(a) U.S. risk committee—(1) General. A foreign banking organization subject to this subpart must maintain a U.S. risk committee that approves and periodically reviews the risk-management policies of the combined U.S. operations of the foreign banking organization and oversees the risk-management framework of such combined U.S. operations. The U.S. risk committee’s responsibilities include the liquidity risk-management responsibilities set forth in § 252.156(a).

Ask a legal question, get an answer ASAP!
Click here to chat with a lawyer about your rights.

(2) Risk-management framework. The foreign banking organization’s risk-management framework for its combined U.S. operations must be commensurate with the structure, risk profile, complexity, activities, and size of its combined U.S. operations and consistent with its enterprise-wide risk management policies. The framework must include:

(i) Policies and procedures establishing risk-management governance, risk-management procedures, and risk-control infrastructure for the combined U.S. operations of the foreign banking organization; and

(ii) Processes and systems for implementing and monitoring compliance with such policies and procedures, including:

(A) Processes and systems for identifying and reporting risks and risk-management deficiencies, including regarding emerging risks, on a combined U.S. operations basis and ensuring effective and timely implementation of actions to address emerging risks and risk-management deficiencies;

(B) Processes and systems for establishing managerial and employee responsibility for risk management of the combined U.S. operations;

(C) Processes and systems for ensuring the independence of the risk-management function of the combined U.S. operations; and

(D) Processes and systems to integrate risk management and associated controls with management goals and the compensation structure of the combined U.S. operations.

(3) Placement of the U.S. risk committee. (i) A foreign banking organization that conducts its operations in the United States solely through a U.S. intermediate holding company must maintain its U.S. risk committee as a committee of the board of directors of its U.S. intermediate holding company (or equivalent thereof).

(ii) A foreign banking organization that conducts its operations through U.S. branches or U.S. agencies (in addition to through its U.S. intermediate holding company, if any) may maintain its U.S. risk committee either:

(A) As a committee of the global board of directors (or equivalent thereof), on a standalone basis or as a joint committee with its enterprise-wide risk committee (or equivalent thereof); or

(B) As a committee of the board of directors of its U.S. intermediate holding company (or equivalent thereof), on a standalone basis or as a joint committee with the risk committee of its U.S. intermediate holding company required pursuant to § 252.153(e)(3).

(4) Corporate governance requirements. The U.S. risk committee must meet at least quarterly and otherwise as needed, and must fully document and maintain records of its proceedings, including risk-management decisions.

(5) Minimum member requirements. The U.S. risk committee must:

(i) Include at least one member having experience in identifying, assessing, and managing risk exposures of large, complex financial firms; and

(ii) Have at least one member who:

(A) Is not an officer or employee of the foreign banking organization or its affiliates and has not been an officer or employee of the foreign banking organization or its affiliates during the previous three years; and

(B) Is not a member of the immediate family, as defined in § 225.41(b)(3) of the Board’s Regulation Y (12 CFR 225.41(b)(3)), of a person who is, or has been within the last three years, an executive officer, as defined in § 215.2(e)(1) of the Board’s Regulation O (12 CFR 215.2(e)(1)) of the foreign banking organization or its affiliates.

(b) U.S. chief risk officer—(1) General. A foreign banking organization subject to this subpart or its U.S. intermediate holding company, if any, must appoint a U.S. chief risk officer with experience in identifying, assessing, and managing risk exposures of large, complex financial firms.

(2) Responsibilities. (i) The U.S. chief risk officer is responsible for overseeing:

(A) The measurement, aggregation, and monitoring of risks undertaken by the combined U.S. operations;

(B) The implementation of and ongoing compliance with the policies and procedures for the foreign banking organization’s combined U.S. operations set forth in paragraph (a)(2)(i) of this section and the development and implementation of processes and systems set forth in paragraph (a)(2)(ii) of this section; and

(C) The management of risks and risk controls within the parameters of the risk-control framework for the combined U.S. operations, and the monitoring and testing of such risk controls.

(ii) The U.S. chief risk officer is responsible for reporting risks and risk-management deficiencies of the combined U.S. operations, and resolving such risk-management deficiencies in a timely manner.

(3) Corporate governance and reporting. The U.S. chief risk officer must:

(i) Receive compensation and other incentives consistent with providing an objective assessment of the risks taken by the combined U.S. operations of the foreign banking organization;

(ii) Be employed by and located in the U.S. branch, U.S. agency, U.S. intermediate holding company, if any, or another U.S. subsidiary;

(iii) Report directly to the U.S. risk committee and the global chief risk officer or equivalent management official (or officials) of the foreign banking organization who is responsible for overseeing, on an enterprise-wide basis, the implementation of and compliance with policies and procedures relating to risk-management governance, practices, and risk controls of the foreign banking organization, unless the Board approves an alternative reporting structure based on circumstances specific to the foreign banking organization;

(iv) Regularly provide information to the U.S. risk committee, global chief risk officer, and the Board regarding the nature of and changes to material risks undertaken by the foreign banking organization’s combined U.S. operations, including risk-management deficiencies and emerging risks, and how such risks relate to the global operations of the foreign banking organization; and

(v) Meet regularly and as needed with the Board to assess compliance with the requirements of this section.

(4) Liquidity risk-management requirements. The U.S. chief risk officer must undertake the liquidity risk-management responsibilities set forth in § 252.156(b).

(c) Responsibilities of the foreign banking organization. The foreign banking organization must take appropriate measures to ensure that its combined U.S. operations implement the risk management policies overseen by the U.S. risk committee described in paragraph (a) of this section, and its combined U.S. operations provide sufficient information to the U.S. risk committee to enable the U.S. risk committee to carry out the responsibilities of this subpart.

(d) Noncompliance with this section. If a foreign banking organization does not satisfy the requirements of this section, the Board may impose requirements, conditions, or restrictions relating to the activities or business operations of the combined U.S. operations of the foreign banking organization. The Board will coordinate with any relevant State or Federal regulator in the implementation of such requirements, conditions, or restrictions.

[Reg. YY, 79 FR 17326, Mar. 27, 2014, as amended at 84 FR 59116, Nov. 1, 2019]