applying the Guidelines to a bank would be reduced from $250 billion to $100 billion in average total consolidated assets. The proposal would also establish a testing standard, which would provide that a bank should test its overall recovery plan and each element of the plan. Additionally, the proposal would clarify the role of non-financial (including operational and strategic) risk in recovery planning.

The following revised information collection was submitted to OMB for review.

Title: OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches.

OMB Control No.: 1557-0333.

Affected Public: Businesses or other for-profit organizations.

Estimated Burden:

Frequency of Response: On occasion.

Total Number of Respondents: 21.

Total Burden per Respondent: 32,017 hours.

Total Burden for Collection: 672,360 hours.

Comments are invited on: (a) Whether the collection of information is necessary for the proper performance of the functions of the OCC, including whether the information has practical utility; (b) The accuracy of the OCC's estimate of the burden of the collection of information; (c) Ways to enhance the quality, utility, and clarity of the information to be collected; (d) Ways to minimize the burden of the collection on respondents, including through the use of automated collection techniques or other forms of information technology; and (e) Estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information.

Regulatory Flexibility Act

In general, the Regulatory Flexibility Act (RFA)  ⁽¹⁵⁾ requires an agency, in connection with a proposed rule, to prepare an Initial Regulatory Flexibility Analysis describing the impact of the rule on small entities (defined by the U.S. Small Business Administration for purposes of the RFA to include commercial banks and savings institutions with total assets of $850 million or less and trust companies with total assets of $47 million or less). However, under section 605(b) of the RFA, this analysis is not required if an agency certifies that the proposed rule would not have a significant economic impact on a substantial number of small entities and publishes its certification and a short explanatory statement in the Federal Register along with its proposed rule.

The OCC currently supervises approximately 947 IDIs  ⁽¹⁶⁾ of which 636 are small entities. ⁽¹⁷⁾ The proposed rule would not impact any small entities because it would only apply to IDIs with average total consolidated assets of $100 billion or more. Accordingly, the OCC certifies that the proposed rule, if implemented, would not have a significant economic impact on a substantial number of small entities.

Unfunded Mandates Reform Act of 1995

The OCC analyzed the proposed rule under the factors set forth in the Unfunded Mandates Reform Act of 1995 (UMRA). ⁽¹⁸⁾ Under this analysis, the OCC considered whether the proposed rule includes a Federal mandate that may result in the expenditure by State, local, and Tribal governments, in the aggregate, or by the private sector, of $100 million or more in any one year (adjusted for inflation, currently $183 million). The OCC has determined that expenditures to comply with proposed rule's mandates would be approximately $86.7 million. Therefore, the OCC concludes that the proposed rule would not result in an expenditure of $183 million or more annually by State, local, and Tribal governments, or by the private sector. Accordingly, the OCC has not prepared the written statement described in section 202 of the UMRA.

Riegle Community Development and Regulatory Improvement Act of 1994

Pursuant to section 302(a) of the Riegle Community Development and Regulatory Improvement Act of 1994, ⁽¹⁹⁾ in determining the effective date and administrative compliance requirements for new regulations that impose additional reporting, disclosure, or other requirements on insured depository institutions, the OCC will consider, consistent with the principles of safety and soundness and the public interest: (1) any administrative burdens that the proposed rule would place on depository institutions, including small depository institutions and customers of depository institutions and (2) the benefits of the proposed rule. The OCC requests comment on any administrative burdens that the proposed rule would place on depository institutions, including small depository institutions and their customers, and the benefits of the proposed rule that the OCC should consider in determining the effective date and administrative compliance requirements for a final rule.

Providing Accountability Through Transparency Act of 2023

The Providing Accountability Through Transparency Act of 2023  ⁽²⁰⁾ requires that a notice of proposed rulemaking include the internet address of a summary of not more than 100 words in length of a proposed rule, in plain language, that shall be posted on the internet website www.regulations.gov.

The Office of the Comptroller of the Currency is proposing to amend its enforceable recovery planning guidelines to expand them to apply to insured national banks, Federal savings associations, and Federal branches with average total consolidated assets of $100 billion or more; incorporate a testing standard; and clarify the role of non-financial (including operational and strategic) risk in recovery planning.

Authority and Issuance

For the reasons set forth in the preamble, and under the authority of 12 U.S.C. 93a, chapter I of title 12 of the Code of Federal Regulations is proposed to be amended as follows:

Part 30 Safety and Soundess Standards

The revisions read as follows:

Appendix E to Part 30 Occ Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks Insured Federal Savings Associations and Insured Federal Branches

* * * * *

I. Introduction

* * * * *

B. Compliance date.

1. A covered bank with average total consolidated assets, calculated according to paragraph I.E.1. of this appendix, equal to or greater than $250 billion as of [EFFECTIVE DATE OF FINAL RULE] should be in compliance with this appendix on [EFFECTIVE DATE OF FINAL RULE] except for paragraph II.D. of this appendix and the amended provisions on non-financial risk, with which the bank should be in compliance by 12 months from [EFFECTIVE DATE OF FINAL RULE].

