This PDF is the current document as it appeared on Public Inspection on 11/18/2015 at 08:45 am.
Federal Housing Finance Board; Federal Housing Finance Agency; Office of Federal Housing Enterprise Oversight.
The Federal Housing Finance Agency (FHFA) is amending its regulations by relocating and consolidating certain regulations of its predecessor agencies—the Federal Housing Finance Board (Finance Board) and Office of Federal Housing Enterprise Oversight (OFHEO)—that pertain to the responsibilities of boards of directors, corporate practices, and corporate governance matters. The OFHEO regulations addressed corporate governance matters at the Federal National Mortgage Association (Fannie Mae) and the Federal Home Loan Mortgage Corporation (Freddie Mac) (collectively, the Enterprises), while the Finance Board regulations addressed the powers and responsibilities of the boards of directors and management of the Federal Home Loan Banks (Banks). The final rule consolidates most of those regulations into a new FHFA regulation, parts of which will apply to both the Banks and the Enterprises (together, regulated entities), and parts of which will apply only to the Banks or only to the Enterprises. Most of the content of the new regulations has been derived from the regulations of the predecessor agencies, with such modifications as are necessary to apply the regulations to all of the regulated entities, to respond to issues raised by the commenters, or to clarify the regulatory text. The final rule Start Printed Page 72328also amends the Prudential Management and Operations Standards (Prudential Standards) provisions by designating certain introductory language—which pertains to the general responsibilities of senior management and boards of directors—as a separate Prudential Standard. The final rule also repeals a provision of the OFHEO regulations that related to minimum safety and soundness requirements for the Enterprises.
The final rule is effective on December 21, 2015.Start Further Info
FOR FURTHER INFORMATION CONTACT:
Amy Bogdon, Associate Director, Division of Federal Home Loan Bank Regulation, at Amy.Bogdon@fhfa.gov or (202) 649-3320, or Neil R. Crowley, Deputy General Counsel, Office of General Counsel, at Neil.Crowley@fhfa.gov or (202) 649-3055 (not toll-free numbers), Federal Housing Finance Agency, Constitution Center, 400 7th Street SW., Washington, DC 20024. The telephone number for the Telecommunications Device for the Hearing Impaired is (800) 877-8339.End Further Info End Preamble Start Supplemental Information
A. Proposed Rule
On January 28, 2014, FHFA published a proposed rule that would relocate, revise, and consolidate into a new FHFA regulation certain of the rules of the predecessor agencies that dealt with corporate practices and governance at the Banks and the Enterprises. The proposed rule was one phase of FHFA's ongoing project to repeal or relocate remaining OFHEO and Finance Board regulations. Both predecessor agencies had regulations addressing director responsibilities, corporate practices, and corporate governance matters. Pursuant to the Housing and Economic Recovery Act of 2008 (HERA), Public Law 110-289, 122 Stat. 2654, those regulations remain in effect until they are superseded by regulations issued by FHFA. See id. at sections 1302, 1312, 122 Stat. 2795, 2798. The intent of the proposed rule was to consolidate certain of those regulations into a new set of FHFA regulations that would address those same matters, and to repeal any predecessor regulations that were not adopted as FHFA regulations. The proposed rule was not intended to address conservatorship matters, but rather to address matters of corporate practice and governance that currently are addressed by OFHEO regulations, to which the Enterprises remain subject. The applicable regulations of the predecessor agencies addressed by this rulemaking currently are located at parts 914, 917, 1710, and 1720 of title 12 of the Code of Federal Regulations. All of the relocated portions of these regulations would be codified as a new part 1239 of the FHFA regulations.
The proposed rule included a number of provisions that would apply to all of the regulated entities because they addressed matters of general applicability, but also included other provisions that would apply only to the Banks or only to the Enterprises because they addressed topics that are unique to the particular type of entity. The substance of most of the provisions of the proposed rule was unchanged from that of the predecessor regulations, except for the provision on risk management, which was new. The proposed rule would also have carried over a Finance Board regulation on regulatory reporting and applied that provision to all of the regulated entities.
In conjunction with the relocation of the predecessor regulations, the proposed rule also would have revised certain provisions of FHFA's Prudential Standards. Specifically, the proposal would have redesignated the introductory section to the Prudential Standards—which recites general concepts of corporate governance and responsibilities of the board of directors and senior management—as a separate standard. Doing so would clarify FHFA's authority to enforce those provisions in the same manner as any of the other ten enumerated standards. Lastly, the proposal would have repealed a provision of the OFHEO regulations, 12 CFR part 1720, which had established certain safety and soundness standards for the Enterprises, because many of the matters addressed by those regulations are also addressed by the Prudential Standards or by the proposed rule.
B. Considerations of Differences Between the Banks and the Enterprises
When promulgating regulations or taking other actions that relate to the Banks, section 1313(f) of the Federal Housing Enterprises Financial Safety and Soundness Act of 1992 (Safety and Soundness Act) requires the Director of FHFA (Director) to consider the differences between the Banks and the Enterprises with respect to the Banks' cooperative ownership structure; mission of providing liquidity to members; affordable housing and community development mission; capital structure; and joint and several liability. 12 U.S.C. 4513(f). In preparing the proposed and final rules, the Director has considered those differences as they relate to the above factors and has determined that none of the statutory factors would be adversely affected by the final rule. None of the comment letters addressed this requirement.
II. Response to Comment Letters
In response to the proposed rule, FHFA received three substantive comment letters, one each from Fannie Mae and Freddie Mac, and a joint letter from the Banks. Each letter generally supported the proposed rule, but also recommended different ways in which FHFA should revise certain aspects of the rule. In response to these recommendations, FHFA has incorporated a number of revisions into the final rule. The following sections of this document describe the issues raised by the commenters, along with FHFA's responses, which are included as part of FHFA's descriptions of the particular provisions of the final rule for which the commenters had suggested revisions. For other provisions of the proposed rule about which the commenters raised no issues, FHFA has adopted them without change.
III. Final Rule
The organizational structure of the final rule is the same as that of the proposed rule, meaning that it includes one subpart for definitions and four subparts for the substantive provisions. Subpart A defines terms used within the final rule. Subpart B includes provisions relating to certain core corporate governance principles and applies to both the Banks and the Enterprises. Subpart C addresses codes of conduct for the entities, risk management, compliance programs, and regulatory reports, and also applies to all regulated entities. Subparts D and E include regulations from the predecessor agencies that address matters specific to the Banks (such as those relating to a Bank's member products policy) or to the Enterprises (such as those relating to the Enterprise boards), respectively. None of these provisions is intended to address conservatorship matters at the Enterprises. Instead, they are intended to address matters of corporate practice and governance for regulated entities that are not in conservatorship by replacing the existing OFHEO regulations on those same topics. The Start Printed Page 72329following paragraphs describe the manner in which each of the subparts of the final rule differs from those of the proposed rule and, as applicable, describes the material issues raised by the commenters and FHFA's responses to them.
B. Subpart A—General
The proposed rule included seventeen defined terms, most of which were derived from the predecessor agencies' regulations and were to be incorporated into the FHFA's regulations without change. The final rule revises one of the proposed definitions, deletes two proposed definitions, and adds one new definition.
The proposed rule would have defined “executive officer” to include the chairperson and vice-chairperson of an Enterprise, along with a number of other specified senior executive positions at any Bank or Enterprise. Both Enterprises commented that defining “executive officer” to include the chairperson and vice-chairperson created a conflict with another provision of the proposed rule, 12 CFR 1239.20(a)(3), which requires the chairperson of an Enterprise to be a person other than the chief executive officer, who also must be independent, as defined by the rules of the New York Stock Exchange (NYSE). The applicable NYSE rule provides that a company's chairperson is not “independent” if the person is, or has been within the past three years, an executive officer of the company. In order to resolve this conflict, FHFA agrees with the commenters and has amended the definition of “executive officer” to delete the references to an Enterprise's chairperson and vice-chairperson.
The proposed rule had used the term “risk profile” in several places within the risk management section of the rule, but did not define that term. In considering how to define that term for the final rule, FHFA determined that a similar term—“risk appetite”—as defined by the Office of the Comptroller of the Currency in its guidelines establishing heightened standards for national banks, better described the concept that FHFA had intended with its use of the term “risk profile” in the proposed rule. Accordingly, the final rule replaces the references to “risk profile” with the new term “risk appetite” and defines that term to mean the aggregate level and types of risk the board of directors and management are willing to assume to achieve the regulated entity's strategic objectives and business plan, consistent with applicable capital, liquidity, and other regulatory requirements.
The final rule deletes the defined term “authorizing statutes” because FHFA has recently defined that term within its general definitions section, at 12 CFR 1201, which definitions apply to all of FHFA's regulations. FHFA has also deleted the definition of the Sarbanes-Oxley Act from the final rule, because that term is only used once within the regulatory text, which now refers to that act by its name, rather than the acronym.
The proposed rule defined credit risk as “the potential that a borrower or counterparty will fail to meet its financial obligations in accordance with agreed terms.” Credit risk is one of the several specified risks that the rule requires a regulated entity's risk management program to address. Freddie Mac contended that the proposed definition was both too broad and too narrow and also suggested that FHFA replace “financial obligations” with “contractual obligations.” Freddie Mac also suggested that FHFA define “credit risk” in terms of an actual failure of a counterparty to perform, i.e., as the risk that the counterparty will fail to perform. FHFA declines to accept either of those suggestions, and notes that its definition is consistent with those of other banking regulators, which also focus on the potential that a borrower or counterparty will fail to meet its obligations. FHFA also believes that using the term “contractual obligations” in the definition would make it overly broad, in that such language would include other types of contractual obligations that may not have any relevance to credit risk.
