January 22, 2024

Industry Letter: Guidance on Assessment of the Character and Fitness of Directors, Senior Officers, and Managers

To:  Covered Institutions


The New York State Department of Financial Services (“Department”) is issuing this guidance (“Guidance”) to Covered Institutions, as defined below, to notify them of the Department’s expectation that they develop, implement, and maintain a framework for the review and assessment of the character and fitness of their directors, senior officers, and managers.  Protecting the safety and soundness of regulated entities is core to the Department’s mission and mandate, and a compromised director, officer, or manager can threaten an organization’s safety and soundness at any time during that individual’s service.  Regular and rigorous character and fitness assessment of key personnel is an important tool for regulated institutions to control and mitigate this risk.  Thus, the Department expects that each Covered Institution develop, implement, and maintain a framework for vetting Designated Persons (each term as defined below)—at the time of onboarding and on a regular basis thereafter—that each institution has determined is appropriately tailored to the risk profile of the institution.

The Department issued Proposed Guidance on Assessment of the Character and Fitness of Directors, Senior Officers, and Managers (“Proposed Guidance”) on May 9, 2023, with a request for comments by June 30, 2023.  The Department received 20 comments.  Most indicated that Covered Institutions have robust character and fitness policies in place.  Comments did, however, request clarity on the requirements set forth in the Proposed Guidance and how the Proposed Guidance would be used in the examination process.  Many commenters asked whether the list of potential questions in the Proposed Guidance was intended to be prescriptive or otherwise represented a minimum requirement.  Commenters also requested clarification on the list of senior officers that should be subject to regular review and requested greater flexibility from the Department regarding the Proposed Guidance.

Below is the Department’s final Guidance, which takes account of the comments and questions received in response to the Proposed Guidance.


This Guidance is applicable to New York State-regulated banking organizations1; branches, agencies, and representative offices of foreign banking organizations licensed by the Department; non-depository financial institutions licensed or chartered under the New York Banking Law except as noted below, and institutions licensed under Part 200 of the Regulations of the Superintendent of Financial Services2 (together, “Covered Institutions”) and applies to each member of a Covered Institution’s board of directors, board of trustees and/or board of managers, as applicable, and each senior officer of a Covered Institution (“Designated Persons”).  This Guidance does not apply to mortgage loan originators licensed under Article 12-E of the New York Banking Law.  Mortgage loan originator licenses are granted only to individual natural persons who satisfy fitness requirements defined in the relevant statute3 and are thereafter subject to annual review; as such, the substantive concerns reflected in this Guidance are already addressed through the licensing and renewal process and there are no other Designated Persons for which a regular vetting and assessment process would be required.

The term “senior officer” refers to every officer who participates or has authority to participate (other than in the capacity of a director) in major policy-making functions of a Covered Institution.  An individual who satisfies these criteria will be considered a senior officer, regardless of whether they have an official title or whether the individual is serving without salary or other compensation.  Any chief executive officer, chief financial officer, chief operations officer, chief compliance officer, chief legal officer, chief risk officer, president, senior executive vice president, executive vice president, secretary of the board of directors, or treasurer of a Covered Institution is considered a senior officer, unless, by resolution of the board of directors or by the bylaws of the Covered Institution, such individual is excluded from participation in major policy-making functions and that individual in fact does not participate therein.

Covered Institutions are expected to develop, implement, and maintain policies and procedures requiring vetting of Designated Persons’ character and fitness both at onboarding and on a regular ongoing basis.4   The resources and standards for investigations of Designated Persons should be reviewed on an ongoing basis to ensure that they remain applicable and up to date.  These policies and procedures should include a robust framework for ongoing vetting, to confirm that there have been no intervening circumstances that would make continuation as a Designated Person inappropriate or improper.  For example, Covered Institutions should have a process to identify whether a new or materially different conflict of interest or other material change has arisen following a Designated Person’s initial vetting that could weigh against a Designated Person’s fitness to continue in their current position.

These expectations extend to various corporate or organizational transactions (including reorganizations or restructurings)—such as a merger or acquisition, a change of control, or a purchase and assumption agreement—whereby an individual who served as a Designated Person at one Covered Institution may join the acquiring, purchasing, or surviving Covered Institution as a Designated Person.  In these situations, the acquiring, purchasing, or surviving Covered Institution is expected, upon consummation of the transaction, to subject such individual to its own typical onboarding review and is expected thereafter to include the individual in the ongoing assessments applied to any other Designated Person.  In particular, the continuing or surviving Covered Institution is expected not to rely merely on previous vetting or due diligence performed in connection with a Designated Person’s service at a different Covered Institution but also to be responsible for a full and complete vetting of its Designated Persons, both at the time that an individual becomes a Designated Person and on a regular basis thereafter.

