Download:
pdf |
pdfSUPPORTING STATEMENT
Part 364, Appendix C
Guidelines Establishing Standards for Corporate Governance
(OMB Control No. 3064-NEW)
INTRODUCTION
The Federal Deposit Insurance Corporation (FDIC) is requesting approval from the Office of
Management and Budget (OMB) to establish a new information collection comprised of
reporting and recordkeeping requirements contained in a notice of proposed rulemaking on
“Guidelines Establishing Standards for Corporate Governance and Risk Management for
Covered Institutions with Total Consolidated Assets of $10 Billion or More” (proposed rule).
The proposed rule seeks to impose reporting and recordkeeping requirements under the
Paperwork Reduction Act (PRA), 1 for each insured state nonmember bank, state-licensed
insured branch of foreign banks, and insured state savings association subject to the provisions of
Section 39 of the Federal Deposit Insurance Act (FDI Act), with total consolidated assets of $10
billion or more (covered institution). As a result, the FDIC is requesting approval from the OMB
and asks that the OMB assign an OMB control number.
A.
JUSTIFICATION
1. Circumstances that make the collection necessary:
Strong corporate governance is the foundation for an insured depository
institution’s safe and sound operations. An effective governance framework is
necessary for an insured depository institution to remain profitable, competitive,
and resilient through changing economic and market conditions. The board of
directors serves a critical role in maintaining an insured depository institution’s
safety and soundness and continued financial and operational resilience.
The FDIC observed during the 2008 financial crisis and more recent bank failures
in 2023 that financial institutions with poor corporate governance and risk
management practices were more likely to fail. 2 Reports reviewing the recent
2023 bank failures noted that poor corporate governance and risk management
practices were contributing factors. 3 Failures of insured depository institutions
44 U.S.C. 3501 et seq.
Lessons Learned and a Framework for Monitoring Emerging Risks and Regulatory Response, GAO Report to
Congress, GAO-15-365, June 2015; FDIC OIG Reports – Bank Failures, https://www.fdicoig.gov/reportspublications/bank-failures; Remarks by Martin J. Gruenberg, Chairman, FDIC to the American Association of Bank
Directors, May 12, 2015, https://archive.fdic.gov/view/fdic/1717; Review of the Federal Reserve’s Supervision and
Regulation of Silicon Valley Bank, April 2023, https://www.federalreserve.gov/publications/files/svb-review20230428.pdf; FDIC’s Supervision of Signature Bank, April 2023, https://www.fdic.gov/news/pressreleases/2023/pr23033a.pdf.
3
The FDIC report on the failure of Signature Bank in 2023 found that the root cause of the failure was poor
management without adequate risk management practices and controls. The institution’s management did not
prioritize good corporate governance practices (FDIC’s Supervision of Signature Bank, April 28, 2023, p. 2). The
Federal Reserve Board’s report on the failure of Silicon Valley Bank also identified governance and risk
management failures that led to the failure. (Review of the Federal Reserve’s Supervision and Regulation of Silicon
1
2
1
�(IDIs) impose costs on the Deposit Insurance Fund (DIF) and negatively affect a
wide variety of stakeholders including the institution’s depositors and
shareholders, employees, customers (including consumers and businesses that
rely on the institution’s services and the availability of credit), regulators, and the
public as a whole. Insufficient attention and responsiveness to internal controls
and governance processes can result in noncompliance with laws and regulations
going undetected or unaddressed.
In order to strengthen the corporate governance and risk management practices of
large institutions, the FDIC is proposing to issue corporate governance and risk
management guidelines (Guidelines) as a new Appendix C to part 364 to address
corporate governance and risk management practices and board oversight.
The proposed Guidelines would apply to all covered institutions. The proposed
Guidelines would apply in addition to any other requirements established by law
or regulation. The FDIC’s supervisory experience has shown that institutions
with assets greater than $10 billion are larger, more complex and present a higher
risk profile. The proposed Guidelines are intended to raise the FDIC’s standards
for corporate governance, risk management, and control to help ensure these
larger institutions effectively anticipate, evaluate, and mitigate the risks they face.
