AGENCY:

Farm Credit Administration.

ACTION:

Final rule.

SUMMARY:

The Farm Credit Administration (FCA, we, or our) issues this final rule to establish a regulatory framework for the reliable, timely, accurate, and complete reporting of Farm Credit System (System) accounts and exposures for examination activities and risk evaluation. The final rule specifies the reporting requirements and performance responsibilities, including, but not limited to, establishing uniform and standard data fields to be collected from all System institutions and a disciplined and secure delivery of information. The final rule authorizes a Reporting Entity (defined as the Federal Farm Credit Banks Funding Corporation (Funding Corporation) or an entity approved by FCA), to collect data from all banks and associations and serve as the central data repository manager. Additionally, the final rule requires all banks and associations to provide data to the Reporting Entity to facilitate the collection, enhancement, and reporting of data to FCA.

DATES:

Effective Date: This regulation will become effective 30 days after publication in the Federal Register during which either or both Houses of Congress are in session. We will publish a notice of effective date in the Federal Register.

Compliance Date: All provisions of this regulation require compliance on the effective date, except the Reporting Entity's requirements under § 621.15(b)(1) through (b)(6). We are delaying compliance with these requirements to allow for the development of and transition to the System's central data repository. We will publish the compliance date for these requirements in the Federal Register.

FOR FURTHER INFORMATION CONTACT:

Susan Coleman, Senior Policy Analyst, Office of Regulatory Policy, Farm Credit Administration, McLean, VA 22102-5090, (703) 883-4491, TTY (703) 883-4056, or

Jane Virga, Senior Counsel, Office of General Counsel, Farm Credit Administration, McLean, VA 22102-5090, (703) 883-4020, TTY (703) 883-4056.

SUPPLEMENTARY INFORMATION:

I. Objectives

The objectives of this final rule are to:

• Reaffirm FCA's authority to collect data on System institution accounts and exposures for examination activities and risk evaluation;
• Require all banks and associations to provide data on accounts and exposures to the Reporting Entity, for the purposes of reporting to FCA; and
• Establish the authority for and responsibilities of the Reporting Entity to collect, store, manage, and extrapolate data on accounts and exposures for reporting to FCA.

II. Background

The Farm Credit Act of 1971, as amended (Act),^[1] in pertinent part, confers authority on FCA to examine and supervise the institutions of the System and authorizes FCA to issue regulations implementing the Act's provisions.^[2] Our regulations, including this final rule, are intended to ensure the safe and sound operations of System institutions. In order to meet FCA's responsibility to ensure the safety and soundness of System institutions, we must have reliable, timely, accurate, and complete information about each banks' and associations' assets and liabilities.

Section 4.12(b)(5) of the Act confirms FCA's authority to request information from a System institution for examination and supervision and the concurrent obligation of a System institution to provide FCA with access to the records of the System institution. This statute makes it clear that FCA must have access to all records of a System institution and provides that concealment or refusal to provide access to such records is the basis for the appointment of a receiver or conservator.

In addition to that statutory authority, another section of the Act provides authority to FCA to require the production of System institution records. Section 5.9(4) of the Act provides FCA the power to require such reports as it deems necessary from System institutions.^[3] Additionally, section 5.22A of the Act and § 621.12(a) of FCA regulations require each System institution to prepare and file such reports of condition and performance as may be required by FCA. Further clarification is provided in § 621.12(b) of FCA regulations, which states that these reports of condition and performance must be filed four times a year and may include such additional reports as may be necessary to ensure timely, complete, and accurate monitoring and evaluation of the affairs, condition, and performance of System institutions as determined by the Chief Examiner. In addition, § 621.12(c) of FCA regulations requires all reports of condition and performance to be submitted electronically in accordance with the instructions prescribed by FCA.

