Don't look now—we may have made it through the July 4 weekend, but the seas are roiling for banks regulated by the federal Office of the Comptroller of the Currency (OCC). That agency has adopted new "safety and soundness" guidelines which impose important human resources-related obligations on large foreign and domestic banks.

These new guidelines, which apply to banks with average total consolidated assets equal or greater to $50 billion, make talent management, recruitment, succession planning, and compensation practices a focus of covered banks' boards and senior executive officers. In doing so, the guidelines equally cement the crucial role of banks' human resources executives in compliance-related functions.

Coverage kicks in no later than May 30, 2016, if bank assets are between $50 and $100 billion. And if you are a bank with assets of $100 billion or more, I hope it does not come as a surprise to learn that you have been covered by these guidelines since last Nov. 30.

What are these new rules, and to whom do they apply?

They are called "OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Savings Associations, and Insured Federal Branches."

A mouthful, to be sure, and we will refer to them here as the guidelines.¹

The guidelines' principal focus is on helping covered banks "establish and implement a risk governance framework to manage and control…risk-taking activities."² This means requiring covered banks to comply with "minimum standards for the design and implementation of a…risk governance framework and minimum standards for the covered bank's board of directors …."³

Risk governance procedures apply to a number of designated risk categories—credit risk, interest rate risk, liquidity risk, price risk, operational risk, compliance risk, strategic risk, and reputation risk.⁴

The guidelines, then, do not solely regulate human resources-related practices. Their focus in this area is on "talent management processes" and "compensation and performance management programs."

Coverage

The OCC is an independent bureau of the U.S. Department of the Treasury. It "charters, regulates, and supervises all national banks and federal savings associations as well as federal branches and agencies of foreign banks." The OCC's mission is "[t]o ensure that national banks and federal savings associations operate in a safe and sound manner, provide fair access to financial services, treat customers fairly, and comply with applicable laws and regulations."⁵

The OCC established the guidelines, following a period of public comment, as a reaction to the recent financial crisis. That crisis, of course, has spawned other significant laws aimed at strengthening the supervision and regulation of large U.S. financial institutions, perhaps most notably the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd Frank).

What financial institutions do the guidelines cover? A very broad swath, assuming the institution meets the $50 billion threshold. The guidelines identify targeted institutions as any insured national bank, insured federal savings association, or insured federal branch of a foreign bank. They will even apply to a bank with average total consolidated assets of under $50 billion if that bank's parent company controls at least one covered bank, or if the OCC determines that the bank's operations "are highly complex or otherwise present a heightened risk as to warrant" the guidelines' application.

So a bank may not be covered by the guidelines today, but could become covered if the institution's assets grow beyond the threshold, or if the OCC determines that the bank's operations are sufficiently complex or risky as to come under its purview.

What is particularly interesting is the guidelines' definitions of certain key positions at any regulated bank and their identification of a hierarchy as to where those positions should fit in the bank's structure, including, in some instances, who should report to whom.

Thus, the guidelines make the Chief Audit Executive (CAE) responsible for leading the bank's internal audit department, and place the CAE one level below the Chief Executive Officer (CEO). Further, the guidelines make the Chief Risk Executive (CRE) responsible for leading the independent risk management unit. Along with the chief audit executive, the chief risk executive also sits a level below the CEO. The guidelines note that a covered bank may have more than one CRE.

The guidelines also define a "Front Line Unit," and we will get to that definition in a minute.⁶

Talent Management

What provisions of the guidelines specifically pertain to human resources issues? There are two. As noted above, they are titled "Talent Management Processes" and "Compensation and Performance Management Programs."⁷

The talent management provisions require covered banks to "establish and adhere to processes for talent development, recruitment, and succession planning to ensure that management and employees who are responsible for or influence material risk decisions have the knowledge, skills, and abilities to effectively identify, measure, monitor, and control relevant risks."

The Board of Directors or an appropriate committee is charged with assuring that the CEO and CAE, and one or more CREs, have the requisite skill and abilities to do their jobs.

