Summary:
The FDIC is issuing a notice of proposed rulemaking (“NPR”) that would add an Appendix C to the FDIC’s regulation for safety and soundness standards 12 C.F.R. § 364 et seq. (Part 364). Appendix C is intended to promote strong corporate governance and risk management at FDIC-supervised institutions that have total consolidated assets of $10 billion or more (“covered institutions”) by proposing corporate governance and risk management guidelines (“Guidelines”).
The NPR also proposes conforming amendments to parts 308 and 364 to implement the proposed Guidelines.
Statement of Applicability: The contents of, and material referenced in, this FIL do not apply to FDIC-insured and/or FDIC- supervised institutions with less than $10 billion in total consolidated assets.
Highlights:
Strong corporate governance is the foundation for an insured depository institution’s safe and sound operations. An effective governance framework is necessary for an insured depository institution to remain profitable, competitive, and resilient through changing economic and market conditions. The board of directors serves a critical role in maintaining an institution’s safety and soundness and continued financial and operational resilience.
The Proposed Guidelines:
- Describe the general obligations of the board of directors (“board”) to ensure good corporate governance by:
- being active and involved, protecting the interests of the covered institution, setting goals, approving a strategic plan and policies, and selecting and supervising senior management;
- adopting a code of ethics requiring high ethical standards in the covered institutions’ operations; and
- creating a committee structure, including a Risk Committee, designed to permit the board to actively oversee the affairs of the covered institution.
- Describe the general obligations of individual directors.
- State that the board should establish an effective risk management program that identifies, measures, monitors, and controls risk appropriate for the size, complexity, and risk profile of the covered institution and in compliance with applicable laws and regulatory requirements.
- Include as the risk management program a three-line-of-defense model of risk management for monitoring and reporting risks, including front line business units (responsible for limiting their risk-taking activities to those approved by management), an independent risk management function, and the covered institution’s internal audit unit.
- State that the covered institution should effectively communicate its risk appetite and policies to encourage compliance by all employees and identify and report breaches of risk limits, even if the covered institution does not realize a loss from the breach.
- The FDIC is seeking comments on the proposal from all interested parties. Comments will be accepted for 60 days after publication in the Federal Register .