For over a decade, FCA has collected detailed asset reports through loan data extracts from System institutions to facilitate examination activities and risk evaluation, and shared this data with the Farm Credit System Insurance Corporation (FCSIC) on a confidential basis subject to an interagency agreement. The need for consistent, comprehensive, and comparable data across all System institutions has evolved, as the complexity and volume of assets has increased. The availability of quality and timely data on accounts and exposures, including any loan, lease, letter of credit, derivative, or, any other asset, liability, other balance sheet account, or off-balance-sheet exposure, has become critical to efficient and effective examination activities and risk evaluation. Accordingly, we continue to Start Printed Page 77558work with the System to collect more comprehensive data submissions and enhance the reporting to facilitate the evaluation of changing lending risks and conditions.

An integral component of FCA's and FCSIC's ability to quickly and accurately identify and respond to risk is the collection of data on, and identification of, shared assets. Shared assets are any account or exposure where two or more System institutions have assumed a portion of the asset's benefits or risks. On October 3, 2012, the FCA Board approved Bookletter BL-065, which describes FCA's expectations that each System institution and its board of directors establish and implement an automated mechanism to consistently identify shared asset exposures. Bookletter BL-065 continues to contain pertinent guidance for System institutions. After the central data repository is completed by the Reporting Entity, including the implementation of an automated mechanism to accurately identify the System's shared asset exposures, FCA will evaluate whether to rescind Bookletter BL-065.

In addition to other objectives, and in order to facilitate the identification of shared asset exposures and enable System risk assessment, System banks and associations are working with the Funding Corporation to create a central data repository to collect and store data from all System banks and associations, establish an automated mechanism to timely and accurately identify the System's shared asset exposures, and report Systemwide accounts and exposures on behalf of the System banks and associations to FCA. The Funding Corporation, in coordination with the banks and associations, is in the process of developing and deploying the central data repository and plans to assume the role of the Reporting Entity for the banks' and associations' reports of accounts and exposures by yearend 2014.

We believe the final rule provides a uniform system and process for the reporting of accounts and exposures. The final rule reaffirms FCA's authority to collect data from the System and communicates the authority for, and responsibilities of, the Reporting Entity to collect data on behalf of the System banks and associations for delivery to FCA. The final rule also confirms FCA's authority to share examination reports or other information on System institutions prepared or held by FCA with FCSIC, subject to appropriate security and controls.

The final rule requires the banks, associations, and Reporting Entity to establish a system of internal controls over the data. Additionally, the banks and associations must establish a data governance structure with the Reporting Entity to document the responsibilities and accountabilities for the conveyance, storage, and uses of the information stored in the central data repository. This data governance structure should establish agreement among the banks, associations, and Reporting Entity and must be in place prior to the first transfer of data to the Reporting Entity.

During the System's data repository development phase, the banks and associations will continue to prepare and submit the reports of accounts and exposures to FCA in accordance with the instructions prescribed by FCA under § 621.15(a) of this final rule. Upon satisfactory demonstration by the Reporting Entity of the ability to prepare reliable, timely, complete and accurate reporting of accounts and exposures, FCA will accept report(s) of all banks' and associations' accounts and exposures from the Reporting Entity, acting on behalf of the banks and associations. FCA will establish a delayed compliance date for the Reporting Entity's responsibilities under § 621.15(b)(1) through (b)(6) during the data repository development phase.

FCA understands that the development of the central data repository is a necessary precursor to the automated identification and reporting of shared exposures. However, FCA expects timely implementation of the System's mechanism to identify shared asset exposures as required in § 621.15(b)(3) once the data repository is complete. Since the identification of shared asset and customer exposures at the System level through an automated mechanism is not yet implemented, we will establish a delayed compliance date as previously discussed.

