[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4062 Introduced in House (IH)]

<DOC>






118th CONGRESS
  1st Session
                                H. R. 4062

 To amend the Financial Stability Act of 2010 to require certain large 
   banking institutions to have a Chief Risk Officer, and for other 
                               purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                             June 13, 2023

     Mr. Casten (for himself, Mr. Green of Texas, Mr. Nickel, Mr. 
  Gottheimer, Mr. Sherman, and Mr. Torres of New York) introduced the 
   following bill; which was referred to the Committee on Financial 
                                Services

_______________________________________________________________________

                                 A BILL


 
 To amend the Financial Stability Act of 2010 to require certain large 
   banking institutions to have a Chief Risk Officer, and for other 
                               purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Chief Risk Officer Enforcement and 
Accountability Act''.

SEC. 2. CHIEF RISK OFFICER.

    Section 165(h) of the Financial Stability Act of 2010 (12 U.S.C. 
5365(h)) is amended--
            (1) in paragraph (2)--
                    (A) by striking ``that is a publicly traded company 
                and'' each place such term appears; and
                    (B) by inserting ``, and appoint a chief risk 
                officer, as set forth in paragraph (4)'' after ``as set 
                forth in paragraph (3)'' each place such term appears;
            (2) by redesignating paragraph (4) as paragraph (6); and
            (3) by inserting after paragraph (3) the following:
            ``(4) Chief risk officer.--
                    ``(A) In general.--A chief risk officer required by 
                this subsection shall be appointed by a company from 
                among individuals with experience in identifying, 
                assessing, and managing risk exposures of large, 
                complex financial firms.
                    ``(B) Responsibilities.--A chief risk officer shall 
                be responsible for overseeing the following:
                            ``(i) The establishment of risk limits on 
                        an enterprise-wide basis and the monitoring of 
                        compliance with such limits.
                            ``(ii) The implementation of and ongoing 
                        compliance with the policies and procedures 
                        establishing risk-management governance, risk-
                        management procedures, and risk-control 
                        infrastructure for the global operations of the 
                        company.
                            ``(iii) The development and implementation 
                        of the processes and systems for implementing 
                        and monitoring compliance with the policies and 
                        procedures described under clause (ii), 
                        including--
                                    ``(I) processes and systems for 
                                identifying and reporting risks and 
                                risk-management deficiencies, including 
                                regarding emerging risks, and ensuring 
                                effective and timely implementation of 
                                actions to address emerging risks and 
                                risk-management deficiencies for the 
                                global operations of the company;
                                    ``(II) processes and systems for 
                                establishing managerial and employee 
                                responsibility for risk management;
                                    ``(III) processes and systems for 
                                ensuring the independence of the risk-
                                management function; and
                                    ``(IV) processes and systems to 
                                integrate risk management and 
                                associated controls with management 
                                goals and the compensation structure of 
                                the company for the global operations 
                                of the company.
                            ``(iv) The management of risks and risk 
                        controls within the parameters of the company's 
                        risk-control framework, and monitoring and 
                        testing of the company's risk controls.
                    ``(C) Reporting responsibilities.--A chief risk 
                officer shall--
                            ``(i) report directly to both the risk 
                        committee described under paragraph (3) and the 
                        chief executive officer of the company; and
                            ``(ii) be responsible for reporting risk-
                        management deficiencies and emerging risks to 
                        the risk committee described under paragraph 
                        (3) and resolving risk-management deficiencies 
                        in a timely manner.
                    ``(D) Vacancies.--
                            ``(i) Notification to regulators.--With 
                        respect to a chief risk officer required by 
                        this subsection, if the office of a chief risk 
                        officer becomes vacant, the company shall--
                                    ``(I) not later than 24 hours after 
                                such vacancy occurs, notify the primary 
                                financial regulatory agency of the 
                                company, the primary financial 
                                regulatory agency of any depository 
                                institution subsidiary of the company, 
                                and any State agency with supervisory 
                                authority over the company or any 
                                depository institution subsidiary of 
                                the company of such vacancy; and
                                    ``(II) not later than 7 days after 
                                such vacancy occurs, submit a plan to 
                                the primary financial regulatory agency 
                                of the company, the primary financial 
                                regulatory agency of any depository 
                                institution subsidiary of the company, 
                                and any State agency with supervisory 
                                authority over the company or any 
                                depository institution subsidiary of 
                                the company on how the company will 
                                search for and promptly hire a well-
                                qualified chief risk officer to fill 
                                the vacancy.
                            ``(ii) Failure to fill vacancy.--With 
                        respect to a vacancy described under clause 
                        (i), if the company does not fill the vacancy 
                        within 60 days of the vacancy occurring--
                                    ``(I) the company shall notify the 
                                public, including on the website of the 
                                company, that the vacancy has existed 
                                for more than 60 days; and
                                    ``(II) the total assets of the 
                                company may not exceed the total assets 
                                of the company on the date the vacancy 
                                occurred until such time as the vacancy 
                                is filled.
            ``(5) Application to large banks with no bank holding 
        company.--The primary financial regulatory agencies shall issue 
        regulations requiring each bank that does not have a bank 
        holding company and that has total consolidated assets of not 
        less than $50,000,000,000 to establish a risk committee, as set 
        forth in paragraph (3) and appoint a chief risk officer, as set 
        forth in paragraph (4).
            ``(6) Primary financial regulatory agency for certain 
        nonbank financial companies.--For purposes of this subsection, 
        the primary financial regulatory agency for a nonbank financial 
        company supervised by the Board of Governors shall be the Board 
        of Governors.''.
                                 <all>