LegisTrack
Back to all bills
HR 1910119th CongressIn Committee

Chief Risk Officer Enforcement and Accountability Act

Introduced: Mar 6, 2025
View on Congress.gov
Standard Summary
Comprehensive overview in 1-2 paragraphs

This bill, the Chief Risk Officer Enforcement and Accountability Act, would revise the Financial Stability Act of 2010 to require certain large banking institutions to appoint a Chief Risk Officer (CRO) and strengthen risk governance across large, complex firms. It shifts the CRO requirement to cover more banks (including some that do not have a bank holding company) and specifies detailed CRO qualifications, duties, and reporting lines. The bill also creates specific vacancy rules for CRO positions, including regulatory notice, a plan to hire, and a potential asset-growth limit if a CRO vacancy remains unfilled beyond 60 days. Additionally, it directs regulators to issue implementing regulations for banks without a bank holding company that meet a $50 billion asset threshold and clarifies the primary regulator for certain nonbank financial companies supervised by the Fed. Overall, the act aims to improve risk identification, monitoring, governance, and accountability in large financial firms.

Key Points

  • 1Broadens CRO obligation: Replaces a constraint tied to publicly traded status and requires large, complex financial firms to appoint a chief risk officer, with the CRO duties set out in new paragraph 4.
  • 2CRO qualifications and duties: The CRO must have experience identifying, assessing, and managing risk in large, complex financial firms. Responsibilities include setting enterprise-wide risk limits, implementing risk-management governance and controls, developing processes to identify/report risks and deficiencies, ensuring independence of the risk-management function, and aligning risk management with company goals and compensation.
  • 3Reporting and independence: The CRO must report directly to both the risk committee and the CEO, and must report risk-management deficiencies and emerging risks to the risk committee, with authority to address deficiencies.
  • 4Vacancy and continuity safeguards: If a CRO position is vacant, the company must notify regulators within 24 hours and submit a hiring plan within 7 days. If the vacancy is not filled within 60 days, the company must publicly disclose the vacancy and nonfill, and may not grow total assets beyond the amount at the time the vacancy occurred until it is filled.
  • 5Coverage for banks without a bank holding company: Regulators must issue regulations requiring each bank without a bank holding company and with total consolidated assets of at least $50 billion to establish a risk committee and appoint a CRO.
  • 6Regulator scope and nonbank supervision: For nonbank financial companies supervised by the Federal Reserve, the primary regulator for purposes of this subsection is the Board of Governors of the Federal Reserve System. This clarifies which regulator leads oversight for certain firms.

Impact Areas

Primary group/area affected- Large banking institutions (including some without bank holding companies) and their boards, risk management functions, and executive leadership responsible for risk oversight.Secondary group/area affected- Financial regulators (e.g., primary financial regulatory agencies), and the agencies’ processes to issue implementing regulations for covered banks.- Public investors and the public at large, who may see more transparency about risk reporting and potential public disclosures related to CRO vacancies.Additional impacts- Potential increase in compliance costs and governance requirements for large banks.- Possible limitations on growth if a CRO vacancy is not promptly filled.- Greater emphasis on independence of risk management and alignment of risk controls with compensation and management goals.- Clarified regulatory oversight for nonbank financial companies supervised by the Fed, potentially affecting cross-border and multi-regulator coordination.
Generated by gpt-5-nano on Nov 19, 2025