Treliant Takeaway…The OCC Formalizes Actions it will Take Against Banks with Persistent Weaknesses

Bulletin 2023-16. OCC Enforcement Actions: Revised Policies and Procedures Manual for Bank Enforcement Actions and Related Matters

• Source: occ.gov

Treliant Takeaway:

Banks must understand if and when they are subject to heightened standards or could be considered large, complex or with a heightened risk profile. Banks must also have mature processes for self-identification and timely remediation of risks. This should include full adoption of the three lines of defense, clear roles and responsibilities for risk, effective reporting, escalation and governance of risks, and strong change management, issue identification and remediation, and testing and validation practices.

Treliant has talented professionals with deep experience in the design, implementation, and assessment of bank risk and compliance programs and processes. We can assist you in evaluating your overall risk profile relative to the OCC’s guidance, assessing the effectiveness of your risk management practices, and implementing the appropriate enhancements to ensure your risk practices enable you to proactively manage risk and respond and remediate risks in a timely and sustainable manner.

Highlights:

Acting Comptroller of the Currency, Michael J. Hsu, in his remarks at Brookings on January 17, 2023, previewed the agency’s concern about too-big-to-manage (TBTM) institutions and its focus on “…developing a robust approach to detecting, preventing, and addressing TBTM risks…”, and “…credible, transparent mechanisms to compel divestitures and simplification at large banks when necessary”.

On May 25, 2023, the OCC announced revisions to its Policies and Procedures Manual (PPM 5310-3) on bank enforcement actions, with the addition of a new Appendix C: Actions Against Banks with Persistent Weaknesses, that reflect the approach the OCC will take with banks that demonstrate recurring, persistent and worsening weaknesses, and where insufficient corrective action has been demonstrated. These new protocols are generally applicable to banks that are subject to heightened standards or are deemed to be large, complex or present heightened risk.

Banks may be classified as having persistent weakness if they have:

• a composite or management rating of 3 or worse, for a period of three or more years;
• three or more weak or insufficient quality of risk management assessments, for three or more years;
• failed to adopt, implement, and adhere to required corrective actions in a timely manner; or
• multiple enforcement actions that have been executed or are outstanding over a three-year period

Possible actions that the OCC may take in these cases include:

• implementation of an enterprise-wide action plans under Board oversight;
• restrictions on bank growth and business activities;
• increased capital and liquidity requirements; or
• simplification of operations that may include reduction of asset size, divestiture, or exit from areas of operations.

Additional sources:

• PPM 5310-3, “Bank Enforcement Actions and Related Matters” (occ.gov)
• Acting Comptroller of the Currency Michael J. Hsu remarks at Brookings, “Detecting, Preventing, and Addressing Too Big To Manage”, January 17, 2023 (occ.gov)