Appendix E - Appendix E to Part 30—OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches
A. Scope. This appendix applies to a covered bank, as defined in paragraph I.E.3. of this appendix.
B. Compliance date.
1. A covered bank with average total consolidated assets, calculated according to paragraph I.E.1. of this appendix, equal to or greater than $250 billion as of January 28, 2019 should be in compliance with this appendix on January 28, 2019.
2. A bank with average total consolidated assets, calculated according to paragraph I.E.1. of this appendix, of less than $250 billion as of January 28, 2019 but which subsequently becomes a covered bank should comply with this appendix within 12 months of becoming a covered bank.
C. Reservation of authority.
1. The OCC reserves the authority:
a. To apply this appendix, in whole or in part, to a bank that has average total consolidated assets of less than $250 billion, if the OCC determines such bank is highly complex or otherwise presents a heightened risk that warrants the application of this appendix; or
b. To determine that compliance with this appendix should not be required for a covered bank. The OCC will generally make this determination if a covered bank's operations are no longer highly complex or no longer present a heightened risk.
2. In determining whether a bank or covered bank is highly complex or presents a heightened risk, the OCC will consider the bank's size, risk profile, scope of operations, activities, and complexity, including the complexity of its organizational and legal entity structure. Before exercising the authority reserved by paragraph I.C.1. of this appendix, the OCC will apply notice and response procedures in the same manner and to the same extent as the notice and response procedures in 12 CFR 3.404.
D. Preservation of existing authority. Neither section 39 of the Federal Deposit Insurance Act (12 U.S.C. 1831p-1) nor this appendix in any way limits the authority of the OCC to address unsafe or unsound practices or conditions or other violations of law. The OCC may take action under section 39 and this appendix independently of, in conjunction with, or in addition to any other enforcement action available to the OCC.
E. Definitions.
1. Average total consolidated assets means the average total consolidated assets of the bank or the covered bank, as reported on the bank's or the covered bank's Consolidated Reports of Condition and Income for the four most recent consecutive quarters.
2. Bank means any insured national bank, insured Federal savings association, or insured Federal branch of a foreign bank.
3. Covered bank means any bank:
a. With average total consolidated assets equal to or greater than $250 billion;
b. With average total consolidated assets of less than $250 billion if the bank was previously a covered bank, unless the OCC determines otherwise; or
c. With average total consolidated assets less than $250 billion, if the OCC determines that such bank is highly complex or otherwise presents a heightened risk as to warrant the application of this appendix pursuant to paragraph I.C.1.a. of this appendix.
4. Recovery means timely and appropriate action that a covered bank takes to remain a going concern when it is experiencing or is likely to experience considerable financial or operational stress. A covered bank in recovery has not yet deteriorated to the point where liquidation or resolution is imminent.
5. Recovery plan means a plan that identifies triggers and options for responding to a wide range of severe internal and external stress scenarios to restore a covered bank that is in recovery to financial strength and viability in a timely manner. The options should maintain the confidence of market participants, and neither the plan nor the options may assume or rely on any extraordinary government support.
6. Trigger means a quantitative or qualitative indicator of the risk or existence of severe stress, the breach of which should always be escalated to senior management or the board of directors (or appropriate committee of the board of directors), as appropriate, for purposes of initiating a response. The breach of any trigger should result in timely notice accompanied by sufficient information to enable management of the covered bank to take corrective action.
II. Recovery PlanA. Recovery plan. Each covered bank should develop and maintain a recovery plan that is specific to that covered bank and appropriate for its individual size, risk profile, activities, and complexity, including the complexity of its organizational and legal entity structure.
B. Elements of recovery plan. A recovery plan under paragraph II.A. of this appendix should include the following elements:
1. Overview of covered bank. A recovery plan should describe the covered bank's overall organizational and legal entity structure, including its material entities, critical operations, core business lines, and core management information systems. The plan should describe interconnections and interdependencies (i) across business lines within the covered bank, (ii) with affiliates in a bank holding company structure, (iii) between a covered bank and its foreign subsidiaries, and (iv) with critical third parties.
2. Triggers. A recovery plan should identify triggers that appropriately reflect the covered bank's particular vulnerabilities.
3. Options for recovery. A recovery plan should identify a wide range of credible options that a covered bank could undertake to restore financial strength and viability, thereby allowing the bank to continue to operate as a going concern and to avoid liquidation or resolution. A recovery plan should explain how the covered bank would carry out each option and describe the timing required for carrying out each option. The recovery plan should specifically identify the recovery options that require regulatory or legal approval.
4. Impact assessments. For each recovery option, a covered bank should assess and describe how the option would affect the covered bank. This impact assessment and description should specify the procedures the covered bank would use to maintain the financial strength and viability of its material entities, critical operations, and core business lines for each recovery option. For each option, the recovery plan's impact assessment should address the following:
a. The effect on the covered bank's capital, liquidity, funding, and profitability;
b. The effect on the covered bank's material entities, critical operations, and core business lines, including reputational impact; and
c. Any legal or market impediment or regulatory requirement that must be addressed or satisfied in order to implement the option.
5. Escalation procedures. A recovery plan should clearly outline the process for escalating decision-making to senior management or the board of directors (or an appropriate committee of the board of directors), as appropriate, in response to the breach of any trigger. The recovery plan should also identify the departments and persons responsible for executing the decisions of senior management or the board of directors (or an appropriate committee of the board of directors).
6. Management reports. A recovery plan should require reports that provide senior management or the board of directors (or an appropriate committee of the board of directors) with sufficient data and information to make timely decisions regarding the appropriate actions necessary to respond to the breach of a trigger.
7. Communication procedures. A recovery plan should provide that the covered bank notify the OCC of any significant breach of a trigger and any action taken or to be taken in response to such breach and should explain the process for deciding when a breach of a trigger is significant. A recovery plan also should address when and how the covered bank will notify persons within the organization and other external parties of its action under the recovery plan. The recovery plan should specifically identify how the covered bank will obtain required regulatory or legal approvals.
8. Other information. A recovery plan should include any other information that the OCC communicates in writing directly to the covered bank regarding the covered bank's recovery plan.
C. Relationship to other processes; coordination with other plans. The covered bank should integrate its recovery plan into its risk governance functions. The covered bank also should align its recovery plan with its other plans, such as its strategic; operational (including business continuity); contingency; capital (including stress testing); liquidity; and resolution planning. The covered bank's recovery plan should be specific to that covered bank. The covered bank also should coordinate its recovery plan with any recovery and resolution planning efforts by the covered bank's holding company, so that the plans are consistent with and do not contradict each other.
III. Management's and Board of Directors' ResponsibilitiesThe recovery plan should address the following management and board responsibilities:
A. Management. Management should review the recovery plan at least annually and in response to a material event. It should revise the plan as necessary to reflect material changes in the covered bank's size, risk profile, activities, and complexity, as well as changes in external threats. This review should evaluate the organizational structure and its effectiveness in facilitating a recovery.
B. Board of directors. The board is responsible for overseeing the covered bank's recovery planning process. The board of directors (or an appropriate committee of the board of directors) of a covered bank should review and approve the recovery plan at least annually, and as needed to address significant changes made by management.