[Federal Register Volume 65, Number 1 (Monday, January 3, 2000)]
[Proposed Rules]
[Pages 81-91]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-34037]
=======================================================================
-----------------------------------------------------------------------
FEDERAL HOUSING FINANCE BOARD
12 CFR Part 917
[No. 99-64]
RIN 3069-AA90
Powers and Responsibilities of Federal Home Loan Bank Boards of
Directors and Senior Management
AGENCY: Federal Housing Finance Board.
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: The Federal Housing Finance Board (Finance Board) is proposing
new regulations to set forth the responsibilities of the boards of
directors and senior management of the Federal Home Loan Banks (Banks)
as a means of ensuring that they fulfill their duties to operate the
Banks in a safe and sound manner and in furtherance of the Banks'
housing finance and community lending mission.
DATES: Comments on this proposed rule must be received in writing on or
before February 2, 2000.
ADDRESSES: Comments should be mailed to: Elaine L. Baker, Secretary to
the Board, Federal Housing Finance Board, 1777 F Street, NW,
Washington, DC 20006. Comments will be available for public inspection
at this address.
FOR FURTHER INFORMATION CONTACT: James L. Bothwell, Director and Chief
Economist, (202) 408-2821; Scott L. Smith, Deputy Director, (202) 408-
2991; Julie Paller, Senior Financial Analyst (202) 408-2842; Office of
Policy, Research and Analysis; Eric M. Raudenbush, Senior Attorney-
Advisor, (202) 408-2932; Office of General Counsel, Federal Housing
Finance Board, 1777 F Street, NW, Washington, DC 20006.
SUPPLEMENTARY INFORMATION:
I. Background
A. Devolution of Corporate Governance Authorities
Prior to the enactment of the Financial Institutions Reform,
Recovery and Enforcement Act (FIRREA) of 1989, Pub. L. 101-73, 103
Stat. 413 (1989), many decisions regarding the corporate governance of
the Banks were either made or approved by the Bank System regulator
(which, prior to FIRREA, was the former Federal Home Loan Bank Board).
Since the creation of the Finance Board and the reform of the Bank
System under FIRREA, it has been the policy of the Finance Board to
devolve to the Banks authority to act on most matters of corporate
governance without the prior approval of the Finance Board, to the
extent permitted by statute and to the extent such devolution does not
compromise the Finance Board's duty to ensure the safety and soundness
of the Banks. The Finance Board has long recognized the importance of
maintaining its regulatory independence, and that the safety and
soundness regulator of the Banks should not involve itself in the
business affairs of the Banks, nor make governance decisions that more
properly lie with the Banks as corporate entities.\1\ Despite this
regulatory policy, statutory provisions have required that certain
matters pertaining to corporate governance remain within the decision-
making power of the Finance Board.
---------------------------------------------------------------------------
\1\ See General Accounting Office, Federal Home Loan Bank
System--Reforms Needed to Promote Its Safety, Soundness, and
Effectiveness (Dec. 1993).
---------------------------------------------------------------------------
On November 12, 1999, the President signed into law the Federal
Home Loan Bank System Modernization Act of 1999 \2\ (Modernization
Act), Pub. L. 106-102, Title VI (1999), which, among other things,
removed the remaining corporate governance authorities that previously
had been vested in the Finance Board under the Federal Home Loan Bank
Act (Bank Act). 12 U.S.C. 1422-49. To implement these statutory
changes, the Finance Board has published separately an interim final
rule removing regulations that required Finance Board approval for the
following matters of corporate governance: selection and compensation
of Bank officers and employees; entering into building leases and
purchases; adoption and revision of Bank bylaws; dividend payments;
application forms for Bank advances; Bank approval of conditional
advances; and transfer of advances and advance participations. See 64
FR 71275 (1999).
---------------------------------------------------------------------------
\2\ The Modernization Act is Title VI of the larger Gramm-Leach-
Bliley Act. Pub. L. 106-102 (1999).
---------------------------------------------------------------------------
Management responsibilities over the Banks have been rightfully
removed from the statutory purview of the Finance Board. However, the
Finance Board continues to be responsible for ensuring that the Banks
operate in a financially safe and sound manner and carry out their
statutory housing finance and community lending mission. See 12 U.S.C.
1422a(a)(3). In that capacity, the Finance Board believes that it is
prudent to set forth explicitly in regulation a state-of-the-art
corporate governance framework for the Banks' boards of directors and
senior management.
The proposed rule includes provisions defining the
responsibilities--and thus the accountability--of the boards of
directors and senior management of the Banks with regard to operating
the Banks in a safe and sound manner and ensuring that the Banks
achieve their statutory mission. These responsibilities include matters
such as the adoption and annual review of risk management policies,
periodic risk assessments, the maintenance of effective internal
controls, the establishment of independent audit committees, and
adoption of and compliance with a strategic business plan, as further
detailed below.
B. Effect of the Proposed Rule To Reorganize the Finance Board's
Regulations
On September 27, 1999, the Finance Board published a notice of
proposed rulemaking to reorganize its regulations to implement a more
logical and efficient presentation of the regulations governing the
Banks and the Bank System. See 64 FR 52148 (1999). Because it is
anticipated that a final reorganization rule will be in effect before
the substantive regulatory amendments contained in this proposal would
become final, cross-references appearing in the text of this proposed
rule are made to the new section and part numbers that would be in
effect once the final reorganization rule is adopted. Where such
references are to provisions that currently exist under different
section or part numbers, the existing citation has been noted in this
preamble.
C. The Banks as Corporate Entities
Each state generally has laws of incorporation that require, among
other things, a corporation to be managed by a board of directors.
Consistent with this general corporate concept, the Bank Act (as
amended by the Modernization Act) provides for the management of each
Bank to be vested in the Bank's board of directors. See 12 U.S.C.
1427(a). The Bank Act states that each Bank is a corporate body. See
id. at 1432(a). In addition to authorizing certain enumerated corporate
and banking powers, see id. at 1431, 1432, the Bank Act grants each
Bank all such incidental powers as are consistent with the provisions
of the Bank Act and customary and usual in corporations generally. See
id. at 1432(a). The Finance Board believes that, attendant to the
exercise of customary and usual
[[Page 82]]
corporate powers, the Banks' boards of directors are subject to the
same general fiduciary duties of care and loyalty to which the board of
a state-chartered business or banking corporation would be subject,
although this previously has not been set forth in regulation.
The duties, responsibilities and privileges of a director of a Bank
derive from a source different from that of a director of a state-
chartered business or banking corporation. Each Bank is created in
accordance with Federal law to further public policy, and its statutory
powers and purposes are not subject to change except by the Congress. A
Bank's board of directors has neither the right nor the duty to alter
the purpose of the Bank, whereas an ordinary corporate board of
directors may approve mergers, consolidations and changes in the
corporate charter that could alter the objectives and nature of the
business of the corporation. The directors of a Bank are responsible
for managing that Bank to achieve the statutorily-mandated objectives
of promoting housing finance and community lending and meeting the
Bank's statutory obligations (e.g., paying a portion of the interest on
obligations of the Resolution Funding Corporation (REFCORP), see id. at
1441b, and making contributions to the AHP, see id. at 1430(j)), all in
a financially safe and sound manner.
All Banks are subject to the supervision of the Finance Board. The
bulk of the Banks' corporate powers, duties and responsibilities are
described in sections 10, 11, 12 and 16 of the Act. Id. at 1430, 1431,
1432 and 1436. Section 10 of the Act authorizes each Bank to make
secured advances to its members upon collateral sufficient, in its
judgment, to fully secure the advance, and to certain eligible
nonmember borrowers (which, in this rule, the Finance Board has
referred to as ``associates'') upon statutorily specified collateral.
