[Federal Register Volume 65, Number 1 (Monday, January 3, 2000)]
[Proposed Rules]
[Pages 81-91]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-34037]


=======================================================================
-----------------------------------------------------------------------

FEDERAL HOUSING FINANCE BOARD

12 CFR Part 917

[No. 99-64]
RIN 3069-AA90


Powers and Responsibilities of Federal Home Loan Bank Boards of 
Directors and Senior Management

AGENCY: Federal Housing Finance Board.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Federal Housing Finance Board (Finance Board) is proposing 
new regulations to set forth the responsibilities of the boards of 
directors and senior management of the Federal Home Loan Banks (Banks) 
as a means of ensuring that they fulfill their duties to operate the 
Banks in a safe and sound manner and in furtherance of the Banks' 
housing finance and community lending mission.

DATES: Comments on this proposed rule must be received in writing on or 
before February 2, 2000.

ADDRESSES: Comments should be mailed to: Elaine L. Baker, Secretary to 
the Board, Federal Housing Finance Board, 1777 F Street, NW, 
Washington, DC 20006. Comments will be available for public inspection 
at this address.

FOR FURTHER INFORMATION CONTACT: James L. Bothwell, Director and Chief 
Economist, (202) 408-2821; Scott L. Smith, Deputy Director, (202) 408-
2991; Julie Paller, Senior Financial Analyst (202) 408-2842; Office of 
Policy, Research and Analysis; Eric M. Raudenbush, Senior Attorney-
Advisor, (202) 408-2932; Office of General Counsel, Federal Housing 
Finance Board, 1777 F Street, NW, Washington, DC 20006.

SUPPLEMENTARY INFORMATION:

I. Background

A. Devolution of Corporate Governance Authorities

    Prior to the enactment of the Financial Institutions Reform, 
Recovery and Enforcement Act (FIRREA) of 1989, Pub. L. 101-73, 103 
Stat. 413 (1989), many decisions regarding the corporate governance of 
the Banks were either made or approved by the Bank System regulator 
(which, prior to FIRREA, was the former Federal Home Loan Bank Board). 
Since the creation of the Finance Board and the reform of the Bank 
System under FIRREA, it has been the policy of the Finance Board to 
devolve to the Banks authority to act on most matters of corporate 
governance without the prior approval of the Finance Board, to the 
extent permitted by statute and to the extent such devolution does not 
compromise the Finance Board's duty to ensure the safety and soundness 
of the Banks. The Finance Board has long recognized the importance of 
maintaining its regulatory independence, and that the safety and 
soundness regulator of the Banks should not involve itself in the 
business affairs of the Banks, nor make governance decisions that more 
properly lie with the Banks as corporate entities.\1\ Despite this 
regulatory policy, statutory provisions have required that certain 
matters pertaining to corporate governance remain within the decision-
making power of the Finance Board.
---------------------------------------------------------------------------

    \1\ See General Accounting Office, Federal Home Loan Bank 
System--Reforms Needed to Promote Its Safety, Soundness, and 
Effectiveness (Dec. 1993).
---------------------------------------------------------------------------

    On November 12, 1999, the President signed into law the Federal 
Home Loan Bank System Modernization Act of 1999 \2\ (Modernization 
Act), Pub. L. 106-102, Title VI (1999), which, among other things, 
removed the remaining corporate governance authorities that previously 
had been vested in the Finance Board under the Federal Home Loan Bank 
Act (Bank Act). 12 U.S.C. 1422-49. To implement these statutory 
changes, the Finance Board has published separately an interim final 
rule removing regulations that required Finance Board approval for the 
following matters of corporate governance: selection and compensation 
of Bank officers and employees; entering into building leases and 
purchases; adoption and revision of Bank bylaws; dividend payments; 
application forms for Bank advances; Bank approval of conditional 
advances; and transfer of advances and advance participations. See 64 
FR 71275 (1999).
---------------------------------------------------------------------------

    \2\ The Modernization Act is Title VI of the larger Gramm-Leach-
Bliley Act. Pub. L. 106-102 (1999).
---------------------------------------------------------------------------

    Management responsibilities over the Banks have been rightfully 
removed from the statutory purview of the Finance Board. However, the 
Finance Board continues to be responsible for ensuring that the Banks 
operate in a financially safe and sound manner and carry out their 
statutory housing finance and community lending mission. See 12 U.S.C. 
1422a(a)(3). In that capacity, the Finance Board believes that it is 
prudent to set forth explicitly in regulation a state-of-the-art 
corporate governance framework for the Banks' boards of directors and 
senior management.
    The proposed rule includes provisions defining the 
responsibilities--and thus the accountability--of the boards of 
directors and senior management of the Banks with regard to operating 
the Banks in a safe and sound manner and ensuring that the Banks 
achieve their statutory mission. These responsibilities include matters 
such as the adoption and annual review of risk management policies, 
periodic risk assessments, the maintenance of effective internal 
controls, the establishment of independent audit committees, and 
adoption of and compliance with a strategic business plan, as further 
detailed below.

B. Effect of the Proposed Rule To Reorganize the Finance Board's 
Regulations

    On September 27, 1999, the Finance Board published a notice of 
proposed rulemaking to reorganize its regulations to implement a more 
logical and efficient presentation of the regulations governing the 
Banks and the Bank System. See 64 FR 52148 (1999). Because it is 
anticipated that a final reorganization rule will be in effect before 
the substantive regulatory amendments contained in this proposal would 
become final, cross-references appearing in the text of this proposed 
rule are made to the new section and part numbers that would be in 
effect once the final reorganization rule is adopted. Where such 
references are to provisions that currently exist under different 
section or part numbers, the existing citation has been noted in this 
preamble.

C. The Banks as Corporate Entities

    Each state generally has laws of incorporation that require, among 
other things, a corporation to be managed by a board of directors. 
Consistent with this general corporate concept, the Bank Act (as 
amended by the Modernization Act) provides for the management of each 
Bank to be vested in the Bank's board of directors. See 12 U.S.C. 
1427(a). The Bank Act states that each Bank is a corporate body. See 
id. at 1432(a). In addition to authorizing certain enumerated corporate 
and banking powers, see id. at 1431, 1432, the Bank Act grants each 
Bank all such incidental powers as are consistent with the provisions 
of the Bank Act and customary and usual in corporations generally. See 
id. at 1432(a). The Finance Board believes that, attendant to the 
exercise of customary and usual

[[Page 82]]

corporate powers, the Banks' boards of directors are subject to the 
same general fiduciary duties of care and loyalty to which the board of 
a state-chartered business or banking corporation would be subject, 
although this previously has not been set forth in regulation.
    The duties, responsibilities and privileges of a director of a Bank 
derive from a source different from that of a director of a state-
chartered business or banking corporation. Each Bank is created in 
accordance with Federal law to further public policy, and its statutory 
powers and purposes are not subject to change except by the Congress. A 
Bank's board of directors has neither the right nor the duty to alter 
the purpose of the Bank, whereas an ordinary corporate board of 
directors may approve mergers, consolidations and changes in the 
corporate charter that could alter the objectives and nature of the 
business of the corporation. The directors of a Bank are responsible 
for managing that Bank to achieve the statutorily-mandated objectives 
of promoting housing finance and community lending and meeting the 
Bank's statutory obligations (e.g., paying a portion of the interest on 
obligations of the Resolution Funding Corporation (REFCORP), see id. at 
1441b, and making contributions to the AHP, see id. at 1430(j)), all in 
a financially safe and sound manner.
    All Banks are subject to the supervision of the Finance Board. The 
bulk of the Banks' corporate powers, duties and responsibilities are 
described in sections 10, 11, 12 and 16 of the Act. Id. at 1430, 1431, 
1432 and 1436. Section 10 of the Act authorizes each Bank to make 
secured advances to its members upon collateral sufficient, in its 
judgment, to fully secure the advance, and to certain eligible 
nonmember borrowers (which, in this rule, the Finance Board has 
referred to as ``associates'') upon statutorily specified collateral. 
See id. at 1430(a), 1430b. The Banks may conduct correspondent 
services, establish reserves, make investments and pay dividends, all 
subject to statutory limitations. See id. at 1431, 1436. Under section 
12(a) of the Act, a Bank has the power to sue and be sued. See id. at 
1432(a). In addition, each Bank has adopted bylaws that address such 
matters as: the conduct of meetings of the board of directors; 
existence, composition, conduct and administration of committees of the 
board of directors; and indemnification.