2. Use of the information:
The FDIC believes that the proposed rule will benefit covered institutions by
reducing the likelihood and magnitude of losses and the likelihood of failure. The
FDIC does not have access to information that would enable a quantitative
estimate of the benefits of the proposed rule. Although there are existing
regulations and guidance related to corporate governance and risk management,
the FDIC has not previously issued supervisory guidelines or regulations
specifically on corporate governance and risk management for covered
institutions. The FDIC believes that adoption of the proposed Guidelines would
benefit covered institutions by establishing clear expectations for covered
institutions and strengthening corporate governance and risk management.
Additionally, by adopting the proposed Guidelines in Appendix C to part 364, the
FDIC could require a compliance plan or take other corrective action if warranted
further reducing the likelihood and magnitude of loss, and the likelihood of
failure.
3. Consideration of the use of improved information technology:
Covered institutions may use technology to the extent feasible and/or desirable or
appropriate to make the required reports.
Valley Bank, April 2023, p. 1).
2
�4. Effort to identify duplication:
No other federal law mandates these reporting requirements and therefore the
reporting requirements are not otherwise duplicated.
5. Methods used to minimize burden if the collection has a significant impact on a
substantial number of small entities:
The proposed rule will not have a significant impact on a substantial number of small
entities. As of the quarter ending March 31, 2023, the FDIC supervised 3,012
depository institutions, of which 2,306 are considered “small” for the purposes of
RFA. As of the quarter ending March 31, 2023, there are no small, FDIC-insured
institutions with $10 billion or more in total consolidated assets.
6. Consequences to the Federal program if the collection were conducted less frequently:
Although the FDIC has not previously issued supervisory guidelines or regulations
specifically on corporate governance and risk management for covered institutions,
the FDIC expects these larger IDIs to have more detailed and formal guidance
frameworks, given their size and complexity. The requirements in these proposed
Guidelines generally reflect existing principles and what examiners consider
necessary for the safe and sound operation of a covered institution. In addition, these
proposed Guidelines are intended to be generally consistent with the goals
communicated through the Office of Comptroller’s and the Board of Governors of the
Federal Reserve System’s published issuances in an effort to harmonize corporate
governance and risk management requirements for covered institutions that present a
higher risk profile with those applicable to entities supervised by the other Federal
banking agencies.
7. Special circumstances necessitating collection inconsistent with 5 CFR 1320.5(d)(2):
None. This information collection is conducted in accordance with the guidelines in 5
CFR 1320.5(d)(2).
8. Efforts to consult with persons outside the agency:
On October 11, 2023, the FDIC has issued a Notice of Proposed Rulemaking in the
Federal Register (88 FR 70391) seeking comment on the reporting and recordkeeping
requirements under the PRA. The FDIC will consider any received during the
comment when finalizing the proposed rule.
9. Payment or gift to respondents:
None.
3
�10. Any assurance of confidentiality:
Information collected is kept private to the extent allowed by law. All required records
are subject to the confidentiality requirements of the Privacy Act. In addition, any
information deemed to be of a confidential nature is exempt from public disclosure in
accordance with the provisions of the Freedom of Information Act (5 U.S.C. 552).
11. Justification for questions of a sensitive nature:
No questions of a sensitive nature are included in the collection.
12. Estimate of Hour Burden:
The FDIC’s estimated burden for the respondents for complying with the collection
of information is 91,375 hours.
