[Federal Register Volume 62, Number 192 (Friday, October 3, 1997)]
[Proposed Rules]
[Pages 51817-51821]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 97-26104]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of Thrift Supervision

12 CFR Part 545

[97-100]
RIN 1550-AB00


Electronic Operations

AGENCY: Office of Thrift Supervision, Treasury.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The Office of Thrift Supervision (OTS) is proposing to 
streamline and update regulations relating to electronic operations. 
The proposal would amend OTS electronic-related regulations to address 
advances in technology, and to permit prudent innovation for the use of 
emerging technology by Federal savings associations. This NPR is issued 
pursuant to the Regulatory Reinvention Initiative of the Vice 
President's National Performance Review and section 303 of the 
Community Development and Regulatory Improvement Act of 1994.

DATES: Comments must be received on or before December 2, 1997.

ADDRESSES: Send comments to Manager, Dissemination Branch, Records 
Management and Information Policy, Office of Thrift Supervision, 1700 G 
Street, NW., Washington, DC 20552, Attention Docket No. 97-100. These 
submissions may be hand-delivered to 1700 G Street, NW., from 9:00 a.m. 
to 5:00 p.m. on business days; they may be sent by facsimile 
transmission to FAX Number (202) 906-7755 or by e-mail 
[email protected]. Those commenting by e-mail should include 
their name and telephone number. Comments will be available for 
inspection at 1700 G Street, NW., from 9:00 a.m. until 4:00 p.m. on 
business days.

FOR FURTHER INFORMATION CONTACT: Valerie J. Lithotomos, Counsel 
(Banking and Finance), (202) 906-6439; Karen A. Osterloh, Assistant 
Chief Counsel, (202) 906-6639; Paul D. Glenn, Special Counsel, Chief 
Counsel's Office, (202) 906-6203; Paul J. Robin, Program Analyst, 
Compliance Policy, (202) 906-6648; or Paul R. Reymann, Policy Analyst, 
Supervision Policy, (202) 906-5645, Office of Thrift Supervision, 1700 
G Street NW., Washington, DC 20552.

SUPPLEMENTARY INFORMATION:

I. Background

    On April 2, 1997, OTS published an advance notice of proposed 
rulemaking (ANPR) seeking comment on all aspects of banking affected by 
electronic operations.1 OTS solicited comments on whether 
its existing regulations are sufficiently flexible to permit Federal 
savings associations to engage in appropriate electronic banking 
activities, consistent with safety and soundness and applicable 
statutes and regulations. OTS expressed concern that its current 
regulations do not adequately address product innovation made possible 
by advances in technology, and may impede prudent innovation by Federal 
savings associations.
---------------------------------------------------------------------------

    \1\ 62 FR 15626 (April 2, 1997) (Notice of Proposed Rulemaking 
on Deposits and Advance Notice of Proposed Rulemaking on Electronic 
Banking.) A final rule on deposits will be published separately.
---------------------------------------------------------------------------

    OTS identified three existing regulations affecting a Federal 
thrift's ability to engage in electronic activities. Two of these 
regulations describe the type of facilities through which Federal 
thrifts may deliver banking services. 12 CFR 545.141 (Remote Service 
Units) (RSUs) and 12 CFR 545.142 (Home Banking Services). The third 
regulation, at 12 CFR 545.138, provides the general authority to engage 
in data processing activities and sell certain excess data processing 
capacity. OTS sought comment on how to update these regulations, first 
adopted in the early 1980s, to reflect current activities and use of 
technologies. OTS also sought comment on certain technological issues 
that its existing regulations do not address. These included issues 
related to stored-value cards, the application of the Community 
Reinvestment Act (CRA) to electronic banking, banking on the Internet, 
and other new products and delivery systems.
    OTS received 19 comments from nine Federal savings associations, 
four trade associations, two technology firms, two individuals or 
groups of individuals, one Federal government agency, and a 
representative of two major credit card companies. The comments are 
discussed in further detail in the description of the proposed rule.
    Commenters suggested two broad principles to guide OTS in drafting 
regulations on emerging electronic services:

 The public and insured depository institutions will be best 
served if statutory and regulatory restrictions are kept to a minimum. 
Commenters feared that the premature imposition of restrictive 
operational standards would impede the development of improved 
financial services.
 Savings associations should be permitted to compete 
effectively with other regulated financial institutions and unregulated 
firms offering financial and related services.