2. A covered bank with average total consolidated assets, calculated according to paragraph I.E.1. of this appendix, equal to or greater than $100 billion but less than $250 billion as of [EFFECTIVE DATE OF FINAL RULE] should be in compliance with this appendix on 12 months from [EFFECTIVE DATE OF FINAL RULE], except for paragraph II.D. of this appendix with which the covered bank should be in compliance by 18 months from [EFFECTIVE DATE OF FINAL RULE].

3. A financial institution that is not a covered bank as of [EFFECTIVE DATE OF FINAL RULE] but which subsequently becomes a covered bank should comply with this appendix within 12 months of becoming a covered bank, except for paragraph II.D. of this appendix with which the covered bank should be in compliance by 18 months of becoming a covered bank.

* * * * *

E. Definitions.

1. Average total consolidated assets means the average of total consolidated assets of the bank or the covered bank, as reported on the bank's or the covered bank's Consolidated Reports of Condition and Income for the four most recent consecutive quarters.

2. Bank means any insured national bank, insured Federal savings association, or insured Federal branch of a foreign bank.

3. Covered bank means any bank:

a. With average total consolidated assets equal to or greater than $100 billion;

b. With average total consolidated assets of less than $100 billion if the bank was previously a covered bank, unless the OCC determines otherwise; or

c. With average total consolidated assets less than $100 billion, if the OCC determines that such bank is highly complex or otherwise presents a heightened risk as to warrant the application of this appendix pursuant to paragraph I.C.1.a. of this appendix.

4. Recovery means timely and appropriate action that a covered bank takes to remain a going concern when it is experiencing or is likely to experience considerable financial and non-financial stress. A covered bank in recovery has not yet deteriorated to the point where liquidation or resolution is imminent.

5. Recovery plan means a plan that identifies triggers and options for responding to a wide range of severe internal and external stress scenarios to restore a covered bank that is in recovery to financial strength and viability in a timely manner. The options should maintain the confidence of market participants, and neither the plan nor the options may assume or rely on any extraordinary government support.

6. Trigger means a quantitative or qualitative indicator of the risk or existence of severe financial and non-financial stress, the breach of which should always be escalated to senior management or the board of directors (or appropriate committee of the board of directors), as appropriate, for purposes of initiating a response. The breach of any trigger should result in timely notice accompanied by sufficient information to enable management of the covered bank to take corrective action.

II. Recovery Plan

A. Recovery plan. Each covered bank should develop and maintain a recovery plan that is specific to that covered bank and appropriate for its individual size, risk profile, activities, and complexity, including the complexity of its organizational and legal entity structure. When developing and maintaining its recovery plan, each covered bank should appropriately consider both financial risk and non-financial risk (including operational and strategic risk).

B. Elements of recovery plan. A recovery plan under paragraph II.A. of this appendix should include the following elements:

1. Overview of covered bank. A recovery plan should describe the covered bank's overall organizational and legal entity structure, including its material entities, critical operations, core business lines, and core management information systems. The plan should describe interconnections and interdependencies:

(i) Across business lines within the covered bank;

(ii) With affiliates in a bank holding company structure;

(iii) Between a covered bank and its foreign subsidiaries; and

(iv) With critical third parties.

2. Triggers. A recovery plan should identify financial and non-financial triggers that appropriately reflect the covered bank's particular vulnerabilities.

3. Options for recovery. A recovery plan should identify a wide range of credible options that a covered bank could undertake to restore financial strength and viability, thereby allowing the bank to continue to operate as a going concern and to avoid liquidation or resolution. A recovery plan should explain how the covered bank would carry out each option and describe the timing required for carrying out each option. The recovery plan should specifically identify the recovery options that require regulatory or legal approval.

4. Impact assessments. For each recovery option, a covered bank should assess and describe how the option would affect the covered bank. This impact assessment and description should specify the procedures the covered bank would use to maintain the financial strength and viability of its material entities, critical operations, and core business lines for each recovery option. For each option, the recovery plan's impact assessment should address the following:

a. The effect on the covered bank's capital, liquidity, funding, and profitability;

b. The effect on the covered bank's material entities, critical operations, and core business lines, including reputational impact;

c. The effect on the covered bank's risk profile as a result of changes to its financial and non-financial risk; and

d. Any legal or market impediment or regulatory requirement that must be addressed or satisfied in order to implement the option.

5. Escalation procedures. A recovery plan should clearly outline the process for escalating decision-making to senior management or the board of directors (or an appropriate committee of the board of directors), as appropriate, in response to the breach of any trigger. The recovery plan should also identify the departments and persons responsible for executing the decisions of senior management or the board of directors (or an appropriate committee of the board of directors).

