I
119THCONGRESS
1
STSESSION H. R. 1910
To amend the Financial Stability Act of 2010 to require certain large banking
institutions to have a Chief Risk Officer, and for other purposes.
IN THE HOUSE OF REPRESENTATIVES
MARCH6, 2025
Mr. C
ASTEN(for himself, Mr. SHERMAN, Mr. DAVIDSCOTTof Georgia, Mr.
G
REENof Texas, and Mr. TORRESof New York) introduced the following
bill; which was referred to the Committee on Financial Services
A BILL
To amend the Financial Stability Act of 2010 to require
certain large banking institutions to have a Chief Risk
Officer, and for other purposes.
Be it enacted by the Senate and House of Representa-1
tives of the United States of America in Congress assembled, 2
SECTION 1. SHORT TITLE. 3
This Act may be cited as the ‘‘Chief Risk Officer En-4
forcement and Accountability Act’’. 5
SEC. 2. CHIEF RISK OFFICER. 6
Section 165(h) of the Financial Stability Act of 2010 7
(12 U.S.C. 5365(h)) is amended— 8
(1) in paragraph (2)— 9
VerDate Sep 11 2014 01:04 Mar 20, 2025 Jkt 059200 PO 00000 Frm 00001 Fmt 6652 Sfmt 6201 E:\BILLS\H1910.IH H1910
ssavage on LAPJG3WLY3PROD with BILLS 2
•HR 1910 IH
(A) by striking ‘‘that is a publicly traded 1
company and’’ each place such term appears; 2
and 3
(B) by inserting ‘‘, and appoint a chief risk 4
officer, as set forth in paragraph (4)’’ after ‘‘as 5
set forth in paragraph (3)’’ each place such 6
term appears; 7
(2) by redesignating paragraph (4) as para-8
graph (7); and 9
(3) by inserting after paragraph (3) the fol-10
lowing: 11
‘‘(4) C
HIEF RISK OFFICER.— 12
‘‘(A) I
N GENERAL.—A chief risk officer re-13
quired by this subsection shall be appointed by 14
a company from among individuals with experi-15
ence in identifying, assessing, and managing 16
risk exposures of large, complex financial firms. 17
‘‘(B) R
ESPONSIBILITIES.—A chief risk of-18
ficer shall be responsible for overseeing the fol-19
lowing: 20
‘‘(i) The establishment of risk limits 21
on an enterprise-wide basis and the moni-22
toring of compliance with such limits. 23
‘‘(ii) The implementation of and ongo-24
ing compliance with the policies and proce-25
VerDate Sep 11 2014 01:04 Mar 20, 2025 Jkt 059200 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:\BILLS\H1910.IH H1910
ssavage on LAPJG3WLY3PROD with BILLS 3
•HR 1910 IH
dures establishing risk-management gov-1
ernance, risk-management procedures, and 2
risk-control infrastructure for the global 3
operations of the company. 4
‘‘(iii) The development and implemen-5
tation of the processes and systems for im-6
plementing and monitoring compliance 7
with the policies and procedures described 8
under clause (ii), including— 9
‘‘(I) processes and systems for 10
identifying and reporting risks and 11
risk-management deficiencies, includ-12
ing regarding emerging risks, and en-13
suring effective and timely implemen-14
tation of actions to address emerging 15
risks and risk-management defi-16
ciencies for the global operations of 17
the company; 18
‘‘(II) processes and systems for 19
establishing managerial and employee 20
responsibility for risk management; 21
‘‘(III) processes and systems for 22
ensuring the independence of the risk- 23
management function; and 24
VerDate Sep 11 2014 01:04 Mar 20, 2025 Jkt 059200 PO 00000 Frm 00003 Fmt 6652 Sfmt 6201 E:\BILLS\H1910.IH H1910
ssavage on LAPJG3WLY3PROD with BILLS 4
•HR 1910 IH
‘‘(IV) processes and systems to 1
integrate risk management and associ-2
ated controls with management goals 3
and the compensation structure of the 4
company for the global operations of 5
the company. 6