The System's ultimate success of implementing a process for reporting shared exposures is dependent upon the cooperation and collaboration of the banks, associations, and Reporting Entity. We also understand that identification, management, and control of shared assets will primarily rest at the bank and association level and will be reported by the banks and associations in their quarterly reports. However, the responsibility of accumulating the shared assets to the shared customer level will primarily rest with the Reporting Entity. As such, the Reporting Entity is not only a conduit to submit the banks and associations reports of accounts and exposures, but is also necessary to establish and report accurate System shared exposures. Due to this interdependency, we expect continual and thorough collaboration and cooperation to ensure the mechanism to identify shared exposures is timely, accurate and complete. The data dictionary and instructions will specify the various components of the shared asset identifiers such as the shared asset number, the shared customer number and the System customer lead. FCA will continue to collaborate with the System on the specifics for identifying shared exposures through the data dictionary and instructions published on the FCA Web site.

The final regulation requires the Reporting Entity to notify FCA immediately in writing of the following events: (1) If there is a breach of information; (2) if there is a request for data from the reports of accounts and exposures from non-System entities; or, (3) if it is unable to prepare and submit the report(s) of accounts and exposures in compliance with the regulation. Additionally, in the event of a breach of information, the Reporting Entity must provide immediate written notice of the breach to each bank and association concerned.

The Reporting Entity may request that the banks and associations appoint a replacement Reporting Entity to assume the authorities and reporting obligations of the Reporting Entity. Additionally, the banks and associations at their discretion, and with the approval of the FCA, may elect to select a replacement Reporting Entity to assume the authorities and reporting obligations of the Reporting Entity.

The proposed rule, which was published for public comment for 30 days, generated five comment letters, four of which were generally supportive. One comment letter opposed the proposed regulation in its entirety. After considering the comments, we now finalize the proposed provisions as discussed below.

III. Discussion of Comment Letters and Section-by-Section Analysis of Final Rule

The five comment letters we received came from one Farm Credit Bank (AgriBank, FCB); three System agricultural credit associations (Farm Credit East, ACA, Greenstone Farm Credit Services, ACA, and River Valley AgCredit, ACA); and the Farm Credit Council (Council) acting on behalf of its membership. These letters contained a number of constructive comments that resulted in changes to a number of provisions in the proposed rule. Start Printed Page 77559

General Issues

Four commenters support our efforts to set up a regulatory framework, but ask that we continue to cooperate with System institutions regarding changes to data submission requirements so that an appropriate balance remains between the need to evaluate changing lending risks and the cost of regulatory burden to the System. The concept of a central data repository has been a collaborative and cooperative approach between the System and FCA to ensure all parties' needs are adequately met and addressed. We intend to continue to collaborate and to provide the banks, associations, and Reporting Entity with ample opportunity to provide input on any anticipated changes to the data submission requirements or instructions. In our response below to comments on certain provisions of the proposed rule, we have made some changes to further clarify our intended process for changes to data submission requirements and to limit the regulatory burden on the System.

The commenter that opposed the rule in its entirety was concerned with sending confidential borrower information to the Reporting Entity. We understand and share this concern and believe we have included requirements in the regulation to address it. Specifically, the final rule requires the Reporting Entity to develop and implement an effective system of internal controls over the central data repository to ensure the confidentiality of borrower information. In addition, we expect the banks and associations to establish a data governance structure that documents agreement among the banks, associations, and Reporting Entity on the responsibilities and accountabilities for information stored in the central data repository. Finally, we also require the immediate reporting of any breach of information to FCA and each bank and association concerned.

This commenter is also concerned with the increased cost due to the regulation. We believe that the availability of quality and timely data on accounts and exposures is paramount to efficient and effective examination activities and risk evaluation, as well as the System's own risk-management practices. We believe that establishing a central data repository, including an automated mechanism to accurately identify shared asset exposures, is a prudent expense that provides both FCA and the System (including this commenter) with the ability to timely evaluate risks and conditions, and respond appropriately.

1. Authority To Promulgate the Regulation

FCA cited section 5.22A of the Act as the basis to require a System institution to submit loan data. A commenter questioned whether section 5.22A was the proper authority to promulgate this regulation. Although the commenter acknowledged FCA's inherent authority to access System institution accounts and exposure data for examination activities and support the overall process outlined in the proposed regulation, the commenter was concerned that we cited an incorrect authority for the collection of the data.

