[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 1910 Introduced in House (IH)]
<DOC>
119th CONGRESS
1st Session
H. R. 1910
To amend the Financial Stability Act of 2010 to require certain large
banking institutions to have a Chief Risk Officer, and for other
purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
March 6, 2025
Mr. Casten (for himself, Mr. Sherman, Mr. David Scott of Georgia, Mr.
Green of Texas, and Mr. Torres of New York) introduced the following
bill; which was referred to the Committee on Financial Services
_______________________________________________________________________
A BILL
To amend the Financial Stability Act of 2010 to require certain large
banking institutions to have a Chief Risk Officer, and for other
purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Chief Risk Officer Enforcement and
Accountability Act''.
SEC. 2. CHIEF RISK OFFICER.
Section 165(h) of the Financial Stability Act of 2010 (12 U.S.C.
5365(h)) is amended--
(1) in paragraph (2)--
(A) by striking ``that is a publicly traded company
and'' each place such term appears; and
(B) by inserting ``, and appoint a chief risk
officer, as set forth in paragraph (4)'' after ``as set
forth in paragraph (3)'' each place such term appears;
(2) by redesignating paragraph (4) as paragraph (7); and
(3) by inserting after paragraph (3) the following:
``(4) Chief risk officer.--
``(A) In general.--A chief risk officer required by
this subsection shall be appointed by a company from
among individuals with experience in identifying,
assessing, and managing risk exposures of large,
complex financial firms.
``(B) Responsibilities.--A chief risk officer shall
be responsible for overseeing the following:
``(i) The establishment of risk limits on
an enterprise-wide basis and the monitoring of
compliance with such limits.
``(ii) The implementation of and ongoing
compliance with the policies and procedures
establishing risk-management governance, risk-
management procedures, and risk-control
infrastructure for the global operations of the
company.
``(iii) The development and implementation
of the processes and systems for implementing
and monitoring compliance with the policies and
procedures described under clause (ii),
including--
``(I) processes and systems for
identifying and reporting risks and
risk-management deficiencies, including
regarding emerging risks, and ensuring
effective and timely implementation of
actions to address emerging risks and
risk-management deficiencies for the
global operations of the company;
``(II) processes and systems for
establishing managerial and employee
responsibility for risk management;
``(III) processes and systems for
ensuring the independence of the risk-
management function; and
``(IV) processes and systems to
integrate risk management and
associated controls with management
goals and the compensation structure of
the company for the global operations
of the company.
``(iv) The management of risks and risk
controls within the parameters of the company's
risk-control framework, and monitoring and
testing of the company's risk controls.
``(C) Reporting responsibilities.--A chief risk
officer shall--
``(i) report directly to both the risk
committee described under paragraph (3) and the
chief executive officer of the company; and
``(ii) be responsible for reporting risk-
management deficiencies and emerging risks to
the risk committee described under paragraph
(3) and resolving risk-management deficiencies
in a timely manner.
``(D) Vacancies.--
``(i) Notification to regulators.--With
respect to a chief risk officer required by
this subsection, if the office of a chief risk
officer becomes vacant, the company shall--
``(I) not later than 24 hours after
such vacancy occurs, notify the primary
financial regulatory agency of the
company, the primary financial
regulatory agency of any depository
institution subsidiary of the company,
and any State agency with supervisory
authority over the company or any
depository institution subsidiary of
the company of such vacancy; and
``(II) not later than 7 days after
such vacancy occurs, submit a plan to
the primary financial regulatory agency
of the company, the primary financial
regulatory agency of any depository
institution subsidiary of the company,
and any State agency with supervisory
authority over the company or any
depository institution subsidiary of
the company on how the company will
search for and promptly hire a well-
qualified chief risk officer to fill
the vacancy.
``(ii) Failure to fill vacancy.--With
respect to a vacancy described under clause
(i), if the company does not fill the vacancy
within 60 days of the vacancy occurring--
``(I) the company shall notify the
public, including on the website of the
company, that the vacancy has existed
for more than 60 days; and
``(II) the total assets of the
company may not exceed the total assets
of the company on the date the vacancy
occurred until such time as the vacancy
is filled.
``(5) Application to large banks with no bank holding
company.--The primary financial regulatory agencies shall issue
regulations requiring each bank that does not have a bank
holding company and that has total consolidated assets of not
less than $50,000,000,000 to establish a risk committee, as set
forth in paragraph (3) and appoint a chief risk officer, as set
forth in paragraph (4).
``(6) Primary financial regulatory agency for certain
nonbank financial companies.--For purposes of this subsection,
the primary financial regulatory agency for a nonbank financial
company supervised by the Board of Governors shall be the Board
of Governors.''.
<all>