[Federal Register Volume 81, Number 189 (Thursday, September 29, 2016)]
[Rules and Regulations]
[Pages 66791-66801]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-23366]



 ========================================================================
 Rules and Regulations
                                                 Federal Register
 ________________________________________________________________________
 
 This section of the FEDERAL REGISTER contains regulatory documents 
 having general applicability and legal effect, most of which are keyed 
 to and codified in the Code of Federal Regulations, which is published 
 under 50 titles pursuant to 44 U.S.C. 1510.
 
 The Code of Federal Regulations is sold by the Superintendent of Documents. 
 Prices of new books are listed in the first FEDERAL REGISTER issue of each 
 week.
 
 ========================================================================
 

  Federal Register / Vol. 81, No. 189 / Thursday, September 29, 2016 / 
Rules and Regulations  

[[Page 66791]]



DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Part 30

[Docket ID OCC-2015-0017]
RIN 1557-AD96


OCC Guidelines Establishing Standards for Recovery Planning by 
Certain Large Insured National Banks, Insured Federal Savings 
Associations, and Insured Federal Branches; Technical Amendments

AGENCY: Office of the Comptroller of the Currency, Treasury.

ACTION: Final rule and guidelines.

-----------------------------------------------------------------------

SUMMARY: The Office of the Comptroller of the Currency (OCC) is 
adopting enforceable guidelines establishing standards for recovery 
planning by insured national banks, insured Federal savings 
associations, and insured Federal branches of foreign banks with 
average total consolidated assets of $50 billion or more (Final 
Guidelines). The OCC is issuing the Final Guidelines as an appendix to 
its safety and soundness standards regulations, and the Final 
Guidelines will be enforceable by the terms of the Federal statute that 
authorizes the OCC to prescribe operational and managerial standards 
for national banks and Federal savings associations. The OCC is also 
adopting technical changes to the safety and soundness standards 
regulations that are made necessary by the addition of the Final 
Guidelines.

DATES: This final rule and guidelines are effective on January 1, 2017. 
The compliance dates for the Final Guidelines in Appendix E to part 30 
vary, as specified below.

FOR FURTHER INFORMATION CONTACT: Lori Bittner, Large Bank Supervision--
Resolution and Recovery, (202) 649-6093; Stuart Feldstein, Director, 
Andra Shuster, Senior Counsel, Karen McSweeney, Counsel, or Priscilla 
Benner, Attorney, Legislative & Regulatory Activities Division, (202) 
649-5490; or Valerie Song, Assistant Director, Bank Activities and 
Structure Division, (202) 649-5500; or, for persons who are deaf or 
hard of hearing, TTY, (202) 649-5597, 400 7th Street SW., Washington, 
DC 20219.

SUPPLEMENTARY INFORMATION: 

Background

    The financial crisis demonstrated the destabilizing effect that 
severe stress at large, complex, interconnected financial companies can 
have on the national economy, capital markets, and the overall 
financial stability of the banking system. Following the crisis, 
Congress passed the Dodd-Frank Wall Street Reform and Consumer 
Protection Act (Dodd-Frank Act); \1\ among other purposes, the Dodd-
Frank Act was intended to strengthen the framework for the supervision 
and regulation of large U.S. financial companies in order to address 
the significant impact that these institutions can have on capital 
markets and the economy.
---------------------------------------------------------------------------

    \1\ Public Law 111-203, 124 Stat. 1376 (July 21, 2010).
---------------------------------------------------------------------------

    One lesson learned from the crisis is the importance--especially in 
large, complex financial institutions--of a strong risk governance 
framework. In 2014, the OCC formally adopted heightened standards 
guidelines that address the risk governance of large, complex banks 
(Heightened Standards).\2\ The Heightened Standards establish minimum 
standards for the design and implementation of a risk governance 
framework and for a bank's board of directors (board) in overseeing the 
framework's design and implementation. The OCC believes that these 
Heightened Standards further the goals of the Dodd-Frank Act by 
clarifying the OCC's expectation that its regulated institutions have 
robust practices in areas where the crisis revealed substantial 
weaknesses.
---------------------------------------------------------------------------

    \2\ 79 FR 54518 (Sept. 11, 2014) (OCC Guidelines Establishing 
Heightened Standards for Certain Large Insured National Banks, 
Insured Federal Savings Associations, and Insured Federal Branches; 
Integration of Regulations).
---------------------------------------------------------------------------

    Further, in the aftermath of the crisis, it became clear that many 
financial institutions had insufficient plans for identifying and 
responding rapidly to significant stress events that affected their 
financial condition and threatened their viability. As a result, many 
institutions were forced to take significant actions quickly without 
the benefit of a well-developed plan. In addition, recent large-scale 
events, such as destructive cyber attacks, demonstrate the need for 
institutions to plan how to respond to the financial effects of such 
occurrences. Therefore, the OCC believes that a large, complex 
institution should undertake recovery planning to be able to respond 
quickly to and recover from the financial effects of severe stress on 
the institution.\3\ An institution's recovery planning should be a 
dynamic, ongoing process that complements its risk governance functions 
and supports its safe and sound operation. The process of developing 
and maintaining a recovery plan also should cause a covered bank's 
management and its board to enhance their focus on risk governance with 
a view toward lessening the negative impact of future events.
---------------------------------------------------------------------------

    \3\ While the Dodd-Frank Act addresses resolution planning, it 
does not specifically address recovery planning.
---------------------------------------------------------------------------

    In December 2015, the OCC invited public comment on proposed 
guidelines establishing minimum standards for recovery planning by 
insured national banks, insured Federal savings associations, and 
insured Federal branches of foreign banks (together, banks and each, a 
bank) with average total consolidated assets of $50 billion or more 
(together, covered banks and each, a covered bank).\4\ After carefully 
considering the comments we received on the proposed guidelines, the 
OCC is adopting these Final Guidelines as a new Appendix E to part 30 
of our regulations. The OCC, as the primary financial regulatory agency 
for the covered banks, believes that the Final Guidelines will assist 
these banks with their recovery planning efforts, thereby minimizing 
the negative impact of severe stress. We have set forth below a 
detailed description of the proposal, the significant comments we 
received, and the standards contained in the Final Guidelines.
---------------------------------------------------------------------------

    \4\ 80 FR 78681 (Dec. 17, 2015).
---------------------------------------------------------------------------

Summary of Comments on the Notice of Proposed Rulemaking

    The OCC received six comment letters on the proposed guidelines 
from

[[Page 66792]]

national banks, trade associations, and individuals. To improve our 
understanding of the issues raised by commenters, the OCC had a meeting 
with two trade groups and a number of their member institutions, and a 
summary of this meeting is available on a public Web site.\5\
---------------------------------------------------------------------------

    \5\ See http://www.regulations.gov/index.jsp#!documentDetail;D=OCC-2015-0017-0001.
---------------------------------------------------------------------------

    The comments we received generally supported the proposed 
guidelines, acknowledging that recovery planning is an important part 
of risk management and that the use of guidelines, rather than 
regulations, provides both covered banks and the OCC with appropriate 
flexibility. However, the commenters asked the OCC to clarify various 
provisions in the proposal. For example, commenters requested that the 
OCC address the ability of a covered bank to leverage other processes 
in developing its recovery plan and to tailor its plan based on the 
size, risk profile, and complexity of the bank. They also asked the OCC 
to clarify the role of the board with respect to the plan. In addition, 
commenters suggested that the OCC consider tiered compliance dates. As 
discussed more fully below, the OCC has revised the Final Guidelines in 
response to the comments we received and has made other technical and 
clarifying changes.

