Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Speeches, Statements & Testimonies
Statement by Martin J. Gruenberg, Chairman, FDIC, on the Notice of Proposed Rulemaking for Guidelines on Corporate Governance and Risk Management for Covered Institutions of $10 Billion or More

On October 3, 2023, the FDIC Board authorized the publication of a Notice of Proposed Rulemaking (NPR) to add a new Appendix C to the FDIC’s safety and soundness regulation, 12 CFR 364, to incorporate guidelines on corporate governance and risk management for FDIC-supervised insured depository institutions (IDIs) with consolidated assets of $10 Billion or more. This NPR is being issued under the safety and soundness authority provided by Section 39 of the Federal Deposit Insurance Act.

The FDIC observed during the 2008 financial crisis, and more recent IDI failures in 2023, that IDIs with poor corporate governance and risk management practices were more likely to fail. Reports reviewing the 2023 IDI failures noted that poor corporate governance and risk management practices were contributing factors. 1 It is important to note that failures of IDIs impose costs on the Deposit Insurance Fund and negatively affect a wide variety of stakeholders including the IDI’s depositors and shareholders, employees, customers (including consumers and businesses that rely on the IDI’s services and the availability of credit), regulators, and the public as a whole.

Strong corporate governance is the foundation for an IDI’s safe and sound operations. An effective governance framework is necessary for an IDI to remain profitable, competitive, and resilient through changing economic and market conditions. The FDIC’s current safety and soundness standards for FDIC-supervised IDIs, as set forth in Appendix A of the Safety and Soundness regulation and supervisory guidance on corporate governance and risk management, provide baseline corporate governance and risk management expectations.

However, the FDIC believes that larger, more complex IDIs require more sophisticated and formal corporate governance and risk management structures and practices. The proposed guidelines would clarify the FDIC’s expectation that corporate governance and risk management frameworks need to evolve along with growth, complexity and changing business models and risk profiles of larger IDIs. The proposed guidelines describe the general obligations of a board of directors to ensure good corporate governance, including with respect to board composition, duties, and committee structure. Among other things, the duties of the board of directors include setting the tone at the top, developing a Code of Ethics, and providing active oversight of management.

In addition, the proposed guidelines would establish the FDIC’s expectations for board and management responsibilities regarding risk management and audit. An effective risk management program at larger, more complex IDIs covered by the proposal should include a three-line-of-defense model of risk management for monitoring and reporting risks, consisting of business units, an independent risk management function, and an internal audit unit. A covered institution’s risk management program should also include establishing and communicating a risk profile and risk appetite statement. Additionally, the proposed guidelines describe the FDIC’s expectations regarding the processes for identifying breaches of risk appetite or risk limits.

In conclusion, the experience of the three large IDI failures this spring should focus our attention on the need for meaningful action to improve the corporate governance and risk management processes of large IDIs under the Federal Deposit Insurance Act. The governance and risk management standards put forward in this NPR would be a significant step in that direction. I am pleased to support this Notice of Proposed Rulemaking, and look forward to reviewing the comments we receive.

Last Updated: October 3, 2023