6. Management reports. A recovery plan should require reports that provide senior management or the board of directors (or an appropriate committee of the board of directors) with sufficient data and information to make timely decisions regarding the appropriate actions necessary to respond to the breach of a trigger.

7. Communication procedures. A recovery plan should provide that the covered bank notify the OCC of any significant breach of a trigger and any action taken or to be taken in response to such breach and should explain the process for deciding when a breach of a trigger is significant. A recovery plan also should address when and how the covered bank will notify persons within the organization and other external parties of its action under the recovery plan. The recovery plan should specifically identify how the covered bank will obtain required regulatory or legal approvals.

8. Other information. A recovery plan should include any other information that the OCC communicates in writing directly to the covered bank regarding the covered bank's recovery plan.

C. Relationship to other processes; coordination with other plans. The covered bank should integrate its recovery plan into its risk governance functions. The covered bank also should align its recovery plan with its other plans, such as its strategic; operational (including business continuity and resilience program); contingency; capital (including stress testing); liquidity; and resolution planning. The covered bank's recovery plan should be specific to that covered bank. The covered bank also should coordinate its recovery plan with any recovery and resolution planning efforts by the covered bank's holding company, so that the plans are consistent with and do not contradict each other.

D. Testing. Each covered bank should test its recovery plan periodically but not less than annually. The test should validate the effectiveness of the recovery plan, including each element set forth in paragraph II.B. of this appendix. Each covered bank should revise its recovery plan as appropriate following completion of the test.

* * * * *

[FR Doc. 2024-13960 Filed 7-2-24; 8:45 am]

BILLING CODE 4810-33-P

⁽¹⁾  81 FR 66791 (Sep. 29, 2016). The Guidelines are codified at 12 CFR part 30, appendix E. They were issued pursuant to section 39 of the Federal Deposit Insurance Act, 12 U.S.C. 1831p-1, which authorizes the OCC to prescribe enforceable safety and soundness standards.

⁽²⁾  83 FR 66604 (Dec. 27, 2018).

⁽³⁾  The proposed threshold would also be consistent with the Federal Deposit Insurance Corporation's (FDIC) proposed amendments to its resolution planning rule, which would require covered IDIs with $100 billion or more in total assets to submit full resolution plans. 88 FR 64579 (Sept. 19, 2023).

⁽⁴⁾  Compare Schedule RC, item 12 and Schedule RC-R, item 27 of the Call Report.

⁽⁵⁾  12 CFR part 30, appendix D.

⁽⁶⁾  Paragraph I.C.1.a.

⁽⁷⁾  The OCC does not propose changes to its reservation of authority to determine that compliance should not be required for a covered bank in paragraph I.C.1.b. of the Guidelines because this section does not specifically reference a bank's asset size.

⁽⁸⁾ See 75 FR 13656 (March 22, 2010); Addendum to the Interagency Policy Statement on Funding and Liquidity Risk Management: Importance of Contingency Funding Plan (July 28, 2023).

⁽⁹⁾ See 12 CFR part 46.

⁽¹⁰⁾  88 FR 64579 (Sept. 19, 2023).

⁽¹¹⁾  As set forth in paragraph II.B. of the Guidelines, the elements of a recovery plan are Overview of covered bank; Triggers; Options for recovery; Impact assessments; Escalation procedures; Management reports; Communication procedures; and Other information.

⁽¹²⁾  The Guidelines already recognize this fact, insofar as the definition of "recovery" refers to "financial or operational stress." However, as noted above, the OCC believes that this issue warrants additional clarity.

⁽¹³⁾  A financial institution could become a covered bank after the effective date of the amended Guidelines, for example, if its average total consolidated assets grow to or above the threshold, if it is a State bank with average total consolidated assets of $100 billion or more that converts to an OCC charter, or through the OCC's exercise of its reservation of authority under section I.C.

⁽¹⁴⁾  44 U.S.C. 3501-3521.

⁽¹⁵⁾  5 U.S.C. 601 et seq.

⁽¹⁶⁾  Based on data accessed using FINDRS on May 23, 2024.

⁽¹⁷⁾  Consistent with the General Principles of Affiliation, 13 CFR 121.103(a), the OCC counts the assets of affiliated financial institutions when determining if it should classify an institution as a small entity. The OCC used December 31, 2023, to determine size because a "financial institution's assets are determined by averaging the assets reported on its four quarterly financial statements for the preceding year." See footnote 8 of the U.S. Small Business Administration's Table of Standards.

⁽¹⁸⁾  2 U.S.C. 1532.

⁽¹⁹⁾  12 U.S.C. 4802(a).

⁽²⁰⁾  12 U.S.C. 553(b)(4).