See id. at 1430(a), 1430b. The Banks may conduct correspondent
services, establish reserves, make investments and pay dividends, all
subject to statutory limitations. See id. at 1431, 1436. Under section
12(a) of the Act, a Bank has the power to sue and be sued. See id. at
1432(a). In addition, each Bank has adopted bylaws that address such
matters as: the conduct of meetings of the board of directors;
existence, composition, conduct and administration of committees of the
board of directors; and indemnification.
II. Analysis of Proposed Rule
A. Overview
Proposed part 917 for the first time would set forth in one place
and in regulation the duties and responsibilities of a Bank's board of
directors and of senior management of the Bank. It would make clear the
Finance Board's belief that oversight of management by a strong and
proactive board of directors is critical to the safe and successful
operation of each Bank. Generally, under proposed part 917, the board
of directors of each Bank would be responsible for: (1) Approving and
periodically reviewing the significant policies of the Bank; (2)
understanding the major risks taken by the Bank, setting acceptable
tolerance levels for these risks and requiring that senior management
takes the steps necessary to identify, measure, monitor and control
these risks; (3) monitoring the Bank's compliance with applicable
statutes, regulation and policy (both of the Finance Board and the
Bank); (4) adopting and maintaining policies to ensure that the Bank
carries out its housing finance and community lending mission; (5)
approving the organizational structure and delegations of authority;
and (6) overseeing senior management's establishment and maintenance of
an adequate and effective system of internal controls and senior
management's monitoring of the effectiveness of the internal control
system.
Proposed part 917 also provides generally that senior management of
each Bank would be responsible for: (1) Implementing strategies and
policies approved by the Bank's board; (2) developing processes that
identify, measure, monitor and control risks incurred by the Bank; (3)
maintaining an organizational structure that clearly assigns
responsibility, authority and reporting relationships; (4) ensuring
that delegated responsibilities are effectively carried out; (5)
setting appropriate internal control policies; and (6) monitoring the
adequacy and effectiveness of the internal control system.
The proposed requirements for the Banks' boards of directors and
senior management generally are based on widely accepted best corporate
practices. They are intended to require that the boards of directors
oversee both risk management for safety and soundness and achievement
of the public purpose of supporting housing and community lending.
Oversight by both the boards of directors and senior management is
integral to the overall business operation of a Bank. The first line of
defense in ensuring safety and soundness is an effective corporate
governance structure within the Banks themselves. Having an active,
informed and engaged board of directors is the cornerstone of a well-
run entity.
In addition, recognition of the importance of mission achievement
must originate with the board of directors and fulfillment of mission
at all levels of the Bank must be promoted and encouraged by the board.
The proposed rule would require that the boards of directors of the
Banks fulfill these important responsibilities.
B. Definitions--Sec. 917.1
Section 917.1 of the proposed rule sets forth definitions of terms
used in part 917. These terms are discussed below as they relate to the
substantive provisions of the proposed rule.
C. General Authorities and Duties of Bank Boards of Directors--
Sec. 917.2
The first sentence of Sec. 917.2(a) of the proposed rule would
implement the first clause of section 7(a) of the Bank Act, 12 U.S.C.
1427(a), which states that the management of each Bank shall be vested
in its board of directors. The Finance Board interprets this statutory
provision as charging each Banks' board of directors with the ultimate
legal responsibility for guiding the activities of the Bank, and not as
a requirement that a Bank's board of directors administer the day-to-
day operations of the Bank. Accordingly, the second sentence of
proposed Sec. 917.2(a) makes clear that a Bank's board of directors may
delegate responsibility for such day-to-day operations to Bank
management, but that, in so doing, may not and can not delegate its
ultimate statutory responsibility for the management of the Bank.
Proposed Sec. 917.2(b) enumerates the duties that would apply to
all official activities of each board director. Specifically, proposed
Sec. 917.2(b)(1) would charge each director with the duty to carry out
his or her duties as director in good faith, in a manner such director
believes to be in the best interests of the Bank, and with such care,
including reasonable inquiry, as an ordinarily prudent person in a like
position would use under similar circumstances. Proposed
Sec. 917.2(b)(2) would implement section 7(j) of the Bank Act, id. at
1427(j), by requiring that directors administer the affairs of the Bank
fairly and impartially.
Proposed Sec. 917.2(b)(3) would require that each board director be
financially literate (i.e., have a working familiarity with basic
finance and accounting practices), or become financially literate
[[Page 83]]
within a reasonable time after his or her election or appointment to
the board of directors. This financial literacy may be obtained through
training provided by the Bank if a director does not possess such
financial literacy at the time of his or her election or appointment to
the board. Finally, proposed Sec. 917.2(b)(4) would charge each Bank
director with the general duty to direct the operations of the Bank in
conformity with the requirements of the Bank Act and the Finance
Board's regulations.
In order to ensure that Bank boards of directors are able to
oversee effectively the management of the Banks, proposed
Sec. 917.2(c)(1) would make clear that this section simply codifies the
existing authority all Bank boards of directors, and all committees
thereof, have to retain staff and outside consultants at the expense of
the Bank, as necessary to carry out their official duties and
responsibilities. Proposed Sec. 917.2(c)(2) states that the board of
directors, or any committee thereof, may require any internal Bank
staff providing services to the board or committee on a particular
matter to report directly to the board or committee on that matter.
D. Risk Management--Sec. 917.3
Section 917.3 of the proposed rule sets forth the risk management
responsibilities of Bank boards of directors and senior management.
Proposed Sec. 917.3(a)(1) would require that, beginning 90 days after
the effective date of this rule in final form, each Bank's board of
directors have in effect at all times a risk management policy
addressing the Bank's exposure to credit risk, market risk, liquidity
risk, business risk and operations risk, as those terms are defined in
proposed Sec. 917.1. The risk limits set forth in the policy shall be
consistent with the Bank's capital position and its ability to measure
and manage risk. While, under proposed Sec. 917.3(a)(1) a Bank need not
submit its risk management policy to the Finance Board, these policies
will be reviewed by the Finance Board as part of the ongoing
examination process.
Proposed Sec. 917.3(a)(2)(i) would require that the Bank's board of
directors review the Bank's risk management policy on at least an
annual basis, while proposed Sec. 917.3(a)(2)(ii) would make clear that
each Bank's board shall amend its risk management policy, as
appropriate to meet changing circumstances. Proposed
Sec. 917.3(a)(2)(iii) provides that the board of directors also would
be required to re-adopt the risk management policy, including interim
amendments, not less often than every three years, as appropriate,
based on the board's reviews of the policy. In addition to providing
consistency, this requirement would make clear that, despite the
turnover in board personnel that will occur over a number of years, all
or most current members of a Bank's board of directors will be
thoroughly familiar with the Bank's risk management policy, will have
given meaningful consideration to its provisions and will have
expressed an opinion regarding the adequacy of the policy through the
voting process. Proposed Sec. 917.3(a)(2)(iv) also would make clear
that each Bank's board of directors has the ultimate responsibility to
ensure that policies and procedures are in place to achieve Bank
compliance at all times with the risk management policy.
Section 917.3(b) of the proposed rule sets forth several specific
requirements for each Bank's risk management policy. Proposed
Sec. 917.3(b)(1) would require that each Bank's risk management plan
describe how the Bank will comply with its capital structure plan
required under section 6(b) of the Bank Act (as amended by the
Modernization Act), 12 U.S.C. 1426(b), to be submitted to the Finance
Board within 270 days of the Finance Board's promulgation of
regulations prescribing uniform capital standards for the Banks
pursuant to section 6(a) of the Bank Act (as amended by the
Modernization Act), id. at 1426(a). Proposed Sec. 917.3(b)(2) would
require each Bank's risk management policy to set forth tolerance
levels for the market and credit risk components.