C. Subpart B—Corporate Practices and Procedures Applicable to All Regulated Entities
Subpart B of the proposed rule included three provisions that addressed certain core principles of corporate practices or governance that were to apply to both the Enterprises and the Banks. Those provisions addressed choice of law for governance and indemnification matters, duties of directors, and committees of the boards of directors. Nearly all of the content of those provisions was derived from the Finance Board or OFHEO regulations.
Choice of Law and Indemnification (1239.3)
Choice of Law
Proposed § 1239.3(a) and (b) generally would have required that a regulated entity's corporate governance and indemnification practices comply with any applicable federal law, but also would have required each regulated entity to designate in its bylaws a body of law to follow with respect to those practices. The proposed rule would have allowed a regulated entity to follow: (1) The law of the jurisdiction in which the entity maintains its principal office; (2) the Delaware General Corporation Law; or (3) the Revised Model Business Corporation Act. This choice of law provision would be new only for the Banks because the OFHEO regulations had previously imposed this requirement on the Enterprises.
The Banks expressed concern that by choosing a particular body of state law to follow they could subject themselves to the jurisdiction of those states' courts and would allow their members to assert all of the rights available to stockholders of corporations organized under those state laws. Although FHFA does not believe that its regulations would cause either of those possibilities to occur, it agrees that for the sake of clarity the final rule should be revised to state explicitly that the regulation does not create any rights in the members or other third parties and that it does not otherwise cause the regulated entities to become subject to the jurisdiction of state courts on matters of corporate governance and indemnification. In addition, FHFA has determined that it would be appropriate to allow the Banks an additional period of time within which to compare the relative merits of the three bodies of law from which they may choose. Accordingly, the final rule allows the Banks a period of 90 days after the effective date of the rule by which to designate in their bylaws their chosen body of law.
The Banks also suggested that the regulation should allow them to model their bylaw provisions after certain specific state law provisions, rather than on an entire body of state corporate law. FHFA has declined to make that revision for the final rule because it Start Printed Page 72330does not believe that the selective designation of various state corporate law provisions would result in an effective or uniform source of guidance for the entities.
The proposed rule would have required the regulated entities to indemnify their directors, officers, and employees under terms and conditions to be determined by the entities' boards of directors. Section 1239.3(c)(2) further would have required that each regulated entity adopt policies and procedures for indemnifying its personnel, which had to address how the board would make decisions on indemnification requests and what standards the board would use for indemnification requests, as well as for board investigations and review by outside counsel. These provisions were modeled on FHFA's regulations governing the Office of Finance, 12 CFR 1273.7(i)(3), and the OFHEO indemnification provisions at 12 CFR 1710.20.
The Banks' comment letter questioned FHFA's authority to subject the Banks to regulations relating to indemnification, citing a provision of the Federal Home Loan Bank Act (Bank Act), 12 U.S.C. 1427(k), which they believed committed matters of indemnification exclusively to the discretion of the Bank's board of directors. FHFA believes that the language of the proposed rule is fully consistent with the authority granted to the Banks' boards of directors by section 1427(k) because the rule largely restates and elaborates on the statutory requirement that the boards of directors are to determine the terms and conditions on which the regulated entities are to provide indemnification to their personnel.
The one aspect of the proposed rule that differed from the statute pertained to the provisions requiring the entities to adopt policies describing the manner in which they would exercise their indemnification authority. In effect, those provisions would have required the entities to commit to writing the decisions that their boards of directors make with respect to the circumstances under which they intend to provide indemnification to their officers and employees and the manner in which they will make those decisions. Requiring the entities to document the policies, procedures, and standards that the board of directors will use when considering requests for indemnification does not diminish the authority of the boards of directors to set the terms and conditions on which the entity will indemnify its personnel. In such cases, the boards would still decide the terms and conditions for indemnification, and the written policies, procedures, and standards would reflect and implement those board decisions. Requiring a regulated entity to have in place procedural safeguards, such as policies, procedures, and standards for indemnification, benefits the board of directors by helping to ensure that they make their indemnification decisions on a consistent basis, which in turn increases the likelihood that the entities will make these decisions in a safe and sound manner. FHFA has explicit authority to adopt regulations to ensure that the purposes of the Bank Act are carried out. For those reasons, FHFA has retained this requirement in the final rule.
The proposed rule also included a provision carried over from the OFHEO regulations that authorized FHFA to review an entity's indemnification policies, procedures, and practices and to limit or prohibit an entity from making indemnification payments based on FHFA's safety and soundness authority. The commenters questioned whether FHFA has the legal authority to prohibit indemnification payments based solely on its safety and soundness authority, particularly in light of a 2008 statutory amendment that explicitly authorized FHFA to prohibit indemnification payments only in cases where FHFA has initiated the action against an officer or director of a regulated entity. 12 U.S.C. 4518(e). Fannie Mae also objected to certain language in the supplementary information to the proposed rule, which described this provision as allowing FHFA to prohibit indemnification payment to “any person found to have violated any law or regulation,” as going beyond the language of the regulatory text.
To address these comments, FHFA has revised § 1239.3(c)(4) of the final rule in two respects. First, the final rule no longer asserts the authority of FHFA to limit or prohibit indemnification payments based solely on safety and soundness grounds. To the extent that FHFA deems it necessary to limit or prohibit indemnification payments by a regulated entity, it will act under the authority conferred by 12 U.S.C. 4518(e), which applies only to instances in which FHFA has initiated the underlying civil or administrative action. Second, the final rule revises the regulatory language to provide that FHFA may review a regulated entity's indemnification policies, procedures, and practices to ensure that they are consistent with law and with safety and soundness, and that they are carried out in a safe and sound manner. FHFA anticipates that this type of review could focus on issues such as whether a regulated entity has been consistent in how it acts on indemnification requests from different persons, and whether it has documented that it has made its decisions in accordance with the body of state law that the entity has chosen to follow for indemnification purposes.
Lastly, the Banks asked that FHFA clarify the circumstances in which it would exercise its statutory authority under the factors enumerated in 12 U.S.C. 4518(e)(2), which authorizes FHFA to limit or prohibit indemnification payments in connection with civil or administrative actions brought by FHFA. Because the proposed rule did not include any provisions relating to section 4518(e)(2), FHFA cannot address that provision for the first time as part of this final rule. That statutory provision is the subject of a separate rulemaking.
Duties and Responsibilities of Directors (1239.4)
Proposed § 1239.4 set forth certain duties and responsibilities of directors of a regulated entity. The text of the proposed regulation consisted mostly of provisions carried over from Finance Board regulations § 917.2, § 917.10, and, to a lesser extent, OFHEO regulation § 1710.15. This section of the proposed rule generally stated that the responsibility for managing a regulated entity is vested in the board of directors. The provision also included a list of duties for the directors, which included a duty to act with the degree of care of an ordinarily prudent person, and a duty to have a working familiarity with basic finance and accounting matters. The proposed rule also included a set of director responsibilities, which included having in place policies and procedures to relating to the board's oversight of risk management, compensation, financial reporting, and regulatory reporting. Commenters raised four questions about these provisions.
The Enterprises expressed concern about the language of the proposed rule that stated that the management of a regulated entity “shall be vested in its board of directors.” The Enterprises believed this language could be read as expanding the traditional role of corporate directors and imposing on them some responsibility for becoming involved in the day-to-day operations of the entity. As a general proposition, FHFA agrees that the role of the board Start Printed Page 72331is one of oversight, and that it is management who is to be responsible for the day-to-day operations of the entities. The language used in the proposed rule was derived from the Bank Act and the Finance Board regulations. In order to address the concerns raised by the Enterprises about how the rule should describe the role of the board of directors, FHFA looked to Delaware corporate law for guidance. The relevant provision of the Delaware statutes provides that “the business and affairs of every corporation organized under this chapter shall be managed by or under the direction of a board of directors.” Delaware General Corporation Law, § 141(a). FHFA believes that this language accurately describes the roles of corporate directors generally, and is consistent with the language of the Bank Act, which provides that the management of the Banks is to be “vested in” the board of directors. Accordingly, FHFA has revised § 1239.4(a) of the final rule by replacing the proposed language with language stating that the management of a regulated entity is to be “by or under the direction of” its board of directors. FHFA intends this revision to make clear that the final rule should not be construed as requiring the directors of a regulated entity to become responsible for the day-to-day operational functions of the entity.
