The OCC released guidance today on corporate governance and enterprise risk management for OCC-supervised financial institutions. The document is a booklet which will be incorporated into the OCC’s Comptroller’s Handbook.

The guidance contains a discussion of expectations regarding board structure, committees, and the risk governance framework, integrating guidance which practitioners had been cobbling together from a variety of sources in the past.

The guidance also contains the OCC’s views on risk management systems (which are part of the “risk governance framework”) including the “three lines of defense” — front line units, independent risk management, and internal audit.