Proposed Sec. 917.3(b)(3) would require each Bank's risk management
policy to set forth standards for the Bank's management of credit,
market, liquidity, business and operations risks. Credit risk is
defined in proposed Sec. 917.1 as the risk that the market value of an
obligation will decline as a result of deterioration in
creditworthiness. The creditworthiness of an obligation can be affected
by both the creditworthiness of the specific counterparty or the
market's general perception of the creditworthiness of an entire class
of obligations. The Banks must assess the creditworthiness of issuers,
obligors, or other counterparties prior to acquiring investments and,
under proposed Sec. 917.3(b)(3)(i), the Bank's risk management policy
would be required to include the standards and criteria for such an
assessment. In addition, the credit risk portion of each Bank's risk
management policy also should identify the criteria for selecting
brokers, dealers and other securities firms with which the Bank may
execute transactions.
Market risk is defined in proposed Sec. 917.1 as the risk of loss
in value of the Bank's portfolio resulting from movements in interest
rates, foreign exchange rates and equity and commodity prices. Proposed
Sec. 917.3(b)(3)(ii) would require that each Bank's risk management
policy establish standards for the methods and models used to measure
and monitor market risk, including maximum exposure thresholds and
scenarios for measuring risk exposure.
Liquidity risk is defined in proposed Sec. 917.1 as the risk that a
Bank would be unable to meet its obligations as they come due or meet
the credit needs of its members and eligible nonmember borrowers in a
timely and cost-efficient manner. Operational liquidity addresses day-
to-day or ongoing liquidity needs under normal circumstances.
Operational liquidity needs may be either anticipated or unanticipated.
Contingency liquidity addresses the same liquidity needs, but under
abnormal or unusual circumstances in which a Bank's access to the
capital markets is impeded. This impediment may result from a market
disruption, operational failure, or real or perceived credit problems.
Proposed Sec. 917.3(b)(3)(iii) would require that each Bank's risk
management policy indicate the Bank's sources of liquidity, including
specific types of investments to be held for liquidity purposes, and
the methodology to be used for determining the Bank's operational and
contingency liquidity needs. While the Bank System Financial Management
Policy (FMP) currently governs Bank liquidity requirements, it is
anticipated that the Finance Board will promulgate new liquidity
regulations in a future rulemaking.
Operations risk is defined in proposed Sec. 917.1 as the risk of an
unexpected loss to a Bank resulting from human error, fraud,
unenforceability of legal contracts, or deficiencies in internal
controls or information systems. Proposed Sec. 917.3(b)(3)(iv) would
require that each Bank's risk management policy address operations risk
by setting forth standards for an effective internal control system (as
described in more detail in the discussion of proposed Sec. 917.4
below), including periodic testing and reporting.
Business risk is defined in proposed Sec. 917.1 as the risk of an
adverse impact on a Bank's profitability resulting from external
factors as may occur in both the short and long run. Such factors
include: continued financial services industry consolidation; declining
membership base; concentration of borrowing among members; and
increased inter-Bank competition. Proposed Sec. 917.3(b)(3)(v) would
require that each Bank's risk management
[[Page 84]]
policy identify these risks and include strategies for mitigating such
risks, including contingency plans where appropriate.
In order for each Bank to create and maintain a meaningful risk
management policy, it is important that the boards of directors be
cognizant of the strategic risks facing the Bank. Therefore, proposed
Sec. 917.3(c) would require that senior management of each Bank
perform, at least annually, a written risk assessment that identifies
and evaluates all material risks, including both quantitative and
qualitative aspects, that could adversely affect the achievement of the
Bank's performance objectives and compliance requirements. Proposed
Sec. 917.3(c) also requires that the risk assessment be in written form
and be reviewed by the Bank's board of directors promptly upon its
completion.
E. Internal Control System--Sec. 917.4
While the existing FMP requires that the management of each Bank
establish internal control systems, the FMP provides no guidance on how
to ascertain the sufficiency of the systems. There have been several
instances where internal control weaknesses have been discovered
through the Finance Board's examination process. As a result, the
Finance Board believes it prudent to provide more specific requirements
for the internal control process that must be in place at each Bank.
In developing requirements for internal control processes for the
Banks, the Finance Board reviewed the available literature on the
appropriate internal control systems for financial institutions.
Included in this review was the Basle Committee on Banking
Supervision's (BCBS) Framework for Internal Control Systems published
in September 1998 (hereinafter Basle Committee Report) and the
Committee of Sponsoring Organizations of the Treadway Commission's
Internal Control--Integrated Framework Report published in September
1992 (hereinafter Treadway Commission Report). The recommendations
contained in these Reports are considered to be state of the art for
defining, implementing, monitoring, and evaluating internal control
systems.
According to the Basle Committee Report, a system of effective
internal controls is a critical component of bank management and a
foundation for safe and sound operation of a banking organization. A
strong system of internal controls can help a bank meet its goals and
objectives, achieve long-term profitability targets, and maintain
reliable financial and managerial reporting. An internal control system
also can help to: (1) Ensure the bank is in compliance with laws,
regulations and the bank's internal policies and procedures; (2)
safeguard assets; and (3) decrease the risk of damage to the bank's
reputation.
The Treadway Commission Report defines internal controls as a
process, effected by the board of directors, management and other
personnel, designed to provide reasonable assurance regarding the
achievement of objectives in the: (1) Effectiveness and efficiency of
operations; (2) reliability of financial reporting; and (3) compliance
with applicable laws and regulations.
Both Reports discuss basic components or principles for
establishing and assessing internal control--i.e., management oversight
and the control environment, risk recognition and assessment, control
activities and segregation of duties, information and communication,
and monitoring activities and correcting deficiencies.
The provisions of Sec. 917.4 of the proposed rule were adapted from
the basic components and principles in the Basle Committee and Treadway
Commission Reports. The Finance Board believes that appropriate
internal controls will be critical to the successful devolution of full
corporate governance authority to the Banks. The proposed rule would
provide the framework for an effective internal control system, and
establish senior management and board of directors' responsibilities
regarding internal controls.
Proposed Sec. 917.4(a)(1) would require each Bank to establish and
maintain an effective internal control system that addresses: (i) The
efficiency and effectiveness of Bank activities; (ii) the safeguarding
of assets; (iii) the reliability, completeness and timely reporting of
financial and management information and transparency of such
information to the Bank's board of directors and to the Finance Board;
and (iv) compliance with applicable laws, regulations, policies,
supervisory determinations and directives of the Bank's board of
directors and senior management.
Proposed Sec. 917.4(a)(2) enumerates certain minimum ongoing
internal control activities that the Finance Board considers to be
necessary in order for the internal control objectives described in
proposed Sec. 917.4(a)(1) to be achieved. These activities include: (i)
Top level reviews by the Bank's board of directors and senior
management; (ii) activity controls, including review of standard
performance and exception reports; (iii) physical and procedural
controls adequate to safeguard, and prevent the unauthorized use of,
assets; (iv) monitoring for compliance with the risk tolerance limits
set forth in the risk management policy that would be required under
proposed Sec. 917.3(a); (v) any required approvals and authorizations
for specific activities; and (vi) any required verifications and
reconciliations for specific activities.
Section 917.4(b) of the proposed rule would charge each Bank's
board of directors with the responsibility to ensure that the internal
control system required under proposed Sec. 917.4(a)(1) is established
and maintained, and to oversee senior management's implementation of
the system on an ongoing basis. Under proposed Sec. 917.4(b), a Bank's
board of directors will be considered to have met these general
requirements on internal control system establishment, maintenance and
oversight if it: (1) Conducts periodic discussions with senior
management regarding the effectiveness of the internal control system;
(2) ensures that an effective and comprehensive internal audit of the
internal control system is performed annually; (3) requires internal
control deficiencies to be reported to the Bank's board of directors in
a timely manner and ensures that such deficiencies are addressed
promptly; (4) conducts a timely review of evaluations of the
effectiveness of the internal control system made by auditors and
Finance Board examiners; (5) ensures that senior management promptly
and effectively addresses recommendations and concerns expressed by
auditors and Finance Board examiners regarding weaknesses in the
internal control system; (6) reports internal control deficiencies, and
the corrective action taken, to the Finance Board in a timely manner;
(7) establishes, documents and communicates a clear and effective
organizational structure for the Bank; (8) ensures that all delegations
of board authority state the extent of the authority and
responsibilities delegated; and (9) establishes reporting requirements.