The Enterprises also expressed concern about language of § 1239.4(b)(1) of the proposed rule relating to the directors' duty of care, which provided, in part, that a director should carry out his or her duties “with such care, including reasonable inquiry, as an ordinarily prudent person in a like position would use under similar circumstances.” Freddie Mac believed that the use of the “ordinarily prudent person” standard of care for how a director must discharge his or her duties could conflict with the body of state law that the Enterprises have chosen for corporate governance purposes, which would not use an “ordinarily prudent person” standard of care. Fannie Mae believed that the proposed language went beyond the fiduciary duties imposed on board members under Delaware law. FHFA has decided not to establish a separately defined standard of care for the directors of the regulated entities, but instead to rely on § 1239.3(b)(1) of the proposed rule, which would require each entity to designate a body of state law for its corporate governance practices. As the Enterprises noted, neither Virginia law, which Freddie Mac has designated, nor Delaware law, which Fannie Mae has designated, uses a standard of care for corporate directors that is based on an “ordinarily prudent person” concept. Indeed, both of those states, as well as all other states, have adopted some version of the business judgment rule for corporate directors. The Delaware courts have construed that state's business judgment rule as establishing a standard of gross negligence as the basis on which a corporate director could be held liable for breach of his or her duty of care to the corporation. In order to ensure that the directors of the regulated entities are not held to a standard of care different from the standard likely to be applicable to directors of other financial institutions, which could affect the availability of director candidates, FHFA is amending § 1239.4(b)(1) of the final rule by deleting the reference to an “ordinarily prudent person” and replacing it with language requiring directors of a regulated entity to exercise the degree of care that is required under the Revised Model Business Corporation Act or the other body of state law that the regulated entity has chosen to follow for its corporate governance and indemnification practices. Under the revised provision, Fannie Mae and Freddie Mac could continue to look to their chosen bodies of law, Delaware and Virginia, respectively, to determine the standard of care owed by their directors to the entities. Likewise, the Banks could look to whatever body of law they choose to govern their corporate governance practices, including the standard of care for their directors.
The proposed rule would have carried over and applied to all of the regulated entities a Finance Board provision that requires directors of Banks to “administer the affairs of the regulated entity fairly and impartially.” The Enterprises contended that that provision, which is derived from the Bank Act and reflects the cooperative structure of the Banks, was not well-suited for the Enterprises because they are not cooperatives. They also contended that the proposed provision was unnecessary because general concepts of fairness are inherent in the fiduciary duties of their directors to act in the best interest of the corporation. In response to the Enterprises' concerns, FHFA has amended the final rule so that this language will apply only to the Banks.
The proposed rule also included a provision derived from the Finance Board regulations that provided that all directors have a duty to have a “working familiarity with basic finance and accounting practices,” so that they are able to ask substantive questions of management and the auditors. The provision would allow a director to acquire that level of knowledge either prior to becoming an entity's director or within a reasonable time thereafter, such as through appropriate training. Both Fannie Mae and Freddie Mac expressed concern about this provision, believing that it could be read to require all directors to become “audit committee financial experts” and that it could effectively preclude them from recruiting directors who have specialized expertise outside of the realms of finance and accounting. FHFA does not believe that the language of the proposed rule, which uses the terms “working familiarity” and “basic finance and accounting” can reasonably be construed as being equivalent to requiring the same level of knowledge as is required to be an “audit committee financial expert.” The knowledge and experience required under the regulations of the Securities and Exchange Commission (SEC) to be deemed an “audit committee financial expert” are quite detailed and go far beyond concepts of basic finance and accounting. For example, an audit committee financial expert must have an understanding of generally accepted accounting principles and financial statements, the ability to assess the application of those principles, experience in preparing, auditing, or analyzing financial statements, an understanding of internal controls over financial reporting, and an understanding of audit committee functions. The expert also must have acquired those attributes through education and experience as a principal financial officer, principal accounting officer, controller, public accountant, or auditor, or by supervising persons performing those functions. FHFA also does not believe that requiring directors of the regulated entities to have or develop an understanding of basic concepts of finance and accounting will preclude them from recruiting persons whose expertise lies in other areas. Although FHFA has not defined the terms “working familiarity” or “basic finance and accounting practices,” they should be read in the context of the remainder of the provision, which indicates that the level of understanding has to be sufficient to allow the persons to read and understand the entity's financial statements (which the Enterprise directors already certify Start Printed Page 72332when filing their Form 10-K with the SEC) and to engage in a dialogue with management and the auditors about the operations and financial condition of the entity. Moreover, the Banks, which also have a minority of their directors chosen from outside of the financial services industry, have been able to recruit and retain capable directors notwithstanding this requirement, which has applied to Bank directors since 2000. Accordingly, FHFA is adopting § 1239.4(b)(3) of the final rule with no changes from the proposed rule. Lastly, Freddie Mac objected to § 1239.4(c) of the proposed rule that required the board of directors to have in place policies and procedures to address certain matters, such as risk management, compensation programs, financial reporting, and regulatory reporting. Freddie Mac suggested that FHFA revise this provision to make clear that it does not require the board of directors to establish the required policies and procedures, which can be developed by management. Because FHFA agrees that the development and implementation of procedures is a management responsibility, the final rule removes the reference to “procedures” from this section. The final rule retains, however, the requirement that the board must have in place adequate “policies” to assure its oversight of risk management, compensation, and financial reporting. As revised, this provision allows the board of directors to delegate to management the responsibility to develop, implement, and monitor compliance with the procedures used to implement board policies, but also requires the board of directors to review and approve those policies, as appropriate, as part of its responsibility to oversee management of the regulated entity.
Board Committees (1239.5)
The proposed rule would have required each regulated entity to have four specified committees of the board of directors, which are to address risk management, audit, compensation, and governance. The proposal also authorized the regulated entities to establish any other committees they deemed appropriate and prohibited the entities from combining their risk management committee or the audit committee with any other committee. The proposal further required that each committee have a formal written charter and that it meet with sufficient frequency to carry out its responsibilities.
FHFA is revising this provision of the final rule in two respects, both of which respond to comments from Freddie Mac. Apart from those revisions, FHFA is adopting this section as proposed. First, the final rule revises § 1239.5(c) to require that the full board of directors adopt a formal written charter for each committee. This replaces a provision of the proposed rule that would have allowed a committee to adopt its own charter. Second, the final rule revises § 1239.5(d) by adding language to the effect that a committee that is designed to meet only on an as-needed basis, rather than on a fixed schedule, such as an executive committee, which may meet regularly or only as necessary to address matters arising between meetings of the full board, shall meet in the manner specified in that committee's charter, rather than “regularly,” as the proposed rule had provided.
The Banks objected to the proposed rule's prohibition on combining the audit and risk committees with other committees, citing the need for flexibility in determining committee structure. While FHFA understands that the entities may need some flexibility when staffing their committees, FHFA also believes that the responsibilities of the audit committee and risk management committee are sufficiently important that each should be structured as a stand-alone committee, without any competing responsibilities.
D. Subpart C—Other Requirements Applicable to All Regulated Entities
Subpart C of the proposed rule included four other provisions that would have applied to all of the regulated entities. These provisions addressed: (1) Code of conduct; (2) risk management; (3) compliance programs; and (4) regulatory reports. The final rule revises portions of the provisions dealing with the code of conduct and risk management, which revisions are described below. FHFA is adopting the provisions relating to compliance programs and regulatory reports as proposed, and the discussion below also addresses suggested revisions to the compliance program, which FHFA has declined to adopt.
Code of Conduct and Ethics (1239.10)
Proposed § 1239.10 carried over the substance of an OFHEO regulation that required each regulated entity to establish a written code of conduct for directors, executive officers, and employees that is reasonably designed to ensure that they discharge their duties in an objective and impartial manner and that includes the standards required under section 406 of the Sarbanes-Oxley Act. Neither the OFHEO regulation nor the proposed rule described the substance of those standards, but simply incorporated them by cross-reference. The section 406 standards pertain to promoting honest and ethical conduct, accurate financial disclosures, and compliance with applicable laws. The Banks expressed two concerns about this provision of the proposed rule. First, they believed that it was unnecessary and duplicative because, as SEC registrants, they already must disclose whether they have adopted such a code of conduct. Second, they believed that the scope of the provision was too broad because it covered all employees, not just those involved with preparing the financial statements.
FHFA agrees that the scope of the proposed rule was broader than it needed to be insofar as it would have applied to employees that are not involved in the preparation of the entity's financial statements. To address these concerns about overbreadth, FHFA revised the final rule so that it imposes general requirements on all employees of a regulated entity and separately imposes other requirements on those officers that are responsible for preparing the financial statements. As part of that approach, the final rule no longer cross-references section 406 of the Sarbanes-Oxley Act, but instead incorporates the essential language of section 406 into the FHFA regulation. Accordingly, the final rule first provides that each entity must adopt a code of conduct that is reasonably designed to assure that its directors, officers, and employees discharge their duties in an objective and impartial manner and that promotes honest and ethical conduct, compliance with applicable laws and regulations, accountability for adhering to the code, and prompt internal reporting of violations of the code. Each of those elements is derived from section 406 of the Sarbanes-Oxley Act. The final rule separately provides that the code of conduct must include provisions that apply only to the entities' principal executive officer, principal financial officer, and principal accounting officer or controller. Those provisions must be reasonably designed to promote full, fair, and accurate disclosures in an entity's reports filed with the SEC and other public communications pertaining to the entity's financial condition. Those provisions also are derived from section 406, but will not apply to the officers and employees who have no role in preparing the financial statements or other disclosures.
FHFA appreciates that the Banks, as SEC registrants, are already required to Start Printed Page 72333disclose whether they have a code of conduct that satisfies the requirements of section 406 of the Sarbanes-Oxley Act. That requirement, however, is simply a disclosure requirement and does not require the Banks to actually adopt a code of ethics. Because FHFA believes that a code of conduct as described above is an important tool in assuring that the entities operate in a safe and sound manner, the final rule continues to require that the entities actually adopt the code of conduct. Accordingly, FHFA declines to adopt the Banks' suggestion that this matter be addressed solely through the existing disclosure mechanism.