[[Page 51818]]

II. General Description of Proposed Rule

    Consistent with the principles identified, OTS is proposing to 
issue a broad enabling regulation clarifying that Federal savings 
associations may engage in any activity through electronic means that 
it may conduct through more traditional delivery mechanisms. This 
approach will enhance the ability of Federal savings associations to 
serve as financial intermediaries. In addition, this approach will 
permit Federal savings associations to fully utilize the by-products or 
capacities generated in providing financial services through electronic 
means. The approach will also permit Federal thrifts to creatively 
provide access to financial services (subject, of course, to adequate 
security measures). This proposal is consistent with the principles 
established in the Administration's recent electronic commerce policy 
statement.2
---------------------------------------------------------------------------

    \2\ See ``A Framework for Global Electronic Commerce'' (July 1, 
1997). These principles are: (1) The private sector should lead; (2) 
Governments should avoid undue restrictions on electronic commerce; 
(3) Where governmental involvement is needed, its aim should be to 
support and enforce a predictable, minimalist, consistent and simple 
legal environment for commerce; (4) Governments should recognize the 
unique qualities of the Internet; and (5) Electronic commerce over 
the Internet should be facilitated on a global basis.
---------------------------------------------------------------------------

    The proposed rule would eliminate existing regulations that address 
electronic operations at Sec. 545.138 (Data-processing Services), 
Sec. 545.141 (Remote Services Units), and Sec. 545.132 (Home Banking 
Services), and would add a new subpart B to part 545 to address 
electronic operations. New subpart B uses plain language drafting 
techniques consistent with National Performance Review instructions and 
new guidance in the Federal Register Document Drafting Handbook 
(January 1997 edition). The primary goal of plain language drafting is 
to facilitate the understanding of regulations. Plain language drafting 
emphasizes the use of informative headings (often written as a 
question), non-technical language (including the use of ``you'') and 
sentences in the active voice. The words ``I'' in a question and 
``you'' in an answer, in the proposal, refer to a Federal savings 
association. OTS intends to use plain language drafting in other future 
regulatory projects to the extent possible.
    The provisions of the new subpart are discussed below in the 
section-by-section analysis.

III. Section-by-Section Analysis

What Does This Subpart Do? (Proposed Sec. 545.140)

    Under the proposed rule, all current regulations addressing 
electronic operations will be consolidated in part 545, subpart B. This 
subpart describes how a Federal savings association may provide 
products and services through electronic means and facilities. See 
proposed Sec. 545.140.

How May I Use Electronic Means and Facilities? (Proposed Sec. 545.141)

    As noted above, two existing OTS regulations describe the type of 
facilities through which Federal thrifts may deliver banking services 
electronically. Section 545.141 addresses RSUs (including automated 
teller machines (ATMs)). Section 545.142 addresses home banking 
services. Currently, Federal thrifts' authority to provide banking 
services through these authorities is restricted. For example, an RSU 
may not be used to open a savings account or a demand account, or to 
establish a loan account. See 12 CFR 545.141(b). Moreover, it is 
unclear whether Sec. 545.142 would permit the opening of new accounts 
or the processing of credit applications as home banking services.
    Commenters urged OTS to clarify and expand the activities permitted 
under these authorities to include a broad range of products and 
services, including opening deposit accounts and establishing loan 
accounts. Commenters argued that removing activity restrictions would 
serve the public interest by allowing thrifts to more effectively 
compete in financial services, and by enhancing the availability of 
financial services to the public. Commenters argued that removing the 
existing activity restrictions would be consistent with 12 U.S.C. 
1464(b)(1)(F) (which authorizes Federal savings associations to 
establish RSUs) and congressional intent expressed in Section 2205 of 
the Economic Growth and Regulatory Paperwork Reduction Act of 1996 
(which eliminates the requirement that banks file branch applications 
for ATMs).
    Consistent with OTS' goal of minimizing regulatory restrictions on 
electronic operations, proposed Sec. 545.141 specifically permits 
Federal savings associations to use electronic means or facilities to 
perform any authorized function or provide any authorized product or 
service. Under the new subpart, electronic means or facilities include, 
but are not limited to automated teller machines, automated loan 
machines, personal computers, the Internet, the World Wide Web, 
telephones, and other similar electronic devices.3 This 
authority now includes the opening of savings or demand accounts and 
the establishment of loan accounts--functions previously excluded from 
the definition of remote service unit--because the performance of these 
functions through electronic means may enhance the operating 
flexibility of Federal thrifts.
---------------------------------------------------------------------------