Section 917.4(c) of the proposed rule would require senior
management at each Bank to establish, implement and maintain the
internal control system under the direction of the Bank's board of
directors. Under proposed Sec. 917.4(c), specific actions on the part
of senior management that would be necessary to fulfill these
responsibilities include: (1) Establishing, implementing and
effectively communicating to Bank personnel policies and procedures
that are adequate to ensure that internal control activities necessary
to maintain
[[Page 85]]
an effective internal control system are an integral part of the daily
functions of all Bank personnel; (2) ensuring that all Bank personnel
fully understand and comply with all policies and procedures; (3)
ensuring appropriate segregation of duties among Bank personnel and
that personnel are not assigned conflicting responsibilities; (4)
establishing effective paths of communication throughout the
organization in order to ensure that Bank personnel receive necessary
and appropriate information; (5) developing and implementing procedures
that translate the major business strategies and policies established
by the board of directors into operating standards; (6) ensuring
adherence to the lines of authority and responsibility established by
the Bank's board of directors; (7) overseeing the implementation and
maintenance of management information and other systems; (8)
establishing and implementing an effective system to track internal
control weaknesses and the actions taken to correct them; and (9)
monitoring and reporting to the Bank's board of directors the
effectiveness of the internal control system on an ongoing basis.
F. Audit Committees--Sec. 917.5
Section 917.5 of the proposed rule would require that each Bank's
board of directors establish an audit committee. Current Finance Board
requirements for audit committees are contained in Finance Board Res.
No. 92-568.1 (July 22, 1992) and Finance Board Advisory Bulletin 96-1
(Feb. 29, 1996).
Resolution No. 92-568.1 contains guidelines intended to be the
minimum standards that should be adopted by the Banks for revisions of
the respective audit charters. The guidelines require that: (1) Audit
committee charters include a statement of the audit committee's
responsibilities, including a statement of its purpose to assist the
full board of directors in fulfillment of its fiduciary
responsibilities; (2) the audit committee shall consist of at least
three board members and shall include appointed directors and elected
directors; (3) that in determining the membership of the audit
committee, the board of directors should provide for continuity of
service; (4) the audit committee shall meet at least twice annually
with the audit director and the audit committee shall meet in executive
session with both the audit director and the external auditors at least
annually; (5) the audit committee shall oversee the selection,
compensation, and performance evaluation of the audit director; (6)
written minutes shall be prepared for each meeting and a copy of such
minutes forwarded to the Finance Board; and (7) the charters of the
audit director and audit committee shall be reviewed and approved at
least annually by the audit committee and the board of directors,
respectively.
Advisory Bulletin 96-1 communicated examination findings regarding
certain Bank practices that may tend to reduce the independence of the
internal audit function, specifically the processes by which Bank audit
director compensation is determined and performance is evaluated. The
Bulletin indicated that examiners would review measures taken by the
audit committee to assure the independence from management of the
internal audit function, and to fulfill its responsibility to select,
set the compensation of, and evaluate the performance of the audit
director, and specified that all Bank audit committees should review
their current practices and revise these as appropriate.
Proposed Sec. 917.5 would set forth a clear regulatory requirement
that each Bank have an audit committee, and would govern the audit
committees' independence and their responsibilities for oversight of
Bank operations. The proposed requirements for audit committees are
based on standard corporate requirements and best practices. In
developing the appropriate requirements for Bank audit committees, the
Finance Board reviewed the audit committee regulations of other federal
financial institution regulatory agencies and the Report and
Recommendations of the Blue Ribbon Committee on Improving the
Effectiveness of Corporate Audit Committees (Feb. 8, 1999) (hereinafter
Blue Ribbon Committee Report). The Securities and Exchange Commission
encouraged the New York Stock Exchange and the National Association of
Securities Dealers to form a private sector body to investigate
perceived problems in financial reporting. Accordingly, the Blue Ribbon
Committee was formed in October 1998 to take an objective look at U.S.
corporate financial reporting, specifically assessing the current
mechanisms for oversight and accountability among corporate audit
committees, independent auditors, and financial and senior management.
Proposed Sec. 917.5(a) would require that each Bank's board of
directors establish an audit committee. Proposed Secs. 917.5(b)(1) and
(2) would require that each Bank's audit committee consist of five or
more board directors, each of whom meets the independence criteria
discussed below, and include a balance of representatives of community
financial institutions, as defined in section 2(13) of the Bank Act (as
amended by the Modernization Act) 12 U.S.C. 1422(13), and other members
and of appointed and elected directors of the Bank. The requirement in
proposed Sec. 917.5(b)(1) that the audit committee comprise five or
more persons differs from the recommendation of the Blue Ribbon
Committee Report that the audit committee comprise a minimum of three
directors. The Finance Board believes it is important that the audit
committee include representatives of large and small members and
appointed and elected directors of the Bank in order to prevent
dominance by one particular interest. A minimum of five members is
necessary to achieve diverse representation on the audit committee.
Proposed Sec. 917.5(b)(3) would require that the terms of audit
committee members be appropriately staggered to provide for continuity
of service, and to avoid a complete, or substantial, turnover of the
membership of the audit committee in any one year.
Under proposed Sec. 917.2, all members of a Bank's board of
directors would be required to be financially literate; that is, to be
able to read and understand the Bank's balance sheet and income
statement and to ask substantive questions of internal and external
auditors. In addition to this general requirement, proposed
Sec. 917.5(b)(4) would require that at least one member of each bank's
audit committee have extensive accounting or related financial
management experience. The Finance Board requests comment as to whether
this requirement regarding accounting or financial management
experience should be made to apply specifically to the chair of the
audit committee, or whether it is sufficient to require only that at
least one member of the audit committee possess such experience. The
Finance Board also requests comment on whether the chair of the audit
committee should be required to serve as vice-chair of the full board
of directors in order to ensure that the audit committee chair has
adequate incentive for effective leadership.
In addition, proposed Sec. 917.5(c) would require that any director
serving on the audit committee be sufficiently independent of the Bank
and its management so as to maintain the ability to make the type of
objective judgments that are required of audit committee members. The
proposed independence criteria were adapted from the Blue Ribbon
Committee Report, which states that ``common sense dictates that a
director without any financial, family, or other material
[[Page 86]]
personal ties to management is more likely to be able to evaluate
objectively the propriety of management's accounting, internal control
and reporting practices.'' The Finance Board agrees that the
independence of the directors serving on the audit committee is of
great importance. Proposed Sec. 917.5(c) describes several examples of
relationships that would call into question the independence of an
audit committee member and that, therefore, would disqualify any
director having such a relationship with the Bank or its management
from serving on the audit committee. This list is not intended to be
exhaustive, because it is impossible to foresee all potential
individual circumstances that might compromise the independence of a
particular director. Thus, the Finance Board expects that the board of
directors will consider all potential relationships when qualifying a
director for service on the audit committee.