The commenter stated that the proposed rule provides a consolidated and efficient approach for submitting data from the System to FCA. However, the commenter stated that it is a “stretch” to call the submission of loan and other similar data at the record level a uniform financial report as contemplated in section 5.22A of the Act. The commenter asserts that financial reporting means balance sheet, income statements, and related supporting schedules, even though FCA has the authority to interpret the statute.

Section 5.22A of the Act requires System institutions to comply with FCA's uniform financial reporting instructions. Section 5.22A was cited in Bookletter BL-065, which was the genesis for the proposed regulation. The Bookletter provides FCA's expectations for System institutions to establish and implement an automated mechanism to identify and report shared asset exposures. Section 5.22A of the Act provides, in pertinent part, that each System institution shall comply with uniform financial reporting instructions required by the Farm Credit Administration to standardize and facilitate the reporting of System data.

The commenter suggests section 4.12(b)(5) of the Act as authority for the regulation. Although we continue to believe that section 5.22A of the Act authorizes the regulation, we have included section 4.12(b)(5) as additional authority. Section 4.12(b)(5) of the Act provides that the FCA Board may appoint a conservator or receiver for any System institution that does not provide FCA with access to the “books, papers, records, or assets of the institution.

Including this additional authority source should provide the balance that the commenter desired and reassurance concerning the types of information retained by System institutions. Also, as a technical matter, we added section 5.22A of the Act as authority for this regulation. We had included a discussion of this section in the preamble to the proposed rule but inadvertently omitted it from the authority citations.

2. Notice and Comment on Instructions

The proposed regulation provides that the banks and associations submit the reports of accounts and exposures in accordance with the instructions provided by FCA. The Council recommended that the rule be revised to provide for notice and comment when FCA changes any of its instructions on the reports of accounts and exposures. The Council asserts that the Administrative Procedure Act, 5 U.S.C. 553 (APA), requires that new instructions be subject to the notice and comment requirements. Another commenter asserted that the open-ended nature of the information collection process in the instructions is inappropriate in that it lacks balance and could be burdensome. As discussed below, we believe that the APA does not require notice and comment on the instructions for the submission of the accounts and exposure data and that the instructions will be appropriate.

The APA establishes, in pertinent part, that an agency must publish a proposed rule for notice and comment. By definition, a rule is an agency statement of general or particular applicability. A rule does not include an agency's “housekeeping provisions.”

We do not believe that the instructions for the submission of accounts and exposures data are a regulation. The instructions are not an agency statement of general or particular applicability. Rather, we believe that the instructions are procedural on their face and do not change substantive standards for the submission of the data by the System institutions. The instructions do not alter the rights or interests of the System institutions, although the instructions may alter the information and how it is provided to FCA. A procedural rule does not become a substantive one for notice and comment purposes simply because it arguably imposes a “burden” on the System.

We do, however, intend to continue to engage in comprehensive collaboration and communication with the banks, associations, and Reporting Entity. We will provide all parties with sufficient time to review any proposed changes to the data dictionary and instructions and respond to us with any concerns, including the appropriateness of the data requirements and any burden.

In the future, FCA may amend the instructions, including the data dictionary, as the System and FCA continue to assess data needs. FCA intends to initiate an annual Start Printed Page 77560collaborative review of the data dictionary and corresponding instructions and provide any details on recommended changes to all parties in order to receive their comments and input prior to initiating any changes. This will ensure the System has the opportunity to provide adequate input to changes in the data submission requirements and in developing instructions on System data collection and storage. FCA plans to inform System institutions of proposed changes to the instructions and allow System institutions ample time to respond to any changes on the content of information to be provided or on the appropriate method of delivering information to the Reporting Entity or FCA. We believe that this process provides adequate balance to ensure that the information collected is appropriate for examination activities and risk analysis. However, exigent circumstances could mandate more frequent changes to the instructions, with or without System input.