Enforcement of the Final Guidelines

    The OCC is adopting these Final Guidelines pursuant to section 39 
of the Federal Deposit Insurance Act (FDIA).\6\ Section 39 authorizes 
the OCC to prescribe safety and soundness standards in the form of a 
regulation or guidelines. The OCC currently has four sets of these 
guidelines that are appendices to part 30 of the OCC's regulations. 
Appendix A contains operational and managerial standards that relate to 
internal controls, information systems, internal audit systems, loan 
documentation, credit underwriting, interest rate exposure, asset 
growth, asset quality, earnings, compensation, fees, and benefits. 
Appendix B contains standards on information security, and Appendix C 
contains standards that address residential mortgage lending practices. 
Appendix D contains the Heightened Standards discussed above.
---------------------------------------------------------------------------

    \6\ 12 U.S.C. 1831p-1.
---------------------------------------------------------------------------

    Section 39 prescribes different consequences depending on whether 
an agency issues the standards by regulation or guideline. Pursuant to 
section 39, if a bank \7\ fails to meet a standard prescribed by 
regulation, the OCC must require it to submit a plan specifying the 
steps it will take to comply with the standard. If a bank fails to meet 
a standard prescribed by guidelines, the OCC has the discretion to 
decide whether to require the submission of a plan.\8\ The issuance of 
these standards as guidelines, rather than as regulations, provides the 
OCC with the flexibility to pursue the course of action that is most 
appropriate given the specific circumstances of a covered bank's 
noncompliance with one or more standards and the covered bank's self-
corrective and remedial responses.
---------------------------------------------------------------------------

    \7\ Section 39 of the FDIA applies to ``insured depository 
institutions,'' which, as defined in 12 U.S.C. 1813, includes 
insured Federal branches of foreign banks. While we do not 
specifically refer to these entities in this discussion of the 
enforcement of the Final Guidelines, it should be read to include 
them.
    \8\ See 12 U.S.C. 1831p-1(e)(1)(A)(i) and (ii).
---------------------------------------------------------------------------

    The procedural rules implementing the supervisory and enforcement 
remedies prescribed by section 39 are contained in part 30 of the OCC's 
rules. Under these provisions, the OCC may initiate a supervisory or 
enforcement process when it determines, by examination or otherwise, 
that a bank has failed to meet the standards set forth in the Final 
Guidelines.\9\ Upon making that determination, the OCC may request in 
writing that the bank submit a compliance plan to the OCC detailing the 
steps the institution will take to correct the deficiencies and the 
time within which it will take those steps. This request is termed a 
Notice of Deficiency. Upon receiving a Notice of Deficiency from the 
OCC, the bank must submit a compliance plan to the OCC for approval 
within 30 days.
---------------------------------------------------------------------------

    \9\ The procedures governing the determination and notification 
of failure to satisfy a standard prescribed pursuant to section 39; 
the filing and review of compliance plans; and the issuance of 
orders, if necessary, are set forth in the OCC's regulations at 12 
CFR 30.3, 30.4, and 30.5.
---------------------------------------------------------------------------

    If a bank fails to submit an acceptable compliance plan or fails in 
any material respect to implement a compliance plan approved by the 
OCC, the OCC shall issue a Notice of Intent to Issue an Order pursuant 
to section 39 (Notice of Intent). The bank then has 14 days to respond 
to the Notice of Intent. After considering the bank's response, the OCC 
may issue the order, decide not to issue the order, or seek additional 
information from the bank before making a final decision. 
Alternatively, the OCC may issue an order without providing the bank 
with a Notice of Intent. In such a case, the bank may appeal after-the-
fact to the OCC, and the OCC has 60 days to consider the appeal. Upon 
the issuance of an order, a bank is deemed to be in noncompliance with 
part 30. Orders are formal, public documents, and the OCC may enforce 
them in Federal district court. The OCC may also assess a civil money 
penalty, pursuant to 12 U.S.C. 1818, against any bank that violates or 
otherwise fails to comply with any final order and against any 
institution-affiliated party who participates in such violation or 
noncompliance.

Detailed Description of the Proposed Guidelines, Comments Received, and 
Final Guidelines

    Like the proposal, the Final Guidelines consist of three sections. 
Section I explains the scope of the Final Guidelines, sets forth the 
applicable compliance dates, and defines key terms. Section II sets 
forth the standards for the design and execution of a covered bank's 
recovery plan. Section III describes the responsibilities of a covered 
bank's management and board in connection with the bank's recovery 
plan.

Section I: Introduction

    Scope. As proposed, the guidelines would have applied to any bank 
with ``average total consolidated assets'' equal to or greater than $50 
billion as of the effective date of the guidelines (calculated by 
averaging a bank's total consolidated assets, as reported on the bank's 
Consolidated Reports of Condition and Income (Call Reports), for the 
four most recent consecutive quarters). The preamble to the proposal 
noted that this threshold is consistent with the scope of Federal 
Deposit Insurance Corporation (FDIC) and Board of Governors of the 
Federal Reserve System (Board) regulations that require certain 
entities to prepare resolution plans.\10\ We note that this threshold 
also is consistent with the Heightened Standards threshold, as well as 
the threshold used in section 165 of the Dodd-Frank Act for the 
application of enhanced prudential standards to bank holding companies 
and foreign banking organizations.
---------------------------------------------------------------------------

    \10\ See 12 CFR 381.2(f) and 243.2(f), respectively. See also 12 
CFR 360.10.
---------------------------------------------------------------------------

    The proposal provided that for any bank with average total 
consolidated assets less than $50 billion as of the effective date of 
the guidelines, whose average total consolidated assets subsequently 
reached $50 billion or greater, the guidelines would apply on the as-of 
date of the bank's most recent Call Report used in the calculation of 
the average total consolidated assets. Once a bank's average total 
consolidated assets had reached or exceeded the $50 billion threshold, 
the preamble explained that the bank would have had to comply with the 
guidelines, unless

[[Page 66793]]

and until the OCC specifically determined that compliance was not 
required, even if the bank's average total consolidated assets 
subsequently fell below the $50 billion threshold.
    The OCC received no comments on these provisions and adopts them as 
proposed.
    Compliance date. Although the OCC did not propose a specific 
compliance date, several commenters requested a phased-in compliance 
period. Some commenters suggested a compliance date of 2017 for the 
largest, most complex covered banks and a subsequent compliance date of 
2018 for the remaining covered banks. These commenters stated that the 
phase-in dates should account for the size, risk profile, and 
complexity of a covered bank. Other commenters requested an initial 
compliance date for all covered banks of no earlier than 2018. Another 
commenter suggested that the OCC use a flexible approach when setting a 
compliance date for banks that reach or exceed the $50 billion 
threshold after the effective date of the Final Guidelines.
    The OCC agrees that a phased-in compliance period is appropriate 
and adopts the compliance schedule set forth below, which we believe 
gives covered banks, including those likely to have the least 
experience with recovery planning, sufficient time to prepare their 
plans. Under this schedule, a covered bank with average total 
consolidated assets equal to or greater than $750 billion on the 
effective date of these Final Guidelines should comply within 6 months 
of the effective date. A covered bank with average total consolidated 
assets equal to or greater than $100 billion but less than $750 billion 
on the effective date should comply within 12 months of the effective 
date. A covered bank with average total consolidated assets equal to or 
greater than $50 billion but less than $100 billion on the effective 
date should comply within 18 months of the effective date. Finally, a 
bank with less than $50 billion in average total consolidated assets on 
the effective date, which subsequently becomes a covered bank, should 
comply with the Final Guidelines within 18 months of becoming a covered 
bank.
    Reservation of authority. In order to preserve supervisory 
flexibility, the proposed guidelines reserved the OCC's authority to 
apply the guidelines to a bank with average total consolidated assets 
of less than $50 billion if the agency determined that the bank's 
operations were highly complex or otherwise presented a heightened 
risk. The preamble explained that the OCC expected to use this 
authority infrequently and did not intend to apply the guidelines to 
community banks. The proposed guidelines also reserved the OCC's 
authority to determine that compliance with the guidelines was no 
longer required for a covered bank whose operations no longer were 
highly complex or otherwise no longer presented a heightened risk.
    In either case, when determining whether a bank's or covered bank's 
operations were highly complex or otherwise presented a heightened 
risk, the proposed guidelines stated that the OCC would consider an 
institution's size, risk profile, activities, and complexity, including 
the complexity of its organizational and legal entity structure. The 
guidelines also stated that, when exercising the authority reserved by 
this provision, the OCC would apply notice and response procedures 
consistent with those set out in 12 CFR 3.404.\11\
---------------------------------------------------------------------------

    \11\ As explained in the proposal, these procedures require the 
OCC to provide a bank or covered bank, as appropriate, with written 
notice of its determination to use its reservation of authority, and 
the bank or covered bank would have 30 days to respond in writing. 
The proposal provided that the OCC would consider the failure of a 
bank or covered bank to respond within this 30-day period to be a 
waiver of any objections. At the conclusion of the 30 days, the 
proposed guidelines stated that the OCC would issue a written notice 
of its final determination.
---------------------------------------------------------------------------

