OCC BULLETIN 2017-18
Subject: Violations of Laws and Regulations
Date: May 23, 2017
To: Chief Executive Officers of All National Banks and Federal Savings Associations, Department and Division Heads, All Examining Personnel, and Other Interested Parties
Description: Updated Guidance
The Office of the Comptroller of the Currency (OCC) updated today its policies and procedures regarding violations of laws and regulations. This policy is effective on July 1, 2017. These updates are reflected in the “Bank Supervision Process,” “Community Bank Supervision,” “Federal Branches and Agencies,” and “Large Bank Supervision” booklets and other sections of the Comptroller’s Handbook and internal guidance.
The OCC’s updated policies and procedures on violations of laws and regulations address recommendations in “An International Review of OCC’s Supervision of Large and Midsize Institutions” (International Peer Review report) and support the agency’s mission of ensuring a safe and sound federal banking system by emphasizing timely detection and correction of violations before they affect a bank’s condition. The updated policies and procedures also provide the agency with guidelines on consistent terminology, communication, format, follow-up, analysis, documentation, and reporting of violations.
The OCC’s updated guidance highlights the principles important in implementing the agency’s mission of ensuring safe and sound bank operations. Here are the goals and practices the agency is implementing:
In December 2013, the International Peer Review report recommended that the OCC analyze the effectiveness of the agency’s process for handling matters requiring attention and consider, for example, developing controls to better manage the process. In October 2014, the OCC issued Bulletin 2014-52, “Matters Requiring Attention,” to address the report’s concerns. The OCC determined that the agency could benefit from similar processes regarding violations of laws and regulations.
The OCC’s analysis of its violations process sets the following goals:
This bulletin is an extension of OCC Bulletin 2014-52.
Communication With Board and Management
Examiners must communicate all OCC-identified violations to facilitate timely and effective corrective action by the board and management. Examiners must communicate substantive violations to the bank in a report of examination (ROE) or supervisory letter, including substantive self-identified violations in certain circumstances. Examiners must communicate less substantive OCC-identified violations in a separate written document if the examiners do not include them in an ROE or supervisory letter. Examiners may use discretion to determine whether less substantive, self-identified violations warrant communication in a separate written document.
The OCC expects the board and management to take timely and effective correction of all violations regardless of how they are communicated. If management fails to correct a violation previously communicated in a separate written document by the OCC, the examiner should include the violation in the next ROE or supervisory letter.
The first time an examiner communicates a violation to a bank, the examiner must label the violation with one or more of the following attributes:
Upon completing a follow-up activity, examiners must determine whether to label a violation as past due, pending validation, or closed.
All banks should contact their OCC supervisory offices or Large Bank examiners-in-charge with any questions.
Grace E. Dailey
1 A bank’s composite rating under the Uniform Financial Institutions Rating System, or CAMELS, integrates ratings from six component areas: capital adequacy, asset quality, management, earnings, liquidity, and sensitivity to market risk. Evaluations of the component areas take into consideration the bank’s size and sophistication, the nature and complexity of its activities, and its risk profile. ITCC refers to ratings on information technology, trust, consumer compliance, and the Community Reinvestment Act. ROCA is the interagency uniform supervisory rating system for federal branches and agencies of foreign banking organizations. The ROCA system’s four components are risk management, operational controls, compliance, and asset quality. The overall or composite rating under ROCA indicates whether, in the aggregate, the operations of the branch or agency may present supervisory concerns and the extent of any concerns.
2 A violation may be simultaneously past due and pending validation if the examiner has verified the bank’s corrective action but insufficient time has passed for the bank to demonstrate sustained performance under the corrective actions, and the OCC has not validated the sustainability of the corrective actions.