The process we have discussed is consistent with the existing process for issuing instructions for providing “Uniform Call Reports.” We continue to believe, as first stated in Bookletter BL-065 that “[c]ollaboration by the System will improve the mechanisms and disciplines necessary to effectively assess and report shared-asset risks in a timely, complete and accurate manner.” We have confidence that this approach balances the needs of FCA to collect uniform and standardized data for examination and risk analysis with the needs of System institutions to collect the data needed and used for business or risk management purposes. Additionally, to clarify an additional comment on this topic, FCA's instructions on the data submission requirements apply uniformly to all banks and associations.

3. Effective Date

Several of the commenters requested that we carefully consider the effective date of this regulation to ensure the System institutions have sufficient time to comply with the requirements. This regulation will become effective 30 days after publication in the Federal Register during which either or both Houses of Congress are in session. FCA will establish a delayed compliance date for the Reporting Entity's requirements under § 621.15(b)(1) through (b)(6) of the rule to allow for the development of and transition to the System's central data repository. Accordingly, the compliance date for § 621.15(b)(1) through (b)(6) requirements will be published separately in the Federal Register. All other sections and requirements of the regulation require compliance on the effective date of the regulation.

As discussed in the preamble, we expect the banks and associations to continue preparing and submitting the reports of accounts and exposures to FCA under the current established data dictionary and instructions prescribed by FCA. This current submission of data will continue until such time as the Reporting Entity completes the development and implementation of the central data repository and satisfactorily demonstrates the ability to prepare and deliver to FCA reliable, timely, complete and accurate reporting of accounts and exposures, including the identification of shared asset exposures. When this occurs, FCA will accept report(s) of all banks' and associations' accounts and exposures from the Reporting Entity, acting on behalf of the banks and associations. FCA understands that the identification of shared asset and customer exposures at the System level is not yet implemented and therefore, as stated previously, a delayed compliance date will be established for these requirements of the rule.

Specific Issues

1. Sharing Data on Third-Party Systems or With Contractors [new § 602.2(c)]

The proposed rule would establish a confidentiality and data security agreement requirement between FCA and FCSIC when accounts and exposures data is shared between the two agencies.^[4]

The Council and another commenter stated they were extremely concerned over: (1) The security of FCA or FCSIC storing accounts and exposures data on third-party systems; and (2) FCSIC providing the data to third-party contractors or vendors. They recommended we update the regulatory language to ensure that FCSIC cannot release the data to a vendor or any other third party and that the data must remain on FCA or FCSIC systems at all times.

We understand and share the commenters' concerns with data security. However, we believe that the § 602.2(c) requirement for a confidentiality and data security agreement between FCA and FCSIC adequately ensures the integrity, confidentiality, and security of the data. Safeguarding borrower information is of paramount importance to the System and FCA.

As to the comment concerning providing access to contractors, the interagency agreement between FCA and FCSIC governs and protects borrower data in any form and includes restrictions on sharing the data with contractors. These safeguards are appropriate for this type of data and provide FCA and FCISC the necessary access to the information while protecting it from unauthorized access and use. We also note that pursuant to Federal statute, FCA does not waive any privilege by sharing information with FCSIC. See 12 U.S.C. 1821(t).

2. Bank and Association Certification Requirement [new § 621.15(a)(2)]

The proposed rule would require each bank and association to provide a written certification that the data submitted “has been prepared in accordance with all applicable regulations and instructions, and is a true and accurate record of the data maintained in the bank's or association's database, to the best of its knowledge and belief.”

The Council and other commenters suggested revising the certification requirement of the banks and associations to avoid the possible interpretation that FCA is prescribing what data a System institution maintains in its database. The Council asked for clarification that the term “complete” apply only to data that a bank and association has available electronically. In addition, one commenter stated that they are unable to certify that all of the actual information in their records, regarding any particular borrower, is fully accurate at any point in time because it is borrower provided.

