Comptroller’s Handbook Safety and Soundness Capital Asset Sensitivity to Other Adequacy Quality Management Earnings Liquidity Market Risk Activities (C) (A) (M) (E) (L) (S) (O) Corporate and Risk Governance Version 2.0, July 2019 Office of the Comptroller of the Currency Washington, DC 20219 Version 2.0 Contents Contents Introduction ..............................................................................................................................1 Risks Associated With Corporate and Risk Governance .............................................. 3 Strategic Risk .......................................................................................................... 4 Reputation Risk ....................................................................................................... 4 Compliance Risk ..................................................................................................... 4 Operational Risk ..................................................................................................... 5 Corporate Governance ............................................................................................................6 Board’s Role in Corporate Governance ........................................................................ 6 Board Composition, Qualifications, and Selection ................................................. 7 Leadership Structure of the Board .......................................................................... 9 Outside Advisors and Advisory Directors .............................................................. 9 Board and Board Committee Meeting Minutes .................................................... 10 Access to Senior Management and Staff .............................................................. 11 Director Orientation and Training ........................................................................ 12 Board Compensation ............................................................................................. 12 Board Tenure ........................................................................................................ 13 Board’s Responsibilities ....................................................................................... 13 Provide Oversight ........................................................................................... 15 Establish an Appropriate Corporate Culture ................................................... 15 Comply With Fiduciary Duties and the Law .................................................. 17 Select, Retain, and Oversee Management....................................................... 18 Oversee Compensation and Benefits Arrangements....................................... 21 Maintain Appropriate Affiliate and Holding Company Relationships ........... 24 Establish and Maintain an Appropriate Board Structure ................................ 24 Perform Board Self-Assessments ................................................................... 25 Oversee Financial Performance and Risk Reporting ...................................... 26 Support Efforts to Serve Community Credit Needs ....................................... 28 Individual Responsibilities of Directors ............................................................... 28 Attend and Participate in Board and Committee Meetings ............................ 28 Request and Review Meeting Materials ......................................................... 29 Make Decisions and Seek Explanations ......................................................... 29 Review and Approve Policies ......................................................................... 30 Exercise Independent Judgment ..................................................................... 30 Planning ..................................................................................................................................32 Strategic Planning ....................................................................................................... 32 New Activities ...................................................................................................... 34 Capital Planning .......................................................................................................... 35 Operational Planning .................................................................................................. 36 Disaster Recovery and Business Continuity Planning .......................................... 36 Information Technology and Information Security .............................................. 37 Recovery Planning ...................................................................................................... 37 Comptroller’s Handbook i Corporate and Risk Governance Version 2.0 Contents Risk Governance ....................................................................................................................39 Risk Culture ................................................................................................................ 40 Risk Appetite .............................................................................................................. 40 Risk Management System........................................................................................... 42 Identify Risk.......................................................................................................... 44 Measure Risk ........................................................................................................ 44 Monitor Risk ......................................................................................................... 44 Control Risk .......................................................................................................... 44 Risk Assessment Process ...................................................................................... 45 Policies .................................................................................................................. 45 Processes ............................................................................................................... 46 Personnel ............................................................................................................... 46 Control Systems .................................................................................................... 47 Quality Control ............................................................................................... 48 Quality Assurance ........................................................................................... 48 Compliance Management System................................................................... 48 Bank Secrecy Act/Anti-Money Laundering Program..................................... 50 Audit Program ................................................................................................. 51 Management Information Systems ....................................................................... 52 Third-Party Risk Management .............................................................................. 54 Insurance ............................................................................................................... 54 Insurance Record Keeping .............................................................................. 55 Board and Management’s Roles in Risk Governance .......................................... 55 Board’s Responsibilities ................................................................................. 55 Management’s Responsibilities ...................................................................... 56 Examination Procedures .......................................................................................................58 Scope ........................................................................................................................... 58 Board of Directors and Management .......................................................................... 60 Conclusions ................................................................................................................. 89 Internal Control Questionnaire ................................................................................... 91 Verification Procedures .............................................................................................. 96 Appendixes..............................................................................................................................98 Appendix A: Board of Directors Statutory and Regulatory Requirements ................ 98 Appendix B: Regulations Requiring Board Approval for Policies and Programs.... 101 Appendix C: Common Board Committees ............................................................... 106 Appendix D: Common Types of Insurance .............................................................. 111 Appendix E: Glossary ............................................................................................... 117 Appendix F: Abbreviations ....................................................................................... 119 References .............................................................................................................................120 Comptroller’s Handbook ii Corporate and Risk Governance Version 2.0 Introduction Introduction The Office of the Comptroller of the Currency’s (OCC) Comptroller’s Handbook booklet, “Corporate and Risk Governance,”