Alert October 28, 2008

FRB Issues Guidance on Consolidated Supervision and Compliance Risk Management

The FRB issued new guidance to refine and clarify its programs for the consolidated supervision of bank holding companies (“BHCs”) and the combined U.S. operations of foreign banking organizations (“FBOs”) (the “Consolidated Supervision Guidance”).  Also, together with the Consolidated Supervision Guidance, the FRB released guidance clarifying supervisory expectations with respect to compliance risk management programs and oversight at large banking organizations with complex compliance profiles (“Compliance Risk Management Guidance”) (together with the Consolidated Supervision Guidance, the “Guidance”).   The FRB’s press release indicated that, although the FRB began formulating the Guidance before the recent turmoil in the financial markets, the enhanced approaches to consolidated supervision and compliance risk management across firms is expected to support a more resilient financial system.  FRB Governor Randall Kroszner further explained that the Guidance “will better equip our supervisory staff, working closely with other US and foreign supervisors and regulators, to understand and assess the full range and scope of a banking organization’s operations and risks.”

The Consolidated Supervision Guidance is designed to foster consistent FRB supervisory practices and assessments across institutions with similar activities and risks.  It describes how FRB staff develop an understanding and assessment of the consolidated operations of a BHC and the U.S. operations of an FBO through continuous monitoring activities, discovery reviews, and testing activities, as well as through interaction with, and reliance to the fullest extent possible on, other relevant supervisors and functional regulators.  The FRB emphasized its risk-focused and “portfolio” approach (assessing and evaluating practices across groups of organizations with similar characteristics and risk profiles) to consolidated supervision.

The Consolidated Supervision Guidance also clarifies the FRB’s policy of maintaining for each BHC and the combined U.S. operations of each FBO: (a) an understanding of key elements of the banking organization’s strategy, primary revenue sources, risk drivers, business lines, legal entity structure, governance and internal control framework, and presence in key financial markets; and (b) an assessment of (i) the effectiveness of risk management systems and controls over the primary risks inherent in the organization’s activities, (ii) the organization’s financial condition, and (iii) the potential negative impact of non-bank operations on affiliated depository institutions.

The Compliance Risk Management Guidance endorses the principles set forth in the April 2005 paper issued by the Basel Committee on Banking Supervision entitled “Compliance and the Compliance Function in Banks” (as discussed in the May 10, 2005 Alert). The guidance also clarifies certain FRB supervisory policies regarding compliance risk management programs and oversight at large banking organizations with complex compliance profiles.  In particular, the Compliance Risk Management Guidance emphasizes the importance of (i) implementing a firm-wide approach to compliance risk management and oversight; (ii) ensuring that compliance staff are independent from the firm (e.g., ensuring compliance compensation is not based on the firm’s financial performance); (iii) ensuring robust compliance monitoring and testing procedures are in place for identifying weaknesses in existing compliance risk management controls; and (iv) ensuring that senior management and boards of directors are fulfilling their duties to establish and promote an effective risk management program.