FDIC and OCC Propose Historic Shift in Bank Supervision Standards

On October 7, 2025, the Federal Deposit Insurance Corporation (“FDIC”) and the Office of the Comptroller of the Currency (“OCC”) issued a joint notice of proposed rulemaking that represents the most significant reform to bank supervision standards in decades. For the first time, the agencies are proposing to codify a regulatory definition of "unsafe or unsound practice" under Section 8 of the Federal Deposit Insurance Act and establish uniform standards for when examiners may issue Matters Requiring Attention (“MRAs”).

What Changed: Defining the Undefined

The primary changes in the October 2025 proposal involve three critical areas that have historically lacked clear regulatory definition:

1. Codification of "Unsafe or Unsound Practice"

Despite serving as the cornerstone of federal banking enforcement authority since 1966, the term "unsafe or unsound practice" has never been formally defined in regulation. This lack of definition has created significant uncertainty and inconsistent examination practices for financial institutions.

2. Uniform Standards for Matters Requiring Attention

Currently, the OCC uses MRAs while the FDIC issues "Matters Requiring Board Attention" (MRBAs), with different standards applied across the two agencies. The proposal establishes uniform minimum requirements: examiners may only issue an MRA when a practice could reasonably be expected to materially harm financial condition under current or reasonably foreseeable conditions, or when there is an actual violation of banking law.

3. Elimination of Reputation Risk

In a companion proposal, the agencies are codifying the elimination of reputation risk from supervisory programs. Under the Proposed Rule, agencies would be prohibited from criticizing institutions or requiring account closures based on the political, social, cultural, or religious views of the institution or its customers, or based solely on engagement in politically disfavored but otherwise lawful business activities.

What Remains Core: Material Financial Risk Focus

Despite these significant reforms, the fundamental mission of bank supervision remains intact. Banks must continue managing the traditional CAMELS components: Capital Adequacy, Asset Quality, Earnings, Liquidity, Sensitivity to Market Risk, and Management and Governance.

The agencies emphasize that the proposed changes do not reduce underlying legal and regulatory compliance obligations. All banking laws and regulations remain in effect, and violations may still form the basis for MRAs and enforcement actions.

The New Framework Explained

Proposed Definition: Unsafe or Unsound Practice

Under the Proposed Rule (to be codified at 12 CFR § 4.92 for national banks and federal savings associations supervised by the OCC; 12 CFR § 305.1 for FDIC-supervised institutions), an unsafe or unsound practice is defined as a practice, act, or failure to act that:

1. Is contrary to generally accepted standards of prudent operation; and

2. Either:

• If continued, is likely to materially harm the financial condition of the institution or present material risk of loss to the Deposit Insurance Fund; or

• Has already materially harmed the financial condition of the institution.

Key Terms Explained:

"Likely" means more than merely possible—it requires a reasonable probability that the practice would cause material harm if continued under current or reasonably foreseeable conditions.

"Materially Harm” refers to practices that directly impact capital, asset quality, earnings, liquidity, or market risk sensitivity.

"Nonfinancial Risks" may qualify only if they impact financial condition, such as severe cybersecurity deficiencies.

Proposed Standard: Matters Requiring Attention

The proposed MRA standard uses a lower threshold than unsafe or unsound practices. Examiners may issue an MRA when practice:

• Is contrary to generally accepted standards of prudent operation; and

• Could reasonably be expected to, under current or reasonably foreseeable conditions, materially harm financial condition or present material risk of loss to the DIF; or

• Constitutes an actual violation of banking or banking-related law or regulation

The key difference: "could reasonably be expected to" versus "likely." This forward-looking standard allows supervisors to identify and require remediation of material issues before they appear in financial metrics. As FDIC Acting Chairman Travis Hill noted, "poor decisions a bank makes today may not show up in its financial metrics for an extended period of time."

Tailoring for Community Banks

The proposed rule includes explicit tailoring requirements that are particularly important for community banks. Agencies must tailor supervisory and enforcement actions and MRA issuance based on capital structure, riskiness, complexity, activities, asset size, and any financial risk-related factor deemed appropriate.

The agencies explicitly state: "Finding an unsafe or unsound practice would be a much higher bar for a community bank than for a larger institution when considered against the overall operations of the institution."

For example, a particular percentage decrease in capital or liquidity that rises to materiality for the largest institutions would not necessarily be material for community banks.

Implications for Your Institution

• Immediate Actions

  • Review Existing MRAs: Institutions with current MRAs should work with examination teams to assess whether action plans might be narrowed under the proposed standards.

  • Assess Risk Management Documentation: Ensure risk management frameworks appropriately address the core financial risks listed above.

  • Strengthen Cybersecurity Programs: Given the agencies' explicit mention that severe cybersecurity deficiencies could meet the unsafe or unsound standard, confirm information security programs and business continuity plans are robust.

  • Understand Supervisory Observations: Familiarize management and boards with the difference between binding MRAs and non-binding "supervisory observations." Agencies may offer suggestions for enhancement, but institutions are not required to implement them, and agencies cannot escalate observations into MRAs solely based on lack of adoption. This represents a significant change from current practice where repeated supervisory communications sometimes evolved into formal enforcement matters.

  • Prepare for CAMELS Impact: Any downgrade to a composite CAMELS rating of 3 or below would only occur when accompanied by an MRA meeting the new standard or an enforcement action. This could significantly reduce the risk of ratings downgrades for process-oriented deficiencies.

• Strategic Considerations

  • Focus Resources on Material Financial Risks: The proposal shifts the supervisory paradigm toward risks most likely to cause material financial losses and bank failures. Allocate compliance and risk management resources accordingly.

  • Document Business Judgment: Develop processes to document the business judgment and risk tolerance considerations underlying key decisions, demonstrating adherence to generally accepted standards of prudent operation.

  • Participate in the Comment Process: The 60-day comment period following Federal Register publication provides a critical opportunity to shape implementation.

  • Expected Cost Savings. The OCC's economic analysis estimates this proposal would result in "immediate and material cost savings to affected institutions, easily ranging from hundreds of millions to billions of dollars saved annually in aggregate." These savings come from reduced consultant costs, reduced remediation expenses, and fewer examination fundings.

How to Submit Comments

The comment period opens upon publication in the Federal Register and closes 60 days later. Institutions are encouraged to submit detailed, specific feedback to help shape the final rule's implementation.

OCC Comments:

• Federal eRulemaking Portal: regulations.gov (Docket ID OCC-2025-0174)

• Mail: Chief Counsel's Office, Attention: Comment Processing, Office of the Comptroller of the Currency, 400 7th Street SW, Suite 3E-218, Washington, DC 20219

FDIC Comments:

• Agency Website: fdic.gov/federal-register-publications

• Email: comments@FDIC.gov (Include RIN 3064-AG16)

• Mail: Jennifer M. Jones, Deputy Executive Secretary, Attention: Comments - RIN 3064-AG16, Federal Deposit Insurance Corporation, 550 17th Street, NW, Washington, DC 20429

This alert is based on the October 7, 2025 joint notice of proposed rulemaking issued by the FDIC and OCC (FDIC FIL-45-2025; OCC Docket ID OCC-2025-0174; FDIC RIN 3064-AG16). Banks should consult with their regulatory counsel and advisors for institution-specific guidance on implementing these updates.