II. Analysis of Proposed Rule

A. Overview

    Proposed part 917 for the first time would set forth in one place 
and in regulation the duties and responsibilities of a Bank's board of 
directors and of senior management of the Bank. It would make clear the 
Finance Board's belief that oversight of management by a strong and 
proactive board of directors is critical to the safe and successful 
operation of each Bank. Generally, under proposed part 917, the board 
of directors of each Bank would be responsible for: (1) Approving and 
periodically reviewing the significant policies of the Bank; (2) 
understanding the major risks taken by the Bank, setting acceptable 
tolerance levels for these risks and requiring that senior management 
takes the steps necessary to identify, measure, monitor and control 
these risks; (3) monitoring the Bank's compliance with applicable 
statutes, regulation and policy (both of the Finance Board and the 
Bank); (4) adopting and maintaining policies to ensure that the Bank 
carries out its housing finance and community lending mission; (5) 
approving the organizational structure and delegations of authority; 
and (6) overseeing senior management's establishment and maintenance of 
an adequate and effective system of internal controls and senior 
management's monitoring of the effectiveness of the internal control 
system.
    Proposed part 917 also provides generally that senior management of 
each Bank would be responsible for: (1) Implementing strategies and 
policies approved by the Bank's board; (2) developing processes that 
identify, measure, monitor and control risks incurred by the Bank; (3) 
maintaining an organizational structure that clearly assigns 
responsibility, authority and reporting relationships; (4) ensuring 
that delegated responsibilities are effectively carried out; (5) 
setting appropriate internal control policies; and (6) monitoring the 
adequacy and effectiveness of the internal control system.
    The proposed requirements for the Banks' boards of directors and 
senior management generally are based on widely accepted best corporate 
practices. They are intended to require that the boards of directors 
oversee both risk management for safety and soundness and achievement 
of the public purpose of supporting housing and community lending. 
Oversight by both the boards of directors and senior management is 
integral to the overall business operation of a Bank. The first line of 
defense in ensuring safety and soundness is an effective corporate 
governance structure within the Banks themselves. Having an active, 
informed and engaged board of directors is the cornerstone of a well-
run entity.
    In addition, recognition of the importance of mission achievement 
must originate with the board of directors and fulfillment of mission 
at all levels of the Bank must be promoted and encouraged by the board. 
The proposed rule would require that the boards of directors of the 
Banks fulfill these important responsibilities.

B. Definitions--Sec. 917.1

    Section 917.1 of the proposed rule sets forth definitions of terms 
used in part 917. These terms are discussed below as they relate to the 
substantive provisions of the proposed rule.

C. General Authorities and Duties of Bank Boards of Directors--
Sec. 917.2

    The first sentence of Sec. 917.2(a) of the proposed rule would 
implement the first clause of section 7(a) of the Bank Act, 12 U.S.C. 
1427(a), which states that the management of each Bank shall be vested 
in its board of directors. The Finance Board interprets this statutory 
provision as charging each Banks' board of directors with the ultimate 
legal responsibility for guiding the activities of the Bank, and not as 
a requirement that a Bank's board of directors administer the day-to-
day operations of the Bank. Accordingly, the second sentence of 
proposed Sec. 917.2(a) makes clear that a Bank's board of directors may 
delegate responsibility for such day-to-day operations to Bank 
management, but that, in so doing, may not and can not delegate its 
ultimate statutory responsibility for the management of the Bank.
    Proposed Sec. 917.2(b) enumerates the duties that would apply to 
all official activities of each board director. Specifically, proposed 
Sec. 917.2(b)(1) would charge each director with the duty to carry out 
his or her duties as director in good faith, in a manner such director 
believes to be in the best interests of the Bank, and with such care, 
including reasonable inquiry, as an ordinarily prudent person in a like 
position would use under similar circumstances. Proposed 
Sec. 917.2(b)(2) would implement section 7(j) of the Bank Act, id. at 
1427(j), by requiring that directors administer the affairs of the Bank 
fairly and impartially.
    Proposed Sec. 917.2(b)(3) would require that each board director be 
financially literate (i.e., have a working familiarity with basic 
finance and accounting practices), or become financially literate

[[Page 83]]

within a reasonable time after his or her election or appointment to 
the board of directors. This financial literacy may be obtained through 
training provided by the Bank if a director does not possess such 
financial literacy at the time of his or her election or appointment to 
the board. Finally, proposed Sec. 917.2(b)(4) would charge each Bank 
director with the general duty to direct the operations of the Bank in 
conformity with the requirements of the Bank Act and the Finance 
Board's regulations.
    In order to ensure that Bank boards of directors are able to 
oversee effectively the management of the Banks, proposed 
Sec. 917.2(c)(1) would make clear that this section simply codifies the 
existing authority all Bank boards of directors, and all committees 
thereof, have to retain staff and outside consultants at the expense of 
the Bank, as necessary to carry out their official duties and 
responsibilities. Proposed Sec. 917.2(c)(2) states that the board of 
directors, or any committee thereof, may require any internal Bank 
staff providing services to the board or committee on a particular 
matter to report directly to the board or committee on that matter.