    \3\ OTS will shortly provide guidance concerning consultation 
procedures to be followed when a Federal savings association permits 
customers to execute transactions by accessing the thrift's data 
base using the customer's equipment or other equipment that is not 
provided by the thrift.
---------------------------------------------------------------------------

    As part of this proposal, OTS is also revising its branch office 
regulation to clarify that electronic facilities do not constitute a 
branch office.4
---------------------------------------------------------------------------

    \4\ In the ANPR, OTS specifically asked for comment on whether 
automated loan machines (ALMs) should be considered an RSU, a branch 
office, or some other type of facility. ALMs may permit customers to 
apply for and immediately receive loans via an automated terminal. 
Commenters urged OTS to treat ALMs like RSUs, rather than branches. 
These commenters argued that this treatment would provide savings 
associations with the same flexible product delivery options as 
competing financial institutions. See OCC Interpretive Letter #772 
(March 6, 1997) (RSUs, ATMs, and ALMs are not branches for the 
purposes of 12 U.S.C. 36). Under the proposed revisions to the OTS 
regulation, ALMs would be electronic facilities subject to Subpart 
B, and would not be branches.
---------------------------------------------------------------------------

When May I Sell the Electronic Capacities and By-Products That I Have 
Acquired or Developed (Proposed Sec. 545.142)

    Under current Sec. 545.138, a savings association may engage in 
limited data processing and data transmission services, sell by-
products incident to those services, and sell excess capacity. This 
authority, however, is subject to significant constraints. For example, 
under the current regulation, the authorized processing of data 
generally encompasses a recordkeeping function, and does not include 
making risk-based decisions through electronic means. Moreover, the 
current OTS regulation limits the ability of a Federal savings 
association to sell or market data processing and transmission 
services, software, and excess capacity.
    Several commenters suggested that OTS should adopt a more flexible 
data processing regulation. They urged OTS to permit the fullest 
development and use of data processing technology. Commenters argued 
that savings associations should not be restricted, relative to other 
financial institutions, in providing new electronic services to 
customers. Accordingly, many commenters suggested that OTS should

[[Page 51819]]

provide data processing authority for thrifts that is as expansive as 
that for national banks. Several recommended that OTS use the 
interpretations and regulations recently issued by the Office of the 
Comptroller of the Currency (OCC) as a model for its regulation. 
5 Commenters argued that consistent regulations will 
facilitate joint ventures between banks and thrifts and will further 
the goal of ensuring uniformity of regulation under section 303 of the 
Community Development and Regulatory Improvement Act. Only one 
commenter, a data processing and software company, argued that OTS 
should not encourage thrifts to expand their data processing operations 
or software sales activities.
---------------------------------------------------------------------------

    \5\ See 12 CFR 7.1019 (1997). Under this OCC interpretation, 
``(a) national bank may, in order to optimize the use of the bank's 
resources, market and sell to third parties electronic capacities 
acquired or developed by the bank in good faith for banking 
purposes.''
---------------------------------------------------------------------------

    Proposed Sec. 545.142 is more permissive than the current data 
processing services rule in that it provides that a Federal savings 
association may market and sell electronic capacities and by-products 
to third parties. The only condition imposed is that the thrift must 
have acquired or developed these capacities and by-products in good 
faith as part of providing financial services. This is substantially 
identical to the condition imposed on national banks by the OCC.