Proposed Sec. 917.5(d) would require that each Bank's audit
committee adopt a formal written charter setting forth the scope of the
audit committee's powers and responsibilities and establishing its
structure, processes and membership requirements. Both the audit
committee itself and the Bank's full board of directors would be
required to review and assess the adequacy of and, where appropriate,
amend the provisions of the audit committee charter annually and to
readopt the charter, including amendments, not less often than every
three years, based on the board's and audit committee's reviews of the
policy. Proposed Sec. 917.5(d)(3) would require that the audit
committee charter contain the following specific provisions: (i) that
the audit committee has the responsibility to select, evaluate and,
where appropriate, replace the internal auditor and that the internal
auditor may be removed only with the approval of the audit committee;
(ii) that the internal auditor shall report directly to the audit
committee on substantive matters and that the internal auditor is
ultimately responsible to the audit committee and the board of
directors; and (iii) that the internal and external auditors be allowed
unrestricted access to the audit committee without any requirement of
management knowledge or approval. Although not expressly stated in
Sec. 917.5, the audit committee would be required, under the general
provisions of proposed Sec. 917.2(c), to have the authority to use the
services of Bank staff and to employ such outside experts as it deems
necessary to carry out its functions. The proposed requirements
pertaining to the audit committee charters were adapted from the
recommendations contained in the Blue Ribbon Committee Report and the
current Finance Board requirements on audit committees.
Proposed Sec. 917.5(e) sets forth the duties of each Bank's audit
committee under the new regulatory structure, including the duties to:
(1) Direct senior management to maintain the reliability and integrity
of the accounting policies and financial reporting and disclosure
practices of the Bank; (2) review the basis for the Bank's financial
statements and the external auditor's opinion rendered with respect to
such financial statements and ensure that policies are in place to
achieve disclosure and transparency regarding the Bank's true financial
performance and governance practices; (3) oversee the internal audit
function; (4) oversee the external audit function; (5) act as an
independent, direct channel of communication between the Bank's board
of directors and the internal and external auditors; (6) conduct or
authorize investigations into any matters within the audit committee's
scope of responsibilities; (7) ensure that senior management has
established and is maintaining an adequate internal control system; (8)
review the policies and procedures established by senior management to
monitor implementation of the Bank's strategic business plan required
under Sec. 917.9 of the proposed rule; and (9) report periodically its
findings to the Bank's board of directors.
Proposed Sec. 917.5(e)(8) requires that the audit committee oversee
not only financial audits but also oversee an audit of the controls in
place to ensure the Bank's compliance with its strategic business plan.
However, the audit committee is not required to assess the Bank's
actual conformity with its strategic business plan, or the extent to
which the Bank has achieved its statutory mission. Review of the
strategic business plan of the Bank is the responsibility of the full
board of directors, as more fully discussed in proposed
Sec. 917.9(c)(3) below.
Finally, proposed Sec. 917.5(f) would require that each Bank's
audit committee prepare written minutes of each audit committee
meeting.
G. Budget Preparation--Sec. 917.6
Proposed Sec. 917.6 would require that: (a) Each Bank's board of
directors adopt an annual operating expense budget and a capital
expenditures budget; (b) a Bank's board of directors not delegate the
authority to approve the Bank's annual budgets, or any subsequent
amendments thereto, to Bank officers or other Bank employees; (c) each
Bank's annual budgets be prepared based upon an interest rate scenario
as determined by the Bank; and (d) no Bank exceed its total annual
operating expense budget or its total annual capital expenditures
budget without prior approval by the Bank's board of directors of an
amendment to such budget.
These provisions are carried over from existing Sec. 934.7 of the
Finance Board's regulations, which itself was recently amended by an
interim final rule. See 64 FR 71275. As part of the Finance Board's
effort to relinquish all Bank corporate governance responsibilities,
the recent interim final rule deleted old paragraphs (b) through (e) of
Sec. 934.7, which had required that each Bank submit to the Finance
Board certain specified budget information. In addition, the interim
final rule deleted old paragraph (a)(2) of Sec. 934.7, requiring
Finance Board approval for Banks' purchase or long-term lease of
buildings, because, subsequent to the enactment of the Modernization
Act, such approval is no longer a statutory requirement. See
Modernization Act at 606(d). Finally, the interim final rule
redesignated remaining paragraphs (a)(1), (3), (4) and (5) as
paragraphs (a), (b), (c) and (d), respectively.
The Finance Board is proposing to move the provisions of Sec. 934.7
to part 917 because most of the material in part 934 will be deleted
through the reorganization rule, and regulations governing budget
reporting requirements come logically within the realm of board of
directors' and senior management responsibilities.
H. Dividends--Sec. 917.7
Section 917.7 of the proposed rule provides that a Bank's board of
directors may declare and pay a dividend only from previously retained
earnings or current net earnings, as determined by the Bank, and only
if such payment will not result in the impairment of the par value of
the capital stock of the Bank. This language has been moved from
existing Sec. 934.17, which, itself, was recently amended in an interim
final rule intended to immediately implement certain devolutionary
changes required under the Modernization Act. See 64 FR 71275.
Before the enactment of the Modernization Act, section 16(a) of the
Bank Act provided generally that dividends may be paid by the Banks out
of previously retained earnings or current net earnings only with the
approval of the Finance Board. See 12 U.S.C. 1436(a) (1999). Section
934.17 of the Finance Board's regulations formerly implemented this
statutory provision by providing generally that
[[Page 87]]
the board of directors of each Bank, with the approval of the Finance
Board, may declare and pay a dividend from net earnings, including
previously retained earnings, on the paid-in value of capital stock
held during the dividend period. See 12 CFR 934.17 (1999). In addition,
dividend payments by the Banks were formerly subject to a Finance Board
Dividend Policy, see Finance Board Res. No. 90-38 (Mar. 15, 1990), as
well as Board of Directors Resolutions approving specific Bank dividend
payments, that established specific conditions for approval of such
dividend payments, including that the dividend payment would not result
in a projected impairment of the par value of the capital stock of the
Bank.
The Modernization Act amended section 16(a) of the Bank Act by
removing the requirement for Finance Board approval of Bank dividend
payments. See Modernization Act at section 606(g)(1)(B). Accordingly,
the Finance Board removed most of the specific dividend payment
restrictions formerly set forth in Sec. 934.17 and in the Dividend
Policy. However, for considerations of safety and soundness, the
Finance Board believes that the impairment restriction formerly imposed
under the Dividend Policy should continue to apply. In addition, while
the Modernization Act provided for the repeal of section 6(g) of the
Bank Act (requiring that all Bank stock share in dividends without
preference), section 6(g) remains in effect during a transition period
until the Finance Board has adopted capital regulations and approved
the capital structure plans of the Banks. See Modernization Act at
section 608. Consequently, Sec. 934.17 was amended to contain only the
requirement that dividends be paid on all stock without preference and
the impairment restriction set forth in the former Dividend Policy.
Because the reorganization rule, discussed above, will eliminate
part 934 of the Finance Board's regulations and because the Finance
Board wishes to retain the substance of recently-amended Sec. 934.17 in
its regulations, the agency is proposing to move this material to new
part 917, given that approval of dividend payments is a responsibility
of a Bank's board of directors.
I. Bank Bylaws--Sec. 917.8
Section 917.8 of the proposed rule would require that a Bank's
board of directors have in effect at all times bylaws governing the
manner in which the Bank administers its affairs and that such bylaws
be consistent with applicable laws and regulations as administered by
the Finance Board. The proposed rule merely moves this language from
existing Sec. 934.16, which, as is the case with the section on
dividends discussed above, was recently amended in an interim final
rule intended to immediately implement certain provisions of the
Modernization Act. See 64 FR 71275.
Before the enactment of the Modernization Act, section 12(a) of the
Bank Act provided that the Banks had the power, by their boards of
directors, to prescribe, amend, and repeal bylaws governing the manner
in which their affairs may be administered, subject to the approval of
the Finance Board. See 12 U.S.C. 1432(a). At that time, Sec. 934.16 of
the Finance Board's regulations allowed the Banks to adopt, amend or
repeal their bylaws without Finance Board approval, as long as the
bylaws or amendments were consistent with applicable statutes,
regulations and Finance Board policies. See 12 CFR 934.16.