D. Risk Management--Sec. 917.3

    Section 917.3 of the proposed rule sets forth the risk management 
responsibilities of Bank boards of directors and senior management. 
Proposed Sec. 917.3(a)(1) would require that, beginning 90 days after 
the effective date of this rule in final form, each Bank's board of 
directors have in effect at all times a risk management policy 
addressing the Bank's exposure to credit risk, market risk, liquidity 
risk, business risk and operations risk, as those terms are defined in 
proposed Sec. 917.1. The risk limits set forth in the policy shall be 
consistent with the Bank's capital position and its ability to measure 
and manage risk. While, under proposed Sec. 917.3(a)(1) a Bank need not 
submit its risk management policy to the Finance Board, these policies 
will be reviewed by the Finance Board as part of the ongoing 
examination process.
    Proposed Sec. 917.3(a)(2)(i) would require that the Bank's board of 
directors review the Bank's risk management policy on at least an 
annual basis, while proposed Sec. 917.3(a)(2)(ii) would make clear that 
each Bank's board shall amend its risk management policy, as 
appropriate to meet changing circumstances. Proposed 
Sec. 917.3(a)(2)(iii) provides that the board of directors also would 
be required to re-adopt the risk management policy, including interim 
amendments, not less often than every three years, as appropriate, 
based on the board's reviews of the policy. In addition to providing 
consistency, this requirement would make clear that, despite the 
turnover in board personnel that will occur over a number of years, all 
or most current members of a Bank's board of directors will be 
thoroughly familiar with the Bank's risk management policy, will have 
given meaningful consideration to its provisions and will have 
expressed an opinion regarding the adequacy of the policy through the 
voting process. Proposed Sec. 917.3(a)(2)(iv) also would make clear 
that each Bank's board of directors has the ultimate responsibility to 
ensure that policies and procedures are in place to achieve Bank 
compliance at all times with the risk management policy.
    Section 917.3(b) of the proposed rule sets forth several specific 
requirements for each Bank's risk management policy. Proposed 
Sec. 917.3(b)(1) would require that each Bank's risk management plan 
describe how the Bank will comply with its capital structure plan 
required under section 6(b) of the Bank Act (as amended by the 
Modernization Act), 12 U.S.C. 1426(b), to be submitted to the Finance 
Board within 270 days of the Finance Board's promulgation of 
regulations prescribing uniform capital standards for the Banks 
pursuant to section 6(a) of the Bank Act (as amended by the 
Modernization Act), id. at 1426(a). Proposed Sec. 917.3(b)(2) would 
require each Bank's risk management policy to set forth tolerance 
levels for the market and credit risk components.
    Proposed Sec. 917.3(b)(3) would require each Bank's risk management 
policy to set forth standards for the Bank's management of credit, 
market, liquidity, business and operations risks. Credit risk is 
defined in proposed Sec. 917.1 as the risk that the market value of an 
obligation will decline as a result of deterioration in 
creditworthiness. The creditworthiness of an obligation can be affected 
by both the creditworthiness of the specific counterparty or the 
market's general perception of the creditworthiness of an entire class 
of obligations. The Banks must assess the creditworthiness of issuers, 
obligors, or other counterparties prior to acquiring investments and, 
under proposed Sec. 917.3(b)(3)(i), the Bank's risk management policy 
would be required to include the standards and criteria for such an 
assessment. In addition, the credit risk portion of each Bank's risk 
management policy also should identify the criteria for selecting 
brokers, dealers and other securities firms with which the Bank may 
execute transactions.
    Market risk is defined in proposed Sec. 917.1 as the risk of loss 
in value of the Bank's portfolio resulting from movements in interest 
rates, foreign exchange rates and equity and commodity prices. Proposed 
Sec. 917.3(b)(3)(ii) would require that each Bank's risk management 
policy establish standards for the methods and models used to measure 
and monitor market risk, including maximum exposure thresholds and 
scenarios for measuring risk exposure.
    Liquidity risk is defined in proposed Sec. 917.1 as the risk that a 
Bank would be unable to meet its obligations as they come due or meet 
the credit needs of its members and eligible nonmember borrowers in a 
timely and cost-efficient manner. Operational liquidity addresses day-
to-day or ongoing liquidity needs under normal circumstances. 
Operational liquidity needs may be either anticipated or unanticipated. 
Contingency liquidity addresses the same liquidity needs, but under 
abnormal or unusual circumstances in which a Bank's access to the 
capital markets is impeded. This impediment may result from a market 
disruption, operational failure, or real or perceived credit problems. 
Proposed Sec. 917.3(b)(3)(iii) would require that each Bank's risk 
management policy indicate the Bank's sources of liquidity, including 
specific types of investments to be held for liquidity purposes, and 
the methodology to be used for determining the Bank's operational and 
contingency liquidity needs. While the Bank System Financial Management 
Policy (FMP) currently governs Bank liquidity requirements, it is 
anticipated that the Finance Board will promulgate new liquidity 
regulations in a future rulemaking.
    Operations risk is defined in proposed Sec. 917.1 as the risk of an 
unexpected loss to a Bank resulting from human error, fraud, 
unenforceability of legal contracts, or deficiencies in internal 
controls or information systems. Proposed Sec. 917.3(b)(3)(iv) would 
require that each Bank's risk management policy address operations risk 
by setting forth standards for an effective internal control system (as 
described in more detail in the discussion of proposed Sec. 917.4 
below), including periodic testing and reporting.
    Business risk is defined in proposed Sec. 917.1 as the risk of an 
adverse impact on a Bank's profitability resulting from external 
factors as may occur in both the short and long run. Such factors 
include: continued financial services industry consolidation; declining 
membership base; concentration of borrowing among members; and 
increased inter-Bank competition. Proposed Sec. 917.3(b)(3)(v) would 
require that each Bank's risk management

[[Page 84]]

policy identify these risks and include strategies for mitigating such 
risks, including contingency plans where appropriate.
    In order for each Bank to create and maintain a meaningful risk 
management policy, it is important that the boards of directors be 
cognizant of the strategic risks facing the Bank. Therefore, proposed 
Sec. 917.3(c) would require that senior management of each Bank 
perform, at least annually, a written risk assessment that identifies 
and evaluates all material risks, including both quantitative and 
qualitative aspects, that could adversely affect the achievement of the 
Bank's performance objectives and compliance requirements. Proposed 
Sec. 917.3(c) also requires that the risk assessment be in written form 
and be reviewed by the Bank's board of directors promptly upon its 
completion.

E. Internal Control System--Sec. 917.4

    While the existing FMP requires that the management of each Bank 
establish internal control systems, the FMP provides no guidance on how 
to ascertain the sufficiency of the systems. There have been several 
instances where internal control weaknesses have been discovered 
through the Finance Board's examination process. As a result, the 
Finance Board believes it prudent to provide more specific requirements 
for the internal control process that must be in place at each Bank.
    In developing requirements for internal control processes for the 
Banks, the Finance Board reviewed the available literature on the 
appropriate internal control systems for financial institutions. 
Included in this review was the Basle Committee on Banking 
Supervision's (BCBS) Framework for Internal Control Systems published 
in September 1998 (hereinafter Basle Committee Report) and the 
Committee of Sponsoring Organizations of the Treadway Commission's 
Internal Control--Integrated Framework Report published in September 
1992 (hereinafter Treadway Commission Report). The recommendations 
contained in these Reports are considered to be state of the art for 
defining, implementing, monitoring, and evaluating internal control 
systems.
    According to the Basle Committee Report, a system of effective 
internal controls is a critical component of bank management and a 
foundation for safe and sound operation of a banking organization. A 
strong system of internal controls can help a bank meet its goals and 
objectives, achieve long-term profitability targets, and maintain 
reliable financial and managerial reporting. An internal control system 
also can help to: (1) Ensure the bank is in compliance with laws, 
regulations and the bank's internal policies and procedures; (2) 
safeguard assets; and (3) decrease the risk of damage to the bank's 
reputation.
    The Treadway Commission Report defines internal controls as a 
process, effected by the board of directors, management and other 
personnel, designed to provide reasonable assurance regarding the 
achievement of objectives in the: (1) Effectiveness and efficiency of 
operations; (2) reliability of financial reporting; and (3) compliance 
with applicable laws and regulations.
    Both Reports discuss basic components or principles for 
establishing and assessing internal control--i.e., management oversight 
and the control environment, risk recognition and assessment, control 
activities and segregation of duties, information and communication, 
and monitoring activities and correcting deficiencies.
    The provisions of Sec. 917.4 of the proposed rule were adapted from 
the basic components and principles in the Basle Committee and Treadway 
Commission Reports. The Finance Board believes that appropriate 
internal controls will be critical to the successful devolution of full 
corporate governance authority to the Banks. The proposed rule would 
provide the framework for an effective internal control system, and 
establish senior management and board of directors' responsibilities 
regarding internal controls.
    Proposed Sec. 917.4(a)(1) would require each Bank to establish and 
maintain an effective internal control system that addresses: (i) The 
efficiency and effectiveness of Bank activities; (ii) the safeguarding 
of assets; (iii) the reliability, completeness and timely reporting of 
financial and management information and transparency of such 
information to the Bank's board of directors and to the Finance Board; 
and (iv) compliance with applicable laws, regulations, policies, 
supervisory determinations and directives of the Bank's board of 
directors and senior management.
    Proposed Sec. 917.4(a)(2) enumerates certain minimum ongoing 
internal control activities that the Finance Board considers to be 
necessary in order for the internal control objectives described in 
proposed Sec. 917.4(a)(1) to be achieved. These activities include: (i) 
Top level reviews by the Bank's board of directors and senior 
management; (ii) activity controls, including review of standard 
performance and exception reports; (iii) physical and procedural 
controls adequate to safeguard, and prevent the unauthorized use of, 
assets; (iv) monitoring for compliance with the risk tolerance limits 
set forth in the risk management policy that would be required under 
proposed Sec. 917.3(a); (v) any required approvals and authorizations 
for specific activities; and (vi) any required verifications and 
reconciliations for specific activities.
    Section 917.4(b) of the proposed rule would charge each Bank's 
board of directors with the responsibility to ensure that the internal 
control system required under proposed Sec. 917.4(a)(1) is established 
and maintained, and to oversee senior management's implementation of 
the system on an ongoing basis. Under proposed Sec. 917.4(b), a Bank's 
board of directors will be considered to have met these general 
requirements on internal control system establishment, maintenance and 
oversight if it: (1) Conducts periodic discussions with senior 
management regarding the effectiveness of the internal control system; 
(2) ensures that an effective and comprehensive internal audit of the 
internal control system is performed annually; (3) requires internal 
control deficiencies to be reported to the Bank's board of directors in 
a timely manner and ensures that such deficiencies are addressed 
promptly; (4) conducts a timely review of evaluations of the 
effectiveness of the internal control system made by auditors and 
Finance Board examiners; (5) ensures that senior management promptly 
and effectively addresses recommendations and concerns expressed by 
auditors and Finance Board examiners regarding weaknesses in the 
internal control system; (6) reports internal control deficiencies, and 
the corrective action taken, to the Finance Board in a timely manner; 
(7) establishes, documents and communicates a clear and effective 
organizational structure for the Bank; (8) ensures that all delegations 
of board authority state the extent of the authority and 
responsibilities delegated; and (9) establishes reporting requirements.
    Section 917.4(c) of the proposed rule would require senior 
management at each Bank to establish, implement and maintain the 
internal control system under the direction of the Bank's board of 
directors. Under proposed Sec. 917.4(c), specific actions on the part 
of senior management that would be necessary to fulfill these 
responsibilities include: (1) Establishing, implementing and 
effectively communicating to Bank personnel policies and procedures 
that are adequate to ensure that internal control activities necessary 
to maintain