How May I Participate With Others in the Use of Electronic Means and 
Facilities? (Proposed Sec. 545.143)

    Proposed Sec. 545.143 would permit a savings association to 
participate with others to perform, provide or deliver activities, 
functions, products or services described in proposed Secs. 545.141 and 
545.142. A Federal savings association may participate with an entity 
that is not subject to examination by a Federal agency regulating 
financial institutions only if that entity has agreed, in writing, to 
permit OTS to examine its electronic means or facilities, to pay for 
any related OTS examination fees, and to make all relevant records in 
its possession, written or electronic, available to OTS for 
examination.
    The provisions governing examination are not new requirements. 
Current Sec. 545.138(f) provides that if a Federal savings association 
participates with others to establish or maintain a data processing 
office and the participating entity is not subject to examination by a 
Federal agency regulating financial institutions, the entity must 
agree, in writing, with OTS that it will permit and pay for the 
examination. Current Sec. 545.141(f) also contains a similar 
requirement where a Federal savings association shares an RSU with 
another entity.
    If the participation by a Federal savings association is through a 
service corporation, OTS' service corporation rules apply. See 12 CFR 
559.4 (1997).

What Security Precautions Must I Take? (Proposed Sec. 545.144)

    In the ANPR, OTS asked whether it should mandate a specific level 
of encryption with regard to certain electronic activities including 
the Internet, or whether it should merely permit general safety and 
soundness principles to govern electronic operations.
    Several commenters argued that security issues are manageable and 
should be regulated only as a part of the safety and soundness 
evaluation of each institution. Other commenters recommended specific 
security procedures such as restricting the use of reusable passwords 
as a means of authentication where the password would cross a network, 
or specifying a particular type (or types) of encryption for Internet 
transactions. One commenter suggested that all institutions should have 
written policies and procedures to address firewall and data security 
issues, and should regularly test to assure that violations are not 
occurring.
    While OTS is extremely concerned that Federal savings associations 
establish appropriate security measures when they engage in electronic 
operations, the proposed rule does not codify static security 
requirements. Electronic security standards are undergoing constant 
revision and change.6 OTS believes that it is impracticable 
to prescribe the security measures for the indefinite future that every 
thrift must implement when methods of electronic commerce and their 
attendant security measures are continually evolving.
---------------------------------------------------------------------------

    \6\ For example, bit lengths used by the industry to 
authenticate the identity of users has increased over the past few 
years from 40 to 56 bits. Certain providers now use bit lengths in 
excess of 100 bits.
---------------------------------------------------------------------------

    Instead, proposed Sec. 545.144 provides that a Federal savings 
association should adopt standards and policies that are designed to 
ensure secure operations. In addition, a Federal thrift must implement 
security measures adequate to prevent unauthorized access to its 
records and its customers' records, and to prevent financial fraud 
through the use of electronic means or facilities.7 OTS 
expects Federal savings associations to establish security measures 
that are consistent with current industry standards, and to continually 
monitor and regularly update these security procedures to keep pace 
with changes to industry standards. For example, the association should 
maintain records documenting attempts to gain unauthorized access to 
its data base.
---------------------------------------------------------------------------

    \7\ In certain cases, OTS has required (and may require in the 
future on a case-by-case basis) specific security precautions. For 
example, OTS has required applicants to provide assurances of 
adequate security over the Internet, including adequate encryption 
and independent testing. See OTS Order No. 95-88, Security First 
Network Bank (May 8, 1995). In approving that application, OTS 
required, among other things, the institution to perform independent 
tests of the functionality and security of its operations before and 
after initial implementation.
---------------------------------------------------------------------------

    In addition, a Federal savings association must comply with the 
current security devices requirements of Part 568 if it provides an 
automated teller machine, an automated loan machine, or other similar 
electronic devices. These security requirements are based on current 
Secs. 545.138(d) and 545.141(e).

IV. Emerging Technologies

    The ANPR asked for commenter input on how other regulations, such 
as those implementing the CRA, might be affected as technology modifies 
how and where depository institutions provide services. OTS asked 
several specific questions relating to the application of the CRA to 
electronic banking activities.
    Several commenters predicted that the current CRA requirements will 
become increasingly problematic as institutions offer more loans over 
the Internet. These commenters urged OTS to consult with the other 
banking agencies and develop interagency CRA guidelines to address the 
emerging technologies.8 Other commenters urged the banking 
agencies to defer the issuance of any new CRA guidance until regulators 
and financial institutions gain more experience with electronic banking 
services and the existing CRA regulations.
---------------------------------------------------------------------------