Risk Management (1239.11)
The proposed rule contained a new risk management section that was based in large part on a recent proposal of the Federal Reserve Board relating to its supervision of large banking institutions. The proposed risk management section included little content from the regulations of the predecessor agencies, which had become somewhat dated. Among other things, proposed § 1239.11 would have required each entity to establish an enterprise-wide risk management program and specified certain requirements for that program, as well as the responsibilities of the risk committee. The proposal also would have required each entity to appoint a chief risk officer to oversee the risk management function, and specified the responsibilities of the chief risk officer. In the final rule, FHFA retained most of the content of the proposed rule, but reorganized certain provisions of the regulatory text to improve its readability. The final rule retains the three core elements of the proposed rule, which require the establishment of an enterprise-wide risk management program, the establishment of a risk committee with specified structure and responsibilities, and the establishment of a chief risk officer with specified responsibilities. FHFA also made certain revisions to the regulatory text in response to the comment letters. All of those revisions are described below.
Establishment of the Risk Management Program
Section 1239.11(a) of the proposed rule would have required the establishment of a risk management program that aligns with the entity's overall risk profile and mission objectives, while § 1239.11(c)(1) had specified several required elements for the risk management program. In the final rule, FHFA combined those provisions into a revised § 1239.11(a), which deals only with the risk management program. FHFA also revised the regulatory text, which formerly provided that the board of directors must have a risk management program “in effect at all times,” to clarify that the board must approve and periodically review the risk management program, as well as having it in effect. As noted previously, the final rule also replaces all references to the term “risk profile” with the newly defined term “risk appetite.” The final rule also makes some revisions to the provisions that specified the minimum requirements for the risk management program, principally to address concerns expressed by the commenters. The final rule now provides that the board of directors must ensure that the risk management program aligns with the entity's risk appetite, and it deletes a reference to this being a joint responsibility of the board and senior management. These provisions of the final rule are not intended to require that the board of directors actually develop or implement the risk management program, which tasks may be delegated to management, but the board is responsible for approving the program, as well as the entity's risk appetite, and ensuring that the two are consistent with each other. In the paragraphs describing the requirements of the risk management program, the final rule deletes certain references that the commenters believed could be read to impose management level responsibilities on the board or its committee. Thus, the final rule deletes from proposed § 1239.11(c)(ii), (iii), and (iv) references to “risk management practices and risk control structure,” “procedures . . . practices, risk controls,” and “control objectives,” respectively.
Establishment and Duties of the Risk Committee
Section 1239.11(b) of the proposed rule would have required the board of each regulated entity to establish a risk committee that oversees the entity's risk management practices, while § 1239.11(c) and (d) had addressed the risk committee structure and responsibilities, respectively. The final rule combines all of those provisions into a revised § 1239.11(b), which deals only with risk committee matters. FHFA also revised certain of these provisions in response to concerns of the commenters that the proposed rule could be read to assign management type responsibilities on the board of directors or the risk committee. Thus, the final rule has deleted language from proposed § 1239.11(b) that stated that the committee was “responsible for oversight of . . . risk management practices” and replaced it with language saying that the committee is to assist the board of directors in carrying out its duties to oversee the “risk management program,” rather than the “practices” of the entity.
The final rule revises certain of the provisions relating to the qualifications of the risk committee members that had been located in § 1239.11(c)(2) of the proposed rule, also in response to suggestions from the commenters. The proposed rule would have required that the committee have at least one member with “risk management expertise” that is commensurate with the business of the regulated entity, and further that the other committee members have “experience developing and applying risk management practices and procedures measuring and identifying risks.” The Banks and the Enterprises contended that such levels of expertise would likely be found only in a person who was serving, or had previously served, as a chief risk officer at a financial institution and that it would be difficult to find persons who are eligible for board positions who also have such expertise. FHFA believes that this is a valid concern and has revised the rule to require that the risk committee have at least one member with risk management “experience” rather than “expertise,” and that the other committee members have, or acquire through training, a practical understanding of risk management principles and practices. FHFA also deleted in its entirety the provision of the proposed rule that would have required risk committee members to also have had experience developing and applying risk management practices and procedures. Notwithstanding those revisions, FHFA believes that it is appropriate and reasonable to retain some language in the final rule requiring that the persons charged with assisting the board in its oversight of the risk management program have had some Start Printed Page 72334opportunity, either through prior experience or education or other training while on the board, to gain sufficient understanding of risk management principles to meaningfully engage with management on risk management matters.
Freddie Mac objected to the requirements in proposed § 1239.11(c)(2)(v) and (d)(1) that the risk committee fully document and maintain records of its meetings, including its risk management decisions and recommendations, and that it be responsible for documenting and overseeing the entity's risk management “policies and practices.” It believed that these requirements go beyond the existing obligation on board committees to prepare minutes of meetings. FHFA disagrees with the first of those suggestions and has retained the requirement that the committee document and maintain records of its meetings and decisions because risk management is a vital function and decisions of the risk committee and the justification for those actions need to be well documented. FHFA agrees with the second suggestion and removed from the final rule the language stating that that the committee is to be responsible for documenting and overseeing the risk management “policies and practices” of the entity because “practices” are more appropriately characterized as a management function than as a function for the risk committee. In its place, FHFA included an alternative provision, to be located in § 1239.111(b)(2)(i) of the final rule, providing that the risk committee must periodically review the entity's risk management program and make recommendations to the board of directors for any appropriate revisions to the program to ensure that the program remains aligned to the risks associated with the entity's business activities. The final rule also includes a parallel provision requiring the committee to periodically review the capabilities of, and the adequacy of the resources allocated to, the risk management program.
Chief Risk Officer
The proposed rule would require each entity to appoint a chief risk officer and described both the organizational structure of the risk management program and the responsibilities of the chief risk officer. The final rule makes some modest revisions to these provisions, stating that the chief risk officer shall “head” (rather than “oversee”) an independent risk management function and be responsible for the entity's risk management function. Both the proposed and final rules require that the head of the risk management function must be “independent.” FHFA construes that term to mean that the chief risk officer may not have dual responsibilities within the organization, such as also serving as the chief financial officer or as any other senior executive officer.
Compliance Program (1239.12)
The proposed rule would require that regulated entities establish a compliance program to be headed by a chief compliance officer and set forth criteria for the program. Proposed § 1239.12 would require the program to be reasonably designed to ensure that the regulated entity complies with applicable laws, rules, regulations, and internal controls. In addition, the proposal would require the compliance officer to report directly to the chief executive officer, to report regularly to the board of directors (or a committee thereof) on the adequacy of the entity's compliance policies and procedures, and to make recommendations to the board for any adjustments to those policies or procedures, as appropriate. The final rule adopts this provision as it was proposed.
The Banks expressed concern that these provisions were too prescriptive and believed that oversight of the compliance program need not reside solely with a single chief compliance officer, so long as the Banks have established clear lines of responsibilities for compliance matters with other executives. The Banks also objected to requiring the compliance officer to report to the chief executive and asked that the final rule allow for reporting lines to other senior executives. The Banks also suggested replacing the words “internal controls” with “policies” in the provision that requires that the compliance program ensure compliance with “laws, rules, regulations, and internal controls.” The Banks believe that internal controls themselves are designed to achieve compliance with laws, rules, regulations, and policies and therefore it did not make sense to require compliance with internal controls.
FHFA does not believe that this provision can be characterized as being overly prescriptive, as the Banks contend. The regulation is short, only three sentences, which require the establishment of a compliance program, the designation of a compliance officer, and the establishment of reporting requirements. As to the concern about reporting lines, FHFA believes that the compliance function is sufficiently important that it should be headed by a person holding an executive level position, who would be a peer of the executives taking the business risks, and who would have direct access to the CEO. Lastly, although internal controls are designed to ensure compliance with laws, regulations, and policies, this can only be achieved if the regulated entity complies with the internal control procedures themselves. Therefore, FHFA believes that it is appropriate to retain the term “internal controls” in the first sentence of the provision.
Regulatory Reports (1239.13)
Proposed § 1239.13 required each regulated entity to provide FHFA with such regulatory reports as are necessary for it to evaluate the condition of a regulated entity, or compliance with applicable law, and to do so in accordance with the forms and instructions issued by FHFA from time to time. It was derived from the Finance Board regulations at 12 CFR 914.1 and 914.2. FHFA received no comments on this provision and the final rule adopts this provision as proposed.
E. Subpart D—Enterprise Specific Requirements
Subpart D of the proposed rule included two provisions that were to apply only to the Enterprises. FHFA received no comments on these provisions from the Enterprises. Accordingly, with the exception of the one matter noted below, FHFA adopted both provisions as proposed. The first provision, § 1239.20, addresses age and term limits for Enterprise directors and requires that a majority of the directors be independent, as defined under the rules of the NYSE. It also addresses the frequency of Enterprise board meetings, quorum requirements, and voting by directors. The rule carries over these provisions from the OFHEO regulation without substantive change. Proposed § 1239.20(a)(3) included a new provision that would prohibit the chief executive officer of an Enterprise from also serving as the chairperson of the board of directors.