[[Page 85]]

an effective internal control system are an integral part of the daily 
functions of all Bank personnel; (2) ensuring that all Bank personnel 
fully understand and comply with all policies and procedures; (3) 
ensuring appropriate segregation of duties among Bank personnel and 
that personnel are not assigned conflicting responsibilities; (4) 
establishing effective paths of communication throughout the 
organization in order to ensure that Bank personnel receive necessary 
and appropriate information; (5) developing and implementing procedures 
that translate the major business strategies and policies established 
by the board of directors into operating standards; (6) ensuring 
adherence to the lines of authority and responsibility established by 
the Bank's board of directors; (7) overseeing the implementation and 
maintenance of management information and other systems; (8) 
establishing and implementing an effective system to track internal 
control weaknesses and the actions taken to correct them; and (9) 
monitoring and reporting to the Bank's board of directors the 
effectiveness of the internal control system on an ongoing basis.

F. Audit Committees--Sec. 917.5

    Section 917.5 of the proposed rule would require that each Bank's 
board of directors establish an audit committee. Current Finance Board 
requirements for audit committees are contained in Finance Board Res. 
No. 92-568.1 (July 22, 1992) and Finance Board Advisory Bulletin 96-1 
(Feb. 29, 1996).
    Resolution No. 92-568.1 contains guidelines intended to be the 
minimum standards that should be adopted by the Banks for revisions of 
the respective audit charters. The guidelines require that: (1) Audit 
committee charters include a statement of the audit committee's 
responsibilities, including a statement of its purpose to assist the 
full board of directors in fulfillment of its fiduciary 
responsibilities; (2) the audit committee shall consist of at least 
three board members and shall include appointed directors and elected 
directors; (3) that in determining the membership of the audit 
committee, the board of directors should provide for continuity of 
service; (4) the audit committee shall meet at least twice annually 
with the audit director and the audit committee shall meet in executive 
session with both the audit director and the external auditors at least 
annually; (5) the audit committee shall oversee the selection, 
compensation, and performance evaluation of the audit director; (6) 
written minutes shall be prepared for each meeting and a copy of such 
minutes forwarded to the Finance Board; and (7) the charters of the 
audit director and audit committee shall be reviewed and approved at 
least annually by the audit committee and the board of directors, 
respectively.
    Advisory Bulletin 96-1 communicated examination findings regarding 
certain Bank practices that may tend to reduce the independence of the 
internal audit function, specifically the processes by which Bank audit 
director compensation is determined and performance is evaluated. The 
Bulletin indicated that examiners would review measures taken by the 
audit committee to assure the independence from management of the 
internal audit function, and to fulfill its responsibility to select, 
set the compensation of, and evaluate the performance of the audit 
director, and specified that all Bank audit committees should review 
their current practices and revise these as appropriate.
    Proposed Sec. 917.5 would set forth a clear regulatory requirement 
that each Bank have an audit committee, and would govern the audit 
committees' independence and their responsibilities for oversight of 
Bank operations. The proposed requirements for audit committees are 
based on standard corporate requirements and best practices. In 
developing the appropriate requirements for Bank audit committees, the 
Finance Board reviewed the audit committee regulations of other federal 
financial institution regulatory agencies and the Report and 
Recommendations of the Blue Ribbon Committee on Improving the 
Effectiveness of Corporate Audit Committees (Feb. 8, 1999) (hereinafter 
Blue Ribbon Committee Report). The Securities and Exchange Commission 
encouraged the New York Stock Exchange and the National Association of 
Securities Dealers to form a private sector body to investigate 
perceived problems in financial reporting. Accordingly, the Blue Ribbon 
Committee was formed in October 1998 to take an objective look at U.S. 
corporate financial reporting, specifically assessing the current 
mechanisms for oversight and accountability among corporate audit 
committees, independent auditors, and financial and senior management.
    Proposed Sec. 917.5(a) would require that each Bank's board of 
directors establish an audit committee. Proposed Secs. 917.5(b)(1) and 
(2) would require that each Bank's audit committee consist of five or 
more board directors, each of whom meets the independence criteria 
discussed below, and include a balance of representatives of community 
financial institutions, as defined in section 2(13) of the Bank Act (as 
amended by the Modernization Act) 12 U.S.C. 1422(13), and other members 
and of appointed and elected directors of the Bank. The requirement in 
proposed Sec. 917.5(b)(1) that the audit committee comprise five or 
more persons differs from the recommendation of the Blue Ribbon 
Committee Report that the audit committee comprise a minimum of three 
directors. The Finance Board believes it is important that the audit 
committee include representatives of large and small members and 
appointed and elected directors of the Bank in order to prevent 
dominance by one particular interest. A minimum of five members is 
necessary to achieve diverse representation on the audit committee.
    Proposed Sec. 917.5(b)(3) would require that the terms of audit 
committee members be appropriately staggered to provide for continuity 
of service, and to avoid a complete, or substantial, turnover of the 
membership of the audit committee in any one year.
    Under proposed Sec. 917.2, all members of a Bank's board of 
directors would be required to be financially literate; that is, to be 
able to read and understand the Bank's balance sheet and income 
statement and to ask substantive questions of internal and external 
auditors. In addition to this general requirement, proposed 
Sec. 917.5(b)(4) would require that at least one member of each bank's 
audit committee have extensive accounting or related financial 
management experience. The Finance Board requests comment as to whether 
this requirement regarding accounting or financial management 
experience should be made to apply specifically to the chair of the 
audit committee, or whether it is sufficient to require only that at 
least one member of the audit committee possess such experience. The 
Finance Board also requests comment on whether the chair of the audit 
committee should be required to serve as vice-chair of the full board 
of directors in order to ensure that the audit committee chair has 
adequate incentive for effective leadership.
    In addition, proposed Sec. 917.5(c) would require that any director 
serving on the audit committee be sufficiently independent of the Bank 
and its management so as to maintain the ability to make the type of 
objective judgments that are required of audit committee members. The 
proposed independence criteria were adapted from the Blue Ribbon 
Committee Report, which states that ``common sense dictates that a 
director without any financial, family, or other material

[[Page 86]]

