Home
gpo.gov
govinfo.gov

e-CFR Navigation Aids

Browse

Simple Search

Advanced Search

 — Boolean

 — Proximity

 

Search History

Search Tips

Corrections

Latest Updates

User Info

FAQs

Agency List

Incorporation By Reference

eCFR logo

Related Resources

Electronic Code of Federal Regulations

e-CFR data is current as of July 9, 2020

Title 12Chapter IISubchapter APart 252 → Subpart C


Title 12: Banks and Banking
PART 252—ENHANCED PRUDENTIAL STANDARDS (REGULATION YY)


Subpart C—Risk Committee Requirement for Bank Holding Companies With Total Consolidated Assets of $50 Billion or More and Less Than $100 Billion


Contents
§252.20   [Reserved]
§252.21   Applicability.
§252.22   Risk committee requirement for bank holding companies with total consolidated assets of $50 billion or more.

Source: Reg. YY, 79 FR 17316, Mar. 27, 2014, unless otherwise noted.

return arrow Back to Top

§252.20   [Reserved]

return arrow Back to Top

§252.21   Applicability.

(a) General applicability. A bank holding company must comply with the risk-committee requirements set forth in this subpart beginning on the first day of the ninth quarter following the date on which its average total consolidated assets equal or exceed $50 billion.

(b) Cessation of requirements. A bank holding company will remain subject to the requirements of this subpart until the earlier of the date on which:

(1) Its total consolidated assets are below $50 billion for each of four consecutive calendar quarters; and

(2) It becomes subject to the requirements of subpart D of this part.

[84 FR 59102, Nov. 1, 2019]

return arrow Back to Top

§252.22   Risk committee requirement for bank holding companies with total consolidated assets of $50 billion or more.

(a) Risk committee—(1) General. A bank holding company subject to this subpart must maintain a risk committee that approves and periodically reviews the risk-management policies of the bank holding company's global operations and oversees the operation of the bank holding company's global risk-management framework.

(2) Risk-management framework. The bank holding company's global risk-management framework must be commensurate with its structure, risk profile, complexity, activities, and size, and must include:

(i) Policies and procedures establishing risk-management governance, risk-management procedures, and risk-control infrastructure for its global operations; and

(ii) Processes and systems for implementing and monitoring compliance with such policies and procedures, including:

(A) Processes and systems for identifying and reporting risks and risk-management deficiencies, including regarding emerging risks, and ensuring effective and timely implementation of actions to address emerging risks and risk-management deficiencies for its global operations;

(B) Processes and systems for establishing managerial and employee responsibility for risk management;

(C) Processes and systems for ensuring the independence of the risk-management function; and

(D) Processes and systems to integrate risk management and associated controls with management goals and its compensation structure for its global operations.

(3) Corporate governance requirements. The risk committee must:

(i) Have a formal, written charter that is approved by the bank holding company's board of directors;

(ii) Be an independent committee of the board of directors that has, as its sole and exclusive function, responsibility for the risk-management policies of the bank holding company's global operations and oversight of the operation of the bank holding company's global risk-management framework;

(iii) Report directly to the bank holding company's board of directors;

(iv) Receive and review regular reports on a not less than a quarterly basis from the bank holding company's chief risk officer provided pursuant to paragraph (b)(3)(ii) of this section; and

(v) Meet at least quarterly, or more frequently as needed, and fully document and maintain records of its proceedings, including risk-management decisions.

(4) Minimum member requirements. The risk committee must:

(i) Include at least one member having experience in identifying, assessing, and managing risk exposures of large, complex financial firms; and

(ii) Be chaired by a director who:

(A) Is not an officer or employee of the bank holding company and has not been an officer or employee of the bank holding company during the previous three years;

(B) Is not a member of the immediate family, as defined in 12 CFR 225.41(b)(3), of a person who is, or has been within the last three years, an executive officer of the bank holding company, as defined in 12 CFR 215.2(e)(1); and

(C)(1) Is an independent director under Item 407 of the Securities and Exchange Commission's Regulation S-K (17 CFR 229.407(a)), if the bank holding company has an outstanding class of securities traded on an exchange registered with the U.S. Securities and Exchange Commission as a national securities exchange under section 6 of the Securities Exchange Act of 1934 (15 U.S.C. 78f) (national securities exchange); or

(2) Would qualify as an independent director under the listing standards of a national securities exchange, as demonstrated to the satisfaction of the Board, if the bank holding company does not have an outstanding class of securities traded on a national securities exchange.

(b) Chief risk officer—(1) General. A bank holding company subject to this subpart must appoint a chief risk officer with experience in identifying, assessing, and managing risk exposures of large, complex financial firms.

(2) Responsibilities. (i) The chief risk officer is responsible for overseeing:

(A) The establishment of risk limits on an enterprise-wide basis and the monitoring of compliance with such limits;

(B) The implementation of and ongoing compliance with the policies and procedures set forth in paragraph (a)(2)(i) of this section and the development and implementation of the processes and systems set forth in paragraph (a)(2)(ii) of this section; and

(C) The management of risks and risk controls within the parameters of the company's risk-control framework, and monitoring and testing of the company's risk controls.

(ii) The chief risk officer is responsible for reporting risk-management deficiencies and emerging risks to the risk committee and resolving risk-management deficiencies in a timely manner.

(3) Corporate governance requirements. (i) The bank holding company must ensure that the compensation and other incentives provided to the chief risk officer are consistent with providing an objective assessment of the risks taken by the bank holding company; and

(ii) The chief risk officer must report directly to both the risk committee and chief executive officer of the company.

[84 FR 59102, Nov. 1, 2019]

return arrow Back to Top

Need assistance?