Over one year ago, on October 3, 2023, the Federal Deposit Insurance Corporation (FDIC) proposed supervisory guidelines that would establish standards for corporate governance and risk management for all state non-member banks with assets greater than $10 billion (Proposed Guidelines). Unlike guidance, which does not have the force and effect of law, any final guidelines based on the Proposed Guidelines (Final Guidelines) would be issued as Appendix C to the FDIC’s standards for safety and soundness in part 364, pursuant to Section 39 of the FDI Act.

Under the FDIC’s rulemaking authority, the Final Guidelines would be enforceable, binding legal obligations — i.e., if a covered institution failed to meet a standard prescribed by the Final Guidelines, the FDIC would maintain the discretion to decide whether to require the submission of a plan, providing the FDIC with supervisory flexibility to pursue the course of action that it deems most appropriate.

Though the FDIC has not released any further information since the proposal was issued, 67 comments were submitted by various banks, trade associations and industry groups, states and individuals and the FDIC’s regulatory agenda indicates that it is targeting December 2024 for publication of the final guidelines. In addition, Vice Chairman Travis Hill recently noted at a public Women’s Housing & Finance Event that the FDIC staff is working on finalizing the Proposed Guidelines.

Revisiting the Proposed Guidelines in anticipation of December 2024 is worthwhile, not only because of their potential enforceability, but also given that they generated significant controversy across the banking industry. This collective response was due to the Proposed Guidelines’ highly detailed and prescriptive nature, as well as their significant departure from current corporate governance and risk standards. Both the Independent Community Bankers of America (ICBA) and the American Bankers Association, among others, submitted comments calling for the FDIC to withdraw the rule, with the ICBA calling the logic underpinning the proposal “deeply flawed.”

Summary of the Proposed Guidelines:

The Proposed Guidelines would require governance practices similar to the Office of the Comptroller of the Currency’s Heightened Standards (which apply to national banks with over $50 billion in assets) for all insured state non-member banks with total consolidated assets equal to or greater than $10 billion. The Proposed Guidelines would become applicable once an institution’s Consolidated Reports of Condition and Income (Call Report) exceed the $10 billion threshold for the two most recent quarters. If an institution’s Call Report were to later fall below the $10 billion threshold for four quarters, such institution would no longer be covered. Further, the FDIC has reserved the authority to apply the Proposed Guidelines, in whole or in part, to institutions with less than $10 billion in total consolidated assets if the FDIC determines that the institution’s operations are highly complex or present heightened risk.

Key Elements of the Proposed Guidelines:

Corporate Governance/Board of Directors:

  • A majority of directors are to be independent and outside directors;
  • Board must weigh diversity considerations in considering board composition;
  • New director duties, requiring that directors consider the interests of all “stakeholders, including shareholders, depositors, creditors, customers, regulators, and the public;”
  • A separate risk committee that must meet quarterly;
  • A separate compensation committee and adoption and oversight of a Compensation and Performance Management Program;
  • Establishment of a board self-assessment process and director training programs; and
  • Annual review and approval by the board of a code of ethics, executive succession plans, strategic plans, and other policies.

Risk Management:

  • Adoption of a “three-lines-of-defense” risk management framework consisting of a front line unit, an independent risk management unit led by a Chief Risk Officer, and an internal audit unit led by a Chief Audit Officer (with permitted use of parent company risk governance framework under certain circumstances);
  • Risk management programs that cover certain types of risk, including cybersecurity, Anti-Money Laundering/Countering the Financing of Terrorism compliance, credit, interest, liquidity, price, and legal, among others;
  • At least a quarterly review of risk appetite statements; and
  • Independent risk management unit must establish policies, procedures, and processes providing for the design, implementation, and maintenance of data and IT infrastructure supporting risk aggregation and reporting needs, and must timely report any material risks, concentrations, breaches of limits, and emerging risks to the board and the CEO.

Legal Compliance:

  • Procedures by which risk management and front line units can identify, document, and inform management and the board of violations of law or regulation and the timely reporting of any identified violations to the appropriate agency.

Summary of Key Criticisms:

As noted, the Proposed Guidelines have been heavily criticized. The main criticisms include concerns that the Proposed Guidelines:

  • Conflict with state laws concerning director duties and responsibilities;
  • Contain certain highly prescriptive mandates that contrast with the FDIC’s traditional “principles-based” approach to guidelines, and that leave little room for nuanced implementation while blurring the responsibilities of directors and management;
  • Contain certain mandates that are vague, confusing, and could potentially apply to any state non-member bank of any size;
  • Will make recruiting directors more difficult and deter qualified individuals from serving;
  • Create an uneven playing field between similarly situated state non-member banks, state member banks, and national banks; and
  • Will be extremely difficult to implement on the proposed timeline and without transition periods.

Banks should continue to monitor for further developments and the potential release of Final Guidelines. Troutman Pepper can help analyze any standards adopted and assess the potential impact of the Final Guidelines on covered institutions’ governance structures and operations.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Alexandra Steinberg Barrage Alexandra Steinberg Barrage

Alex draws on her experience as a former FDIC executive and comprehensive knowledge of bank regulations to advise a wide array of banks and technology companies. She is a sought-after advisor on complex supervisory, regulatory, payments, and transactional issues.

Photo of Matthew Bornfreund Matthew Bornfreund

Matthew provides comprehensive guidance to clients on a wide range of regulatory, transactional, and compliance matters, helping them to advance their operational goals and launch new products and services. His clients include domestic and international traditional and nontraditional banks, as well as fintechs…

Matthew provides comprehensive guidance to clients on a wide range of regulatory, transactional, and compliance matters, helping them to advance their operational goals and launch new products and services. His clients include domestic and international traditional and nontraditional banks, as well as fintechs, private equity funds, and payment services firms.

Photo of Jason Langford Jason Langford

Jason is an associate in the firm’s Corporate practice. He focuses his practice primarily on helping domestic and foreign issuers raise capital while complying with the disclosure obligations and reporting requirements under the Securities Act of 1933 and Securities Exchange Act of 1934…

Jason is an associate in the firm’s Corporate practice. He focuses his practice primarily on helping domestic and foreign issuers raise capital while complying with the disclosure obligations and reporting requirements under the Securities Act of 1933 and Securities Exchange Act of 1934, as well as securities exchange requirements and listing standards. In addition, he assists companies with corporate governance and affiliated entity management, supports merger and acquisition transactions, and assists with general corporate and compliance matters.

Photo of Gregory Parisi Gregory Parisi

Greg leverages his broad experience and pragmatic approach, bringing a wealth of knowledge, business insight and practical problem-solving skills to efficiently manage transactions and advise clients in an evolving legal landscape. He combines his corporate and transactional experience with a robust knowledge of…

Greg leverages his broad experience and pragmatic approach, bringing a wealth of knowledge, business insight and practical problem-solving skills to efficiently manage transactions and advise clients in an evolving legal landscape. He combines his corporate and transactional experience with a robust knowledge of bank regulatory issues to provide valued legal solutions for financial institutions, financial technology companies and other businesses. Greg often works closely with clients to design and implement internal policies and procedures and contractual safeguards in commercial arrangements in connection with corporate and regulatory requirements and risk management best practices.