personal ties to management is more likely to be able to evaluate 
objectively the propriety of management's accounting, internal control 
and reporting practices.'' The Finance Board agrees that the 
independence of the directors serving on the audit committee is of 
great importance. Proposed Sec. 917.5(c) describes several examples of 
relationships that would call into question the independence of an 
audit committee member and that, therefore, would disqualify any 
director having such a relationship with the Bank or its management 
from serving on the audit committee. This list is not intended to be 
exhaustive, because it is impossible to foresee all potential 
individual circumstances that might compromise the independence of a 
particular director. Thus, the Finance Board expects that the board of 
directors will consider all potential relationships when qualifying a 
director for service on the audit committee.
    Proposed Sec. 917.5(d) would require that each Bank's audit 
committee adopt a formal written charter setting forth the scope of the 
audit committee's powers and responsibilities and establishing its 
structure, processes and membership requirements. Both the audit 
committee itself and the Bank's full board of directors would be 
required to review and assess the adequacy of and, where appropriate, 
amend the provisions of the audit committee charter annually and to 
readopt the charter, including amendments, not less often than every 
three years, based on the board's and audit committee's reviews of the 
policy. Proposed Sec. 917.5(d)(3) would require that the audit 
committee charter contain the following specific provisions: (i) that 
the audit committee has the responsibility to select, evaluate and, 
where appropriate, replace the internal auditor and that the internal 
auditor may be removed only with the approval of the audit committee; 
(ii) that the internal auditor shall report directly to the audit 
committee on substantive matters and that the internal auditor is 
ultimately responsible to the audit committee and the board of 
directors; and (iii) that the internal and external auditors be allowed 
unrestricted access to the audit committee without any requirement of 
management knowledge or approval. Although not expressly stated in 
Sec. 917.5, the audit committee would be required, under the general 
provisions of proposed Sec. 917.2(c), to have the authority to use the 
services of Bank staff and to employ such outside experts as it deems 
necessary to carry out its functions. The proposed requirements 
pertaining to the audit committee charters were adapted from the 
recommendations contained in the Blue Ribbon Committee Report and the 
current Finance Board requirements on audit committees.
    Proposed Sec. 917.5(e) sets forth the duties of each Bank's audit 
committee under the new regulatory structure, including the duties to: 
(1) Direct senior management to maintain the reliability and integrity 
of the accounting policies and financial reporting and disclosure 
practices of the Bank; (2) review the basis for the Bank's financial 
statements and the external auditor's opinion rendered with respect to 
such financial statements and ensure that policies are in place to 
achieve disclosure and transparency regarding the Bank's true financial 
performance and governance practices; (3) oversee the internal audit 
function; (4) oversee the external audit function; (5) act as an 
independent, direct channel of communication between the Bank's board 
of directors and the internal and external auditors; (6) conduct or 
authorize investigations into any matters within the audit committee's 
scope of responsibilities; (7) ensure that senior management has 
established and is maintaining an adequate internal control system; (8) 
review the policies and procedures established by senior management to 
monitor implementation of the Bank's strategic business plan required 
under Sec. 917.9 of the proposed rule; and (9) report periodically its 
findings to the Bank's board of directors.
    Proposed Sec. 917.5(e)(8) requires that the audit committee oversee 
not only financial audits but also oversee an audit of the controls in 
place to ensure the Bank's compliance with its strategic business plan. 
However, the audit committee is not required to assess the Bank's 
actual conformity with its strategic business plan, or the extent to 
which the Bank has achieved its statutory mission. Review of the 
strategic business plan of the Bank is the responsibility of the full 
board of directors, as more fully discussed in proposed 
Sec. 917.9(c)(3) below.
    Finally, proposed Sec. 917.5(f) would require that each Bank's 
audit committee prepare written minutes of each audit committee 
meeting.

G. Budget Preparation--Sec. 917.6

    Proposed Sec. 917.6 would require that: (a) Each Bank's board of 
directors adopt an annual operating expense budget and a capital 
expenditures budget; (b) a Bank's board of directors not delegate the 
authority to approve the Bank's annual budgets, or any subsequent 
amendments thereto, to Bank officers or other Bank employees; (c) each 
Bank's annual budgets be prepared based upon an interest rate scenario 
as determined by the Bank; and (d) no Bank exceed its total annual 
operating expense budget or its total annual capital expenditures 
budget without prior approval by the Bank's board of directors of an 
amendment to such budget.
    These provisions are carried over from existing Sec. 934.7 of the 
Finance Board's regulations, which itself was recently amended by an 
interim final rule. See 64 FR 71275. As part of the Finance Board's 
effort to relinquish all Bank corporate governance responsibilities, 
the recent interim final rule deleted old paragraphs (b) through (e) of 
Sec. 934.7, which had required that each Bank submit to the Finance 
Board certain specified budget information. In addition, the interim 
final rule deleted old paragraph (a)(2) of Sec. 934.7, requiring 
Finance Board approval for Banks' purchase or long-term lease of 
buildings, because, subsequent to the enactment of the Modernization 
Act, such approval is no longer a statutory requirement. See 
Modernization Act at 606(d). Finally, the interim final rule 
redesignated remaining paragraphs (a)(1), (3), (4) and (5) as 
paragraphs (a), (b), (c) and (d), respectively.
    The Finance Board is proposing to move the provisions of Sec. 934.7 
to part 917 because most of the material in part 934 will be deleted 
through the reorganization rule, and regulations governing budget 
reporting requirements come logically within the realm of board of 
directors' and senior management responsibilities.

H. Dividends--Sec. 917.7

    Section 917.7 of the proposed rule provides that a Bank's board of 
directors may declare and pay a dividend only from previously retained 
earnings or current net earnings, as determined by the Bank, and only 
if such payment will not result in the impairment of the par value of 
the capital stock of the Bank. This language has been moved from 
existing Sec. 934.17, which, itself, was recently amended in an interim 
final rule intended to immediately implement certain devolutionary 
changes required under the Modernization Act. See 64 FR 71275.
    Before the enactment of the Modernization Act, section 16(a) of the 
Bank Act provided generally that dividends may be paid by the Banks out 
of previously retained earnings or current net earnings only with the 
approval of the Finance Board. See 12 U.S.C. 1436(a) (1999). Section 
934.17 of the Finance Board's regulations formerly implemented this 
statutory provision by providing generally that

[[Page 87]]

the board of directors of each Bank, with the approval of the Finance 
Board, may declare and pay a dividend from net earnings, including 
previously retained earnings, on the paid-in value of capital stock 
held during the dividend period. See 12 CFR 934.17 (1999). In addition, 
dividend payments by the Banks were formerly subject to a Finance Board 
Dividend Policy, see Finance Board Res. No. 90-38 (Mar. 15, 1990), as 
well as Board of Directors Resolutions approving specific Bank dividend 
payments, that established specific conditions for approval of such 
dividend payments, including that the dividend payment would not result 
in a projected impairment of the par value of the capital stock of the 
Bank.
    The Modernization Act amended section 16(a) of the Bank Act by 
removing the requirement for Finance Board approval of Bank dividend 
payments. See Modernization Act at section 606(g)(1)(B). Accordingly, 
the Finance Board removed most of the specific dividend payment 
restrictions formerly set forth in Sec. 934.17 and in the Dividend 
Policy. However, for considerations of safety and soundness, the 
Finance Board believes that the impairment restriction formerly imposed 
under the Dividend Policy should continue to apply. In addition, while 
the Modernization Act provided for the repeal of section 6(g) of the 
Bank Act (requiring that all Bank stock share in dividends without 
preference), section 6(g) remains in effect during a transition period 
until the Finance Board has adopted capital regulations and approved 
the capital structure plans of the Banks. See Modernization Act at 
section 608. Consequently, Sec. 934.17 was amended to contain only the 
requirement that dividends be paid on all stock without preference and 
the impairment restriction set forth in the former Dividend Policy.
    Because the reorganization rule, discussed above, will eliminate 
part 934 of the Finance Board's regulations and because the Finance 
Board wishes to retain the substance of recently-amended Sec. 934.17 in 
its regulations, the agency is proposing to move this material to new 
part 917, given that approval of dividend payments is a responsibility 
of a Bank's board of directors.

I. Bank Bylaws--Sec. 917.8

    Section 917.8 of the proposed rule would require that a Bank's 
board of directors have in effect at all times bylaws governing the 
manner in which the Bank administers its affairs and that such bylaws 
be consistent with applicable laws and regulations as administered by 
the Finance Board. The proposed rule merely moves this language from 
existing Sec. 934.16, which, as is the case with the section on 
dividends discussed above, was recently amended in an interim final 
rule intended to immediately implement certain provisions of the 
Modernization Act. See 64 FR 71275.
    Before the enactment of the Modernization Act, section 12(a) of the 
Bank Act provided that the Banks had the power, by their boards of 
directors, to prescribe, amend, and repeal bylaws governing the manner 
in which their affairs may be administered, subject to the approval of 
the Finance Board. See 12 U.S.C. 1432(a). At that time, Sec. 934.16 of 
the Finance Board's regulations allowed the Banks to adopt, amend or 
repeal their bylaws without Finance Board approval, as long as the 
bylaws or amendments were consistent with applicable statutes, 
regulations and Finance Board policies. See 12 CFR 934.16.
    The Modernization Act amended section 12(a) of the Bank Act by 
removing the requirement for Finance Board approval of Bank bylaws, 
provided that the bylaws are consistent with applicable laws and 
regulations, as administered by the Finance Board. See Modernization 
Act at section 606(d)(1)(C). In order to promote sound corporate 
governance practice, the Finance Board amended Sec. 934.16 to require 
the Banks to have bylaws governing the manner in which the Banks' 
affairs are conducted. Because the reorganization rule, discussed 
above, will eliminate part 934 of the Finance Board's regulations, the 
proposed rule would move the amended language of Sec. 934.16, to part 
917, as the enactment of bylaws is a duty of each Bank's board of 
directors.

