OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches
Supporting Statement
OMB Control No. 1557-0333
A. Justification.
1. Circumstances that make the collection of information necessary:
In 2016, the OCC issued guidelines establishing standards for recovery planning applicable to each insured national bank, insured Federal savings association, and insured Federal branch of a foreign bank (together, banks) with average total consolidated assets of $50 billion or more (covered banks). The guidelines stated that each covered bank should develop and maintain a recovery plan appropriate for its individual size, risk profile, activities, and complexity, including the complexity of its organizational and legal entity structure. In 2018, the OCC raised the threshold from $50 billion to $250 billion.
This supporting statement is being filed in connection with the OCC-issued final guidelines that revise the threshold to $100 billion or more. The final guidelines also incorporate a testing standard for recovery plans and clarify the roles of financial and non-financial (including operational and strategic) risk in recovery planning.
2. Use of the information:
Set forth below is a description of the changes to the current guidelines made by the final guidelines. Other than these changes, the current and final guidelines are materially the same.
Compliance Dates. The current guidelines set forth compliance dates that depend on whether a bank (1) was a covered bank on the effective date of the current guidelines or (2) becomes a covered bank after that effective date. The final guidelines set forth new compliance dates that depend on whether a bank (1) is a covered bank under the current guidelines; (2) becomes a covered bank on the effective date of the final guidelines; or (3) becomes a covered bank after the effective date of the final guidelines.
Threshold. The current guidelines apply to banks with average total consolidated assets of $250 billion or more. The final guidelines apply to banks with average total consolidated assets of $100 billion or more. The final guidelines include several clarifying or conforming changes based on this change in threshold.
Recovery Plan. The current guidelines provide: “Each covered bank should develop and maintain a recovery plan that is specific to that covered bank and appropriate for its individual size, risk profile, activities, and complexity, including the complexity of its organizational and legal entity structure.” The final guidelines add a sentence stating: “When developing and maintaining its recovery plan, each covered bank should appropriately consider both financial risk and non-financial risks (including operational and strategic risk).” The final guidelines also include clarifying or conforming changes to the definitions of “recovery” and “trigger” to align with this change.
Recovery Plan Element --Triggers. The current guidelines state: “A recovery plan should identify triggers that appropriately reflect the covered bank’s particular vulnerabilities.” The final guidelines state: “A recovery plan should identify financial and non-financial triggers that appropriately reflect the covered bank’s particular vulnerabilities.”
Impact assessments. The current guidelines state: “For each recovery option, a covered bank should assess and describe how the option would affect the covered bank. This impact assessment and description should specify the procedures the covered bank would use to maintain the financial strength and viability of its material entities, critical operations, and core business lines for each recovery option. For each option, the recovery plan’s impact assessment should address the following:
The effect on the covered bank’s capital, liquidity, funding, and profitability;
The effect on the covered bank’s material entities, critical operations, and core business lines, including reputational impact; and
Any legal or market impediment or regulatory requirement that must be addressed or satisfied in order to implement the option.”
The final guidelines add an additional factor that an impact assessment should address: “The effect on the covered bank’s risk profile as a result of changes to its financial and non-financial risk.”
Relationship to other processes; coordination with other plans. The current guidelines provide: “The covered bank should integrate its recovery plan into its risk governance functions. The covered bank also should align its recovery plan with its other plans, such as its strategic; operational (including business continuity); contingency; capital (including stress testing); liquidity; and resolution planning. The covered bank’s recovery plan should be specific to that covered bank. The covered bank also should coordinate its recovery plan with any recovery and resolution planning efforts by the covered bank’s holding company, so that the plans are consistent with and do not contradict each other.” The final guidelines add “resilience program” to the operational plans with which a covered bank should align its recovery plan.
Testing standard. The current guidelines do not contain a testing standard. The final guidelines contain a testing standard that provides: “Each covered bank should test its recovery plan periodically but not less than annually and following any significant changes to the recovery plan made in response to a material event. Testing should validate the effectiveness of the recovery plan, including by considering each element set forth in paragraph II.B. of this appendix, and should be appropriate for the bank’s individual size, risk profile, activities, and complexity, including the complexity of its organizational and legal entity structure. Each covered bank should revise its recovery plan as appropriate following completion of testing.”
Previously Approved Collection
Overview of covered bank. A recovery plan should describe the covered bank’s overall organizational and legal entity structure, including its material entities, critical operations, core business lines, and core management information systems. The plan should describe interconnections and interdependencies (1) across business lines within the covered bank; (2) with affiliates in a bank holding company structure; (3) between a covered bank and its foreign subsidiaries; and (4) with critical third parties.
Options for recovery. A recovery plan should identify a wide range of credible options that a covered bank could undertake to restore financial strength and viability, thereby allowing the bank to continue to operate as a going concern and to avoid liquidation or resolution. A recovery plan should explain how the covered bank would carry out each option and describe the timing required for carrying out each option. The recovery plan should specifically identify the recovery options that require regulatory or legal approval.
Escalation procedures. A recovery plan should clearly outline the process for escalating decision-making to the covered bank’s senior management, the board of directors, or appropriate committee of the board of directors (board), as appropriate, in response to the breach of any trigger. The recovery plan should also identify the departments and persons responsible for executing the decisions of senior management or the board.