    Commenters had no substantive comments on this subsection. However, 
we have added ``scope of operations'' to the factors that we will 
consider in determining whether a bank's or covered bank's operations 
are highly complex or otherwise present a heightened risk. Otherwise, 
the OCC is adopting these provisions as proposed and reiterates that we 
expect to use this authority infrequently and do not intend to apply 
the Final Guidelines to community banks.
    Preservation of existing authority. The proposed guidelines stated 
that neither section 39 of the FDIA nor the OCC's part 30 rules in any 
way limited the authority of the OCC to address unsafe or unsound 
practices or conditions or other violations of law.\12\ We received no 
comments on this provision, and we are adopting it as proposed.
---------------------------------------------------------------------------

    \12\ Section 39 preserves all authority otherwise available to 
the OCC, stating ``The authority granted by this section is in 
addition to any other authority of the Federal banking agencies.'' 
See 12 U.S.C. 1831p-1(g).
---------------------------------------------------------------------------

    Definitions. The proposed guidelines included definitions of 
``average total consolidated assets,'' ``bank,'' ``covered bank,'' 
``recovery,'' ``recovery plan,'' and ``trigger.'' The proposal defined 
the term ``recovery'' to mean timely and appropriate action that a 
covered bank takes to remain a going concern when it is experiencing or 
is likely to experience considerable financial or operational distress 
and provided that a covered bank in recovery had not yet deteriorated 
to the point where liquidation or resolution is imminent. The proposal 
defined ``recovery plan'' as a plan that identified triggers and 
options for a covered bank to respond to a wide range of severe 
internal and external stress scenarios and to restore a covered bank 
that is in recovery to financial and operational strength and viability 
in a timely manner while maintaining the confidence of market 
participants. This definition further stated that neither the plan nor 
the options could assume or rely on any extraordinary government 
support.
    The proposal defined ``trigger'' as a ``quantitative or qualitative 
indicator of the risk or existence of severe stress that should always 
be escalated to management or the board, as appropriate, for purposes 
of initiating a response.'' It stated that the breach of any trigger 
should result in timely notice, accompanied by sufficient information, 
to enable management of the covered bank to take corrective action.
    The OCC received one comment regarding references to the 
``operational'' effects of severe stress in the proposal. The commenter 
stated that a covered bank's recovery plan should address the effects 
of operational stress events (e.g., cyber events, natural disasters, 
unanticipated changes in senior management) only to the extent that 
such stress events affect the bank's financial strength and viability. 
The commenter noted that a covered bank addresses the operational 
effects of stress events in its other risk management plans (e.g., 
disaster recovery, business continuity). The commenter also stated that 
the Final Guidelines would be inconsistent with Board, Financial 
Stability Board, and European Banking Authority recovery planning 
provisions if they stated that a covered bank's recovery plan should 
address the operational effects of severe stress. The OCC agrees--a 
recovery plan should address the financial, not the operational, 
effects of severe stress.
    The proposal defined the term ``recovery plan'' to include 
restoring a covered bank's ``financial and operational strength and 
viability.'' The same commenter noted that the purpose of a recovery 
plan is to help a covered bank restore its financial, not its 
operational, strength and viability. The commenter stated that covered 
banks address the restoration of operational strength and viability in 
other risk

[[Page 66794]]

management plans (e.g., disaster recovery, business continuity). The 
OCC agrees and has revised the definition of ``recovery plan'' by 
removing ``and operational'' to clarify that the purpose of a recovery 
plan is to help a covered bank restore its financial strength and 
viability. While a recovery plan might address operational stress 
scenarios and identify recovery options that are operational in nature, 
the triggers in the recovery plan should alert the bank to the possible 
or actual financial effects of stress, and the recovery options should 
be designed to restore the bank's financial strength and viability. We 
made conforming changes throughout the document to reflect this change.
    The proposal prohibited reliance on extraordinary government 
support in a recovery plan. The OCC received a comment asking it to 
clarify how this prohibition would apply when a foreign government 
controls a covered bank. While we have not changed the prohibition set 
forth in the definition of ``recovery plan,'' the OCC acknowledges that 
exceptions to this prohibition may exist with respect to support of a 
covered bank by a foreign government. We recommend that an affected 
covered bank discuss this situation with its OCC examiner.
    The OCC received no other comments on these definitions. We have 
clarified, however, several terms defined in the Final Guidelines. 
First, we revised the definition of ``covered bank'' to reflect the 
proposal's preamble statement that ``covered bank'' includes a bank 
with average total consolidated assets of less than $50 billion if it 
was previously a covered bank, unless the OCC determines otherwise. 
Second, we changed the word ``distress'' in the definition of 
``recovery'' to ``stress.'' While the term ``distress'' can be used to 
describe either stress itself or the effect of stress, we intended in 
this context to refer to stress itself. Third, we revised the 
definition of ``trigger'' to clarify that the breach of a trigger, not 
the trigger itself, should be escalated and that the escalation should 
be to senior management. Finally, we have clarified that a trigger 
breach can be escalated to either the board or an appropriate committee 
of the board,\13\ and we have made conforming changes throughout the 
document where necessary to address the role of an appropriate 
committee of the board. Except as otherwise noted above, we are 
adopting these definitions as proposed.
---------------------------------------------------------------------------

    \13\ We received a comment requesting that the OCC be flexible 
in applying provisions of the Final Guidelines referencing the board 
or an appropriate committee of the board to Federal branches, which 
do not have boards of directors. In applying the Final Guidelines to 
insured Federal branches that are covered banks, OCC examiners will 
consult with the branch to determine the appropriate person or 
committee to undertake the responsibilities assigned to the board of 
directors or an appropriate committee of the board under the Final 
Guidelines.
---------------------------------------------------------------------------

Section II: Recovery Plan

    A. Recovery plan. Subsection A of the proposal stated that each 
covered bank should develop and maintain a recovery plan appropriate 
for its individual size, risk profile, activities, and complexity, 
including the complexity of its organizational and legal entity 
structure. In response to this statement, commenters requested that the 
OCC clarify its expectations with regard to the length and detail of 
recovery plans and asked that the Final Guidelines elaborate on a 
covered bank's ability to tailor its recovery plan to its particular 
operations.
    We note that a covered bank's recovery plan need only be as long 
and as detailed as is necessary to satisfy these Final Guidelines. The 
OCC does not have any expectations regarding a plan's length or detail, 
nor does it expect that recovery plans will mirror the length or detail 
of resolution plans. Further, the OCC agrees that a covered bank may 
tailor its recovery plan to its unique size, risk profile, activities, 
and complexity. Therefore, a smaller, less complex bank may have a 
shorter, less complex recovery plan. The stress scenarios, triggers, 
and recovery options appropriate for a covered bank that engages 
primarily in retail and commercial banking are likely to be different 
from those for a covered bank that engages in significant trading or 
capital market activities. Those appropriate for a covered bank that 
engages primarily in domestic activities are likely to be different 
from those for a covered bank with extensive foreign activities. For 
the sake of clarity, we have added language to this description stating 
that a recovery plan should be specific to the unique characteristics 
of each covered bank. We have otherwise adopted this subsection as 
proposed.
    B. Elements of recovery plan. Subsection B set forth the eight 
elements of a recovery plan.
    1. Overview of covered bank. The proposed guidelines stated that a 
recovery plan should include a detailed description of the covered 
bank's overall organizational and legal structure, including its 
material entities, critical operations, core business lines, and core 
management information systems. The proposal stated that this 
description should explain interconnections and interdependencies: (i) 
Across business lines within the covered bank; (ii) with affiliates in 
a bank holding company structure; (iii) between a covered bank and its 
foreign subsidiaries; and (iv) with critical third parties. As 
explained in the proposal's preamble, the OCC used the terms 
``interconnections'' and ``interdependencies'' in a manner consistent 
with FDIC and Board resolution plan regulations. The preamble cited the 
following as examples of interconnections and interdependencies: (i) 
Relationships with respect to credit exposures, investments, or funding 
commitments; (ii) guarantees including an acceptance, endorsement, or 
letter of credit issued for the benefit of an affiliate during normal 
periods, as opposed to during a crisis; and (iii) payment services, 
treasury operations, collateral management, information technology 
(IT), human resources (HR), and other operational functions. It 
explained that the plan should address whether a disruption of these 
interconnections or interdependencies would materially affect the 
covered bank and, if so, how.
    Commenters asked the OCC to confirm in the Final Guidelines that 
other terms, including ``material entities,'' ``critical operations,'' 
and ``core business lines,'' may be interpreted consistent with the use 
of those terms elsewhere, such as resolution planning regulations and 
Heightened Standards. The OCC confirms that a covered bank may include 
in its recovery plan concepts and terms used elsewhere, provided the 
bank's resulting recovery plan is consistent with the Final Guidelines. 
In order to facilitate the OCC's understanding of a covered bank's 
recovery planning process, a bank's recovery plan should indicate which 
key terms are drawn from other sources and identify the sources. 
Otherwise, we adopt this element as proposed.
    2. Triggers. The proposal stated that a recovery plan should 
identify triggers that appropriately reflected a covered bank's 
particular vulnerabilities. As explained in the preamble, in order for 
a covered bank to identify such triggers, the bank should design severe 
stress scenarios that would threaten its critical operations or cause 
it to fail if the bank did not implement one or more recovery options 
in a timely manner. The preamble further explained that these scenarios 
should range from those that cause significant hardship to those that 
bring the covered bank close to default, but not into resolution.
    As explained in the proposal, in designing stress scenarios, a 
covered bank should consider a range of bank-specific and market-wide 
scenarios, individually and in the aggregate, that