J. Mission of the Banks; Strategic Business Plan--Sec. 917.9

    Proposed Sec. 917.9 sets forth requirements that each Bank must 
meet in developing a strategic business plan to enumerate the Banks 
goals and objectives for achieving the mission of the Bank. The Bank 
Act establishes the Finance Board's primary responsibility for ensuring 
the safety and soundness of the Bank System and, consistent with that 
duty, ensuring that the Banks, as government-sponsored enterprises 
(GSEs), fulfill their public policy mission. See 12 U.S.C. 1422a(a)(3). 
As with the risk management function, a Bank's board of directors must 
take its strategic business planning seriously and impress the 
importance of implementing the plan and mission achievement upon Bank 
management and staff. The Banks' boards of directors must be fully 
engaged so that there is an appropriate focus on strategic business 
plan implementation and mission achievement at all levels of the Bank.
    Proposed Sec. 917.9(a) defines the mission of the Banks as 
providing to members and associates (i.e., entities that have been 
approved as a nonmember mortgagee pursuant to subpart B of part 950 
(currently part 935) of the Finance Board's regulations) financial 
products and services, including but not limited to advances (i.e., 
correspondent services and other Bank business activities may be 
considered to be mission-related), that assist and enhance such 
members' and associates' financing of: (1) Housing, including single-
family and multi-family housing serving consumers at all income levels, 
and (2) community lending as defined in Sec. 953.3 (current Sec. 970.3) 
of the Finance Board's regulations. This statement of mission and the 
related strategic business plan requirements of Sec. 917.9 are intended 
to ensure maximum use of the cooperative structure of the Bank System 
to provide funds for housing finance and community lending.
    Proposed Sec. 917.9(b) would require that, beginning 90 days after 
the effective date of the provision, each Bank's board of directors 
have in effect at all times a strategic business plan describes how the 
business activities of the Bank with achieve the mission of the Bank. 
Specifically, the plan would be required to: (1) Enumerate the business 
activities that the Bank has determined are consistent with the mission 
of the Bank and the reasons that those activities are so designated, 
including how such activities assist and enhance members' and 
associates' business and further the cooperative nature of the Bank 
System; (2) enumerate operating goals and objectives for each major 
business activity and all new activities; and (3) describe new business 
activities and enhancements to existing activities. In addition, 
proposed Sec. 917.9(b)(4) would require that each Bank's strategic 
business plan be supported by appropriate and timely research and 
analysis of relevant market developments and member and associate 
demand for Bank products and services.
    The Banks already are required to prepare a ``Housing Finance and 
Community Development Mission Achievement Report'' (HFCDMA Report) to 
be reviewed by the Finance Board as part of its annual supervisory 
examination of each Bank. Although the HFCDMA Report addresses topics

[[Page 88]]

similar to those that would be addressed in the strategic business 
plan, the focus of the Report is primarily retrospective, while the 
strategic business plan is intended to be prospective. However, to the 
extent that information prepared for the HFCDMA Report, or any other 
reports, meets the regulatory requirements for the strategic business 
plan, a Bank would be permitted to use this work product to satisfy the 
strategic business plan requirements.
    As with the risk management policy, proposed Sec. 917.9(c)(1) would 
require that the Bank's board of directors review the Bank's strategic 
business plan on at least an annual basis, while proposed 
Sec. 917.9(c)(2) would require that the board amend the strategic 
business plan, as appropriate, based on these reviews. Proposed 
Sec. 917.9(c)(3) would require a Bank's board of directors to re-adopt 
a strategic business plan, including interim amendments, not less often 
than every three years, as appropriate, based on the board's reviews of 
the policy. As with the similar provision in proposed 
Sec. 917.3(a)(2)(iii), this requirement is intended to ensure that, 
even given the turnover in board personnel that will occur over a 
number of years, all or most current members of a Bank's board of 
directors will be thoroughly familiar with the Bank's strategic 
business plan, will have given meaningful consideration to its 
provisions and will have expressed their opinion regarding the adequacy 
of the policy through the voting process. Proposed Sec. 917.9(c)(4) 
also would make clear that each Bank's board of directors has the 
responsibility to establish management reporting requirements and 
monitor implementation of the strategic business plan and the operating 
goals and objectives contained therein.
    These provisions would require the board of directors to oversee 
the process of assessing the Bank's implementation of its strategic 
business plan, but would not require that this responsibility reside 
with the audit committee or the internal auditor. It is not necessary 
that the requirements for the audit committee, which oversees the 
financial audit of the Bank, be applied to the oversight of the 
strategic business plan. Thus, proposed Sec. 917.9 requires that the 
board of directors oversee Bank implementation of the strategic 
business plan, but allows the board to determine how, and by what 
mechanism, it will carry out this responsibility. However, as 
previously discussed, the audit committee shall be responsible for 
ensuring that proper controls exist to ensure that an assessment of the 
Bank's implementation of its strategic business plan is carried out.

III. Regulatory Flexibility Act

    The proposed rule applies only to the Banks, which do not come 
within the meaning of ``small entities,'' as defined in the Regulatory 
Flexibility Act (RFA). See 5 U.S.C. 601(6). Therefore, in accordance 
with section 605(b) of the RFA, see id. at 605(b), the Finance Board 
hereby certifies that this proposed rule, if promulgated as a final 
rule, will not have a significant economic impact on a substantial 
number of small entities.

List of Subjects in 12 CFR Parts 917

    Community development, Credit, Housing and Federal home loan banks.
    Accordingly, the Finance Board hereby proposes to amend title 12, 
chapter IX, Code of Federal Regulations, by adding a new part 917 to 
read as follows:

PART 917--POWERS AND RESPONSIBILITIES OF BANK BOARDS OF DIRECTORS 
AND SENIOR MANAGEMENT

Sec.
917.1  Definitions.
917.2  General authorities and duties of Bank boards of directors.
917.3  Risk management.
917.4  Internal control system.
917.5  Audit committees.
917.6  Budget preparation and reporting requirements.
917.7  Dividends.
917.8  Bank bylaws.
917.9  Mission of the Banks; Strategic business plan.

    Authority: 12 U.S.C. 1422a(a)(3), 1422b(a)(1), 1427, 1432(a), 
1436(a), 1440.


Sec. 917.1  Definitions.

    As used in this part:
    Associate means an entity that has been approved as a nonmember 
mortgagee pursuant to subpart B of part 950 of this chapter.
    Business risk means the risk of an adverse impact on a Bank's 
profitability resulting from external factors as may occur in both the 
short and long run.
    Capital structure plan means the plan establishing and implementing 
a capital structure that each Bank is required to submit to the Finance 
Board under 12 U.S.C. 1426(b).
    Community financial institution has the meaning set forth in 12 
U.S.C. 1422(13).
    Community lending has the meaning set forth in Sec. 952.3 of this 
chapter.
    Contingency liquidity means:
    (1) Marketable assets with a maturity of one year or less;
    (2) Self-liquidating assets with a maturity of seven days or less; 
and
    (3) Assets that are generally accepted as collateral in the 
repurchase agreement market.
    Credit risk means the risk that the market value of an obligation 
will decline as a result of deterioration in creditworthiness.
    Immediate family member means a parent, sibling, spouse, child, 
dependent, or any relative sharing the same residence.
    Internal auditor means the individual responsible for the internal 
audit function at the Bank.
    Liquidity risk means the risk that a Bank is unable to meet its 
obligations as they come due or meet the credit needs of its members 
and eligible nonmember borrowers in a timely and cost-efficient manner.
    Market risk means the risk that the market value of a Bank's 
portfolio will decline as a result of changes in interest rates, 
foreign exchange rates, equity and commodity prices.
    Operations risk means the risk of an unexpected loss to a Bank 
resulting from human error, fraud, unenforceability of legal contracts, 
or deficiencies in internal controls or information systems.