ESTIMATED HOURLY BURDEN - Part 364, Appendix C NPR
Number
Information Collection Description and
Citation
Type of
Burden
Frequency
Number
Respondents
Number of
Responses Per
Respondent
Time Per
Response
Total
Estimated
Annual
Burden
1
Audit Committee, Review and Approval of the
Internal Audit Unit’s Charter
Section I(D)(7)(b)
One-Time
Recordkeeping
One-Time
1
1
40
40
2
Audit Committee, Annual Review and
Approval of the Internal Audit Unit’s Charter
Section I(D)(7)(c)
Ongoing
Recordkeeping
Annually
1
1
20
20
3
Development of a Written Strategic Plan
Section II(C)(2)
One-Time
Recordkeeping
One-Time
1
1
120
120
4
Annual Evaluation and Approval of Strategic
Plan
Section II(C)(2)
Ongoing
Recordkeeping
Annually
57
1
60
3,420
5
Board, Establishment and Approval of Policies
Governing Operations
Section II(C)(3)
One-Time
Recordkeeping
One-Time
1
1
40
40
6
Board, Annual Review Policies Governing
Operations
Section II(C)(3)
Ongoing
Recordkeeping
Annually
57
1
20
1,140
7
Establishment of a Written Code of Ethics
Section II(C)(4)
One-Time
Recordkeeping
One-Time
1
1
40
40
8
Annual Review Written Code of Ethics
Section II(C)(4)
Ongoing
Recordkeeping
Annually
57
1
20
1,140
4
�Number
Information Collection Description and
Citation
Type of
Burden
Frequency
Number
Respondents
Number of
Responses Per
Respondent
Time Per
Response
Total
Estimated
Annual
Burden
9
Establishment of a Management Performance
Review Process
Section II(C)(7)
One-Time
Recordkeeping
One-Time
1
1
40
40
10
Annual Review of Management Performance
Review Process
Section II(C)(7)
Ongoing
Recordkeeping
Annually
57
1
20
1,140
11
Development of a Succession Plan
Section II(C)(7)
One-Time
Recordkeeping
One-Time
1
1
40
40
12
Annual Review Succession Plan
Section II(C)(7)
Ongoing
Recordkeeping
Annually
57
1
20
1,140
13
Establishment of a Training Program for
Directors
Section II(C)(8)
One-Time
Recordkeeping
One-Time
1
1
50
50
14
Annual Review Training Program for Directors
Section II(C)(8)
Ongoing
Recordkeeping
Annually
57
1
25
1,425
15
Board Annual Self-Assessment
Section II(C)(9)
Ongoing
Recordkeeping
Annually
57
1
20
1,140
16
Establishment of a Compensation and
Performance Management Program
Section II(C)(10)
One-Time
Recordkeeping
One-Time
1
1
100
100
17
Annual Review of Compensation and
Performance Management Program
Section II(C)(10)
Ongoing
Recordkeeping
Annually
57
1
50
2,850
18
Establishment of a Written Charter for Board
Committees
Section II(D)
One-Time
Recordkeeping
One-Time
1
1
40
40
19
Annual Review of Written Charter for Board
Committees
Section II(D)
Ongoing
Recordkeeping
Annually
57
1
20
1,140
20
Board Approval of Charter of Internal Audit
Function
Section II(D)(1)(e)
One-Time
Recordkeeping
One-Time
1
1
20
20
21
Board Annual Review of Charter of Internal
Audit Function
Section II(D)(1)(f)
Ongoing
Recordkeeping
Annually
57
1
10
570
22
Audit Committee, Approval of all Audit
Services
Section II(D)(1)(b)
Ongoing
Recordkeeping
On
Occasion
57
1
40
2,280
5
�Frequency
Number
Respondents
Number of
Responses Per
Respondent
Time Per
Response
Total
Estimated
Annual
Burden
Recordkeeping
On
Occasion
57
1
40
2,280
Risk Committee, Approval of Risk
Management Policies
Section II(D)(4)
One-Time
Recordkeeping
One-Time
1
1
40
40
25
Risk Committee, Annual Review of Charter of
Internal Audit Function
Section II(D)(4)
Ongoing
Recordkeeping
Annually
57
1
20
1,140
26
Risk Committee, Quarterly Review of CRO
Reports
Section II(D)(4)(e)
Ongoing
Recordkeeping
Quarterly