[[Page 66795]]

are immediate and prolonged. The proposal explained that a covered bank 
should design the stress scenarios to result in capital shortfalls, 
liquidity pressures, or other significant financial losses. The 
preamble included as examples of bank-specific stress scenarios: Fraud; 
a portfolio shock; a significant cyber attack \14\ or other wide-scale 
operational event; an accounting and tax issue; an event that caused a 
reputational crisis and degraded customer or market confidence; and 
other key stresses that management identified. Although not mentioned 
in the proposal, another example of a covered bank-specific stress 
scenario is the failure of the bank's parent company or a significant 
affiliate.
---------------------------------------------------------------------------

    \14\ As explained in the proposal, a significant cyber attack 
includes an event that has an impact on a covered bank's computer 
network(s) or the computer network(s) of one of its third-party 
service providers and that significantly undermines the covered 
bank's data or processes.
---------------------------------------------------------------------------

    Examples of market-wide stress scenarios included: A disruption of 
domestic or global financial markets; a failure or impairment of 
systemically important financial industry participants, critical 
financial market infrastructure firms, and critical third-party 
relationships; significant changes in debt or equity valuations, 
currency rates, or interest rates; the widespread interruption of 
critical infrastructure that significantly degraded operational 
capability; \15\ and other unfavorable economic conditions. It should 
also be noted that stress scenarios are important tools that a covered 
bank uses to determine areas of vulnerability and to help it identify 
the appropriate triggers. While they need not be included in the plan 
itself, they are a critical part of the planning process and should be 
documented for OCC examiners to consider and discuss with a covered 
bank as part of the agency's overall evaluation of a bank's plan.
---------------------------------------------------------------------------

    \15\ As explained in the proposal, an example of this type of 
interruption includes a disruption to a payment, clearing, or 
settlement system that significantly affects the covered bank's 
ability to access that system.
---------------------------------------------------------------------------

    With respect to the development of stress scenarios, commenters 
requested that the Final Guidelines not require a covered bank to 
develop stress scenarios other than those required for supervisory 
stress tests (i.e., Comprehensive Capital Analysis and Review (CCAR) 
and Dodd-Frank Act Stress Testing (DFAST)). We recognize that the 
scenarios used to conduct supervisory stress tests may be appropriate 
for purposes of identifying triggers under these Final Guidelines. 
However, a covered bank should evaluate those scenarios in the context 
of these Final Guidelines and consider whether different or additional 
scenarios are appropriate, including whether these specific scenarios 
are sufficiently severe to cause the bank to be in recovery--i.e., 
scenarios that bring the bank to the brink of resolution.
    The proposal's discussion of the triggers that a covered bank 
should include in its recovery plan explained that these triggers 
should address a continuum of increasingly severe stress, ranging from 
triggers that provide a warning of the likely occurrence of severe 
stress to those that indicate the actual existence of severe stress. It 
stated that the number and nature of triggers should be appropriate for 
the covered bank's size, risk profile, activities, and complexity. As 
the proposal further explained, the nature of a trigger should inform 
the nature of the response. For example, the preamble stated that, in 
some situations, the appropriate response to the breach of a trigger 
should be enhanced monitoring; in other situations, the breach of a 
trigger should result in activating a more specific recovery option set 
forth in the plan or taking other corrective action. As the proposal 
noted, however, the breach of a particular trigger does not necessarily 
correspond to a single recovery option; instead, more than one option 
may be appropriate when a particular trigger is breached.
    The preamble to the proposal stated that quantitative triggers 
included changes in covered bank-specific indicators that reflect the 
covered bank's capital or liquidity position. The proposal stated that 
a covered bank should also consider quantitative triggers other than 
capital or liquidity that may have an impact on its condition, such as 
a rating downgrade; access to credit and borrowing lines; equity 
ratios; profitability; asset quality; or other macroeconomic 
indicators. It also noted that a covered bank should be prepared to act 
if it is at risk, regardless of whether a trigger has been breached or 
the recovery plan includes options that specifically addressed the 
problems the bank faced.
    The proposal also stated that qualitative triggers would include 
the unexpected departure of senior leadership; the erosion of 
reputation or market standing; the impact of an adverse legal ruling; 
and a material operational event that affects the covered bank's 
ability to access critical services or to deliver products or services 
to its customers for a material period of time. In retrospect, we 
believe these scenarios more accurately describe stress events that may 
affect a covered bank's financial strength and viability than triggers 
that indicate the stress. However, while we anticipate that most 
triggers will be quantitative indicators, we have retained the 
reference to qualitative indicators that have a financial effect on a 
bank to allow for those that a bank may identify.
    The proposal noted that a covered bank should review and update its 
triggers, as necessary, to take into account changes in laws and 
regulations and other material events. In addition, it stated that a 
covered bank should consider any regulatory or legal consequences 
resulting from the breach of a particular trigger. We made no changes 
to this element and adopt it as proposed.
    3. Options for recovery. The proposed guidelines stated that a 
recovery plan should identify a wide range of credible options that a 
covered bank could undertake to restore its financial and operational 
strength and viability, thereby allowing the bank to continue to 
operate as a going concern and avoid liquidation or resolution. The 
proposed guidelines further provided that a recovery plan should 
explain how the covered bank would carry out each recovery option, 
describe the timing for each option, and identify options that require 
regulatory or legal approval.
    The preamble to the proposal explained that the recovery plan 
should include a description of the decision-making process for 
implementing each option, outline the steps the bank will follow, 
identify the critical parties to carry out each option, and address 
timing considerations. It also stated that a recovery plan should 
identify obstacles to executing an option and set out mitigation 
strategies to address these obstacles. Finally, the preamble provided 
that the plan should identify those options that would require 
regulatory or legal approval and, consistent with the proposal's 
definition of ``recovery plan,'' that neither the plan nor the options 
may assume or rely on any extraordinary government support.\16\
---------------------------------------------------------------------------

    \16\ The role of extraordinary governmental support in the 
recovery plans of covered banks that are controlled by a foreign 
government is discussed above.
---------------------------------------------------------------------------

    The preamble noted that a covered bank should be able to execute 
plan options within time frames that would allow the options to be 
effective during periods of stress. It also provided examples of 
recovery options, including the conservation or restoration of 
liquidity and capital; the sale, transfer, or disposal of significant 
assets, portfolios, or business lines; steps that reduce the covered 
bank's risk profile;

[[Page 66796]]

the restructuring of liabilities; the activation of emergency 
protocols; organizational restructuring, including divesting legal 
entities in order to simplify the covered bank's structure; and 
implementing succession planning. To facilitate an understanding of how 
the stress scenarios, triggers, and options relate to each other, the 
proposal included the following chart:

------------------------------------------------------------------------
                                                       Possible options
    Examples of severe stress      Possible triggers    in response to
            scenarios                                      triggers
------------------------------------------------------------------------
Idiosyncratic stress: Trading      Tier 1      Issue new
 losses caused by a rogue trader.  capital falls       capital.
                                   below 6%.           Sell
                                   Liquidity   nonstrategic
                                   falls below         assets or
                                   internal bank       businesses.
                                   policy              Reduce
                                   requirements.       loan originations
                                                       or commitments.
Systemic stress: Significant       Short-      Sell
 decline in U.S. gross domestic    term credit         strategic assets
 product, coupled with an          rating falls        or businesses.
 increase in the U.S.              below A-3.          Reduce
 unemployment rate and a                       expenses (e.g.,
 deterioration in U.S.             Nonperforming       business
 residential housing market.       loans rise above    contractions).
                                   a specified         Access
                                   percentage.         the Board's
                                   Market      Discount Window.
                                   capitalization
                                   falls below a
                                   specific limit
                                   for a certain
                                   period of time.
------------------------------------------------------------------------