As part of the process of developing a framework for the assessment of a Designated Person’s character and fitness, each Covered Institution is expected to define sensitive issues, warning signs, and other indicators that, if identified during the vetting process, warrant additional scrutiny before the individual is permitted to commence service as a Designated Person or permitted to remain in their position.  For example, if an individual served as a Designated Person at a Covered Institution that has been subject to a regulatory action or proceeding—including, for instance, an enforcement action or a receivership or conservatorship proceeding—and if the individual then joins another Covered Institution, they are expected to be subject to an enhanced review by the hiring Covered Institution.  This enhanced review should be designed to ensure that the person did not play a significant role or otherwise contribute in a meaningful way to the conduct that led to such regulatory action or proceeding.

Covered Institutions are expected to take a risk-based and proportionate approach to implementing this Guidance, such that the nature and depth of assessments, and the frequency of ongoing assessments, are tailored and appropriate in light of the complexity and risk profile of the institution.  Appended to this Guidance is a list of suggested questions that a Covered Institution may adapt for use in the onboarding and ongoing assessment of its Designated Persons’ character and fitness.  Covered Institutions may consider amending or revising their existing vetting frameworks based on these questions, which could be further tailored to their specific business needs, operations, and risks.

As noted above, this Guidance merely advises Covered Institutions of the Department’s expectation that each institution have in place a framework for vetting Designated Persons, consistent with the risk profile of the institution’s operations.  Covered Institutions that currently maintain a vetting framework for Designated Persons should confirm that their existing framework is consistent with the expectations outlined in this Guidance.  This Guidance does not dictate a defined period for the review of Designated Persons’ vetting assessments, nor does it mandate that Covered Institutions incorporate the questions provided in the Appendix into their vetting frameworks.  Rather, the Department has provided the Appendix, containing questions drawn from industry best practices for the vetting of key individuals, as a service to institutions that may wish to supplement or refresh their existing vetting frameworks.  The scope of vetting required for Designated Persons at any particular Covered Institution, including the depth of initial vetting, the types of information requested or refreshed at the time of review, and the appropriate length of time between reviews is left to the discretion of the institution.  Covered Institutions are reminded that any information request to Designated Persons should be made in compliance with all applicable laws.

A Covered Institution is expected to review materials generated in connection with onboarding and/or ongoing character and fitness assessments of Designated Persons and is expected to report related findings to its board of directors or the equivalent function, as well as the chief compliance officer or equivalent function.  Additionally, each Covered Institution is expected to require Designated Persons to amend relevant materials between designated vetting periods in response to intervening circumstances or if a Designated Person later determines that previously submitted information was materially incorrect or that the relevant facts have materially changed.  Disposition of any negative finding related to an initial or ongoing assessment is left to the discretion of the Covered Institution, consistent with that Covered Institution’s internal controls framework.  If, as a result of a materially adverse finding during an ongoing assessment of a Designated Person, a Covered Institution determines to remove a Designated Person from that person’s current position, to transfer such Designated Person to another position or group, or to make modifications to the current functions of such Designated Person, the Covered Institution is expected to notify the Department of such determination promptly.

Department examiners will review a Covered Institution’s policies and procedures regarding vetting Designated Persons.  In particular, as part of the regular safety and soundness examination process, examiners will review to confirm that a Covered Institution maintains a vetting policy consistent with the expectations outlined in this Guidance and that the Covered Institution is operating in compliance with those policies and procedures.

A Covered Institution that is a New York branch, agency, or representative office of a foreign bank that is subject to a vetting policy promulgated by its head office should maintain a copy of that policy at the Covered Institution’s New York office for Department examiners to review.  If there is no head office policy applicable to the Covered Institution, or if the head office policy is not consistent with this Guidance, the Covered Institution must develop a policy consistent with this Guidance that is applicable to Designated Persons of the Covered Institution and available for inspection by Department examiners.

This Guidance is not intended to limit, and does not limit, the scope or applicability of any law or regulation.  If you have any questions, please contact your primary point-of-contact at the Department.

APPENDIX:  Suggested Questions to Facilitate Initial and Ongoing Assessment of Designated Persons’ Character and Fitness