57
4
40
9,120
27
Risk Committee, Quarterly Documentation of
Proceedings and Risk Management Decisions
Section II(D)(4)(f)
Ongoing
Recordkeeping
Quarterly
57
4
40
9,120
28
Risk Committee, Approval of Decisions
Regarding Appointment or Removal of CRO
Section II(D)(4)(g)
Ongoing
Recordkeeping
On
Occasion
57
1
40
2,280
29
Board Establishment of a Comprehensive Risk
Management Program
Section III(A)
One-Time
Recordkeeping
One-Time
1
1
100
100
30
Board Annual Review of Comprehensive Risk
Management Program
Section III(A)
Ongoing
Recordkeeping
Annually
57
1
50
2,850
31
Board Establishment of a Risk Profile
Section III(B)
One-Time
Recordkeeping
One-Time
1
1
40
40
32
Board Quarterly Review of Risk Profile
Section III(B)
Ongoing
Recordkeeping
Quarterly
57
4
40
9,120
33
Establishment of a Comprehensive Written
Statement that Establishes Risk Appetite Limits
Section III(B)
One-Time
Recordkeeping
One-Time
1
1
40
40
34
Board Quarterly Review and Approval of Risk
Appetitive Statement
Section III(B)
Ongoing
Recordkeeping
Quarterly
57
4
20
4,560
35
Report Risk Limit Breaches to the FDIC
Section III(C)(2)(c)(iii)
Ongoing
Reporting
On
Occasion
57
1
20
1,140
36
Front Line Unit, Establishment of Written
Policies that Include Risk Limits
Section III(C)(3)(a)(ii)
One-Time
Recordkeeping
One-Time
1
1
40
40
Type of
Burden
23
Audit Committee, Approval all Decisions
Regarding the Appointment or Removal and
Annual Compensation and Salary Adjustment
for the CAO
Section II(D)(1)(d)
Ongoing
24
Number
Information Collection Description and
Citation
6
�Frequency
Number
Respondents
Number of
Responses Per
Respondent
Time Per
Response
Total
Estimated
Annual
Burden
Recordkeeping
Annually
57
1
20
1,140
38
Front Line Unit, Establish Procedures and
Processes, as Necessary to Ensure Compliance
with Board Policies
Section III(C)(3)(a)(iii)
One-Time
Recordkeeping
One-Time
1
1
40
40
39
Front Line Unit, Annual Review of Procedures
and Processes, as Necessary to Ensure
Compliance with Board Policies
Section III(C)(3)(a)(iii)
Ongoing
Recordkeeping
Annually
57
1
20
1,140
40
Front Line Unit, Quarterly Monitor and Report
Compliance with Respective Risk Limits
Section III(C)(3)(a)(v)
Ongoing
Recordkeeping
Quarterly
57
4
40
9,120
41
Independent Risk Management Unit, Quarterly
Monitor and Report on the Covered Institution’s
Risk Profile Relative to Risk Appetite and
Concentration Limits
Section III(C)(3)(b)(iii)
Ongoing
Recordkeeping
Quarterly
57
4
40
9,120
Recordkeeping
One-Time
1
1
40
40
Recordkeeping
Annually
57
1
40
2,280
Recordkeeping
One-Time
1
1
20
20
Recordkeeping
Annually
57
1
10
580
Recordkeeping
Quarterly
57
4
10
2,280
Recordkeeping
One-Time
1
1
40
40
Number
Information Collection Description and
Citation
Type of
Burden
37
Front Line Unit, Annual Review of Written
Policies that Include Risk Limits
Section III(C)(3)(a)(ii)
Ongoing
42
43
44
45
46
47
Independent Risk Management Unit,
Establishment of Policies Relative to
Concentration Risk Limits
Section III(C)(3)(b)(iv)
One-time
Independent Risk Management Unit, Review
and Update of Policies Relative to
Concentration Risk Limits
Section III(C)(3)(b)(iv)
Ongoing
Independent Risk Management Unit,
Establishment of Procedures and Processes to
Ensure Compliance with Board Risk
Management Policies
Section III(C)(3)(b)(v)
One-time
Independent Risk Management Unit, Review
and Update of Procedures and Processes to
Ensure Compliance with Board Risk
Management Policies
Section III(C)(3)(b)(v)
Ongoing