    As discussed above, the OCC has clarified that the recovery options 
detailed in a recovery plan are those that respond to the financial 
effects of severe stress. To effect this clarification in this element 
of the plan, we have removed ``and operational'' from the description 
of the options for recovery in the Final Guidelines. We otherwise adopt 
this element as proposed. The OCC also notes that a covered bank should 
not view the options in its plan as exclusive or a specific trigger as 
necessitating the execution of a particular option. Rather, a covered 
bank should use its judgment to determine the most appropriate options 
for the bank to take during a period of severe stress.
    4. Impact assessments. The proposed guidelines provided that, for 
each recovery option, a covered bank should assess and describe how the 
option would affect the covered bank. The guidelines stated that this 
impact assessment and description should specify the procedures the 
covered bank would use to maintain the financial and operational 
strength and viability of its material entities, critical operations, 
and core business lines for each recovery option. For each option, the 
recovery plan's impact assessment should address: (i) The effect on the 
covered bank's capital, liquidity, funding, and profitability; (ii) the 
effect on its material entities, critical operations, and core business 
lines, including reputational impact; and (iii) any legal or market 
impediment or regulatory requirement that the bank would need to 
address or satisfy to implement the option.\17\
---------------------------------------------------------------------------

    \17\ Although not mentioned in the proposal, we note that a 
covered bank's assessment of the legal or market impediments or 
regulatory requirements relevant to its recovery options should 
address any timing issues presented by these impediments or 
requirements.
---------------------------------------------------------------------------

    As the preamble explained, the assessment should analyze the effect 
each option would have on the covered bank, including its internal 
operations (e.g., IT systems, suppliers, HR operations) and its access 
to market infrastructure (e.g., clearing and settlement facilities, 
payment systems, additional collateral requirements). The OCC received 
no comments on this provision. Consistent with the discussion above, 
however, we have removed ``and operational.'' Otherwise, we make no 
material changes to this element as proposed.
    5. Escalation procedures. The proposed guidelines stated that a 
recovery plan should clearly outline the process for escalating 
decision-making to senior management or the board, as appropriate, in 
response to the breach of a trigger. The proposal also stated that the 
plan should identify the departments and persons responsible for making 
and executing these decisions and describe the process for informing 
stakeholders (e.g., shareholders, counsel, accountants, regulators) 
when necessary. As the preamble explained, at a minimum, the escalation 
procedures should result in the covered bank taking action before 
remedial supervisory action is necessary.
    The OCC received no substantive comments on this element of the 
plan. However, we have clarified that the breach of any trigger should 
be escalated, which is consistent with the definition of ``trigger.'' 
In addition, we have clarified that the recovery plan should identify 
the departments and persons responsible for executing the decisions of 
senior management or the board (or an appropriate committee of the 
board). Otherwise, we have adopted this element as proposed.
    6. Management reports. The proposed guidelines stated that a 
recovery plan should require reports that provide management or the 
board with sufficient data and information to make timely decisions 
regarding the appropriate actions necessary to respond to the breach of 
a trigger. As explained in the preamble, the reports to management or 
the board should allow them to monitor the covered bank's progress in 
response to the actions taken under the recovery plan. The OCC received 
no comments on this element of the plan. As a clarification, however, 
the OCC has amended the Final Guidelines to state that reports should 
be made to senior management. Otherwise, we adopt the language as 
proposed.
    7. Communication procedures. As provided in the proposed 
guidelines, a recovery plan should provide that the covered bank notify 
the OCC of any significant breach of a trigger and any action taken or 
to be taken in response to such breach and explain the process for 
deciding when a breach of a trigger is significant. The preamble noted 
that a covered bank should work closely with the OCC when executing its 
recovery plan.
    The proposal also stated that a recovery plan should address when 
and how the covered bank will notify persons within the organization 
and other external parties of its actions under the recovery plan. This 
notice is to ensure that all stakeholders are informed in a timely 
manner of how the covered bank has responded or is responding to a 
breach of a trigger. In addition, the proposed guidelines stated that 
the recovery plan should identify how the covered bank would obtain 
required regulatory or legal approvals, in order to ensure that the 
bank receives such approval(s) in a timely manner. The OCC received no 
comments on this element of a recovery plan, and we adopt it as 
proposed.
    8. Other information. As set forth in the proposed guidelines, a 
recovery plan should include any other information that the OCC 
communicates in writing directly to the covered bank regarding the 
bank's recovery plan. The preamble also stated that a well-developed 
recovery plan should consider relevant information included in other 
written

[[Page 66797]]

OCC or Federal Financial Institutions Examination Council material. The 
OCC received no comments on this element of a recovery plan, and we 
adopt it as proposed.
    C. Relationship to other processes; coordination with other plans. 
The proposed guidelines stated that a covered bank should integrate its 
recovery plan into its corporate governance and risk management 
functions and coordinate its recovery planning with its strategic; 
operational (including business continuity); contingency; capital 
(including stress testing); liquidity; and resolution planning. As the 
OCC explained in the preamble, in many cases, these plans may be 
interconnected and require the covered bank to coordinate among them.
    The proposed guidelines also stated that, to the extent possible, a 
covered bank should align its recovery plan with any recovery and 
resolution planning efforts by the covered bank's holding company, so 
that the plans are consistent with and do not contradict each other. As 
the OCC stated in the preamble, some inconsistencies may be unavoidable 
because recovery planning and resolution planning differ: Recovery 
planning addresses a bank as a going concern; resolution planning 
starts from the point of an entity's non-viability. In addition, the 
preamble noted that covered banks are an integral part of bank holding 
company recovery and resolution plans; as a result, it stated that a 
covered bank might be able to leverage certain elements in these other 
plans. As an example, the proposal referenced resolution plans, which 
typically require a bank to map its critical operations. It noted that 
this mapping exercise might be useful to the bank's recovery plan 
description of interconnections and interdependencies.
    The OCC received several comments on this element of the plan 
requesting the OCC to confirm that covered banks are permitted to 
leverage existing processes, such as those for stress testing, 
resolution planning, contingency planning, risk governance, and holding 
company recovery plans, when developing recovery plans. One commenter 
requested that the Final Guidelines permit a covered bank to use its 
holding company's recovery plan to satisfy its obligations under the 
Final Guidelines, if the risk profiles of both entities are 
substantially the same. Another commenter asserted that a covered bank 
should be permitted to leverage its existing governance structure to 
satisfy its management and board responsibilities under these Final 
Guidelines.
    As explained in the preamble to the proposal, the OCC recognizes 
that many covered banks already engage in significant planning, 
including planning responses to cyber attacks, business interruptions, 
and leadership vacancies. Some banks also undertake a range of other 
planning, including strategic, contingency, capital (including stress 
testing), liquidity, and resolution. The same is true for their parent 
holding companies or affiliates. As also noted in the proposal, we do 
not intend for the recovery planning described in these Final 
Guidelines to be needlessly burdensome or duplicative of these other 
planning processes. The OCC expects, however, that a covered bank's 
recovery plan will identify the recovery strategies that are specific 
to that bank and, as appropriate, distinguishable from the recovery 
strategies of its holding company or affiliates. Furthermore, while we 
encourage covered banks to leverage their existing processes, including 
by incorporating or cross-referencing portions or elements of relevant 
plans, in most cases, it is unlikely that a covered bank will be able 
to use a plan prepared for another purpose or entity to satisfy the 
Final Guidelines.\18\ As we have noted previously, the purpose of these 
Final Guidelines is to provide a comprehensive framework for evaluating 
how severe stress would financially affect a covered bank specifically 
and the recovery options that would allow that bank to remain viable 
under such stress.
---------------------------------------------------------------------------

    \18\ When a covered bank comprises a substantial percentage of 
its holding company's assets (i.e., 95%), the holding company's 
recovery plan, if any, may serve as the bank's recovery plan, 
provided that such plan satisfies these Final Guidelines.
---------------------------------------------------------------------------

    The OCC is making several changes to this provision as proposed. 
First, we have revised this subsection so that the Final Guidelines 
themselves state that a covered bank's recovery plan should be specific 
to the unique characteristics of that bank. Second, we are clarifying 
that the other plans identified in the proposed guidelines with which a 
covered bank should coordinate its recovery planning is not an 
exclusive list. Instead, these are examples of other types of plans. 
Third, we are replacing the phrase ``risk management and corporate 
governance'' with ``risk governance,'' which we believe incorporates 
the concepts of both risk management and corporate governance as it 
relates to risk management. Other than these and other minor changes, 
we adopt this provision as proposed.