Sec. 917.2  General authorities and duties of Bank boards of directors.

    (a) Management of the Bank. The management of each Bank shall be 
vested in its board of directors. While Bank boards of directors may 
delegate the execution of operational functions to Bank personnel, the 
ultimate responsibility of each Bank's board of directors for that 
Bank's management is non-delegable.
    (b) Duties of Bank directors. Each Bank director shall have the 
duty to:
    (1) Carry out his or her duties as director in good faith, in a 
manner such director believes to be in the best interests of the Bank, 
and with such care, including reasonable inquiry, as an ordinarily 
prudent person in a like position would use under similar 
circumstances;
    (2) Administer the affairs of the Bank fairly and impartially and 
without discrimination in favor of or against any member;
    (3) Be financially literate, or become financially literate within 
a reasonable time after appointment or election; and
    (4) Direct the operations of the Bank in conformity with the 
requirements set forth in the Act and this chapter.
    (c) Authority regarding staff and outside consultants. (1) In 
carrying out its duties and responsibilities under the Act and this 
chapter, each Bank's board of directors and all committees thereof 
shall have authority to retain staff and

[[Page 89]]

outside counsel, independent accountants, or other outside consultants 
at the expense of the Bank.
    (2) Bank staff providing services to the board of directors or any 
committee of the board under paragraph (c)(1) of this section may be 
required by the board of directors or such committee to report directly 
to the board or such committee, as appropriate.


Sec. 917.3  Risk management.

    (a) Adoption of risk management policy. (1) Beginning 90 days after 
the effective date of this section, each Bank's board of directors 
shall have in effect at all times a risk management policy that 
addresses the Bank's exposure to credit risk, market risk, liquidity 
risk, business risk and operations risk and that conforms to the 
requirements of paragraph (b) of this section and to all applicable 
Finance Board regulations and policies.
    (2) Review and compliance. Each Bank's board of directors shall:
    (i) Review the Bank's risk management policy at least annually;
    (ii) Amend the risk management policy as appropriate;
    (iii) Re-adopt the Bank's risk management policy, including interim 
amendments, not less often than every three years; and
    (iv) Ensure that policies and procedures are in place to achieve 
Bank compliance at all times with the risk management policy.
    (b) Risk management policy requirements. In addition to meeting any 
other requirements set forth in this chapter, each Bank's risk 
management policy shall:
    (1) Describe how the Bank will comply with its capital structure 
plan, after such plan is approved by the Finance Board;
    (2) Set forth the Bank's tolerance levels for the market and credit 
risk components; and
    (3) Set forth standards for the Bank's management of each risk 
component, including but not limited to:
    (i) Regarding credit risk arising from all secured and unsecured 
transactions, standards and criteria for, and timing of, periodic 
assessment of the creditworthiness of issuers, obligors, or other 
counterparties including identifying the criteria for selecting 
dealers, brokers and other securities firms with which the Bank may 
execute transactions; and
    (ii) Regarding market risk, standards for the methods and models 
used to measure and monitor such risk;
    (iii) Regarding day-to-day operational liquidity needs and 
contingency liquidity needs for periods during which the Bank's access 
to capital markets is impaired:
    (A) An enumeration of specific types of investments to be held for 
such liquidity purposes; and
    (B) The methodology to be used for determining the Bank's 
operational and contingency liquidity needs;
    (iv) Regarding operations risk, standards for an effective internal 
control system, including periodic testing and reporting; and
    (v) Regarding business risk, strategies for mitigating such risk, 
including contingency plans where appropriate.
    (c) Risk assessment. The senior management of each Bank shall 
perform, at least annually, a risk assessment that identifies and 
evaluates all material risks, including both quantitative and 
qualitative aspects, that could adversely affect the achievement of the 
Bank's performance objectives and compliance requirements. The risk 
assessment shall be in written form and shall be reviewed by the Bank's 
board of directors promptly upon its completion.


Sec. 917.4  Internal control system.

    (a) Establishment and maintenance. (1) Each Bank shall establish 
and maintain an effective internal control system that addresses:
    (i) The efficiency and effectiveness of Bank activities;
    (ii) The safeguarding of Bank assets;
    (iii) The reliability, completeness and timely reporting of 
financial and management information and transparency of such 
information to the Bank's board of directors and to the Finance Board; 
and
    (iv) Compliance with applicable laws, regulations, policies, 
supervisory determinations and directives of the Bank's board of 
directors and senior management.
    (2) Ongoing internal control activities necessary to maintain the 
internal control system required under paragraph (a)(1) of this section 
shall include, but are not limited to:
    (i) Top level reviews by the Bank's board of directors and senior 
management, including review of financial presentations and performance 
reports;
    (ii) Activity controls, including review of standard performance 
and exception reports by department-level management on an appropriate 
periodic basis;
    (iii) Physical and procedural controls to safeguard, and prevent 
the unauthorized use of, assets;
    (iv) Monitoring for compliance with the risk tolerance limits set 
forth in the Bank's risk management policy;
    (v) Any required approvals and authorizations for specific 
activities; and
    (vi) Any required verifications and reconciliations for specific 
activities.
    (b) Internal control responsibilities of Banks' boards of 
directors. Each Bank's board of directors shall ensure that the 
internal control system required under paragraph (a)(1) of this section 
is established and maintained, and shall oversee senior management's 
implementation of such a system on an ongoing basis, by:
    (1) Conducting periodic discussions with senior management 
regarding the effectiveness of the internal control system;
    (2) Ensuring that an effective and comprehensive internal audit of 
the internal control system is performed annually;
    (3) Requiring that internal control deficiencies be reported to the 
Bank's board of directors in a timely manner and that such deficiencies 
are addressed promptly;
    (4) Conducting a timely review of evaluations of the effectiveness 
of the internal control system made by internal auditors, external 
auditors and Finance Board examiners;
    (5) Directing senior management to address promptly and effectively 
recommendations and concerns expressed by internal auditors, external 
auditors and Finance Board examiners regarding weaknesses in the 
internal control system;
    (6) Reporting any internal control deficiencies found, and the 
corrective action taken, to the Finance Board in a timely manner;
    (7) Establishing, documenting and communicating an organizational 
structure that clearly shows lines of authority within the Bank, 
provides for effective communication throughout the Bank, and ensures 
that there are no gaps in the lines of authority;
    (8) Reviewing all delegations of authority to specific personnel or 
committees and requiring that such delegations state the extent of the 
authority and responsibilities delegated; and
    (9) Establishing reporting requirements, including specifying the 
nature and frequency of reports it receives.
    (c) Internal control responsibilities of Banks' senior management. 
Each Bank's senior management shall be responsible for carrying out the 
directives of the Bank's board of directors, including the 
establishment, implementation and maintenance of the internal control 
system required under paragraph (a)(1) of this section, by:

[[Page 90]]

    (1) Establishing, implementing and effectively communicating to 
Bank personnel policies and procedures that are adequate to ensure that 
internal control activities necessary to maintain an effective internal 
control system, including the activities enumerated in paragraph (a)(2) 
of this section, are an integral part of the daily functions of all 
Bank personnel;
    (2) Ensuring that all Bank personnel fully understand and comply 
with all policies, procedures and legal requirements;
    (3) Ensuring that there is appropriate segregation of duties among 
Bank personnel and that personnel are not assigned conflicting 
responsibilities;
    (4) Establishing effective paths of communication upward, downward 
and across the organization in order to ensure that Bank personnel 
receive necessary and appropriate information, including:
    (i) Information relating to the operational policies and procedures 
of the Bank;
    (ii) Information relating to the actual operational performance of 
the Bank;
    (iii) Adequate and comprehensive internal financial, operational 
and compliance data; and
    (iv) External market information about events and conditions that 
are relevant to decision making;
    (5) Developing and implementing procedures that translate the major 
business strategies and policies established by the Bank's board of 
directors into operating standards;
    (6) Ensuring adherence to the lines of authority and responsibility 
established by the Bank's board of directors;
    (7) Overseeing the implementation and maintenance of management 
information and other systems;
    (8) Establishing and implementing an effective system to track 
internal control weaknesses and the actions taken to correct them; and
    (9) Monitoring and reporting to the Bank's board of directors the 
effectiveness of the internal control system on an ongoing basis.