The Modernization Act amended section 12(a) of the Bank Act by
removing the requirement for Finance Board approval of Bank bylaws,
provided that the bylaws are consistent with applicable laws and
regulations, as administered by the Finance Board. See Modernization
Act at section 606(d)(1)(C). In order to promote sound corporate
governance practice, the Finance Board amended Sec. 934.16 to require
the Banks to have bylaws governing the manner in which the Banks'
affairs are conducted. Because the reorganization rule, discussed
above, will eliminate part 934 of the Finance Board's regulations, the
proposed rule would move the amended language of Sec. 934.16, to part
917, as the enactment of bylaws is a duty of each Bank's board of
directors.
J. Mission of the Banks; Strategic Business Plan--Sec. 917.9
Proposed Sec. 917.9 sets forth requirements that each Bank must
meet in developing a strategic business plan to enumerate the Banks
goals and objectives for achieving the mission of the Bank. The Bank
Act establishes the Finance Board's primary responsibility for ensuring
the safety and soundness of the Bank System and, consistent with that
duty, ensuring that the Banks, as government-sponsored enterprises
(GSEs), fulfill their public policy mission. See 12 U.S.C. 1422a(a)(3).
As with the risk management function, a Bank's board of directors must
take its strategic business planning seriously and impress the
importance of implementing the plan and mission achievement upon Bank
management and staff. The Banks' boards of directors must be fully
engaged so that there is an appropriate focus on strategic business
plan implementation and mission achievement at all levels of the Bank.
Proposed Sec. 917.9(a) defines the mission of the Banks as
providing to members and associates (i.e., entities that have been
approved as a nonmember mortgagee pursuant to subpart B of part 950
(currently part 935) of the Finance Board's regulations) financial
products and services, including but not limited to advances (i.e.,
correspondent services and other Bank business activities may be
considered to be mission-related), that assist and enhance such
members' and associates' financing of: (1) Housing, including single-
family and multi-family housing serving consumers at all income levels,
and (2) community lending as defined in Sec. 953.3 (current Sec. 970.3)
of the Finance Board's regulations. This statement of mission and the
related strategic business plan requirements of Sec. 917.9 are intended
to ensure maximum use of the cooperative structure of the Bank System
to provide funds for housing finance and community lending.
Proposed Sec. 917.9(b) would require that, beginning 90 days after
the effective date of the provision, each Bank's board of directors
have in effect at all times a strategic business plan describes how the
business activities of the Bank with achieve the mission of the Bank.
Specifically, the plan would be required to: (1) Enumerate the business
activities that the Bank has determined are consistent with the mission
of the Bank and the reasons that those activities are so designated,
including how such activities assist and enhance members' and
associates' business and further the cooperative nature of the Bank
System; (2) enumerate operating goals and objectives for each major
business activity and all new activities; and (3) describe new business
activities and enhancements to existing activities. In addition,
proposed Sec. 917.9(b)(4) would require that each Bank's strategic
business plan be supported by appropriate and timely research and
analysis of relevant market developments and member and associate
demand for Bank products and services.
The Banks already are required to prepare a ``Housing Finance and
Community Development Mission Achievement Report'' (HFCDMA Report) to
be reviewed by the Finance Board as part of its annual supervisory
examination of each Bank. Although the HFCDMA Report addresses topics
[[Page 88]]
similar to those that would be addressed in the strategic business
plan, the focus of the Report is primarily retrospective, while the
strategic business plan is intended to be prospective. However, to the
extent that information prepared for the HFCDMA Report, or any other
reports, meets the regulatory requirements for the strategic business
plan, a Bank would be permitted to use this work product to satisfy the
strategic business plan requirements.
As with the risk management policy, proposed Sec. 917.9(c)(1) would
require that the Bank's board of directors review the Bank's strategic
business plan on at least an annual basis, while proposed
Sec. 917.9(c)(2) would require that the board amend the strategic
business plan, as appropriate, based on these reviews. Proposed
Sec. 917.9(c)(3) would require a Bank's board of directors to re-adopt
a strategic business plan, including interim amendments, not less often
than every three years, as appropriate, based on the board's reviews of
the policy. As with the similar provision in proposed
Sec. 917.3(a)(2)(iii), this requirement is intended to ensure that,
even given the turnover in board personnel that will occur over a
number of years, all or most current members of a Bank's board of
directors will be thoroughly familiar with the Bank's strategic
business plan, will have given meaningful consideration to its
provisions and will have expressed their opinion regarding the adequacy
of the policy through the voting process. Proposed Sec. 917.9(c)(4)
also would make clear that each Bank's board of directors has the
responsibility to establish management reporting requirements and
monitor implementation of the strategic business plan and the operating
goals and objectives contained therein.
These provisions would require the board of directors to oversee
the process of assessing the Bank's implementation of its strategic
business plan, but would not require that this responsibility reside
with the audit committee or the internal auditor. It is not necessary
that the requirements for the audit committee, which oversees the
financial audit of the Bank, be applied to the oversight of the
strategic business plan. Thus, proposed Sec. 917.9 requires that the
board of directors oversee Bank implementation of the strategic
business plan, but allows the board to determine how, and by what
mechanism, it will carry out this responsibility. However, as
previously discussed, the audit committee shall be responsible for
ensuring that proper controls exist to ensure that an assessment of the
Bank's implementation of its strategic business plan is carried out.
III. Regulatory Flexibility Act
The proposed rule applies only to the Banks, which do not come
within the meaning of ``small entities,'' as defined in the Regulatory
Flexibility Act (RFA). See 5 U.S.C. 601(6). Therefore, in accordance
with section 605(b) of the RFA, see id. at 605(b), the Finance Board
hereby certifies that this proposed rule, if promulgated as a final
rule, will not have a significant economic impact on a substantial
number of small entities.
List of Subjects in 12 CFR Parts 917
Community development, Credit, Housing and Federal home loan banks.
Accordingly, the Finance Board hereby proposes to amend title 12,
chapter IX, Code of Federal Regulations, by adding a new part 917 to
read as follows:
PART 917--POWERS AND RESPONSIBILITIES OF BANK BOARDS OF DIRECTORS
AND SENIOR MANAGEMENT
Sec.
917.1 Definitions.
917.2 General authorities and duties of Bank boards of directors.
917.3 Risk management.
917.4 Internal control system.
917.5 Audit committees.
917.6 Budget preparation and reporting requirements.
917.7 Dividends.
917.8 Bank bylaws.
917.9 Mission of the Banks; Strategic business plan.
Authority: 12 U.S.C. 1422a(a)(3), 1422b(a)(1), 1427, 1432(a),
1436(a), 1440.
Sec. 917.1 Definitions.
As used in this part:
Associate means an entity that has been approved as a nonmember
mortgagee pursuant to subpart B of part 950 of this chapter.
Business risk means the risk of an adverse impact on a Bank's
profitability resulting from external factors as may occur in both the
short and long run.
Capital structure plan means the plan establishing and implementing
a capital structure that each Bank is required to submit to the Finance
Board under 12 U.S.C. 1426(b).
Community financial institution has the meaning set forth in 12
U.S.C. 1422(13).
Community lending has the meaning set forth in Sec. 952.3 of this
chapter.
Contingency liquidity means:
(1) Marketable assets with a maturity of one year or less;
(2) Self-liquidating assets with a maturity of seven days or less;
and
(3) Assets that are generally accepted as collateral in the
repurchase agreement market.
Credit risk means the risk that the market value of an obligation
will decline as a result of deterioration in creditworthiness.
Immediate family member means a parent, sibling, spouse, child,
dependent, or any relative sharing the same residence.
Internal auditor means the individual responsible for the internal
audit function at the Bank.
Liquidity risk means the risk that a Bank is unable to meet its
obligations as they come due or meet the credit needs of its members
and eligible nonmember borrowers in a timely and cost-efficient manner.