The board or designated committee is also required to "review and approve a written talent management program that provides for development, recruitment, and succession planning regarding the [CEO, CAE and the CREs], their direct reports, and other potential successors."

Further, the board must "[r]equire management to assign individuals specific responsibilities within the talent management program, and hold those individuals accountable for the program's effectiveness."

Compensation Practices

What do the guidelines say about compensation practices?

They require covered banks to "establish and adhere to compensation and performance management programs that comply with any applicable statute or regulation." Further, the programs must "[e]nsure the [CEO], front line units, independent risk management [another specifically defined unit of the bank], and internal audit implement and adhere to an effective risk governance framework.…"

The covered banks must also "[e]nsure front line unit compensation plans and decisions appropriately consider the level and severity of issues and concerns identified by independent risk management and internal audit, as well as the timeliness of corrective action to resolve such issues and concerns.…"

Finally, they must assure that compensation plans and decisions "[a]ttract and retain the talent needed to design, implement, and maintain an effective risk governance framework; and…[p]rohibit any incentive-based payment arrangement, or any feature of any such arrangement, that encourages inappropriate risks by providing excessive compensation or that could lead to material financial loss."

Other federal agencies address the issue of compensation practices in even more detail. The Federal Deposit Insurance Act requires each federal banking agency to establish safety and soundness standards that include compensation guidelines.

Front Line Units

The guidelines do not specifically delegate enforcement of these particular provisions to a covered bank's human resources department. Instead, the guidelines require banks to establish "front line units" to address these provisions.

What are "front line units"? These are defined as "any organizational unit or function thereof in a covered bank that is accountable for a risk in paragraph II.B. of these Guidelines"—i.e., credit, interest rate, liquidity, price, operational, compliance, strategic, and reputation risk—and that (1) engage in activities designed to generate revenue or reduce expenses for the parent company or covered bank; (2) provide operational support or servicing to any organizational unit or function within the covered bank for the delivery of products or services to customers; or (3) provide technology services to any organization unit or function covered by the guidelines.⁸

Organizational units that provide legal services to the covered bank are explicitly excluded from "normally" being considered a front line unit.⁹

What about Human Resources? These departments are not explicitly excluded, as are law departments, but the OCC discusses the special role of Human Resources in its summary accompanying the guidelines' issuance. The OCC cites Human Resources as an example of "an organizational unit [that] may have some accountability for one or more risks, but may not meet other provisions of the definition and thus would not be a front line unit."

The OCC notes that "one of the primary responsibilities of human resources is to design and implement compensation programs, which, if not designed and implemented properly, could motivate inappropriate risk-taking behavior." Nevertheless, Human Resources is not a front line unit because it does not provide or engage in the three above-identified activities or services.

Even so, the summary notes, Human Resources may well be consulted by the covered bank's board of directors or its designee, or a front line unit, to assist with implementing those requirements of the guidelines that require Human Resources' expertise.¹⁰ This may, for example, be a bank's CRE, or it could be the bank's internal audit department.

Conclusion

Talent management and compensation, areas of traditional Human Resources expertise, are central to the focus of the OCC's new guidelines. As financial services companies grow, Human Resources executives should expect to play an important role in critically important compliance-related functions.

Endnotes:

1. 12 C.F.R. Part 30, Appendix D.

2. See Guidelines Section I (1).

3. Id. Section I (2).

4. Id. Section II (B).

5. http://www.occ.gov/about/what-we-do/mission/index-about.html (accessed July 5, 2015).

6. See Guidelines Section I.

7. See Guidelines Section III, paragraphs L and M.

8. Id., Section I.E.6(a).

9. Id., Section I.E.6 (b).

10. 79 Fed . Reg.. Vol. 176 at 54524-25.

Philip M. Berkowitz is a shareholder and U.S. co-chair of Littler’s International Law Practice Group. He is based in the firm’s New York City office. This article is reprinted with permission from the July 19, 2015 issue of the New York Law Journal. © ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.