In the final rule, FHFA also revised the language of § 1239.20(b)(5), which requires the Enterprise boards of directors annually to review the requirements of applicable laws, rules, regulations, and guidelines. FHFA has been asked whether this provision requires a board of directors to review all laws that apply to the Enterprises or only on those that have been revised during the past year. FHFA believes that going forward this provision should be read to require that the boards of directors be kept informed of any significant changes to the applicable Start Printed Page 72335laws and regulations. Accordingly, the final rule revises this provision to state that at least annually the boards of the Enterprises shall be informed of any significant changes that have been made to the laws, rules, regulations, and guidelines to which the Enterprises are subject since the prior year's annual review. The second provision, § 1239.21, requires that the Enterprises pay their directors reasonable and appropriate compensation for the time required for the performance of their duties.
F. Subpart E—Bank Specific Requirements
Subpart E of the proposed rule included five provisions that were to apply only to the Banks. For three of those provisions, those relating to a Bank's member products policy (§ 1239.30), its strategic business plan (§ 1239.31), and its dividends (§ 1239.33), FHFA received no comments and the final rule adopts those provisions as proposed. The final rule deletes the proposed provision on internal controls in its entirety, for the reasons described below, and makes some modest revisions to the provision on Bank audit committees, also as described below.
Internal Control System
The proposed rule would have carried over without substantive change a Finance Board regulation dealing with Bank internal control systems. The proposed regulation set forth detailed responsibilities of senior management and the board of directors with respect to internal controls and solicited comments on whether the internal controls regulation should be expanded to apply to the Enterprises, as well as to the Banks. Freddie Mac urged FHFA not to extend the internal controls regulation to the Enterprises because they are already subject to numerous requirements related to internal controls. The Banks generally favored the adoption of a principles-based approach for the rules relating to internal controls, rather than the more prescriptive approach of the existing Finance Board regulations, and asked that FHFA revise the rule accordingly.
FHFA initially decided to adopt the Banks' suggestion and revise this provision to make it more principles-based. When making those revisions, however, FHFA determined that creating a more principles-based regulation would result in the revised regulation overlapping considerably with the provisions of FHFA's existing Prudential Standards that deal with internal controls. In order to avoid that result, and the potential confusion that having two separate provisions addressing internal controls could cause, FHFA decided a better approach would be to delete the provision on internal controls from the final rule and rely instead on the internal controls provisions of the Prudential Standards. Accordingly, the final rule does not include a separate regulation on internal controls for the Banks. In making this change, FHFA emphasizes that a strong system of internal controls is a critical first line defense for all of the regulated entities. FHFA expects that all of the regulated entities will devote the necessary resources and attention to this area.
Audit Committee (1239.32)
The proposed rule would have carried over without substantive change Finance Board regulations that required the establishment of an audit committee and established requirements for the composition, independence, charter, duties, and meetings of Bank audit committees. FHFA requested comment on whether it should adopt a single regulation addressing the audit committees for all regulated entities, whether the independence requirements for Bank audit committees should consider the amount of Bank stock or advances held by a member that has a representative on the committee, and whether Bank audit committees should have a majority of members who are not affiliated with the Bank's members. No commenters supported any of those revisions, and FHFA has not made any such changes to the final rule.
FHFA made three revisions to § 1239.32 of the final rule in response to comments from the Banks. The Banks asked that FHFA modify the requirement relating to representation on the audit committee of directors from the various types of members and of both member directors and independent directors by providing that the committee should be required have such a balance “to the extent that it is practicable to do so.” The Banks contended that the skill sets of the individual directors, particularly the member directors, will vary. As a result, there may be times when the persons whose experience is most suited to having them serve on the audit committee will not necessarily result in a committee composition that includes persons from all segments of the membership base. FHFA agrees with that statement and added the language requested by the Banks to the final rule. The Banks also asked that FHFA clarify that a reference to “independent directors” in this section refers to those directors who are not affiliated with a member institution, as defined in the Bank Act, so as not to suggest that it relates to the “independence” requirement for audit committee members. FHFA made that revision. The final rule also revises a provision that requires the audit committee to review “the policies and procedures used by senior management” by deleting the reference to “procedures” because FHFA agrees with the Banks that the development and review of particular procedures is more properly considered a management function. The final rule also makes one conforming change by revising the language of the existing rule to state that the board of directors, not the audit committee, is responsible for amending and periodically reapproving the audit committee charter. This change conforms this provision to an earlier provision of the rule that vests in the board of directors the sole authority to adopt committee charters.
G. Provisions To Be Repealed
As was proposed, the final rule will repeal several portions of the predecessor agency regulations that are not being carried over into the FHFA regulations. No commenters objected to the proposed repeal of these provisions, which included several OFHEO regulations that essentially repeated certain statutory requirements, certain provisions of the OFHEO regulations relating to the responsibilities of boards of directors that address matters now covered by the Prudential Standards, a Finance Board regulation requiring the preparation of annual budgets, and 12 CFR part 1720 of the OFHEO regulations, which established certain safety and soundness standards for the Enterprises.
Freddie Mac sought clarification as to the effect of the repeal of these provisions on specific regulatory guidance, such as the 2006 OFHEO Corporate Governance Examination Guidance. FHFA continues to evaluate the various types of guidance issued by the predecessor agencies to determine whether to retain, revise, or repeal the guidance. Those efforts are being done independently of this rulemaking. On March 26, 2015, FHFA issued Advisory Bulletin AB 2015-03, which rescinded five examination guidance documents that had been issued by OFHEO because they have been superseded by FHFA guidance, simply restated the text of regulations, or are no longer relevant or applicable in the current environment.Start Printed Page 72336
IV. Prudential Standards
The Prudential Standards include an introductory section, which recites general responsibilities of the boards of directors and senior management, as well as ten enumerated standards that address the topics required by statute. In the proposed rule, FHFA proposed to designate this introductory section as an additional Prudential Standard. Doing so would clarify that the introductory provisions have the same effect and could be enforced in the same manner as the ten enumerated standards. The Banks commented that this action would create some uncertainty about the role of the boards of directors because the introductory section currently includes references to the board of directors being responsible for adopting and implementing “procedures,” which the Banks contend is a management function. FHFA agrees that the development and implementation of procedures is a management responsibility, and has revised the first three paragraphs of the Prudential Standards introductory section by deleting the four references to “procedures” as responsibilities of the board of directors. FHFA received no other comments on this aspect of the proposal and the final rule otherwise adopts the final rule as proposed.
V. Paperwork Reduction Act
The final rule does not contain any information collection requirement that requires the approval of the Office of Management and Budget under the Paperwork Reduction Act (44 U.S.C. 3501 et seq.).
VI. Regulatory Flexibility Act
The Regulatory Flexibility Act (5 U.S.C. 601 et seq.) requires an agency to analyze a regulation's impact on small entities if the regulation is expected to have a significant economic impact on a substantial number of small entities. 5 U.S.C. 605(b). FHFA has considered the impact of this final rule and determined that it is not likely to have a significant economic impact on a substantial number of small entities because it applies only to the regulated entities, which are not small entities for purposes of the Regulatory Flexibility Act.Start List of Subjects
List of Subjects
- Federal Home Loan Banks
- Reporting and recordkeeping requirements
- Federal Home Loan Banks
- Administrative practice and procedure
- Federal Home Loan Banks
- Government-Sponsored Enterprises
- Reporting and recordkeeping requirements
- Administrative practice and procedure
- Federal Home Loan Banks
- Government-Sponsored Enterprises
- Reporting and recordkeeping requirements
- Administrative practice and procedure
- Administrative practice and procedure
Accordingly, for reasons stated in the Supplementary Information and under the authority of 12 U.S.C. 1426, 1427, 1432(a), 1436(a), 1440, 4511(b), 4513(a), 4513(b), and 4526, FHFA hereby amends subchapter C of chapter IX, subchapter B of chapter XII, and subchapter C of chapter XVII of title 12 of the Code of Federal Regulations as follows:
CHAPTER IX—FEDERAL HOUSING FINANCE BOARD
Subchapter C—[Removed and Reserved]Start Amendment Part
1. Subchapter C, consisting of parts 914 and 917 is removed and reserved.End Amendment Part
CHAPTER XII—FEDERAL HOUSING FINANCE AGENCY
Subchapter B—Entity RegulationsStart Part
PART 1236—PRUDENTIAL MANAGEMENT AND OPERATIONS STANDARDSEnd Part Start Amendment Part
2. The authority citation for part 1236 continues to read as follows:End Amendment Part Start Amendment Part
3. Amend § 1236.2 by revising the definition of “Standards” to read as follows:End Amendment Part
Standards means any one or more of the prudential management and operations standards established by the Director pursuant to 12 U.S.C. 4513b(a), as modified from time to time pursuant to § 1236.3(b), including the introductory statement of general responsibilities of boards of directors and senior management of the regulated entities.
4. Amend the Appendix to part 1236 as follows:End Amendment Part Start Amendment Part
a. By redesignating the phrase “The following provisions constitute the prudential management and operations standards established pursuant to 12 U.S.C. 4513b(a).” following paragraph 10 under “Responsibilities of the Board of Directors and Senior Management” as introductory text to the appendix; andEnd Amendment Part Start Amendment Part
b. By revising paragraphs 1., 2., and 3. under “Responsibilities of the Board of Directors and Senior Management” to read as follows:End Amendment Part
Appendix to Part 1236—Prudential Management and Operations Standards
Responsibilities of the Board of Directors and Senior Management
1. With respect to the subject matter addressed by each Standard, the board of directors is responsible for adopting business strategies and policies that are appropriate for the particular subject matter. The board should review all such strategies and policies periodically. It should review and approve all major strategies and policies at least annually and make any revisions that are necessary to ensure that such strategies and policies remain consistent with the entity's overall business plan.