Independent Risk Management Unit, Quarterly
Monitor and Report to CEO and Risk
Committee Front Line Units’ Compliance with
Risk Limits
Section III(C)(3)(b)(vii)
Ongoing
Internal Audit Unit, Establishment of an Audit
Plan
Section III(C)(3)(c)(ii)
One-Time
7
�Number
Information Collection Description and
Citation
Type of
Burden
Frequency
Number
Respondents
Number of
Responses Per
Respondent
Time Per
Response
Total
Estimated
Annual
Burden
48
Internal Audit Unit, Quarterly Report Changes
to Audit Plan
Section III(C)(3)(c)(ii)
Ongoing
Recordkeeping
Quarterly
57
4
10
2,280
49
Board, Establishment of Processes that Require
the Front Line and Independent Risk
Management Units to Identify and Distinguish
Breaches, as well as Establishment of
Accountability for Reporting and Resolving
Breaches
Section III(E)
One-Time
Recordkeeping
One-Time
1
1
40
40
50
Board, Annual Review Processes that Require
the Front Line and Independent Risk
Management Units to Identify and Distinguish
Breaches, as well as Establish Accountability
for Reporting and Resolving Breaches
Section III(E)
Ongoing
Recordkeeping
Annually
57
1
20
1,140
51
Front Line and Independent Risk Management
Units Report to the FDIC Breach of a Risk
Limit or Noncompliance with the Risk Appetite
Statement or Risk Management Program
Section III(E)(3)
Ongoing
Reporting
On
Occasion
57
1
20
1,140
52
Board, Establishment of Processes that Require
Front Line and Independent Risk Management
Units to Identify, Distinguish, Document and
Report Violations of Law or Regulations
Section III(F)
One-Time
Recordkeeping
One-Time
1
1
40
40
53
Board, Annual Review of Processes that
Require Front Line and Independent Risk
Management Units to Identify, Distinguish,
Document and Report Violations of Law or
Regulations
Section III(F)
Ongoing
Recordkeeping
Annually
57
1
20
1,140
TOTAL HOURLY BURDEN
91,375 hours
Estimated hourly cost is 91,375 hours x $139.33 4 = $12,731,278.75.
4
The recordkeeping, reporting, and disclosure compliance burden is expected to be distributed between executives,
lawyers and financial analysts. The estimated weighted average hourly compensation cost of these employees are
found by using the 75th percentile hourly wages reported by the Bureau of Labor Statistics (BLS) National IndustrySpecific Occupational Employment and Wage Estimates for the relevant occupations in the Depository Credit
Intermediation sector, as of May 2022. These wages are adjusted to account for inflation and compensation rates for
health and other benefits, as of March 2023, to provide an estimate of overall compensation.
8
�13. Estimate of Start-up Costs to Respondents:
None.
14. Estimate of annualized costs to the government:
None.
15. Analysis of change in burden:
Since this is the first time the FDIC will be submitting an information collection in
connection with the proposed rule, there is no change in burden. However, the
burden associated with this new information collection is 91,375 hours.
16. Information regarding collections whose results are planned to be published for
statistical use:
The results of this collection will not be published for statistical use.
17. Display of Expiration Date
This information collection is contained in a regulation.
18. Exceptions to Certification Statement
None.
B.
STATISTICAL METHODS
Statistical methods are not employed in these collections.
9
�
| File Type | application/pdf |
| File Modified | 2023-10-23 |
| File Created | 2023-10-23 |