In order to address these concerns, we have modified the language in the final rule as requested to require that System institutions certify that their submissions are a “true and accurate record of the data maintained by the bank or association, to the best of its knowledge and belief.” Furthermore, we intended that each bank's and association's certification apply to the data submitted in its report(s) of Start Printed Page 77561accounts and exposures and available in its databases.

3. Reporting Entity Certification Requirement [new § 621.15(b)(4)]

The proposed rule provides, in pertinent part, that the Reporting Entity must certify “that the information provided in the report of each bank's and association's accounts and exposures has been prepared in accordance with all applicable regulations and instructions and accurately represents the information provided to it by the banks and associations.”

The Council suggested revising the Reporting Entity's certification requirement. It believes the certification by the banks and associations is sufficient to ensure that the information in the report complies with the instructions.

While we agree that the Reporting Entity does not need to certify that the banks and associations have complied with the instructions, the Reporting Entity is responsible for certifying its compliance with the instructions, particularly as they relate to the establishment and implementation of an automated mechanism to identify shared asset exposures. To address these comments, we have modified the language in the final rule to clarify that the Reporting Entity needs to certify that the report accurately represents the information provided to it by the banks and associations and that the Reporting Entity has complied with the requirements of § 621.15(b).

4. Reporting Entity Notification if Unable To Prepare and Submit Report [new § 621.15(b)(6)]

The proposed rule provides, in pertinent part, that the Reporting Entity must “[n]otify the Farm Credit Administration if it is unable to prepare and submit the quarterly report of accounts and exposures in compliance with the requirements of this section.”

The Council requests that this provision be deleted. It believes that it is inappropriate to require the Reporting Entity to notify FCA when an individual institution fails to comply with the data submission requirements.

FCA did not intend to hold the Reporting Entity responsible for notifying FCA of institution compliance or noncompliance with reporting responsibilities. Rather, FCA wants to be notified if the Reporting Entity is unable to submit the quarterly report to FCA for any reason, such as technical difficulties or if the accounts and exposures report to FCA from the Reporting Entity does not contain all banks' and associations' reports. In order to address the Council's concern, we have modified the language in the final rule to clarify that the Reporting Entity needs to notify FCA if it is unable to submit the quarterly report in compliance with the Reporting Entity's responsibilities as set forth in § 621.15(b)(1) through (b)(3).

5. Information Breach [new § 621.15(b)(7)]

The proposed rule provides, in pertinent part, that the Reporting Entity would be required to immediately notify FCA and each concerned bank and association if there is a breach of information. Each bank and association would then determine whether any notice of the breach to any of its borrowers was required under applicable laws and regulations. The bank and association would be responsible for providing such notification to its borrowers. We defined “breach of information” to mean “unauthorized acquisition of or access to the central data repository, any quarterly reports of accounts and exposures or any other information received pursuant to § 621.15(a)(1).”

Commenters raised several issues regarding these proposed requirements. They were concerned with the Reporting Entity providing written notice “immediately ” to FCA and each bank and association concerned, if there is an information breach. Commenters asked that the term “immediately” be revised to allow a greater time to report, such as 3 business days. Also, commenters requested that we delete the language in § 621.15(b)(7)(ii) that the concerned bank and association determine whether any notice of the breach to any of its borrowers is required under applicable laws and regulations and, if so, that they are responsible for providing such notification. Commenters believe the language is not needed because the banks and associations are already required to comply with applicable laws and regulations. The commenters also requested that FCA clarify that the definition of “breach” refers only to situations in which data has been actually accessed by an unauthorized person.

FCA does not believe it appropriate to allow more time to report a security breach. FCA continues to believe that the report must be made “immediately” because the extreme sensitivity of the data maintained in the central data repository makes it urgent to communicate an information breach. The term “immediately” in this context means without delay or at once. As to the deletion of the language in § 621.15(b)(7)(ii), we agree with the comment and have not included the specific language in this provision of the final rule. As noted in the proposed rule, the Reporting Entity is only responsible for notifying FCA and the bank and association concerned of any information breach. The bank or association concerned must comply with applicable laws and regulations regarding information security and should consider and follow best practices.