2. The board of directors is responsible for overseeing management of the regulated entity, which includes ensuring that management includes personnel who are appropriately trained and competent to oversee the operation of the regulated entity as it relates to the functions and requirements addressed by each Standard, and that management implements the policies set forth by the board.
3. The board of directors is responsible for remaining informed about the operations and condition of the regulated entity, including operating consistently with the Standards, and senior management's implementation of the strategies and policies established by the board of directors.
5. Part 1239 is added to subchapter C to read as follows:End Amendment Part Start Part
PART 1239—RESPONSIBILITIES OF BOARDS OF DIRECTORS, CORPORATE PRACTICES, AND CORPORATE GOVERNANCE
- Definitions. Start Printed Page 72337
- Law applicable to corporate governance and indemnification practices.
- Duties and responsibilities of directors.
- Board committees.
- Code of conduct and ethics.
- Risk management.
- Compliance program.
- Regulatory reports.
- Board of directors of the Enterprises.
- Compensation of Enterprise board members.
- Bank member products policy.
- Strategic business plan.
- Audit committee.
FHFA is responsible for supervising and ensuring the safety and soundness of the regulated entities. In furtherance of those responsibilities, this part sets forth minimum standards with respect to responsibilities of boards of directors, corporate practices, and corporate governance matters of the regulated entities.
As used in this part, (unless otherwise noted):
Board member means a member of the board of directors of a regulated entity.
Board of directors means the board of directors of a regulated entity.
Business risk means the risk of an adverse impact on a regulated entity's profitability resulting from external factors as may occur in both the short and long run.
Community financial institution has the meaning set forth in § 1263.1 of this chapter.
Compensation means any payment of money or the provision of any other thing of current or potential value in connection with employment or in connection with service as a director.
Credit risk is the potential that a borrower or counterparty will fail to meet its financial obligations in accordance with agreed terms.
Employee means an individual, other than an executive officer, who works part-time, full-time, or temporarily for a regulated entity.
Executive officer means the chief executive officer, chief financial officer, chief operating officer, president, any executive vice president, any senior vice president, and any individual with similar responsibilities, without regard to title, who is in charge of a principal business unit, division, or function, or who reports directly to the chairperson, vice chairperson, chief operating officer, or chief executive officer or president of a regulated entity.
Immediate family member means a parent, sibling, spouse, child, dependent, or any relative sharing the same residence.
Internal auditor means the individual responsible for the internal audit function at a regulated entity.
Liquidity risk means the risk that a regulated entity will be unable to meet its financial obligations as they come due or meet the credit needs of its members and associates in a timely and cost-efficient manner.
Market risk means the risk that the market value, or estimated fair value if market value is not available, of a regulated entity's portfolio will decline as a result of changes in interest rates, foreign exchange rates, or equity or commodity prices.
NYSE means the New York Stock Exchange.
Operational risk means the risk of loss resulting from inadequate or failed internal processes, people, or systems, or from external events (including legal risk but excluding strategic and reputational risk).
Risk appetite means the aggregate level and types of risk the board of directors and management are willing to assume to achieve the regulated entity's strategic objectives and business plan, consistent with applicable capital, liquidity, and other regulatory requirements.
Significant deficiency means a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.
Subpart B—Corporate Practices and Procedures Applicable to All Regulated Entities
(a) General. The corporate governance practices and procedures of each regulated entity, and practices and procedures relating to indemnification (including advancement of expenses), shall comply with and be subject to the applicable authorizing statutes and other Federal law, rules, and regulations, and shall be consistent with the safe and sound operations of the regulated entities.
(b) Election and designation of body of law. (1) To the extent not inconsistent with paragraph (a) of this section, each regulated entity shall elect to follow the corporate governance and indemnification practices and procedures set forth in one of the following:
(i) The law of the jurisdiction in which the principal office of the regulated entity is located;
(ii) The Delaware General Corporation Law (Del. Code Ann. Title 8); or
(iii) The Revised Model Business Corporation Act.
(2) Each regulated entity shall designate in its bylaws the body of law elected for its corporate governance and indemnification practices and procedures pursuant to this paragraph, and shall do so by no later than March 18, 2016.
(c) Indemnification. (1) Subject to paragraphs (a) and (b) of this section, to the extent applicable, a regulated entity shall indemnify (and advance the expenses of) its directors, officers, and employees under such terms and conditions as are determined by its board of directors. The regulated entity is authorized to maintain insurance for its directors and any other officer or employee.
(2) Each regulated entity shall have in place policies and procedures consistent with this section for indemnification of its directors, officers, and employees. Such policies and procedures shall address how the board of directors is to approve or deny requests for indemnification from current and former directors, officers, and employees, and shall include standards relating to indemnification, investigations by the board of directors, and review by independent counsel.
(3) Nothing in this paragraph (c) shall affect any rights to indemnification (including the advancement of expenses) that a director or any other officer or employee had with respect to any actions, omissions, transactions, or facts occurring prior to the effective date of this paragraph.
(4) FHFA has the authority under the Safety and Soundness Act to review a regulated entity's indemnification policies, procedures, and practices to ensure that they are conducted in a safe and sound manner, and that they are consistent with the body of law adopted by the board of directors under paragraph (b) of this section.Start Printed Page 72338
(d) No rights created. Nothing in this part shall create or be deemed to create any rights in any third party, including in any member of a Bank, nor shall it cause or be deemed to cause any regulated entity to become subject to the jurisdiction of any state court with respect to the entity's corporate governance or indemnification practices or procedures.
(a) Management of a regulated entity. The management of each regulated entity shall be by or under the direction of its board of directors. While a board of directors may delegate the execution of operational functions to officers and employees of the regulated entity, the ultimate responsibility of each entity's board of directors for that entity's oversight is non-delegable. The board of directors of a regulated entity is responsible for directing the conduct and affairs of the entity in furtherance of the safe and sound operation of the entity and shall remain reasonably informed of the condition, activities, and operations of the entity.
(b) Duties of directors. Each director of a regulated entity shall have the duty to:
(1) Carry out his or her duties as director in good faith, in a manner such director believes to be in the best interests of the regulated entity, and with such care, including reasonable inquiry, as is required under the Revised Model Business Corporation Act or the other body of law that the entity's board of directors has chosen to follow for its corporate governance and indemnification practices and procedures in accordance with § 1239.3(b);
(2) For Bank directors, administer the affairs of the regulated entity fairly and impartially and without discrimination in favor of or against any member institution;
(3) At the time of election, or within a reasonable time thereafter, have a working familiarity with basic finance and accounting practices, including the ability to read and understand the regulated entity's balance sheet and income statement and to ask substantive questions of management and the internal and external auditors;
(4) Direct the operations of the regulated entity in conformity with the requirements set forth in the authorizing statutes, the Safety and Soundness Act, and this chapter; and
(5) Adopt and maintain in effect at all times bylaws governing the manner in which the regulated entity administers its affairs. Such bylaws shall be consistent with applicable laws and regulations administered by FHFA, and with the body of law designated for the entity's corporate governance practices and procedures in accordance with § 1239.3(b).
(c) Director responsibilities. The responsibilities of the board of directors include having in place adequate policies to assure its oversight of, among other matters, the following:
(1) The risk management and compensation programs of the regulated entity;
(2) The processes for providing accurate financial reporting and other disclosures, and communications with stockholders; and
(3) The responsiveness of executive officers in providing accurate and timely reports to FHFA and in addressing all supervisory concerns of FHFA in a timely and appropriate manner.
(d) Authority regarding staff and outside consultants. (1) In carrying out its duties and responsibilities under the authorizing statutes, the Safety and Soundness Act, and this chapter, each regulated entity's board of directors and all committees thereof shall have authority to retain staff and outside counsel, independent accountants, or other outside consultants at the expense of the regulated entity.
(2) The board of directors and its committees may require that staff of the regulated entity that provides services to the board or any committee under paragraph (d)(1) of this section report directly to the board or such committee, as appropriate.
(a) General. The board of directors may rely, in directing a regulated entity, on reports from committees of the board of directors, provided, however, that no committee of the board of directors shall have the authority of the board of directors to amend the bylaws and no committee shall operate to relieve the board of directors or any board member of a responsibility imposed by applicable law, rule, or regulation.
(b) Required committees. The board of directors of each regulated entity shall have committees, however styled, that address each of the following areas of responsibility: Risk management; audit; compensation; and corporate governance (in the case of the Banks, including the nomination of independent board of director candidates, and, in the case of the Enterprises, including the nomination of all board of director candidates). The risk management committee and the audit committee shall not be combined with any other committees. The board of directors may establish any other committees that it deems necessary or useful to carrying out its responsibilities, subject to the provisions of this section. In the case of the Enterprises, board committees shall comply with the charter, independence, composition, expertise, duties, responsibilities, and other requirements set forth under rules issued by the NYSE, and the audit committees shall also comply with the requirements set forth under section 301 of the Sarbanes-Oxley Act of 2002, Public Law 107-204.