Market risk means the risk that the market value of a Bank's
portfolio will decline as a result of changes in interest rates,
foreign exchange rates, equity and commodity prices.
Operations risk means the risk of an unexpected loss to a Bank
resulting from human error, fraud, unenforceability of legal contracts,
or deficiencies in internal controls or information systems.
Sec. 917.2 General authorities and duties of Bank boards of directors.
(a) Management of the Bank. The management of each Bank shall be
vested in its board of directors. While Bank boards of directors may
delegate the execution of operational functions to Bank personnel, the
ultimate responsibility of each Bank's board of directors for that
Bank's management is non-delegable.
(b) Duties of Bank directors. Each Bank director shall have the
duty to:
(1) Carry out his or her duties as director in good faith, in a
manner such director believes to be in the best interests of the Bank,
and with such care, including reasonable inquiry, as an ordinarily
prudent person in a like position would use under similar
circumstances;
(2) Administer the affairs of the Bank fairly and impartially and
without discrimination in favor of or against any member;
(3) Be financially literate, or become financially literate within
a reasonable time after appointment or election; and
(4) Direct the operations of the Bank in conformity with the
requirements set forth in the Act and this chapter.
(c) Authority regarding staff and outside consultants. (1) In
carrying out its duties and responsibilities under the Act and this
chapter, each Bank's board of directors and all committees thereof
shall have authority to retain staff and
[[Page 89]]
outside counsel, independent accountants, or other outside consultants
at the expense of the Bank.
(2) Bank staff providing services to the board of directors or any
committee of the board under paragraph (c)(1) of this section may be
required by the board of directors or such committee to report directly
to the board or such committee, as appropriate.
Sec. 917.3 Risk management.
(a) Adoption of risk management policy. (1) Beginning 90 days after
the effective date of this section, each Bank's board of directors
shall have in effect at all times a risk management policy that
addresses the Bank's exposure to credit risk, market risk, liquidity
risk, business risk and operations risk and that conforms to the
requirements of paragraph (b) of this section and to all applicable
Finance Board regulations and policies.
(2) Review and compliance. Each Bank's board of directors shall:
(i) Review the Bank's risk management policy at least annually;
(ii) Amend the risk management policy as appropriate;
(iii) Re-adopt the Bank's risk management policy, including interim
amendments, not less often than every three years; and
(iv) Ensure that policies and procedures are in place to achieve
Bank compliance at all times with the risk management policy.
(b) Risk management policy requirements. In addition to meeting any
other requirements set forth in this chapter, each Bank's risk
management policy shall:
(1) Describe how the Bank will comply with its capital structure
plan, after such plan is approved by the Finance Board;
(2) Set forth the Bank's tolerance levels for the market and credit
risk components; and
(3) Set forth standards for the Bank's management of each risk
component, including but not limited to:
(i) Regarding credit risk arising from all secured and unsecured
transactions, standards and criteria for, and timing of, periodic
assessment of the creditworthiness of issuers, obligors, or other
counterparties including identifying the criteria for selecting
dealers, brokers and other securities firms with which the Bank may
execute transactions; and
(ii) Regarding market risk, standards for the methods and models
used to measure and monitor such risk;
(iii) Regarding day-to-day operational liquidity needs and
contingency liquidity needs for periods during which the Bank's access
to capital markets is impaired:
(A) An enumeration of specific types of investments to be held for
such liquidity purposes; and
(B) The methodology to be used for determining the Bank's
operational and contingency liquidity needs;
(iv) Regarding operations risk, standards for an effective internal
control system, including periodic testing and reporting; and
(v) Regarding business risk, strategies for mitigating such risk,
including contingency plans where appropriate.
(c) Risk assessment. The senior management of each Bank shall
perform, at least annually, a risk assessment that identifies and
evaluates all material risks, including both quantitative and
qualitative aspects, that could adversely affect the achievement of the
Bank's performance objectives and compliance requirements. The risk
assessment shall be in written form and shall be reviewed by the Bank's
board of directors promptly upon its completion.
Sec. 917.4 Internal control system.
(a) Establishment and maintenance. (1) Each Bank shall establish
and maintain an effective internal control system that addresses:
(i) The efficiency and effectiveness of Bank activities;
(ii) The safeguarding of Bank assets;
(iii) The reliability, completeness and timely reporting of
financial and management information and transparency of such
information to the Bank's board of directors and to the Finance Board;
and
(iv) Compliance with applicable laws, regulations, policies,
supervisory determinations and directives of the Bank's board of
directors and senior management.
(2) Ongoing internal control activities necessary to maintain the
internal control system required under paragraph (a)(1) of this section
shall include, but are not limited to:
(i) Top level reviews by the Bank's board of directors and senior
management, including review of financial presentations and performance
reports;
(ii) Activity controls, including review of standard performance
and exception reports by department-level management on an appropriate
periodic basis;
(iii) Physical and procedural controls to safeguard, and prevent
the unauthorized use of, assets;
(iv) Monitoring for compliance with the risk tolerance limits set
forth in the Bank's risk management policy;
(v) Any required approvals and authorizations for specific
activities; and
(vi) Any required verifications and reconciliations for specific
activities.
(b) Internal control responsibilities of Banks' boards of
directors. Each Bank's board of directors shall ensure that the
internal control system required under paragraph (a)(1) of this section
is established and maintained, and shall oversee senior management's
implementation of such a system on an ongoing basis, by:
(1) Conducting periodic discussions with senior management
regarding the effectiveness of the internal control system;
(2) Ensuring that an effective and comprehensive internal audit of
the internal control system is performed annually;
(3) Requiring that internal control deficiencies be reported to the
Bank's board of directors in a timely manner and that such deficiencies
are addressed promptly;
(4) Conducting a timely review of evaluations of the effectiveness
of the internal control system made by internal auditors, external
auditors and Finance Board examiners;
(5) Directing senior management to address promptly and effectively
recommendations and concerns expressed by internal auditors, external
auditors and Finance Board examiners regarding weaknesses in the
internal control system;
(6) Reporting any internal control deficiencies found, and the
corrective action taken, to the Finance Board in a timely manner;
(7) Establishing, documenting and communicating an organizational
structure that clearly shows lines of authority within the Bank,
provides for effective communication throughout the Bank, and ensures
that there are no gaps in the lines of authority;
(8) Reviewing all delegations of authority to specific personnel or
committees and requiring that such delegations state the extent of the
authority and responsibilities delegated; and
(9) Establishing reporting requirements, including specifying the
nature and frequency of reports it receives.
(c) Internal control responsibilities of Banks' senior management.
Each Bank's senior management shall be responsible for carrying out the
directives of the Bank's board of directors, including the
establishment, implementation and maintenance of the internal control
system required under paragraph (a)(1) of this section, by:
[[Page 90]]
(1) Establishing, implementing and effectively communicating to
Bank personnel policies and procedures that are adequate to ensure that
internal control activities necessary to maintain an effective internal
control system, including the activities enumerated in paragraph (a)(2)
of this section, are an integral part of the daily functions of all
Bank personnel;
(2) Ensuring that all Bank personnel fully understand and comply
with all policies, procedures and legal requirements;
(3) Ensuring that there is appropriate segregation of duties among
Bank personnel and that personnel are not assigned conflicting
responsibilities;
(4) Establishing effective paths of communication upward, downward
and across the organization in order to ensure that Bank personnel
receive necessary and appropriate information, including:
(i) Information relating to the operational policies and procedures
of the Bank;
(ii) Information relating to the actual operational performance of
the Bank;
(iii) Adequate and comprehensive internal financial, operational
and compliance data; and
(iv) External market information about events and conditions that
are relevant to decision making;
(5) Developing and implementing procedures that translate the major
business strategies and policies established by the Bank's board of
directors into operating standards;
(6) Ensuring adherence to the lines of authority and responsibility
established by the Bank's board of directors;
(7) Overseeing the implementation and maintenance of management
information and other systems;
(8) Establishing and implementing an effective system to track
internal control weaknesses and the actions taken to correct them; and
(9) Monitoring and reporting to the Bank's board of directors the
effectiveness of the internal control system on an ongoing basis.
