The biggest U.S. banks will have to improve risk management and ensure their boards can challenge decisions by top executives under new guidelines backed by the Office of the Comptroller of the Currency’s enforcement muscle.
The standards released today formalize the “heightened expectations” Comptroller Thomas Curry has advocated since taking charge of the national-bank regulator in 2012. The OCC’s goal is to cut down on the kind of risk-taking and operational blunders that were exposed by the subprime mortgage crisis.
“As the OCC assessed the causes of the 2008 financial crisis, it became clear that much higher standards for risk management, internal controls, and internal audit were needed,” Curry said in an e-mailed statement. “The rule we are finalizing today memorializes those supervisory standards and provides a mechanism for enforcement.”
Under the new policy, which is little changed from an initial proposal released in January, the OCC has set up a faster path to enforcement action. The agency can tell a bank to resolve a violation, and if the lender doesn’t produce or adhere to a plan, it can skip a judicial hearing and issue an order that could include monetary penalties.
Banks such as Citigroup Inc. and Wells Fargo & Co. had asked the OCC to match requirements more closely with efforts at the Federal Reserve, and to give supervisors leeway to consider the different business plans for each bank.
“The OCC has proposed an unnecessarily rigid and prescriptive approach,” said a March 28 letter from industry groups including the American Bankers Association, Financial Services Roundtable and the Securities Industry and Financial Markets Association. “We strongly urge that the proposed guidelines be revised to be more principles-based, so they can be flexibly and more effectively applied.”
In Curry’s view, the need for change was reinforced by risk management failures that followed in the wake of the 2008 crisis -- such as JPMorgan Chase & Co.’s London Whale trading losses and lapses by banks including JPMorgan and Citigroup in guarding against money-laundering.
The requirements, which apply to banks with more than $50 billion in assets, are effective in two months for the six banks with more than $750 billion in assets, including Bank of America Corp. and Goldman Sachs Group Inc. Banks between $100 billion and $750 billion have six months, and the rest have 18 months.
The agency made a few technical changes in response to criticism, including letting banks use their parent companies’ risk frameworks and removing some language that banks interpreted as requiring board members to get involved in day-to-day activities. The guidelines said the board members must actively oversee the new standards while sticking to “their traditional strategic and oversight role.”