‘‘(iv) The management of risks and 7
risk controls within the parameters of the 8
company’s risk-control framework, and 9
monitoring and testing of the company’s 10
risk controls. 11
‘‘(C) R
EPORTING RESPONSIBILITIES .—A 12
chief risk officer shall— 13
‘‘(i) report directly to both the risk 14
committee described under paragraph (3) 15
and the chief executive officer of the com-16
pany; and 17
‘‘(ii) be responsible for reporting risk- 18
management deficiencies and emerging 19
risks to the risk committee described under 20
paragraph (3) and resolving risk-manage-21
ment deficiencies in a timely manner. 22
‘‘(D) V
ACANCIES.— 23
‘‘(i) N
OTIFICATION TO REGU -24
LATORS.—With respect to a chief risk offi-25
VerDate Sep 11 2014 01:04 Mar 20, 2025 Jkt 059200 PO 00000 Frm 00004 Fmt 6652 Sfmt 6201 E:\BILLS\H1910.IH H1910
ssavage on LAPJG3WLY3PROD with BILLS 5
•HR 1910 IH
cer required by this subsection, if the office 1
of a chief risk officer becomes vacant, the 2
company shall— 3
‘‘(I) not later than 24 hours after 4
such vacancy occurs, notify the pri-5
mary financial regulatory agency of 6
the company, the primary financial 7
regulatory agency of any depository 8
institution subsidiary of the company, 9
and any State agency with supervisory 10
authority over the company or any de-11
pository institution subsidiary of the 12
company of such vacancy; and 13
‘‘(II) not later than 7 days after 14
such vacancy occurs, submit a plan to 15
the primary financial regulatory agen-16
cy of the company, the primary finan-17
cial regulatory agency of any deposi-18
tory institution subsidiary of the com-19
pany, and any State agency with su-20
pervisory authority over the company 21
or any depository institution sub-22
sidiary of the company on how the 23
company will search for and promptly 24
VerDate Sep 11 2014 01:04 Mar 20, 2025 Jkt 059200 PO 00000 Frm 00005 Fmt 6652 Sfmt 6201 E:\BILLS\H1910.IH H1910
ssavage on LAPJG3WLY3PROD with BILLS 6
•HR 1910 IH
hire a well-qualified chief risk officer 1
to fill the vacancy. 2
‘‘(ii) F
AILURE TO FILL VACANCY .— 3
With respect to a vacancy described under 4
clause (i), if the company does not fill the 5
vacancy within 60 days of the vacancy oc-6
curring— 7
‘‘(I) the company shall notify the 8
public, including on the website of the 9
company, that the vacancy has existed 10
for more than 60 days; and 11
‘‘(II) the total assets of the com-12
pany may not exceed the total assets 13
of the company on the date the va-14
cancy occurred until such time as the 15
vacancy is filled. 16
‘‘(5) A
PPLICATION TO LARGE BANKS WITH NO 17
BANK HOLDING COMPANY .—The primary financial 18
regulatory agencies shall issue regulations requiring 19
each bank that does not have a bank holding com-20
pany and that has total consolidated assets of not 21
less than $50,000,000,000 to establish a risk com-22
mittee, as set forth in paragraph (3) and appoint a 23
chief risk officer, as set forth in paragraph (4). 24
VerDate Sep 11 2014 01:04 Mar 20, 2025 Jkt 059200 PO 00000 Frm 00006 Fmt 6652 Sfmt 6201 E:\BILLS\H1910.IH H1910
ssavage on LAPJG3WLY3PROD with BILLS 7
•HR 1910 IH
‘‘(6) PRIMARY FINANCIAL REGULATORY AGEN -1
CY FOR CERTAIN NONBANK FINANCIAL COMPA -2
NIES.—For purposes of this subsection, the primary 3
financial regulatory agency for a nonbank financial 4
company supervised by the Board of Governors shall 5
be the Board of Governors.’’. 6
Æ
VerDate Sep 11 2014 01:04 Mar 20, 2025 Jkt 059200 PO 00000 Frm 00007 Fmt 6652 Sfmt 6301 E:\BILLS\H1910.IH H1910
ssavage on LAPJG3WLY3PROD with BILLS