OCC Specifies ‘Heightened Expectations’ for Board of Director Oversight Responsibilities for Large Banks

by Stinson Leonard Street - Dodd-Frank and the Jobs Act

The Office of the Comptroller of the Currency, or OCC, has adopted guidelines, issued as an appendix to its safety and soundness standards regulations, establishing minimum standards for the design and implementation of a risk governance framework (Framework) for large insured national banks, insured Federal savings associations, and insured Federal branches of foreign banks (banks) with average total consolidated assets of $50 billion or more and minimum standards for a board of directors in overseeing the Framework’s design and implementation (final Guidelines). The standards contained in the final Guidelines are enforceable by the terms of a Federal statute that authorizes the OCC to prescribe operational and managerial standards for national banks and Federal savings associations.

The final Guidelines consist of three sections:

  • Section I provides an introduction to the Guidelines, explains the scope of the Guidelines, and defines key terms used throughout the Guidelines.
  • Section II sets forth the minimum standards for the design and implementation of a covered bank’s Framework.
  • Section III provides the minimum standards for the board of directors’ oversight of the Framework.

Set forth below are some highlights on Section III of the Guidelines.

Effective Risk Governance Framework

Concern was expressed with respect Section III of the draft guidelines about use of the terms “duty” and “ensure.” The OCC did not intend to impose managerial responsibilities on the board of directors, or suggest that the board must guarantee results under the Framework. Accordingly, consistent with commenter suggestions, the final Guidelines provide that the board of directors should require management to establish and implement an effective Framework that meets the minimum standards described in the Guidelines. The OCC believes that this revision aligns the board of directors’ responsibilities under this paragraph with their traditional strategic and oversight role.

Provide Active Oversight of Management

Paragraph B. of section III of the proposed Guidelines provided that the board of  directors should actively oversee the bank’s risk-taking activities and hold management accountable for adhering to the Framework. The proposed Guidelines also provided that the board of directors should question, challenge, and, when necessary, oppose management’s proposed actions that could cause the bank’s risk profile to exceed its risk appetite or threaten the bank’s safety and soundness.

Commenters expressed concern that these provisions would promote confrontation between the board of directors and bank management at board meetings. Some commenters argued that this would deter open and candid dialogue between the board of directors and bank management, and that emphasizing board opposition will detract from determining how active the board is in overseeing management actions.

Some commenters also argued that the board of directors’ oversight of management should not be characterized as “active” because it implies that board members are implementing and assuming management functions.

The final Guidelines continue to provide that a covered bank’s board of directors should actively oversee the covered bank’s risk-taking activities and hold management accountable for adhering to the Framework. The OCC believes that it is important for the board of directors to understand a covered bank’s risk-taking activities and to be engaged in providing oversight to these activities. The final Guidelines clarify that the board of directors provides active oversight by relying on risk assessments and reports prepared by independent risk management and internal audit. Therefore, the final Guidelines do not contemplate that the board of directors will assume managerial responsibilities in providing active oversight of management—instead, the board is permitted to rely on independent risk management and internal audit to meet its responsibilities under this paragraph.

The final Guidelines continue to articulate the OCC’s expectation that the board of directors should provide a credible challenge to management. The OCC believes that a board of directors will be able to provide this challenge if its members have a comprehensive understanding of the covered bank’s risk-taking activities.

The OCC believes that the capacity to dedicate sufficient time and energy in reviewing information and developing an understanding of the key issues related to a covered bank’s risk-taking activities is a critical prerequisite to being an effective director. Informed directors are well-positioned to engage in substantive discussions with management wherein the board of directors provides approval to management, requests guidance to clarify areas of uncertainty, and prudently questions the propriety of strategic initiatives. Therefore, the final Guidelines continue to provide that the board of directors, in reliance on information it receives from independent risk management and internal audit, should question, challenge, and when necessary, oppose recommendations and decisions made by management that could cause the covered bank’s risk profile to exceed its risk appetite or jeopardize the safety and soundness of the covered bank.

The OCC does not intend this standard to become a compliance exercise for the covered bank, or lead to scripted meetings between the board of directors and management. Instead, the OCC intends to assess compliance with this standard primarily by engaging OCC examiners in frequent conversations with directors. Likewise, the OCC does not expect the board of directors to evidence opposition to management during each board meeting. Instead, the OCC emphasizes that the board of directors should oppose management’s recommendations and decisions only when necessary.


Section III of the Guidelines also provide:

  • A director should exercise sound, independent judgment.
  • Covered banks must have at least two independent board members.
  • Certain training of directors is required.
  • The bank’s board of directors should conduct an annual self-assessment that includes an evaluation of the board’s effectiveness in meeting the standards provided in section III of the Guidelines.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Stinson Leonard Street - Dodd-Frank and the Jobs Act | Attorney Advertising

Written by:

Stinson Leonard Street - Dodd-Frank and the Jobs Act

Stinson Leonard Street - Dodd-Frank and the Jobs Act on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.