  1. Acknowledge that you have reviewed and understand the following policies of [Covered Institution] and provide in a separate attachment evidence of any documented exceptions to compliance with these policies:
    • Gifts and Loan Policy
    • Insider Trading Policy
    • Electronics Communications Policy
    • Social Media Policy
    • Data Protection Policy
    • Records Management Policy
    • Conflict of Interest Policy
    • Health and Safety Policies
    • Corporate Opportunity Policy
    • Harassment and Discrimination Policies
    • Outside Business Policy
    • Political Contributions Policy
    • Personal Trading Policy
    • Outside Lobbying Activity Policy
    • [Other applicable policies]
  2. For ongoing assessment, to the best of your knowledge, have you been in compliance with all above-listed policies [during [year(s)], and made all disclosures required, including seeking exceptions from these policies as appropriate, and being granted such exceptions?
  3. During [year(s)], have you been charged with, indicted for, or convicted of a crime, and/or pleaded nolo contendere in any criminal matter (including, but not limited to, driving under the influence, reckless driving, and/or disorderly conduct)?
  4. Have you or any financial institution with which you are or were associated been sanctioned and/or censured in any way by a banking or securities regulator during [year(s)], including any regulatory sanction, consent order, enforcement order, supervisory agreement, civil monetary penalty, or other administrative penalties?
  5. Have you been the subject of any professional disciplinary actions, denied a license, and/or had a license suspended or revoked during [year(s)] (e.g., a governmental or professional licensing organization), excepting banking and securities regulators referenced in Question 4?
  6. Please describe in a separate attachment any civil litigation, investigation, or sanction—including but not limited to any regulatory sanction, consent order/agreement, enforcement order/agreement, or other administrative findings or penalties—in which you have, to your knowledge, been named or have otherwise become involved in your professional capacity, or which have been initiated against a prior employer in connection with your responsibilities in that position, in the preceding ten (10) years.
  7. Have you ever been dismissed or ask to resign from past employment, including a less than honorable discharge from military service? 
  8. Have you been involved in any of the following filings where the filing was denied, disapproved, withdrawn, or otherwise returned without favorable action by a federal or state regulatory authority or a self-regulatory organization?
    • A charter or license application, a depository institution holding company application, or an application for federal deposit insurance, in which you were listed as an organizer, director, senior executive officer, or a person that would own or control (either individually or as a member of a group) 10 percent or more of any class of voting securities or other voting equity interest of the institution, or similar position
    • A merger application in which you were listed as a director, senior executive officer, or similar position
    • A notice of change in director or senior executive officer, or similar form, in which you were listed as a director, senior executive officer, or similar position?
    • A notice of change in control for a depository institution or other company, or a similar form, in which you were listed (either individually or as a member of a group) as an acquirer or transferee
    • Any other application, notice, or other regulatory or administrative request which was filed with a federal or state regulatory authority or a self-regulatory organization in which you were listed in some capacity
  9. Has anyone in your immediate family or an individual living in your household worked for the Covered Institution or an affiliate in [year(s)]?  If so, please state their name and their relationship to you. “Immediate family” means the individual’s children, parents, siblings, spouse, or partner.
  10. Have you or an immediate family member started or continued an outside business relationship with an auditor of [Covered Institution] during [year(s)]?
  11. Please describe in a separate attachment all indebtedness to [Covered Institution] or an affiliate that you have incurred [during the past year / since your previous report] (excluding indebtedness associated with a general-purpose credit card), and the balance outstanding of all such indebtedness to [Covered Institution] or an affiliate at the end of [year].
  12. Please describe in a separate attachment any lobbying activities in which you have been engaged in your personal capacity during [year(s)] and whether you were registered as a lobbyist in any jurisdiction during [year(s)].
  13. Please describe in a separate attachment any litigation (unless described above) or bankruptcy proceedings of which you have been a part during [year(s)] and provide copies of all relevant documents.
  14. Do you owe outstanding child support in connection with any unemancipated child(ren)?
  15. Please describe in a separate attachment all settlements of litigation (threatened or actual) brought against you in your personal or a professional capacity during [year(s)] and provide copies of all relevant documents.
  16. Have you or any company with which you are associated or were associated during [year(s)]:
    • Filed a petition under any chapter of the Bankruptcy Code or had an involuntary bankruptcy petition filed against you or the company?
    • Defaulted on a loan or financial obligation of any sort, whether as obligor, cosigner, or guarantor?
    • Forfeited property in full or partial satisfaction of any financial obligation?
    • Had any liens or other judgments filed against you?
    • Had wages or income garnished for any reason?
    • Failed or refused to pay any outstanding judgments?
  17. Have you filed/paid all of your required income and other taxes for [year(s)]?
  18. Please list in a separate attachment all companies (whether publicly traded or not) and any organizations (including not-for-profit and/or charitable) of which you have been a member of the board of directors or an executive officer during [year(s)].
  19. Have you been a senior officer or a board member at a financial institution that filed for reorganization or bankruptcy; became subject to a receivership or conservatorship proceeding; became subject to a resolution or liquidation proceeding; had its license, charter, or registration surrendered or revoked; received financial assistance from a federal or state agency or instrumentality (e.g., FDIC); merged with or been acquired by an institution that received financial assistance from a federal or state agency of instrumentality in connection with the transaction; or otherwise failed or ended business operations?
  20. Please disclose all compensation received during [year(s)], beyond amounts paid to you as compensation by [Covered Institution].

1 Banking organization means “all banks, trust companies, private bankers, savings banks, safe deposit companies, savings and loan associations, credit unions and investment companies.”  New York Banking Law § 2.11.

2 23 NYCRR Part 200.

3 See New York Banking Law § 599-e et seq.

4 The Department notes that this Guidance is not intended to supplant or supersede Covered Institutions’ existing frameworks for vetting and due diligence of Designated Persons if consistent with the objectives of this Guidance, nor is it intended to supplant or supersede any existing obligations.  In particular, Covered Institutions subject to laws and regulations that require timely reporting of certain key facts with respect to Designated Persons (e.g., the obligation to report to the Department the initiation of any administrative, civil, or criminal proceeding pertaining to residential mortgage lending under 3 NYCRR § 38.10) remain subject to those obligations.