Section III: Management's and the Board's Responsibilities

    Section III of the proposed guidelines addressed the 
responsibilities of a covered bank's management and board with respect 
to the recovery plan and stated that these responsibilities should be 
included in the bank's recovery plan.
    The proposed guidelines provided that management should review its 
bank's recovery plan at least annually and in response to a material 
event. It further stated that management should revise the plan as 
necessary to reflect material changes in the covered bank's size, risk 
profile, activities, and complexity, as well as changes in external 
threats. The preamble explained that during this review, management 
should consider the ongoing relevance and applicability of the stress 
scenarios used to identify the plan's triggers and revise the recovery 
plan as needed.
    The proposed guidelines also stated that management's review should 
include evaluating the covered bank's organizational structure and its 
effectiveness in facilitating recovery. The preamble explained that 
this review should include its legal structure, number of entities, 
geographical footprint, booking practices (e.g., guarantees, 
exposures), and servicing arrangements. The preamble stated that both 
management and the board should provide justification for the covered 
bank's organizational and legal structures and outline changes that 
would enhance their ability to oversee the covered bank in times of 
stress. As explained in the preamble, a more rational legal structure 
can provide a clearer path to recovery and the operational flexibility 
necessary to implement a recovery plan.
    Several commenters requested that the OCC recognize the need for a 
covered bank to have flexibility regarding the timing of management's 
annual review of its recovery plan. These commenters explained that 
this flexibility would facilitate a covered bank's ability to meet 
deadlines associated with other requirements, such as stress testing. 
The OCC agrees that management should have flexibility to conduct its 
annual reviews on its preferred schedule. As noted in the proposal, OCC 
examiners will assess the appropriateness and adequacy of the covered 
bank's ongoing recovery planning process as part of the agency's 
regular supervisory activities, which we believe will provide covered 
banks with the flexibility they need.
    Commenters also requested the OCC to clarify that it is not 
necessary for

[[Page 66798]]

management to recommend changes to a covered bank's organizational and 
legal entity structure as part of every annual review of the bank's 
recovery plan. The OCC agrees that a covered bank's management should 
only recommend changes to a bank's organizational and legal entity 
structure when such changes are necessary or appropriate.
    The proposed guidelines also stated that the board is responsible 
for overseeing the covered bank's recovery planning process. As part of 
this oversight, the preamble explained that the board should work 
closely with the bank's senior management in developing and executing 
the recovery plan. The proposed guidelines also stated that a covered 
bank's board, or an appropriate committee of the board, should review 
and approve the bank's recovery plan at least annually and as needed to 
address any changes made by management.
    A number of commenters expressed concern that the preamble's use of 
``developing and executing'' to describe a covered bank board's role 
with respect to a recovery plan is inconsistent with a board's 
traditional oversight role. It is not the OCC's intent to expand the 
board's role, and we note that the regulatory text in both the proposal 
and Final Guidelines describe the role of the board as ``oversight.''
    Commenters also asked the OCC to clarify that a covered bank's 
board need only review and approve a bank's plan yearly, and as 
necessary to address significant, as opposed to all, changes to a plan. 
We have amended the Final Guidelines to reflect this and otherwise 
adopt this section as proposed.

Description of Technical Amendments to Part 30

    We also are including with these Final Guidelines technical and 
conforming amendments to the part 30 regulations to add references to 
new Appendix E, which contains the Final Guidelines, where appropriate.

Regulatory Analysis

Paperwork Reduction Act

    The OCC has determined that the Final Guidelines include 
collections of information pursuant to the provisions of the Paperwork 
Reduction Act of 1995 (PRA) (44 U.S.C. 3501 et seq.). In accordance 
with PRA, the OCC may not conduct or sponsor, and an organization is 
not required to respond to, an information collection unless the 
information collection displays a currently valid Office of Management 
and Budget (OMB) control number. The OCC submitted the information 
collections contained in the proposed guidelines to OMB for review and 
approval, pursuant to 44 U.S.C. 3506 and section 1320.11 of the OMB 
implementing regulations (5 CFR part 1320). OMB instructed the OCC to 
examine any public comments it received in response to the proposed PRA 
estimate and to describe in the supporting statement of its next 
collection any relevant comments, as well as the OCC's response to such 
comments. The OCC has re-submitted the information collections to OMB 
in connection with the final rule.
    The collections of information that are subject to the PRA in these 
Final Guidelines are found in 12 CFR part 30, appendix E, sections 
II.B., II.C., and III. Section II.B. of this appendix specifies the 
elements of the recovery plan, including an overview of the covered 
bank; triggers; options for recovery; impact assessments; escalation 
procedures; management reports; and communication procedures. Section 
II.C. of this appendix addresses the relationship of the plan to other 
covered bank processes and coordination with other plans, including the 
processes and plans of its bank holding company. Section III of this 
appendix outlines management's and the board's responsibilities.
    We received one comment on our proposed information collection from 
an individual, which addressed all four of the questions below. First, 
the commenter argued that a stress event that threatens the viability 
of a covered bank is the result of either an event that the bank could 
not have foreseen or failed prudential supervision by the OCC. In 
either case, the commenter argued, a recovery plan will be useless. In 
addition, this commenter argued that if a covered bank treats its 
recovery plan like a prescriptive playbook, the plan will fail and, 
alternatively, if a recovery plan only provides guidelines, the plan 
will have no practical utility.
    In response, as noted above, the OCC believes that stress scenarios 
are important tools that a covered bank uses to determine areas of 
vulnerability and help it identify the appropriate triggers. The OCC 
understands that a covered bank's recovery planning process will not 
result in a plan that identifies every trigger and option for every 
possible scenario--but we do believe that the processes of recovery 
planning and codification of a plan will help a covered bank manage the 
stresses it encounters. With respect to the role of a recovery plan 
during a period of severe stress, as noted above, a covered bank should 
use its judgment to determine the most appropriate options for the bank 
to take to preserve its financial strength and viability.
    The commenter also stated that the OCC's burden estimate was too 
low. The OCC believes that its original estimate was realistic given 
the requirements of the proposed guidelines and has included the same 
estimate in the Final Guidelines. We have adjusted, however, the 
estimate of respondents to reflect the most recent data available.
    In addition, the commenter stated that the agency could enhance the 
quality and utility of the information collection by requiring only 
triggers and response options in its plans. In response, as noted 
above, the OCC believes that stress scenarios are important tools that 
a covered bank uses to determine areas of vulnerability and identify 
appropriate triggers. We include the overview of the covered bank as a 
plan element because a covered bank's organizational and legal entity 
structure is likely to change often; its inclusion will both ensure 
that the bank consider the entire organization in the development of 
its plan and assist the bank in understanding the recovery plan's 
relationship with its other planning efforts.
    The commenter also stated that the proposed information collection 
is duplicative of and redundant to information that the OCC currently 
collects. In response, the OCC recognizes that some information 
necessary for recovery planning may have been compiled or provided to 
the OCC for other purposes. However, we believe that it is necessary 
for a covered bank to assemble this information in the context of 
recovery planning in order to develop an appropriate plan to respond to 
future stresses. We encourage, however, covered banks to leverage, 
including by cross-referencing if appropriate, this prior work. 
Finally, the commenter argued that it is burdensome to ask a covered 
bank to connect its recovery plan with its other plans. In response, 
the OCC notes that a covered bank's various plans are not intended to 
operate in a vacuum and must be compatible with each other in order to 
be effective.
    Title: OCC Guidelines Establishing Standards for Recovery Planning 
by Certain Large Insured National Banks, Insured Federal Savings 
Associations, and Insured Federal Branches
    OMB Control No.: To be assigned by OMB.
    Frequency of Response: On occasion.
    Affected Public: Businesses or other for-profit organizations.
    Burden Estimates:
    Total Number of Respondents: 25.