    \8\ These commenters suggested various alternative means for 
satisfying CRA requirements. For example, commenters suggested that 
the banking agencies should give CRA credit for loans made via 
electronic means to low- or moderate-income borrowers who reside 
outside the institution's service area.
---------------------------------------------------------------------------

    To avoid unnecessary compliance costs on the industry, OTS intends 
to permit the new electronic technologies to develop within the 
existing framework of law and regulation. This framework includes 
consumer protection laws, such as the CRA regulations, the Electronic 
Funds

[[Page 51820]]

Transfer Act (Regulation E), safety and soundness regulations, and 
other applicable statutes and regulations. If additional consumer 
protection or other regulatory responses are necessary to respond to 
emerging technologies, OTS will take necessary steps in the future. To 
the extent that the regulatory response will require interagency 
action, OTS will coordinate its response with those of the other 
Federal banking agencies.
    In the ANPR, OTS specifically requested comment on the appropriate 
regulatory response to various emerging technologies including stored-
value cards. The term ``stored-value card'' covers a wide range of 
products. In general, these cards store information and monetary value 
electronically on a magnetic strip or computer chip, and can be used to 
purchase goods and services. There are significant differences in how 
various systems store monetary balances and transaction information, 
and how they authorize transactions. OTS regulations are currently 
silent on stored-value technology.9
---------------------------------------------------------------------------

    \9\ However, OTS has concluded that a Federal savings 
association may market and sell one type of stored-value under the 
incidental powers doctrine. See OTS Opinion Chief Counsel (August 
21, 1996) (prepaid telephone cards).
---------------------------------------------------------------------------

    The ANPR also raised several questions regarding Internet banking 
services. For example, OTS asked whether it should impose any 
restrictions or requirements on banking over the Internet or whether it 
should rely on general safety and soundness principles to govern a safe 
system of operation. The current OTS regulations are also silent on 
Internet operations.10
---------------------------------------------------------------------------

    \10\ OTS, however, approved the nation's first Internet bank in 
1995. More recently, OTS issued an opinion that concluded that a 
Federal savings association, through a service corporation or an 
operating subsidiary, may offer its customers banking services via 
an Internet connection to the savings association's home banking 
system, and afford access to the Internet for non-banking purposes 
to customers and others living in the savings association's service 
area. See Letter Opinion Deputy Chief Counsel (April 14, 1997).
---------------------------------------------------------------------------

    Except for encryption and security issues that are discussed above, 
commenters generally feared that premature regulation in this area 
would stifle development, impose unnecessary compliance costs that 
could deter investment by thrifts, and require extensive updating to 
keep abreast of market changes. Commenters generally concluded that it 
was neither necessary nor appropriate to establish new restrictions or 
requirements on these operations until fundamental issues involving 
these technologies are resolved.
    The increasing emergence of new technologies underscores the 
importance of granting thrifts broad latitude to provide new services 
through electronic means and facilities as these means and facilities 
evolve. Rather than extensive regulation in these areas, OTS has chosen 
to permit thrifts to perform any authorized function or to provide any 
authorized product or service through electronic means or facilities 
including stored-value cards, the Internet or other emerging electronic 
technologies. As OTS gains additional experience with electronic 
technology, it may issue more specific guidance regulating particular 
elements of electronic operations. Until that time, a Federal savings 
association's exercise of this authority remains subject to existing 
safety and soundness requirements, consumer protection requirements, 
commercial law, and other applicable requirements.

V. Request for Comments

    OTS invites comment on all aspects of the NPR. Commenters noted 
that several trade associations have organized committees and task 
forces to address electronic operations. OTS welcomes comment from 
these committees.

VI. Executive Order 12866

    The Director of OTS has determined that this proposed rule does not 
constitute a ``significant regulatory action'' for the purposes of 
Executive Order 12866.

VII. Regulatory Flexibility Act Analysis

    Pursuant to section 605(b) of the Regulatory Flexibility Act, OTS 
certifies that this proposed rule will not have a significant impact on 
a substantial number of small entities. The proposal lowers regulatory 
burdens on all savings associations, including small savings 
associations.

