118 HR 4062 IH: Chief Risk Officer Enforcement and Accountability Act U.S. House of Representatives 2023-06-13 text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.

I 118th CONGRESS1st Session H. R. 4062 IN THE HOUSE OF REPRESENTATIVES June 13, 2023 Mr. Casten (for himself, Mr. Green of Texas, Mr. Nickel, Mr. Gottheimer, Mr. Sherman, and Mr. Torres of New York) introduced the following bill; which was referred to the Committee on Financial Services A BILL To amend the Financial Stability Act of 2010 to require certain large banking institutions to have a Chief Risk Officer, and for other purposes.

1.

Short title

This Act may be cited as the Chief Risk Officer Enforcement and Accountability Act.

2.

Chief risk officer

Section 165(h) of the Financial Stability Act of 2010 (12 U.S.C. 5365(h)) is amended— (1)in paragraph (2)— (A)by striking that is a publicly traded company and each place such term appears; and (B)by inserting , and appoint a chief risk officer, as set forth in paragraph (4) after as set forth in paragraph (3) each place such term appears; (2)by redesignating paragraph (4) as paragraph (6); and (3)by inserting after paragraph (3) the following: (4)

Chief risk officer

(A)

In general

A chief risk officer required by this subsection shall be appointed by a company from among individuals with experience in identifying, assessing, and managing risk exposures of large, complex financial firms. (B)

Responsibilities

A chief risk officer shall be responsible for overseeing the following: (i)The establishment of risk limits on an enterprise-wide basis and the monitoring of compliance with such limits. (ii)The implementation of and ongoing compliance with the policies and procedures establishing risk-management governance, risk-management procedures, and risk-control infrastructure for the global operations of the company. (iii)The development and implementation of the processes and systems for implementing and monitoring compliance with the policies and procedures described under clause (ii), including— (I)processes and systems for identifying and reporting risks and risk-management deficiencies, including regarding emerging risks, and ensuring effective and timely implementation of actions to address emerging risks and risk-management deficiencies for the global operations of the company; (II)processes and systems for establishing managerial and employee responsibility for risk management; (III)processes and systems for ensuring the independence of the risk-management function; and (IV)processes and systems to integrate risk management and associated controls with management goals and the compensation structure of the company for the global operations of the company. (iv)The management of risks and risk controls within the parameters of the company’s risk-control framework, and monitoring and testing of the company’s risk controls. (C)

Reporting responsibilities

A chief risk officer shall— (i)report directly to both the risk committee described under paragraph (3) and the chief executive officer of the company; and (ii)be responsible for reporting risk-management deficiencies and emerging risks to the risk committee described under paragraph (3) and resolving risk-management deficiencies in a timely manner. (D)

Vacancies

(i)

Notification to regulators

With respect to a chief risk officer required by this subsection, if the office of a chief risk officer becomes vacant, the company shall— (I)not later than 24 hours after such vacancy occurs, notify the primary financial regulatory agency of the company, the primary financial regulatory agency of any depository institution subsidiary of the company, and any State agency with supervisory authority over the company or any depository institution subsidiary of the company of such vacancy; and (II)not later than 7 days after such vacancy occurs, submit a plan to the primary financial regulatory agency of the company, the primary financial regulatory agency of any depository institution subsidiary of the company, and any State agency with supervisory authority over the company or any depository institution subsidiary of the company on how the company will search for and promptly hire a well-qualified chief risk officer to fill the vacancy. (ii)

Failure to fill vacancy

With respect to a vacancy described under clause (i), if the company does not fill the vacancy within 60 days of the vacancy occurring— (I)the company shall notify the public, including on the website of the company, that the vacancy has existed for more than 60 days; and (II)the total assets of the company may not exceed the total assets of the company on the date the vacancy occurred until such time as the vacancy is filled. (5)

Application to large banks with no bank holding company

The primary financial regulatory agencies shall issue regulations requiring each bank that does not have a bank holding company and that has total consolidated assets of not less than $50,000,000,000 to establish a risk committee, as set forth in paragraph (3) and appoint a chief risk officer, as set forth in paragraph (4). (6)

Primary financial regulatory agency for certain nonbank financial companies

For purposes of this subsection, the primary financial regulatory agency for a nonbank financial company supervised by the Board of Governors shall be the Board of Governors..