Management reports. A recovery plan should require reports that provide senior management or the board with sufficient data and information to make timely decisions regarding the appropriate actions necessary to respond to the breach of a trigger.
Communication procedures. A recovery plan should provide that the covered bank will notify the OCC of any significant breach of a trigger and any action taken or to be taken in response to such breach and should explain the process for deciding when a breach of a trigger is significant. A recovery plan also should address when and how the covered bank will notify persons within the organization and other external parties of its action under the recovery plan. The recovery plan should specifically identify how the covered bank will obtain required regulatory or legal approvals.
Other information. A recovery plan should include any other information that the OCC communicates in writing directly to the covered bank regarding the covered bank’s recovery plan.
Management’s and Board of Directors’ Responsibilities. A covered bank’s recovery plan should address the responsibilities of the bank’s management and board with respect to the plan. Specifically, management should review the recovery plan at least annually and in response to a material event. It should revise the plan as necessary to reflect material changes in the covered bank’s size, risk profile, activities, and complexity, as well as changes in external threats. This review should evaluate the organizational structure and its effectiveness in facilitating a recovery. The board is responsible for overseeing the covered bank’s recovery planning process. The board of a covered bank should review and approve the recovery plan at least annually, and as needed to address significant changes made by management.
3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology. Describe any consideration of using information technology to reduce burden:
Respondents may use any technology compatible with meeting the final guidelines.
4. Efforts to identify duplication:
The OCC recognizes that many covered banks already engage in significant planning, including planning responses to cyber-attacks, business interruptions, and leadership vacancies. Some covered banks also undertake a range of other planning, including strategic, operational, contingency, capital, liquidity, and resolution. The same is true for their parent holding companies or affiliates. The OCC does not intend for a covered bank’s recovery planning to be needlessly burdensome or duplicative of these other planning processes. The OCC expects, however, that a covered bank’s recovery plan will identify the recovery strategies that are specific to that bank and, as appropriate, distinguishable from the recovery strategies of its holding company or affiliates. Furthermore, while the OCC encourages covered banks to leverage their existing processes, including by incorporating or cross-referencing portions or elements of relevant plans, in most cases, it is unlikely that a covered bank will be able to use a plan prepared for another purpose or entity to satisfy the guidelines. The purpose of the guidelines is to provide a comprehensive framework for evaluating the financial effects of severe financial and non-financial stress on the covered bank and the recovery options that will allow the bank to continue to operate as a going concern and to avoid liquidation or resolution.
5. If the collection of information impacts small businesses or other small entities, describe any methods used to minimize burden.
Not applicable.
6. Consequence to Federal program if the collection were conducted less frequently:
If a covered bank were to prepare, review, or revise its recovery plan less frequently than provided in the final guidelines, the bank would be less prepared to respond to and recover from the financial effects of severe stress, which could threaten its viability or the safety and soundness of its operations.
7. Special circumstances that would cause an information collection to be conducted in a manner inconsistent with 5 CFR par 1320:
The information collection will be conducted in a manner consistent with 5 CFR part 1320.5(d)(2).
8. Efforts to consult with persons outside the agency:
The OCC issued a notice of proposed rulemaking on July 3, 2024 (89 FR 55114). There were no PRA-related comments received.
9. Payment or gift to respondent:
Not applicable.
10. Any assurance of confidentiality:
The information collection request will be kept private to the extent permissible by law.
11. Justification for questions of a sensitive nature:
None.
12. Burden estimate:
Total Number of Respondents: 21.
Total Burden per Respondent: 32,0171 hours.
Total Burden for Collection: 672,360 hours.
Cost of Hour Burden
672,360 hours x $129.40 = $87,003,384
To estimate wages, the OCC reviewed May 2023 data for wages (by industry and occupation) from the U.S. Bureau of Labor Statistics (BLS) for credit intermediation and related activities (NAICS 5220A1). To estimate compensation costs associated with the final guidelines, the OCC used $129.40 per hour, which is based on the average of the 90th percentile for six occupations adjusted for inflation (4.3 percent as of Q1 2024), plus an additional 34.6 percent for benefits (based on the percent of total compensation allocated to benefits as of Q4 2023 for NAICS 522: credit intermediation and related activities).
13. Estimate of total annual costs to respondents (excluding cost of hour burden in Item #12)
None.
14. Estimate of annualized cost to the Federal government:
None.
15. Change in burden:
Prior Burden: 60,344
Current Burden: 672,360 hours.
The new testing standard and inclusion of non-financial risks will increase burden hours for existing covered banks. Additionally, compliance by newly covered banks will add burden hours and involve significant engagement across various stakeholders in the front-line unit, independent risk management, and internal audit. The increase in burden is also driven by an original underestimation of burden hours.
16. Information regarding collections whose results are to be published for statistical use:
Not applicable.
17. Reasons for not displaying OMB approval expiration date:
Not applicable.
18. Exceptions to the certification statement:
Not applicable.
B. Collections of Information Employing Statistical Methods
Not applicable.
1 This number includes burden hours for the implementation of the testing standard, which may occur during or after the 12-month period following the effective date of the final guidelines.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
Author | Merritt, Shaquita |
File Modified | 0000-00-00 |
File Created | 2024-10-28 |