Sec. 917.5 Audit committees.
(a) Establishment. The board of directors of each Bank shall
establish an audit committee, consistent with the requirements set
forth in this section.
(b) Composition. (1) The audit committee shall comprise five or
more persons drawn from the Bank's board of directors, each of whom
shall meet the criteria of independence set forth in paragraph (c) of
this section.
(2) The audit committee shall include a balance of representatives
of:
(i) Community financial institutions and other members; and
(ii) Appointive and elective directors of the Bank.
(3) The terms of audit committee members shall be appropriately
staggered so as to provide for continuity of service.
(4) At least one member of the audit committee shall have extensive
accounting or related financial management experience.
(c) Independence. Any member of the Bank's board of directors shall
be considered to be sufficiently independent to serve as a member of
the audit committee if that director does not have a disqualifying
relationship with the Bank or its management that would interfere with
the exercise of that director's independent judgment. Such
disqualifying relationships include, but are not limited to:
(1) Being employed by the Bank in the current year or any of the
past five years;
(2) Accepting any compensation from the Bank other than
compensation for service as a board director;
(3) Serving or having served in any of the past five years as a
consultant, advisor, promoter, underwriter, or legal counsel of or to
the Bank; or
(4) Being an immediate family member of an individual who is, or
has been in any of the past five years, employed by the Bank.
(d) Charter. (1) The audit committee of each Bank shall adopt, and
the Bank's board of directors shall approve, a formal written charter
that specifies the scope of the audit committee's powers and
responsibilities, as well as the audit committee's structure, processes
and membership requirements.
(2) The audit committee and the board of directors of each Bank
shall:
(i) Review, assess the adequacy of and, where appropriate, amend
the Bank's audit committee charter on an annual basis;
(ii) Amend the audit committee charter as appropriate; and
(iii) Re-adopt and re-approve, respectively, the Bank's audit
committee charter not less often than every three years.
(3) Each Bank's audit committee charter shall:
(i) Provide that the audit committee has the responsibility to
select, evaluate and, where appropriate, replace the internal auditor
and that the internal auditor may be removed only with the approval of
the audit committee;
(ii) Provide that the internal auditor shall report directly to the
audit committee on substantive matters and that the internal auditor is
ultimately accountable to the audit committee and board of directors;
and
(iii) Provide that both the internal auditor and the external
auditor shall have unrestricted access to the audit committee without
the need for any prior management knowledge or approval.
(e) Duties. Each Bank's audit committee shall have the duty to:
(1) Direct senior management to maintain the reliability and
integrity of the accounting policies and financial reporting and
disclosure practices of the Bank;
(2) Review the basis for the Bank's financial statements and the
external auditor's opinion rendered with respect to such financial
statements (including the nature and extent of any significant changes
in accounting principles or the application therein) and ensure that
policies are in place to achieve disclosure and transparency regarding
the Bank's true financial performance and governance practices;
(3) Oversee the internal audit function by:
(i) Reviewing the scope of audit services required, significant
accounting policies, significant risks and exposures, audit activities
and audit findings;
(ii) Assessing the performance and determining the compensation of
the internal auditor; and
(iii) Reviewing and approving the internal auditor's work plan;
(4) Oversee the external audit function by:
(i) Approving the external auditor's annual engagement letter;
(ii) Reviewing the performance of the external auditor; and
(iii) Making recommendations to the Bank's board of directors
regarding the appointment, renewal, or termination of the external
auditor;
(5) Provide an independent, direct channel of communication between
the Bank's board of directors and the internal and external auditors;
(6) Conduct or authorize investigations into any matters within the
audit committee's scope of responsibilities;
(7) Ensure that senior management has established and is
maintaining an adequate internal control system within the Bank by:
(i) Reviewing the Bank's internal control system and the resolution
of identified material weaknesses and reportable conditions in the
internal control system, including the prevention or detection of
management override or compromise of the internal control system; and
(ii) Reviewing the programs and policies of the Bank designed to
ensure compliance with applicable laws, regulations and policies and
monitoring the results of these compliance efforts;
[[Page 91]]
(8) Reviewing the policies and procedures established by senior
management to assess and monitor implementation of with the Bank's
strategic business plan and the operating goals and objectives
contained therein; and (9) Report periodically its findings to the
Bank's board of directors.
(f) Meetings. The audit committee shall prepare written minutes of
each audit committee meeting.
Sec. 917.6 Budget preparation and reporting requirements.
(a) Adoption of budgets. Each Bank's board of directors shall be
responsible for the adoption of an annual operating expense budget and
a capital expenditures budget for the Bank, and any subsequent
amendments thereto, consistent with the requirements of the Act, this
section, other regulations and policies of the Finance Board, and with
the Bank's responsibility to protect both its members and the public
interest by keeping its costs to an efficient and effective minimum.
(b) No delegation of budget authority. A Bank's board of directors
may not delegate the authority to approve the Bank's annual budgets, or
any subsequent amendments thereto, to Bank officers or other Bank
employees.
(c) Interest rate scenario. A Bank's annual budgets shall be
prepared based upon an interest rate scenario as determined by the
Bank.
(d) Board approval for deviations. A Bank may not exceed its total
annual operating expense budget or its total annual capital
expenditures budget without prior approval by the Bank's board of
directors of an amendment to such budget.
Sec. 917.7 Dividends.
A Bank's board of directors may declare and pay a dividend only
from previously retained earnings or current net earnings and only if
such payment will not result in a projected impairment of the par value
of the capital stock of the Bank. Dividends on such capital stock shall
be computed without preference.
Sec. 917.8 Bank bylaws.
A Bank's board of directors shall have in effect at all times
bylaws governing the manner in which the Bank administers its affairs
and such bylaws shall be consistent with applicable laws and
regulations as administered by the Finance Board.
Sec. 917.9 Mission of the Banks; Strategic business plan.
(a) Mission of the Banks. The mission of the Banks is to provide to
its members and associates financial products and services, including
but not limited to advances, that assist and enhance such members' and
associates' financing of:
(1) Housing, including single-family and multi-family housing
serving consumers at all income levels; and
(2) Community lending.
(b) Adoption of strategic business plan. Beginning 90 days after
the effective date of this section, each Bank's board of directors
shall have in effect at all times a strategic business plan that
describes how the business activities of the Bank will achieve the
mission of the Bank as set forth in paragraph (a) of this section.
Specifically, each Bank's strategic business plan shall:
(1) Enumerate those business activities of the Bank that the board
of directors has determined are consistent with the mission of the
Banks as set forth in paragraph (a) of this section and the reasons
that those activities are so designated, including how such activities
assist and enhance members' and associates' business and further the
cooperative nature of the Bank System;
(2) Enumerate operating goals and objectives for each major
business activity and for all new business activities and the
strategies for meeting such goals and objectives;
(3) Describe any proposed new business activities or enhancements
of existing activities; and
(4) Be supported by appropriate and timely research and analysis of
relevant market developments and member and associate demand for Bank
products and services.
(c) Review and monitoring. Each Bank's board of directors shall:
(1) Review the Bank's strategic business plan at least annually;
(2) Amend the strategic business plan as appropriate;
(3) Re-adopt the Bank's strategic business plan, including interim
amendments, not less often than every three years; and
(4) Establish management reporting requirements and monitor
implementation of the strategic business plan and the operating goals
and objectives contained therein.
Dated: December 14, 1999.
By the Board of Directors of the Federal Housing Finance Board.
Bruce A. Morrison,
Chairman.
[FR Doc. 99-34037 Filed 12-30-99; 8:45 am]
BILLING CODE 6725-01-P