(c) Charter. The board of directors shall adopt a formal written charter for each committee that specifies the scope of a committee's powers and responsibilities, as well as the committee's structure, processes, and membership requirements.
(d) Frequency of meetings. Each committee of the board of directors shall meet regularly and with sufficient frequency to carry out its obligations and duties under applicable laws, rules, regulations, and guidelines. Committees that are structured to meet only on an as-needed basis shall meet in the manner specified by their charter. All such committees shall also meet with sufficient timeliness as necessary in light of relevant conditions and circumstances to fulfill their obligations and duties.
Subpart C—Other Requirements Applicable to All Regulated Entities
(a) General. A regulated entity shall establish and administer a written code of conduct and ethics that is reasonably designed to assure that its directors, officers, and employees discharge their duties and responsibilities in an objective and impartial manner that promotes honest and ethical conduct, compliance with applicable laws, rules, and regulations, accountability for adherence to the code, and prompt internal reporting of violations of the code to appropriate persons identified in the code. The code also shall include provisions applicable to the regulated entity's principal executive officer, principal financial officer, principal accounting officer or controller, or persons performing similar functions, that are reasonably designed to promote full, fair, accurate, and understandable disclosure in reports and other documents filed with the Securities and Exchange Commission and in other public communications reporting on the entity's financial condition.
(b) Review. Not less often than once every three years, a regulated entity Start Printed Page 72339shall review the adequacy of its code of conduct and ethics for consistency with practices appropriate to the entity and make any appropriate revisions to such code.
(a) Risk management program—(1) Adoption. Each regulated entity's board of directors shall approve, have in effect at all times, and periodically review an enterprise-wide risk management program that establishes the regulated entity's risk appetite, aligns the risk appetite with the regulated entity's strategies and objectives, addresses the regulated entity's exposure to credit risk, market risk, liquidity risk, business risk and operational risk, and complies with the requirements of this part and with all applicable FHFA regulations and policies.
(2) Risk appetite. The board of directors shall ensure that the risk management program aligns with the regulated entity's risk appetite.
(3) Risk management program requirements. The risk management program shall include:
(i) Risk limitations appropriate to each business line of the regulated entity;
(ii) Appropriate policies and procedures relating to risk management governance, risk oversight infrastructure, and processes and systems for identifying and reporting risks, including emerging risks;
(iii) Provisions for monitoring compliance with the regulated entity's risk limit structure and policies relating to risk management governance, risk oversight, and effective and timely implementation of corrective actions; and
(iv) Provisions specifying management's authority and independence to carry out risk management responsibilities, and the integration of risk management with management's goals and compensation structure.
(b) Risk committee. The board of each regulated entity shall establish and maintain a risk committee of the board of directors that assists the board in carrying out its duties to oversee the enterprise-wide risk management program at the regulated entity.
(1) Committee structure. The risk committee shall:
(i) Be chaired by a director not serving in a management capacity of the regulated entity;
(ii) Have at least one member with risk management experience that is commensurate with the regulated entity's capital structure, risk appetite, complexity, activities, size, and other appropriate risk-related factors;
(iii) Have committee members that have, or that will acquire within a reasonable time after being elected to the committee, a practical understanding of risk management principles and practices relevant to the regulated entity;
(iv) Fully document and maintain records of its meetings, including its risk management decisions and recommendations; and
(v) Report directly to the board and not as part of, or combined with, another committee.
(2) Committee responsibilities. The risk committee shall:
(i) Periodically review and recommend for board approval an appropriate enterprise-wide risk management program that is commensurate with the regulated entity's capital structure, risk appetite, complexity, activities, size, and other appropriate risk-related factors;
(ii) Receive and review regular reports from the regulated entity's chief risk officer, as required under paragraph (c)(5) of this section ; and
(iii) Periodically review the capabilities for, and adequacy of resources allocated to, enterprise-wide risk management.
(c) Chief Risk Officer.—(1) Appointment of a chief risk officer (CRO). Each regulated entity shall appoint a CRO to implement and maintain appropriate enterprise-wide risk management practices for the regulated entity.
(2) Organizational structure of the risk management function. The CRO shall head an independent enterprise-wide risk management function, or unit, and shall report directly to the risk committee and to the chief executive officer.
(3) Responsibilities of the CRO. The CRO shall be responsible for the enterprise-wide risk management function, including:
(i) Allocating risk limits and monitoring compliance with such limits;
(ii) Establishing appropriate policies and procedures relating to risk management governance, practices, and risk controls, and developing appropriate processes and systems for identifying and reporting risks, including emerging risks;
(iii) Monitoring risk exposures, including testing risk controls and verifying risk measures; and
(iv) Communicating within the organization about any risk management issues and/or emerging risks, and ensuring that risk management issues are effectively resolved in a timely manner.
(4) The CRO should have risk management expertise that is commensurate with the regulated entity's capital structure, risk appetite, complexity, activities, size, and other appropriate risk related factors.
(5) The CRO shall report regularly to the risk committee and to the chief executive officer on significant risk exposures and related controls, changes to risk appetite, risk management strategies, results of risk management reviews, and emerging risks. The CRO shall also report regularly on the regulated entity's compliance with, and the adequacy of, its current risk management policies and procedures, and shall recommend any adjustments to such policies and procedures that he or she considers necessary or appropriate.
(6) The compensation of a regulated entity's CRO shall be appropriately structured to provide for an objective and independent assessment of the risks taken by the regulated entity.
A regulated entity shall establish and maintain a compliance program that is reasonably designed to assure that the regulated entity complies with applicable laws, rules, regulations, and internal controls. The compliance program shall be headed by a compliance officer, however styled, who reports directly to the chief executive officer. The compliance officer also shall report regularly to the board of directors, or an appropriate committee thereof, on the adequacy of the entity's compliance policies and procedures, including the entity's compliance with them, and shall recommend any revisions to such policies and procedures that he or she considers necessary or appropriate.
(a) Reports. Each regulated entity shall file Regulatory Reports with FHFA in accordance with the forms, instructions, and schedules issued by FHFA from time to time. If no regularly scheduled reporting dates are established, Regulatory Reports shall be filed as requested by FHFA.
(b) Definition. For purposes of this section, the term Regulatory Report means any report to FHFA of information or raw or summary data needed to evaluate the safe and sound condition or operations of a regulated entity, or to determine compliance with any:Start Printed Page 72340
(1) Provision in the Bank Act, Safety and Soundness Act, or other law, order, rule, or regulation;
(2) Condition imposed in writing by FHFA in connection with the granting of any application or other request by a regulated entity; or
(3) Written agreement entered into between FHFA and a regulated entity.
Subpart D—Enterprise Specific Requirements
(a) Membership—(1) Limits on service of board members.—(i) General requirement. No board member of an Enterprise may serve on the board of directors for more than 10 years or past the age of 72, whichever comes first; provided, however, a board member may serve his or her full term if he or she has served less than 10 years or is 72 years on the date of his or her election or appointment to the board; and
(ii) Waiver. Upon written request of an Enterprise, the Director may waive, in his or her sole discretion and for good cause, the limits on the service of a board member under paragraph (a)(1)(i) of this section.
(2) Independence of board members. A majority of seated members of the board of directors of an Enterprise shall be independent board members, as defined under rules set forth by the NYSE, as amended from time to time.
(3) Segregation of duties. The position of chairperson of the board of directors shall be filled by a person other than the chief executive officer, who shall also be a director of the Enterprise that is independent, as defined under the rules set forth by the NYSE, as amended from time to time.
(b) Meetings, quorum and proxies, information, and annual review—(1) Frequency of meetings. The board of directors of an Enterprise shall meet at least eight times a year and no less than once a calendar quarter to carry out its obligations and duties under applicable laws, rules, regulations, and guidelines.
(2) Non-management board member meetings. Non-management directors of an Enterprise shall meet at regularly scheduled executive sessions without management participation.
(3) Quorum of board of directors; proxies not permissible. For the transaction of business, a quorum of the board of directors of an Enterprise is at least a majority of the seated board of directors and a board member may not vote by proxy.
(4) Information. Management of an Enterprise shall provide a board member of the Enterprise with such adequate and appropriate information that a reasonable board member would find important to the fulfillment of his or her fiduciary duties and obligations.
(5) Annual review. At least annually, the board of directors of an Enterprise shall be informed of significant changes to the requirements of laws, rules, regulations, and guidelines that are applicable to its activities and duties.
Each Enterprise may pay its directors reasonable and appropriate compensation for the time required of them, and their necessary and reasonable expenses, in the performance of their duties.
Subpart E—Bank Specific Requirements
(a) Adoption and review of member products policy—(1) Adoption. Each Bank's board of directors shall have in effect at all times a policy that addresses the Bank's management of products offered by the Bank to members and housing associates, including but not limited to advances, standby letters of credit, and acquired member assets, consistent with the requirements of the Bank Act, paragraph (b) of this section, and all applicable FHFA regulations and policies.
(2) Review and compliance. Each Bank's board of directors shall:
(i) Review the Bank's member products policy annually;
(ii) Amend the member products policy as appropriate; and
(iii) Re-adopt the member products policy, including interim amendments, not less often than every three years.