[[Page 66799]]

    Total Burden per Respondent: 7,543 hours.
    Total Burden for Collection: 188,575 hours.
    Comments should be submitted as provided below and continue to be 
invited on: (1) Whether the proposed collection of information is 
necessary for the proper performance of the OCC's functions, including 
whether the information has practical utility; (2) the accuracy of the 
OCC's estimate of the burden of the proposed information collection, 
including the cost of compliance; (3) ways to enhance the quality, 
utility, and clarity of the information to be collected; and (4) ways 
to minimize the burden of information collection on respondents, 
including through the use of automated collection techniques or other 
forms of IT.
    Because paper mail may be subject to delay, commenters are 
encouraged to submit comments by email to [email protected], 
if possible. Alternatively, comments may be mailed to Legislative and 
Regulatory Activities Division, Office of the Comptroller of the 
Currency, Attention: 1557-0321, 400 7th Street SW., Suite 3E-218, Mail 
Stop 9W-11, Washington, DC 20219 or faxed to (571) 465-4326. 
Additionally, commenters should send a copy of their comments to the 
OCC's OMB desk officer by: mail to Office of Information and Regulatory 
Affairs, U.S. Office of Management and Budget, New Executive Office 
Building, Room 10235, 725 17th Street NW., Washington, DC 20503; fax to 
(202) 395-6974; or email to [email protected].
    You may personally inspect and photocopy comments at the OCC, 400 
7th Street SW., Washington, DC 20219. For security reasons, the OCC 
requires that visitors make an appointment to inspect comments. You may 
do so by calling (202) 649-6700. Upon arrival, visitors will be 
required to present valid government-issued photo identification and 
submit to a security screening.
    All comments received, including attachments and other supporting 
materials, are part of the public record and subject to public 
disclosure. Do not enclose any information in your comment or 
supporting materials that you consider confidential or inappropriate 
for public disclosure.
    You may request additional information on the collection from 
Shaquita Merritt, Program Specialist, at (202) 649-6302 or, for persons 
who are deaf or hard of hearing, TTY, (202) 649-5597, Legislative and 
Regulatory Activities Division, Office of the Comptroller of the 
Currency, 400 7th Street SW., Suite 3E-218, Mail Stop 9W-11, 
Washington, DC 20219.

Regulatory Flexibility Analysis

    Pursuant to section 605(b) of the Regulatory Flexibility Act, 5 
U.S.C. 605(b) (RFA), the regulatory flexibility analysis otherwise 
required under section 603 of the RFA is not required if the agency 
certifies that a rule will not have a significant economic impact on a 
substantial number of small entities (defined for purposes of the RFA 
to include commercial banks and savings institutions with assets less 
than or equal to $550 million and trust companies with assets less than 
or equal to $38.5 million) and publishes this certification and a 
short, explanatory statement in the Federal Register with the rule. The 
OCC has determined that the Final Guidelines will have no impact on 
small entities. The Final Guidelines apply only to insured national 
banks, insured Federal savings associations, and insured Federal 
branches of foreign banks with $50 billion or more in average total 
consolidated assets. Although the Final Guidelines reserve the OCC's 
authority to apply them to an insured national bank, insured Federal 
savings association, or insured Federal branch of a foreign bank with 
less than $50 billion in average total consolidated assets if the OCC 
determines such entity is highly complex or otherwise presents a 
heightened risk, the OCC does not expect to determine any small 
entities to be highly complex or otherwise to present a heightened 
risk. Therefore, the OCC certifies that these Final Guidelines will not 
have a significant economic impact on a substantial number of small 
entities.

Unfunded Mandates Reform Act Analysis

    In accordance with section 202 of the Unfunded Mandates Reform Act 
of 1995 (2 U.S.C. 1532), the OCC prepares a budgetary impact statement 
before promulgating any rule that includes a Federal mandate that may 
result in the expenditure by State, local, and tribal governments, in 
the aggregate, or by the private sector, of $100 million or more in any 
one year (adjusted annually for inflation). The OCC has determined that 
these Final Guidelines will not result in expenditures by State, local, 
and tribal governments, in the aggregate, or by the private sector, of 
$100 million or more in any one year (adjusted annually for inflation). 
Accordingly, the OCC has not prepared a budgetary impact statement.

Consideration of Administrative Burdens and Benefits and Effective Date

    Section 302(a) of the Riegle Community Development and Regulatory 
Improvement Act of 1994 (CDRI) (12 U.S.C. 4802(a)) requires the OCC, in 
determining the effective date and administrative compliance 
requirements for new regulations that impose additional reporting, 
disclosure, or other requirements on insured depository institutions, 
to consider, consistent with the principles of safety and soundness and 
the public interest, (1) any administrative burdens that such 
regulations would place on depository institutions, including small 
depository institutions and customers of depository institutions; and 
(2) the benefits of such regulations. In determining the effective date 
and administrative compliance requirements for these Final Guidelines, 
the OCC has considered these burdens and benefits, including the 
requests of commenters for a phased-in compliance period. To this end, 
the Final Guidelines include phased-in compliance dates and recognize 
the need for flexibility with respect to the timing of management's 
annual recovery plan review.
    Section 302(b) of CDRI (12 U.S.C. 4802(a)) requires that new OCC 
regulations, which impose additional reporting, disclosures, or other 
new requirements on insured depository institutions, take effect on the 
first day of a calendar quarter which begins on or after the date on 
which the regulations are published in final form, subject to certain 
exceptions not relevant here. This is in addition to the requirement in 
section 553(d) (5 U.S.C. 553(d)) of the Administrative Procedure Act, 
which requires that a substantive rule be effective no fewer than 30 
days after its publication, subject to certain exceptions not relevant 
here. The effective date of these Final Guidelines is consistent with 
these requirements.

List of Subjects in 12 CFR Part 30

    Banks, Banking, Consumer protection, National banks, Privacy, 
Safety and soundness, Reporting and recordkeeping requirements.

    For the reasons set forth in the preamble, and under the authority 
of 12 U.S.C. 93a, chapter I of title 12 of the Code of Federal 
Regulations is amended as follows:

PART 30--SAFETY AND SOUNDNESS STANDARDS

0
1. The authority citation for part 30 continues to read as follows:


[[Page 66800]]


    Authority:  12 U.S.C. 1, 93a, 371, 1462a, 1463, 1464, 1467a, 
1818, 1828, 1831p-1, 1881-1884, 3102(b) and 5412(b)(2)(B); 15 U.S.C. 
1681s, 1681w, 6801, and 6805(b)(1).


Sec.  30.1   [Amended]

0
2. Section 30.1 is amended by removing, in paragraph (a), ``appendices 
A, B, C, and D'' and adding in its place ``appendices A, B, C, D, and 
E''.

0
3. Section 30.2 is amended by adding a sentence at the end of the 
paragraph to read as follows:


Sec.  30.2   Purpose.

    * * * The OCC Guidelines Establishing Standards for Recovery 
Planning by Certain Large Insured National Banks, Insured Federal 
Savings Associations, and Insured Federal Branches are set forth in 
appendix E to this part.


Sec.  30.3   [Amended]

0
4. Section 30.3 is amended in paragraph (a) by removing ``the OCC 
Guidelines Establishing Standards for Residential Mortgage Lending 
Practices set forth in appendix C to this part, or the OCC Guidelines 
Establishing Heightened Standards for Certain Large Insured National 
Banks, Insured Federal Savings Associations, and Insured Federal 
Branches set forth in appendix D to this part'' and adding in its place 
``the OCC Guidelines Establishing Standards for Residential Mortgage 
Lending Practices set forth in appendix C to this part, the OCC 
Guidelines Establishing Heightened Standards for Certain Large Insured 
National Banks, Insured Federal Savings Associations, and Insured 
Federal Branches set forth in appendix D to this part, or the OCC 
Guidelines Establishing Standards for Recovery Planning by Certain 
Large Insured National Banks, Insured Federal Savings Associations, and 
Insured Federal Branches set forth in appendix E to this part''.

