OCC eyes communications with boards over violations
Bank in-house legal and governance professionals have been offered more consistency when dealing with regulators over potential enforcements – including in regards to communications with boards and management about their pledges to fix problems.
The Office of the Comptroller of the Currency (OCC) will on July 1 implement updated policies and procedures regarding violations of laws and regulations. The changes follow recommendations made in a December 2013 report that the OCC should analyze the effectiveness of its process for handling ‘matters requiring attention’ (MRAs) and consider developing controls to better manage the MRA follow-up process ‘to promote more timely and consistent resolution of identified deficiencies by the institutions.’
The OCC had commissioned the report, which was produced by a group of current and former overseas regulators.
The goals and practices the agency will implement in July include:
- Ensuring consistency in the purpose, processes and procedures within and across all OCC lines of business, including community, mid-sized and large banks, federal branches and agencies, and banks overseen by the OCC’s special supervision group
- Communicating violations using a consistent format, incorporating:
– A legal citation and description
– A summary of relevant statutory or regulatory requirements
– Facts supporting the violation and root cause(s)
– The corrective action(s) required
– Board and management’s commitment(s) to that corrective action
- Reinforcing the importance of timely and thorough follow-up and tracking of bank management’s corrective actions and milestones to those actions
- Emphasizing the need for examiners to communicate effectively and in a timely manner with the bank’s board of directors, the bank’s management team, and OCC supervisors.
IF A VIOLATION IS SPOTTED
Under the new policies and procedures, OCC examiners will have to communicate with banks about all violations they spot so as to help lead to timely and effective corrective action by a lender’s board and management, officials wrote in a related filing.
As such, exam officials must tell banks about substantive violations – including substantive self-identified violations, in certain cases – in a report of examination (ROE) or supervisory letter. Examiners must tell banks about less substantive violations they find in a separate written document if the examiners do not include these in an ROE or supervisory letter. They can use their discretion to determine whether less substantive, self-identified violations need to be communicated in a separate written document.
Despite this, officials say that ‘[t]he OCC expects the board and management to take timely and effective correction of all violations regardless of how they are communicated. If management fails to correct a violation previously communicated in a separate written document by the OCC, the examiner should include the violation in the next ROE or supervisory letter.’
The first time an examiner tells a bank about a violation, he or she will have to label the violation in one or more of the following ways:
- As ‘new’ when the OCC has not previously communicated the same or substantially similar violations in writing during the preceding five years
- As ‘self-identified’ when there is evidence the board or management is aware of the violation and documented and disclosed the violation to the OCC before or during the exam
- As ‘repeat’ when the OCC communicated the violation, even if self-identified, in writing during the preceding five years and new violations of the same or substantially similar regulation or law occur subsequently.
After completing their follow-up work, examiners will have to determine whether to label a violation as one of the following:
- Past due. This means that, during verification, examiners determine that the bank has not implemented the expected corrective actions for the violation within the required time frame or, during validation, examiners determine that the corrective action is not effective or sustainable
- Pending validation. This means the OCC verified that the bank implemented the corrective actions, but insufficient time has passed for the bank to demonstrate sustained performance under the corrective actions or the OCC determines that additional testing is needed
- Closed. This means the bank has corrected the violation, and the OCC has verified and validated the bank’s corrective actions, a change in the bank’s circumstances corrected the violation, or the violation is otherwise deemed uncorrectable.
Earlier this year, the OCC gave compliance and legal teams insight into what its officials are looking for when they assess how banks handle potential risks raised by dealing with outside entities, an area that has come into the regulatory spotlight with the growth of cyber-attacks (CorporateSecretary.com, 2/9). The OCC issued supplemental exam procedures designed to promote consistency when its staffers examine national banks and federal savings associations’ risk management of third-party relationships.