Sec. 917.5  Audit committees.

    (a) Establishment. The board of directors of each Bank shall 
establish an audit committee, consistent with the requirements set 
forth in this section.
    (b) Composition. (1) The audit committee shall comprise five or 
more persons drawn from the Bank's board of directors, each of whom 
shall meet the criteria of independence set forth in paragraph (c) of 
this section.
    (2) The audit committee shall include a balance of representatives 
of:
    (i) Community financial institutions and other members; and
    (ii) Appointive and elective directors of the Bank.
    (3) The terms of audit committee members shall be appropriately 
staggered so as to provide for continuity of service.
    (4) At least one member of the audit committee shall have extensive 
accounting or related financial management experience.
    (c) Independence. Any member of the Bank's board of directors shall 
be considered to be sufficiently independent to serve as a member of 
the audit committee if that director does not have a disqualifying 
relationship with the Bank or its management that would interfere with 
the exercise of that director's independent judgment. Such 
disqualifying relationships include, but are not limited to:
    (1) Being employed by the Bank in the current year or any of the 
past five years;
    (2) Accepting any compensation from the Bank other than 
compensation for service as a board director;
    (3) Serving or having served in any of the past five years as a 
consultant, advisor, promoter, underwriter, or legal counsel of or to 
the Bank; or
    (4) Being an immediate family member of an individual who is, or 
has been in any of the past five years, employed by the Bank.
    (d) Charter. (1) The audit committee of each Bank shall adopt, and 
the Bank's board of directors shall approve, a formal written charter 
that specifies the scope of the audit committee's powers and 
responsibilities, as well as the audit committee's structure, processes 
and membership requirements.
    (2) The audit committee and the board of directors of each Bank 
shall:
    (i) Review, assess the adequacy of and, where appropriate, amend 
the Bank's audit committee charter on an annual basis;
    (ii) Amend the audit committee charter as appropriate; and
    (iii) Re-adopt and re-approve, respectively, the Bank's audit 
committee charter not less often than every three years.
    (3) Each Bank's audit committee charter shall:
    (i) Provide that the audit committee has the responsibility to 
select, evaluate and, where appropriate, replace the internal auditor 
and that the internal auditor may be removed only with the approval of 
the audit committee;
    (ii) Provide that the internal auditor shall report directly to the 
audit committee on substantive matters and that the internal auditor is 
ultimately accountable to the audit committee and board of directors; 
and
    (iii) Provide that both the internal auditor and the external 
auditor shall have unrestricted access to the audit committee without 
the need for any prior management knowledge or approval.
    (e) Duties. Each Bank's audit committee shall have the duty to:
    (1) Direct senior management to maintain the reliability and 
integrity of the accounting policies and financial reporting and 
disclosure practices of the Bank;
    (2) Review the basis for the Bank's financial statements and the 
external auditor's opinion rendered with respect to such financial 
statements (including the nature and extent of any significant changes 
in accounting principles or the application therein) and ensure that 
policies are in place to achieve disclosure and transparency regarding 
the Bank's true financial performance and governance practices;
    (3) Oversee the internal audit function by:
    (i) Reviewing the scope of audit services required, significant 
accounting policies, significant risks and exposures, audit activities 
and audit findings;
    (ii) Assessing the performance and determining the compensation of 
the internal auditor; and
    (iii) Reviewing and approving the internal auditor's work plan;
    (4) Oversee the external audit function by:
    (i) Approving the external auditor's annual engagement letter;
    (ii) Reviewing the performance of the external auditor; and
    (iii) Making recommendations to the Bank's board of directors 
regarding the appointment, renewal, or termination of the external 
auditor;
    (5) Provide an independent, direct channel of communication between 
the Bank's board of directors and the internal and external auditors;
    (6) Conduct or authorize investigations into any matters within the 
audit committee's scope of responsibilities;
    (7) Ensure that senior management has established and is 
maintaining an adequate internal control system within the Bank by:
    (i) Reviewing the Bank's internal control system and the resolution 
of identified material weaknesses and reportable conditions in the 
internal control system, including the prevention or detection of 
management override or compromise of the internal control system; and
    (ii) Reviewing the programs and policies of the Bank designed to 
ensure compliance with applicable laws, regulations and policies and 
monitoring the results of these compliance efforts;

[[Page 91]]

    (8) Reviewing the policies and procedures established by senior 
management to assess and monitor implementation of with the Bank's 
strategic business plan and the operating goals and objectives 
contained therein; and (9) Report periodically its findings to the 
Bank's board of directors.
    (f) Meetings. The audit committee shall prepare written minutes of 
each audit committee meeting.


Sec. 917.6  Budget preparation and reporting requirements.

    (a) Adoption of budgets. Each Bank's board of directors shall be 
responsible for the adoption of an annual operating expense budget and 
a capital expenditures budget for the Bank, and any subsequent 
amendments thereto, consistent with the requirements of the Act, this 
section, other regulations and policies of the Finance Board, and with 
the Bank's responsibility to protect both its members and the public 
interest by keeping its costs to an efficient and effective minimum.
    (b) No delegation of budget authority. A Bank's board of directors 
may not delegate the authority to approve the Bank's annual budgets, or 
any subsequent amendments thereto, to Bank officers or other Bank 
employees.
    (c) Interest rate scenario. A Bank's annual budgets shall be 
prepared based upon an interest rate scenario as determined by the 
Bank.
    (d) Board approval for deviations. A Bank may not exceed its total 
annual operating expense budget or its total annual capital 
expenditures budget without prior approval by the Bank's board of 
directors of an amendment to such budget.


Sec. 917.7  Dividends.

    A Bank's board of directors may declare and pay a dividend only 
from previously retained earnings or current net earnings and only if 
such payment will not result in a projected impairment of the par value 
of the capital stock of the Bank. Dividends on such capital stock shall 
be computed without preference.


Sec. 917.8  Bank bylaws.

    A Bank's board of directors shall have in effect at all times 
bylaws governing the manner in which the Bank administers its affairs 
and such bylaws shall be consistent with applicable laws and 
regulations as administered by the Finance Board.


Sec. 917.9  Mission of the Banks; Strategic business plan.

    (a) Mission of the Banks. The mission of the Banks is to provide to 
its members and associates financial products and services, including 
but not limited to advances, that assist and enhance such members' and 
associates' financing of:
    (1) Housing, including single-family and multi-family housing 
serving consumers at all income levels; and
    (2) Community lending.
    (b) Adoption of strategic business plan. Beginning 90 days after 
the effective date of this section, each Bank's board of directors 
shall have in effect at all times a strategic business plan that 
describes how the business activities of the Bank will achieve the 
mission of the Bank as set forth in paragraph (a) of this section. 
Specifically, each Bank's strategic business plan shall:
    (1) Enumerate those business activities of the Bank that the board 
of directors has determined are consistent with the mission of the 
Banks as set forth in paragraph (a) of this section and the reasons 
that those activities are so designated, including how such activities 
assist and enhance members' and associates' business and further the 
cooperative nature of the Bank System;
    (2) Enumerate operating goals and objectives for each major 
business activity and for all new business activities and the 
strategies for meeting such goals and objectives;
    (3) Describe any proposed new business activities or enhancements 
of existing activities; and
    (4) Be supported by appropriate and timely research and analysis of 
relevant market developments and member and associate demand for Bank 
products and services.
    (c) Review and monitoring. Each Bank's board of directors shall:
    (1) Review the Bank's strategic business plan at least annually;
    (2) Amend the strategic business plan as appropriate;
    (3) Re-adopt the Bank's strategic business plan, including interim 
amendments, not less often than every three years; and
    (4) Establish management reporting requirements and monitor 
implementation of the strategic business plan and the operating goals 
and objectives contained therein.

    Dated: December 14, 1999.

    By the Board of Directors of the Federal Housing Finance Board.
Bruce A. Morrison,
Chairman.
[FR Doc. 99-34037 Filed 12-30-99; 8:45 am]
BILLING CODE 6725-01-P