Over the last two months, the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) have jointly and individually issued a wave of guidance and proposed rule changes signaling the most substantial pivots in bank supervision in a decade. The central theme is clear: a decisive move away from prescriptive, “check-the-box” compliance and towards a focus on material financial risks that genuinely threaten an institution’s safety, soundness, or the Deposit Insurance Fund (DIF).
For our financial institution clients, these changes create a significant shift in operational strategy, risk allocation, and resource deployment. The supervisory model is becoming less prescriptive, placing a higher burden of responsibility on management to demonstrate prudent, risk-based decision-making.
The Central Theme: Elevating Material Financial Risk
The most impactful element of the recent guidance is the establishment of a much higher bar for supervisory criticism and enforcement, as articulated in recently issued Notices of Proposed Rulemaking (NPRMs) illustrated by the joint OCC and FDIC proposed rulemakings:
A. New Standard for Enforcement: Defining ‘Unsafe or Unsound Practice’
The agencies have proposed, for the first time, codifying a definition for an “Unsafe or Unsound Practice” for the purpose of enforcement actions under the Federal Deposit Insurance Act. The proposed definition requires a practice to:
- Be contrary to generally accepted standards of prudent operation; AND
- Have materially harmed the institution’s financial condition, OR
- If continued, be likely to materially harm the institution’s financial condition or present a material risk of loss to the DIF.
The use of the word “likely” (as opposed to “possible”) and the explicit focus on “material financial harm” suggests a significant reduction in the ability of examiners to initiate enforcement actions based on process, documentation, or minor governance failures that do not directly threaten capital, earnings, or liquidity.
B. Raising the Bar for Matters Requiring Attention (MRAs)
Consistent with the new enforcement standard, the agencies are proposing a revised framework for issuing Matters Requiring Attention (MRAs). Under the proposed framework, an MRA may only be issued for:
- An actual violation of a banking law or regulation, OR
- A practice that has already caused material harm or, if continued, could reasonably be expected to cause material harm to the institution’s financial condition or risk loss to the DIF.
As a result, we anticipate a significant reduction in the volume of MRAs related solely to governance mechanics, documentation deficiencies, or process shortcomings. This frees up management time and resources previously spent on remediating non-material findings, allowing for reallocation to strategic initiatives and core risk mitigation.
Targeted Burden Reduction for Community Banks
The OCC has been particularly active in reducing regulatory friction for community banks (typically those with less than $30 billion in assets), tailoring supervision to their less complex risk profiles.
A. BSA/AML and Examination Efficiency
- Tailored BSA/AML Exams (OCC Bulletin 2025-37): New, tailored procedures for community banks allow examiners to exercise discretion and focus the BSA/AML scope based on the bank’s lower inherent risk profile, moving away from minimum procedures that were previously deemed unduly burdensome.
- Data Collection Elimination: The OCC is discontinuing the annual data collection requirement through the Money Laundering Risk (MLR) System, eliminating a duplicative and resource-intensive reporting task.
B. Risk Management Streamlining
- Model Risk Management: The OCC clarified that it does not require annual full model validation for community banks. Institutions can now tailor the frequency and scope of model validation to their size, complexity, and specific model use, allowing for a more cost-effective approach to model risk management.
- RNDIP Examinations: Community bank examinations of Retail Nondeposit Investment Products (RNDIP) will no longer use the comprehensive, one-size-fits-all procedures from the Comptroller’s Handbook. Instead, they will use the core assessment standards from the Community Bank Supervision booklet, simplifying the review of these activities.
Major Lending and Risk Management Policy Shifts
A. Withdrawal of Leveraged Lending Guidance
In a highly anticipated joint action, the OCC and FDIC formally withdrew the 2013 Interagency Leveraged Lending Guidance and accompanying 2014 Frequently Asked Questions. The agencies stated this guidance was overly restrictive and had pushed a significant portion of the leveraged lending market outside the regulated banking sector.
Banks are now expected to manage leveraged lending risk using general principles for safe and sound lending, tailored to the bank’s size and risk profile. This provides institutions with greater flexibility to define and underwrite leveraged loans consistent with their internal risk appetite. Examiners will now focus on the sufficiency of underwriting standards, risk ratings, and loan loss reserves, rather than compliance with prescriptive metrics.
B. Removal of Non-Financial Risk Emphasis
- Climate-Related Financial Risk: All three agencies rescinded the interagency guidance on Climate-Related Financial Risk Management, signaling a supervisory shift away from non-statutory, non-material financial risks.
- Reputation Risk Prohibition: The OCC has proposed a rule that would prohibit regulators from criticizing institutions or taking adverse action based on “reputation risk,” particularly in relation to a client’s political or social views. This action is aimed at reducing the practice of “de-risking” certain lawful business sectors based on examiner pressure.
Looking Ahead
The recent regulatory actions represent a definitive move toward a more efficient, principle-based supervisory environment. The message to the industry is one of trust and accountability.
While the burden is being lifted, the responsibility is being concentrated. Institutions must ensure their internal risk management frameworks—especially those governing credit, liquidity, and operational resilience—are robust and clearly articulated. Examiners will now have more discretion to focus on the things that matter most: your institution’s financial condition.
We encourage all organizations to review these changes with their compliance and risk teams to optimize internal processes and fully leverage the operational efficiencies made possible by the new regulatory environment.
If you need further guidance or have any questions on this topic, we are here to help. Please do not hesitate to reach out to discuss your specific situation.
This material has been prepared for general, informational purposes only and is not intended to provide, and should not be relied on for, tax, legal or accounting advice. Should you require any such advice, please contact us directly. The information contained herein does not create, and your review or use of the information does not constitute, an accountant-client relationship.
