�౦��Ϸ����

On October 3, 2023, the �౦��Ϸ���� Board authorized the publication of a Notice of Proposed Rulemaking (NPR) to add a new Appendix C to the �౦��Ϸ����’s safety and soundness regulation, 12 CFR 364, to incorporate guidelines on corporate governance and risk management for �౦��Ϸ����-supervised insured depository institutions (IDIs) with consolidated assets of $10 Billion or more. This NPR is being issued under the safety and soundness authority provided by Section 39 of the Federal Deposit Insurance Act.

The �౦��Ϸ���� observed during the 2008 financial crisis, and more recent IDI failures in 2023, that IDIs with poor corporate governance and risk management practices were more likely to fail. Reports reviewing the 2023 IDI failures noted that poor corporate governance and risk management practices were contributing factors.¹ It is important to note that failures of IDIs impose costs on the Deposit Insurance Fund and negatively affect a wide variety of stakeholders including the IDI’s depositors and shareholders, employees, customers (including consumers and businesses that rely on the IDI’s services and the availability of credit), regulators, and the public as a whole.

Strong corporate governance is the foundation for an IDI’s safe and sound operations. An effective governance framework is necessary for an IDI to remain profitable, competitive, and resilient through changing economic and market conditions. The �౦��Ϸ����’s current safety and soundness standards for �౦��Ϸ����-supervised IDIs, as set forth in Appendix A of the Safety and Soundness regulation and supervisory guidance on corporate governance and risk management, provide baseline corporate governance and risk management expectations.

However, the �౦��Ϸ���� believes that larger, more complex IDIs require more sophisticated and formal corporate governance and risk management structures and practices. The proposed guidelines would clarify the �౦��Ϸ����’s expectation that corporate governance and risk management frameworks need to evolve along with growth, complexity and changing business models and risk profiles of larger IDIs. The proposed guidelines describe the general obligations of a board of directors to ensure good corporate governance, including with respect to board composition, duties, and committee structure. Among other things, the duties of the board of directors include setting the tone at the top, developing a Code of Ethics, and providing active oversight of management.

In addition, the proposed guidelines would establish the �౦��Ϸ����’s expectations for board and management responsibilities regarding risk management and audit. An effective risk management program at larger, more complex IDIs covered by the proposal should include a three-line-of-defense model of risk management for monitoring and reporting risks, consisting of business units, an independent risk management function, and an internal audit unit. A covered institution’s risk management program should also include establishing and communicating a risk profile and risk appetite statement. Additionally, the proposed guidelines describe the �౦��Ϸ����’s expectations regarding the processes for identifying breaches of risk appetite or risk limits.

In conclusion, the experience of the three large IDI failures this spring should focus our attention on the need for meaningful action to improve the corporate governance and risk management processes of large IDIs under the Federal Deposit Insurance Act. The governance and risk management standards put forward in this NPR would be a significant step in that direction. I am pleased to support this Notice of Proposed Rulemaking, and look forward to reviewing the comments we receive.