VIII. Unfunded Mandates Act of 1995

    Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law 
104-4 (Unfunded Mandates Act), requires that an agency prepare a 
budgetary impact statement before promulgating a rule that includes a 
Federal mandate that may result in expenditure by state, local, and 
tribal governments, in the aggregate, or by the private sector, of $100 
million or more in any one year. If a budgetary impact statement is 
required, section 205 of the Unfunded Mandates Act also requires an 
agency to identify and consider a reasonable number of regulatory 
alternatives before promulgating a rule. As discussed in the preamble, 
this proposed rule reduces regulatory burden. OTS has determined that 
the proposed rule will not result in expenditures by state, local, or 
tribal governments or by the private sector of $100 million or more. 
Accordingly, this rulemaking is not subject to section 202 of the 
Unfunded Mandates Act.

List of Subjects in 12 CFR Part 545

    Accounting, Consumer protection, Credit, Electronic funds 
transfers, Investments, Reporting and recordkeeping requirements, 
Savings associations.

    Accordingly, the Office of Thrift Supervision hereby proposes to 
amend part 545, chapter V, title 12, Code of Federal Regulations as set 
forth below:

PART 545--OPERATIONS

    The authority citation for part 545 continue to read as follows:

    Authority: 12 U.S.C. 1462a, 1463, 1464, 1828.

    2. Existing Secs. 545.1 through 545.135 are designated as subpart A 
and the subpart heading is added to read as follows:

Subpart A--Operations

* * * * *
    3. Section 545.92 is amended by revising paragraph (a) to read as 
follows:


Sec. 545.92  Branch offices.

    (a) General. A branch office of a Federal savings association is 
any office other than its home office, agency office, administrative 
office, data processing office, or electronic facility under subpart B 
of this part.
* * * * *


Secs. 545.138 through 545.142  [Removed]

    4. Sections 545.138 through 545.142 are removed.
    5. A new subpart B is added to part 545 to read as follows:

Subpart B--Electronic Operations

Sec. 545.140  What does this subpart do?
Sec. 545.141  How may I use electronic means and facilities?
Sec. 545.142  When may I sell electronic capacities and by-products 
that I have acquired or developed?
Sec. 545.143  How may I participate with others in the use of 
electronic means and facilities?
Sec. 545.144  What security precautions must I take?


Sec. 545.140  What does this subpart do?

    This subpart describes how a Federal savings association (``you'') 
may provide products and services through electronic means and 
facilities.

[[Page 51821]]

Sec. 545.141  How may I use electronic means and facilities?

    You may use electronic means or facilities to perform any 
authorized function, or provide any authorized product or service. 
Electronic means or facilities include, but are not limited to 
automated teller machines, automated loan machines, personal computers, 
the Internet, the World Wide Web, telephones, and other similar 
electronic devices.


Sec. 545.142  When may I sell electronic capacities and by-products 
that I have acquired or developed?

    You may market and sell electronic capacities and by-products to 
third-parties if you acquired or developed these capacities and by-
products in good faith as part of providing financial services.


Sec. 545.143  How may I participate with others in the use of 
electronic means and facilities?

    You may participate with others to perform, provide, or deliver 
through electronic means and facilities any activity, function, 
product, or service described under Secs. 545.141 and 545.142. If the 
participating entity is not subject to examination by a Federal agency 
regulating financial institutions, you may participate with that entity 
only if it has agreed in writing with the OTS that it will:
    (a) Permit the examination of its electronic means or facilities, 
as the OTS deems necessary;
    (b) Pay for any related OTS examination fees; and
    (c) Make all relevant records in its possession, written or 
electronic, available to the OTS for examination.


Sec. 545.144  What security precautions must I take?

    If you use electronic means and facilities under this subpart, you 
should adopt standards and policies that are designed to ensure secure 
operations. You must implement security measures adequate to prevent:
    (a) Unauthorized access to your records and your customers' 
records; and
    (b) Financial fraud through the use of electronic means or 
facilities. If you provide an automated teller machine, an automated 
loan machine, or other similar electronic devices, you must comply with 
the security devices requirements of part 568 of this chapter.

    Dated: September 26, 1997.

    By the Office of Thrift Supervision.
Nicolas P. Retsinas,
Director.
[FR Doc. 97-26104 Filed 10-2-97; 8:45 am]
BILLING CODE 6720-01-P