Finally, in order to address the concern about the definition of “breach,” we have modified § 621.15(b)(7)(iii). In doing so, we do not believe “breach” should be limited to the occasion where data has actually been accessed by an unauthorized person. Instead, the modified definition is intended to capture attempts by unauthorized persons to access data and unauthorized possession of data.

IV. Regulatory Flexibility Act

Pursuant to section 605(b) of the Regulatory Flexibility Act (5 U.S.C. 601 et seq.), FCA hereby certifies that the final rule would not have a significant economic impact on a substantial number of small entities. Each of the banks in the Farm Credit System, considered together with its affiliated associations, has assets and annual income in excess of the amounts that would qualify them as small entities. Therefore, Farm Credit System institutions are not “small entities” as defined in the Regulatory Flexibility Act.

List of Subjects

12 CFR Part 602

• Courts
• Freedom of information
• Government employees

12 CFR Part 618

• Agriculture
• Archives and records
• Banks, banking
• Insurance
• Reporting and recordkeeping requirements
• Rural areas
• Technical assistance

12 CFR Part 621

• Accounting
• Agriculture
• Banks, banking
• Penalties
• Reporting and recordkeeping requirements
• Rural areas

For the reasons stated in the preamble, parts 602, 618 and 621 of chapter VI, title 12 of the Code of Federal Regulations, are amended as follows:

PART 602—RELEASING INFORMATION

1. The authority citation for part 602 is revised to read as follows:

Authority: Secs. 5.9, 5.17, 5.59 of the Farm Credit Act (12 U.S.C. 2243, 2252, 2277a-8); 5 U.S.C 301, 552; 12 U.S.C. 1821(t); 52 FR 10012; E.O. 12600; 52 FR 23781, 3 CFR 1987, p. 235.

2. Section 602.2 is amended by:

a. Revising the heading;

b. Redesignating existing paragraph (c) as paragraph (d); and

c. Adding new paragraph (c) to read as follows:

PART 618—GENERAL PROVISIONS

3. The authority citation for part 618 continues to read as follows:

Authority: Secs. 1.5, 1.11, 1.12, 2.2, 2.4, 2.5, 2.12, 3.1, 3.7, 4.12, 4.13A, 4.25, 4.29, 5.9, 5.10, 5.17, of the Farm Credit Act (12 U.S.C. 2013, 2019, 2020, 2073, 2075, 2076, 2093, 2122, 2128, 2183, 2200, 2211, 2218, 2243, 2244, 2252.

4. Section 618.8300 is amended by removing the words “as authorized in the following paragraphs” and adding in their place, the words “as authorized by Farm Credit Administration regulations (§§ 618.8300 through 618.8330)”.

5. Section 618.8310 is amended by adding a new paragraph (c) to read as follows:

6. Section 618.8320 is amended by adding a new paragraph (b)(10) to read as follows:

PART 621—ACCOUNTING AND REPORTING REQUIREMENTS

7. The authority citation for part 621 is revised to read as follows:

Authority: Secs. 4.12(b)(5), 5.17, 5.22A, 8.11 of the Farm Credit Act (12 U.S.C. 2183, 2252, 2257a, 2279aa-11); sec. 514 of Pub. L. 102-552.

8. Section 621.2 is amended by:

a. Redesignating paragraph (a) as paragraph (b), paragraph (b) as paragraph (d), and paragraphs (c) through (i) as paragraphs (f) through (l), respectively; and

b. Adding new paragraphs (a), (c), (e), (m) and (n) to read as follows:

9. Revise the heading of subpart D to read as follows:

Subpart D--Reports of Condition and Performance and Accounts and Exposures

10. Section 621.12 is amended by revising the heading to read as follows:

11. Add a new § 621.15 to subpart D to read as follows:

Footnotes