Chief Risk Officer Enforcement and Accountability Act
Sponsored By: Representative Rep. Casten, Sean [D-IL-6]
Introduced
Summary
Strengthening enterprise risk governance. This bill would require large, systemically important financial firms to appoint a dedicated chief risk officer with clear duties and fast vacancy rules to tighten firmwide risk controls.
Show full summary
- Covered financial firms would have to hire a CRO from among people experienced in managing risks at large, complex firms. The CRO would set enterprise-wide risk limits, create and enforce risk-management policies and systems to identify and report risks, ensure independence of the risk function, integrate risk controls with management goals and pay, and report to both the board risk committee and the CEO.
- For CRO vacancies the company must notify its primary regulator within 24 hours and submit a hiring plan within 7 days. If the post is not filled within 60 days the firm must publicly disclose the vacancy and limit its total assets to the level on the vacancy date until a CRO is hired.
- Regulators would have to require any bank without a holding company that has at least $50 billion in consolidated assets to form a risk committee and appoint a CRO. For nonbank financial companies supervised by the Board of Governors the Board would be the primary regulator under this rule.
Your PRIA Score
Personalized for You
How does this bill affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this bill and every other piece of legislation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Bill Overview
Analyzed Economic Effects
3 provisions identified: 0 benefits, 0 costs, 3 mixed.
Asset cap if risk chief seat empty
If enacted, a company would have to tell its regulators within 24 hours when the chief risk officer job opens. Within 7 days, it would need to file a plan to hire a well‑qualified risk officer. If unfilled after 60 days, the company would have to tell the public, including on its website. Until the role is filled, total assets could not exceed the level on the vacancy date.
Big standalone banks must add risk oversight
If enacted, regulators would require each bank without a holding company and with $50 billion or more in assets to set up a board risk committee and appoint a qualified chief risk officer. This would extend big‑bank risk governance to stand‑alone banks that meet the $50 billion threshold.
Stronger risk officers at large firms
If enacted, large financial companies covered by federal risk rules would have to appoint a qualified chief risk officer. The risk officer would set firm‑wide risk limits, test controls, and report to the board’s risk committee and the CEO. They would run independent risk systems, flag emerging risks, and push fixes quickly across global operations. The bill would remove the “publicly traded” qualifier, so non‑public covered firms would also have to comply. For nonbank firms supervised by the Federal Reserve, the Fed would be named the primary regulator for these duties.
Free Policy Watch
You just read the policy. Now see what it costs you.
Pick a topic. PRIA runs your household against live legislation and sends you a free personalized readout.
Pick a topic to get started
Sponsors & CoSponsors
Sponsor
Rep. Casten, Sean [D-IL-6]
IL • D
Cosponsors
Rep. Sherman, Brad [D-CA-32]
CA • D
Sponsored 3/6/2025
Rep. Scott, David [D-GA-13]
GA • D
Sponsored 3/6/2025
Rep. Green, Al [D-TX-9]
TX • D
Sponsored 3/6/2025
Rep. Torres, Ritchie [D-NY-15]
NY • D
Sponsored 3/6/2025
Rep. Foster, Bill [D-IL-11]
IL • D
Sponsored 9/18/2025
Roll Call Votes
No roll call votes available for this bill.
View on Congress.govTake It Personal
Get Your Personalized Policy View
Take the PRIA Score to see how policy affects your household, then upgrade to PRIA Full Coverage for year-round monitoring.
Already have an account? Sign in