(b) Member products policy requirements. In addition to meeting any other requirements set forth in this chapter, each Bank's member products policy shall:
(1) Address credit underwriting criteria to be applied in evaluating applications for advances, standby letters of credit, and renewals;
(2) Address appropriate levels of collateralization, valuation of collateral and discounts applied to collateral values for advances and standby letters of credit;
(3) Address advances-related fees to be charged by each Bank, including any schedules or formulas pertaining to such fees;
(4) Address standards and criteria for pricing member products, including differential pricing of advances pursuant to § 1266.5(b)(2) of this chapter, and criteria regarding the pricing of standby letters of credit, including any special pricing provisions for standby letters of credit that facilitate the financing of projects that are eligible for any of the Banks' CICA programs under part 1292 of this chapter;
(5) Provide that, for any draw made by a beneficiary under a standby letter of credit, the member will be charged a processing fee calculated in accordance with the requirements of § 1271.6(b) of this chapter;
(6) Address the maintenance of appropriate systems, procedures, and internal controls; and
(7) Address the maintenance of appropriate operational and personnel capacity.
(a) Adoption of strategic business plan. Each Bank's board of directors shall have in effect at all times a strategic business plan that describes how the business activities of the Bank will achieve the mission of the Bank consistent with part 1265 of this chapter. Specifically, each Bank's strategic business plan shall:
(1) Enumerate operating goals and objectives for each major business activity and for all new business activities, which must include plans for maximizing activities that further the Bank's housing finance and community lending mission, consistent with part 1265 of this chapter;
(2) Discuss how the Bank will address credit needs and market opportunities identified through ongoing market research and consultations with members, associates, and public and private organizations;
(3) Establish quantitative performance goals for Bank products related to multi-family housing, small business, small farm and small agri-business lending;
(4) Describe any proposed new business activities or enhancements of existing activities; and
(5) Be supported by appropriate and timely research and analysis of relevant market developments and member and associate demand for Bank products and services.
(b) Review and monitoring. Each Bank's board of directors shall:
(1) Review the Bank's strategic business plan at least annually;
(2) Re-adopt the Bank's strategic business plan, including interim amendments, not less often than every three years; and
(3) Establish management reporting requirements and monitor implementation of the strategic business plan and the operating goals and objectives contained therein.Start Printed Page 72341
(c) Report to FHFA. Each Bank shall submit to FHFA annually a report analyzing and describing the Bank's performance in achieving the goals described in paragraph (a)(3) of this section.
(a) Establishment. The audit committee of each Bank established as required by § 1239.5(b) shall be consistent with the requirements set forth in this section.
(b) Composition. (1) The audit committee shall comprise five or more persons drawn from the Bank's board of directors, each of whom shall meet the criteria of independence set forth in paragraph (c) of this section.
(2) The audit committee shall include, to the extent practicable, a balance of representatives of:
(i) Community financial institutions and other members; and
(ii) Independent directors and member directors of the Bank, both as defined in the Bank Act.
(3) The terms of audit committee members shall be appropriately staggered so as to provide for continuity of service.
(4) At least one member of the audit committee shall have extensive accounting or related financial management experience.
(c) Independence. Any member of the Bank's board of directors shall be considered to be sufficiently independent to serve as a member of the audit committee if that director does not have a disqualifying relationship with the Bank or its management that would interfere with the exercise of that director's independent judgment. Such disqualifying relationships include, but are not limited to:
(1) Being employed by the Bank in the current year or any of the past five years;
(2) Accepting any compensation from the Bank other than compensation for service as a board director;
(3) Serving or having served in any of the past five years as a consultant, advisor, promoter, underwriter, or legal counsel of or to the Bank; or
(4) Being an immediate family member of an individual who is, or has been in any of the past five years, employed by the Bank as an executive officer.
(d) Charter. (1) The audit committee of each Bank shall review and assess the adequacy of the Bank's audit committee charter on an annual basis, and shall recommend to the board of directors any amendments that it believes to be appropriate;
(2) The board of directors of each Bank shall review and assess the adequacy of the audit committee charter on an annual basis, shall amend the audit committee charter whenever it deems it appropriate to do so, and shall reapprove the audit committee charter not less often than every three years; and
(3) Each Bank's audit committee charter shall:
(i) Provide that the audit committee has the responsibility to select, evaluate and, where appropriate, replace the internal auditor and that the internal auditor may be removed only with the approval of the audit committee;
(ii) Provide that the internal auditor shall report directly to the audit committee on substantive matters and that the internal auditor is ultimately accountable to the audit committee and board of directors; and
(iii) Provide that both the internal auditor and the external auditor shall have unrestricted access to the audit committee without the need for any prior management knowledge or approval.
(e) Duties. Each Bank's audit committee shall have the duty to:
(1) Direct senior management to maintain the reliability and integrity of the accounting policies and financial reporting and disclosure practices of the Bank;
(2) Review the basis for the Bank's financial statements and the external auditor's opinion rendered with respect to such financial statements (including the nature and extent of any significant changes in accounting principles or the application thereof) and ensure that policies are in place that are reasonably designed to achieve disclosure and transparency regarding the Bank's true financial performance and governance practices;
(3) Oversee the internal audit function by:
(i) Reviewing the scope of audit services required, significant accounting policies, significant risks and exposures, audit activities, and audit findings;
(ii) Assessing the performance and determining the compensation of the internal auditor; and
(iii) Reviewing and approving the internal auditor's work plan.
(4) Oversee the external audit function by:
(i) Approving the external auditor's annual engagement letter;
(ii) Reviewing the performance of the external auditor; and
(iii) Making recommendations to the Bank's board of directors regarding the appointment, renewal, or termination of the external auditor.
(5) Provide an independent, direct channel of communication between the Bank's board of directors and the internal and external auditors;
(6) Conduct or authorize investigations into any matters within the audit committee's scope of responsibilities;
(7) Ensure that senior management has established and is maintaining an adequate internal control system within the Bank by:
(i) Reviewing the Bank's internal control system and the resolution of identified material weaknesses and significant deficiencies in the internal control system, including the prevention or detection of management override or compromise of the internal control system; and
(ii) Reviewing the programs and policies of the Bank designed to ensure compliance with applicable laws, regulations and policies, and monitoring the results of these compliance efforts;
(8) Review the policies established by senior management to assess and monitor implementation of the Bank's strategic business plan and the operating goals and objectives contained therein; and
(9) Report periodically its findings to the Bank's board of directors.
(f) Meetings. The audit committee shall prepare written minutes of each audit committee meeting.
A Bank's board of directors may not declare or pay a dividend based on projected or anticipated earnings and may not declare or pay a dividend if the par value of the Bank's stock is impaired or is projected to become impaired after paying such dividend.
CHAPTER XVII—OFFICE OF FEDERAL HOUSING ENTERPRISE OVERSIGHT, DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT
SUBCHAPTER C—SAFETY AND SOUNDNESSStart Part
PART 1710—[REMOVED]End Part Start Amendment Part
6. Remove part 1710.End Amendment Part Start Part
PART 1720—[REMOVED]End Part Start Amendment Part
7. Remove part 1720.End Amendment Part Start Signature
Dated: November 10, 2015.
Melvin L. Watt,
Director, Federal Housing Finance Agency.
2. FHFA as conservator has exercised its authority under 12 U.S.C. 4617(b)(2)(C) to provide for the Enterprises' management to be overseen by the boards of directors under their charter acts, 12 U.S.C. 1452(a), 1723(b), and those boards have been operating under the OFHEO regulations, which are being replaced by this regulation.Back to Citation
3. See e.g., Principles for the Management of Credit Risk—Consultative Document, Bank for International Settlements, July 1999 (“Credit risk is most simply defined as the potential that a bank borrower or counterparty will fail to meet its obligations in accordance with agreed terms.”). See also, Interagency Counterparty Risk Management Guidance, Board of Governors of the Federal Reserve System, SR 11-10, July 5, 2011 (“Counterparty credit risk is the risk that the counterparty to a transaction could default.”) and Supervisory Policy Statement on Investment Securities and End-User Derivatives Activities, Federal Financial Institutions Examination Council, Oct. 3, 1997 (A component of credit risk is settlement and pre-settlement credit risk. “These risks are the possibility that a counterparty will fail to honor its obligation at or before the time of settlement.” (emphasis added)).Back to Citation
6. Aronson v. Lewis, 473 A.2d 805 (1984) (Supreme Court of Delaware).Back to Citation
8. See Enhanced Prudential Standards and Early Remediation Requirements for Covered Companies, Board of Governors of the Federal Reserve System, 77 FR 594 (Jan. 5, 2012). The commenters asked that to the extent that FHFA had looked to these standards for guidance, it should look to the final rule adopted by the Federal Reserve Board instead of its proposed rule, especially as it relates to distinguishing between the respective roles of directors and management. FHFA has reviewed that final rule document and made conforming revisions to this final rule, as appropriate. See Enhanced Prudential Standards and Early Remediation Requirements for Covered Companies, Board of Governors of the Federal Reserve System, 79 FR 17240 (Mar. 27, 2014).Back to Citation
9. The Advisory Bulletin rescinded the following OFHEO examination guidance documents: PG-00-001 (regarding minimum safety and soundness requirements); PG-00-002 (regarding non-mortgage liquidity investments); PG-06-001 (regarding corporate governance examinations); PG-06-003 (regarding accounting practices examinations); and PG-08-002 (regarding standards for use of fair value options).Back to Citation
[FR Doc. 2015-29367 Filed 11-18-15; 8:45 am]
BILLING CODE 8070-01-P