0
5. Appendix E is added to part 30 to read as follows:

Appendix E to Part 30--OCC Guidelines Establishing Standards for 
Recovery Planning by Certain Large Insured National Banks, Insured 
Federal Savings Associations, and Insured Federal Branches

Table of Contents

I. Introduction
    A. Scope
    B. Compliance date
    C. Reservation of authority
    D. Preservation of existing authority
    E. Definitions
II. Recovery Plan
    A. Recovery plan
    B. Elements of recovery plan
    1. Overview of covered bank
    2. Triggers
    3. Options for recovery
    4. Impact assessments
    5. Escalation procedures
    6. Management reports
    7. Communication procedures
    8. Other information
    C. Relationship to other processes; coordination with other 
plans
III. Management's and Board of Directors' Responsibilities
    A. Management
    B. Board of directors

I. Introduction

    A. Scope. This appendix applies to a covered bank, as defined in 
paragraph I.E.3. of this appendix.
    B. Compliance date.
    1. A covered bank with average total consolidated assets, 
calculated according to paragraph I.E.1. of this appendix, equal to or 
greater than $750 billion as of January 1, 2017 should comply with this 
appendix within 6 months from January 1, 2017.
    2. A covered bank with average total consolidated assets, 
calculated according to paragraph I.E.1. of this appendix, equal to or 
greater than $100 billion but less than $750 billion as of January 1, 
2017 should comply with this appendix within 12 months from January 1, 
2017.
    3. A covered bank with average total consolidated assets, 
calculated according to paragraph I.E.1. of this appendix, equal to or 
greater than $50 billion but less than $100 billion as of January 1, 
2017 should comply with this appendix within 18 months from January 1, 
2017.
    4. A bank with average total consolidated assets, calculated 
according to paragraph I.E.1. of this appendix, of less than $50 
billion as of January 1, 2017 but which subsequently becomes a covered 
bank should comply with this appendix within 18 months of becoming a 
covered bank.
    C. Reservation of authority.
    1. The OCC reserves the authority:
    a. To apply this appendix, in whole or in part, to a bank that has 
average total consolidated assets of less than $50 billion, if the OCC 
determines such bank is highly complex or otherwise presents a 
heightened risk that warrants the application of this appendix; or
    b. To determine that compliance with this appendix should not be 
required for a covered bank. The OCC will generally make this 
determination if a covered bank's operations are no longer highly 
complex or no longer present a heightened risk.
    2. In determining whether a bank or covered bank is highly complex 
or presents a heightened risk, the OCC will consider the bank's size, 
risk profile, scope of operations, activities, and complexity, 
including the complexity of its organizational and legal entity 
structure. Before exercising the authority reserved by paragraph I.C.1. 
of this appendix, the OCC will apply notice and response procedures in 
the same manner and to the same extent as the notice and response 
procedures in 12 CFR 3.404.
    D. Preservation of existing authority. Neither section 39 of the 
Federal Deposit Insurance Act (12 U.S.C. 1831p-1) nor this appendix in 
any way limits the authority of the OCC to address unsafe or unsound 
practices or conditions or other violations of law. The OCC may take 
action under section 39 and this appendix independently of, in 
conjunction with, or in addition to any other enforcement action 
available to the OCC.
    E. Definitions.
    1. Average total consolidated assets means the average total 
consolidated assets of the bank or the covered bank, as reported on the 
bank's or the covered bank's Consolidated Reports of Condition and 
Income for the four most recent consecutive quarters.
    2. Bank means any insured national bank, insured Federal savings 
association, or insured Federal branch of a foreign bank.
    3. Covered bank means any bank:
    a. With average total consolidated assets equal to or greater than 
$50 billion;
    b. With average total consolidated assets of less than $50 billion 
if the bank was previously a covered bank, unless the OCC determines 
otherwise; or
    c. With average total consolidated assets less than $50 billion, if 
the OCC determines that such bank is highly complex or otherwise 
presents a heightened risk as to warrant the application of this 
appendix pursuant to paragraph I.C.1.a. of this appendix.
    4. Recovery means timely and appropriate action that a covered bank 
takes to remain a going concern when it is experiencing or is likely to 
experience considerable financial or operational stress. A covered bank 
in recovery has not yet deteriorated to the point where liquidation or 
resolution is imminent.
    5. Recovery plan means a plan that identifies triggers and options 
for responding to a wide range of severe internal and external stress 
scenarios to restore a covered bank that is in recovery to financial 
strength and viability in a timely manner. The options should maintain 
the confidence of market participants, and neither the plan nor the 
options may assume or rely on any extraordinary government support.

[[Page 66801]]

    6. Trigger means a quantitative or qualitative indicator of the 
risk or existence of severe stress, the breach of which should always 
be escalated to senior management or the board of directors (or 
appropriate committee of the board of directors), as appropriate, for 
purposes of initiating a response. The breach of any trigger should 
result in timely notice accompanied by sufficient information to enable 
management of the covered bank to take corrective action.

II. Recovery Plan

    A. Recovery plan. Each covered bank should develop and maintain a 
recovery plan that is specific to that covered bank and appropriate for 
its individual size, risk profile, activities, and complexity, 
including the complexity of its organizational and legal entity 
structure.
    B. Elements of recovery plan. A recovery plan under paragraph II.A. 
of this appendix should include the following elements:
    1. Overview of covered bank. A recovery plan should describe the 
covered bank's overall organizational and legal entity structure, 
including its material entities, critical operations, core business 
lines, and core management information systems. The plan should 
describe interconnections and interdependencies (i) across business 
lines within the covered bank, (ii) with affiliates in a bank holding 
company structure, (iii) between a covered bank and its foreign 
subsidiaries, and (iv) with critical third parties.
    2. Triggers. A recovery plan should identify triggers that 
appropriately reflect the covered bank's particular vulnerabilities.
    3. Options for recovery. A recovery plan should identify a wide 
range of credible options that a covered bank could undertake to 
restore financial strength and viability, thereby allowing the bank to 
continue to operate as a going concern and to avoid liquidation or 
resolution. A recovery plan should explain how the covered bank would 
carry out each option and describe the timing required for carrying out 
each option. The recovery plan should specifically identify the 
recovery options that require regulatory or legal approval.
    4. Impact assessments. For each recovery option, a covered bank 
should assess and describe how the option would affect the covered 
bank. This impact assessment and description should specify the 
procedures the covered bank would use to maintain the financial 
strength and viability of its material entities, critical operations, 
and core business lines for each recovery option. For each option, the 
recovery plan's impact assessment should address the following:
    a. The effect on the covered bank's capital, liquidity, funding, 
and profitability;
    b. The effect on the covered bank's material entities, critical 
operations, and core business lines, including reputational impact; and
    c. Any legal or market impediment or regulatory requirement that 
must be addressed or satisfied in order to implement the option.
    5. Escalation procedures. A recovery plan should clearly outline 
the process for escalating decision-making to senior management or the 
board of directors (or an appropriate committee of the board of 
directors), as appropriate, in response to the breach of any trigger. 
The recovery plan should also identify the departments and persons 
responsible for executing the decisions of senior management or the 
board of directors (or an appropriate committee of the board of 
directors).
    6. Management reports. A recovery plan should require reports that 
provide senior management or the board of directors (or an appropriate 
committee of the board of directors) with sufficient data and 
information to make timely decisions regarding the appropriate actions 
necessary to respond to the breach of a trigger.
    7. Communication procedures. A recovery plan should provide that 
the covered bank notify the OCC of any significant breach of a trigger 
and any action taken or to be taken in response to such breach and 
should explain the process for deciding when a breach of a trigger is 
significant. A recovery plan also should address when and how the 
covered bank will notify persons within the organization and other 
external parties of its action under the recovery plan. The recovery 
plan should specifically identify how the covered bank will obtain 
required regulatory or legal approvals.
    8. Other information. A recovery plan should include any other 
information that the OCC communicates in writing directly to the 
covered bank regarding the covered bank's recovery plan.
    C. Relationship to other processes; coordination with other plans. 
The covered bank should integrate its recovery plan into its risk 
governance functions. The covered bank also should align its recovery 
plan with its other plans, such as its strategic; operational 
(including business continuity); contingency; capital (including stress 
testing); liquidity; and resolution planning. The covered bank's 
recovery plan should be specific to that covered bank. The covered bank 
also should coordinate its recovery plan with any recovery and 
resolution planning efforts by the covered bank's holding company, so 
that the plans are consistent with and do not contradict each other.

III. Management's and Board of Directors' Responsibilities

    The recovery plan should address the following management and board 
responsibilities:
    A. Management. Management should review the recovery plan at least 
annually and in response to a material event. It should revise the plan 
as necessary to reflect material changes in the covered bank's size, 
risk profile, activities, and complexity, as well as changes in 
external threats. This review should evaluate the organizational 
structure and its effectiveness in facilitating a recovery.
    B. Board of directors. The board is responsible for overseeing the 
covered bank's recovery planning process. The board of directors (or an 
appropriate committee of the board of directors) of a covered bank 
should review and approve the recovery plan at least annually, and as 
needed to address significant changes made by management.

    Dated: September 21, 2016.
Thomas J. Curry,
Comptroller of the Currency.
[FR Doc. 2016-23366 Filed 9-28-16; 8:45 am]
 BILLING CODE 4810-33-P