[Federal Register Volume 65, Number 1 (Monday, January 3, 2000)] [Proposed Rules] [Pages 81-91] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 99-34037] ======================================================================= ----------------------------------------------------------------------- FEDERAL HOUSING FINANCE BOARD 12 CFR Part 917 [No. 99-64] RIN 3069-AA90 Powers and Responsibilities of Federal Home Loan Bank Boards of Directors and Senior Management AGENCY: Federal Housing Finance Board. ACTION: Proposed rule. ----------------------------------------------------------------------- SUMMARY: The Federal Housing Finance Board (Finance Board) is proposing new regulations to set forth the responsibilities of the boards of directors and senior management of the Federal Home Loan Banks (Banks) as a means of ensuring that they fulfill their duties to operate the Banks in a safe and sound manner and in furtherance of the Banks' housing finance and community lending mission. DATES: Comments on this proposed rule must be received in writing on or before February 2, 2000. ADDRESSES: Comments should be mailed to: Elaine L. Baker, Secretary to the Board, Federal Housing Finance Board, 1777 F Street, NW, Washington, DC 20006. Comments will be available for public inspection at this address. FOR FURTHER INFORMATION CONTACT: James L. Bothwell, Director and Chief Economist, (202) 408-2821; Scott L. Smith, Deputy Director, (202) 408- 2991; Julie Paller, Senior Financial Analyst (202) 408-2842; Office of Policy, Research and Analysis; Eric M. Raudenbush, Senior Attorney- Advisor, (202) 408-2932; Office of General Counsel, Federal Housing Finance Board, 1777 F Street, NW, Washington, DC 20006. SUPPLEMENTARY INFORMATION: I. Background A. Devolution of Corporate Governance Authorities Prior to the enactment of the Financial Institutions Reform, Recovery and Enforcement Act (FIRREA) of 1989, Pub. L. 101-73, 103 Stat. 413 (1989), many decisions regarding the corporate governance of the Banks were either made or approved by the Bank System regulator (which, prior to FIRREA, was the former Federal Home Loan Bank Board). Since the creation of the Finance Board and the reform of the Bank System under FIRREA, it has been the policy of the Finance Board to devolve to the Banks authority to act on most matters of corporate governance without the prior approval of the Finance Board, to the extent permitted by statute and to the extent such devolution does not compromise the Finance Board's duty to ensure the safety and soundness of the Banks. The Finance Board has long recognized the importance of maintaining its regulatory independence, and that the safety and soundness regulator of the Banks should not involve itself in the business affairs of the Banks, nor make governance decisions that more properly lie with the Banks as corporate entities.\1\ Despite this regulatory policy, statutory provisions have required that certain matters pertaining to corporate governance remain within the decision- making power of the Finance Board. --------------------------------------------------------------------------- \1\ See General Accounting Office, Federal Home Loan Bank System--Reforms Needed to Promote Its Safety, Soundness, and Effectiveness (Dec. 1993). --------------------------------------------------------------------------- On November 12, 1999, the President signed into law the Federal Home Loan Bank System Modernization Act of 1999 \2\ (Modernization Act), Pub. L. 106-102, Title VI (1999), which, among other things, removed the remaining corporate governance authorities that previously had been vested in the Finance Board under the Federal Home Loan Bank Act (Bank Act). 12 U.S.C. 1422-49. To implement these statutory changes, the Finance Board has published separately an interim final rule removing regulations that required Finance Board approval for the following matters of corporate governance: selection and compensation of Bank officers and employees; entering into building leases and purchases; adoption and revision of Bank bylaws; dividend payments; application forms for Bank advances; Bank approval of conditional advances; and transfer of advances and advance participations. See 64 FR 71275 (1999). --------------------------------------------------------------------------- \2\ The Modernization Act is Title VI of the larger Gramm-Leach- Bliley Act. Pub. L. 106-102 (1999). --------------------------------------------------------------------------- Management responsibilities over the Banks have been rightfully removed from the statutory purview of the Finance Board. However, the Finance Board continues to be responsible for ensuring that the Banks operate in a financially safe and sound manner and carry out their statutory housing finance and community lending mission. See 12 U.S.C. 1422a(a)(3). In that capacity, the Finance Board believes that it is prudent to set forth explicitly in regulation a state-of-the-art corporate governance framework for the Banks' boards of directors and senior management. The proposed rule includes provisions defining the responsibilities--and thus the accountability--of the boards of directors and senior management of the Banks with regard to operating the Banks in a safe and sound manner and ensuring that the Banks achieve their statutory mission. These responsibilities include matters such as the adoption and annual review of risk management policies, periodic risk assessments, the maintenance of effective internal controls, the establishment of independent audit committees, and adoption of and compliance with a strategic business plan, as further detailed below. B. Effect of the Proposed Rule To Reorganize the Finance Board's Regulations On September 27, 1999, the Finance Board published a notice of proposed rulemaking to reorganize its regulations to implement a more logical and efficient presentation of the regulations governing the Banks and the Bank System. See 64 FR 52148 (1999). Because it is anticipated that a final reorganization rule will be in effect before the substantive regulatory amendments contained in this proposal would become final, cross-references appearing in the text of this proposed rule are made to the new section and part numbers that would be in effect once the final reorganization rule is adopted. Where such references are to provisions that currently exist under different section or part numbers, the existing citation has been noted in this preamble. C. The Banks as Corporate Entities Each state generally has laws of incorporation that require, among other things, a corporation to be managed by a board of directors. Consistent with this general corporate concept, the Bank Act (as amended by the Modernization Act) provides for the management of each Bank to be vested in the Bank's board of directors. See 12 U.S.C. 1427(a). The Bank Act states that each Bank is a corporate body. See id. at 1432(a). In addition to authorizing certain enumerated corporate and banking powers, see id. at 1431, 1432, the Bank Act grants each Bank all such incidental powers as are consistent with the provisions of the Bank Act and customary and usual in corporations generally. See id. at 1432(a). The Finance Board believes that, attendant to the exercise of customary and usual [[Page 82]] corporate powers, the Banks' boards of directors are subject to the same general fiduciary duties of care and loyalty to which the board of a state-chartered business or banking corporation would be subject, although this previously has not been set forth in regulation. The duties, responsibilities and privileges of a director of a Bank derive from a source different from that of a director of a state- chartered business or banking corporation. Each Bank is created in accordance with Federal law to further public policy, and its statutory powers and purposes are not subject to change except by the Congress. A Bank's board of directors has neither the right nor the duty to alter the purpose of the Bank, whereas an ordinary corporate board of directors may approve mergers, consolidations and changes in the corporate charter that could alter the objectives and nature of the business of the corporation. The directors of a Bank are responsible for managing that Bank to achieve the statutorily-mandated objectives of promoting housing finance and community lending and meeting the Bank's statutory obligations (e.g., paying a portion of the interest on obligations of the Resolution Funding Corporation (REFCORP), see id. at 1441b, and making contributions to the AHP, see id. at 1430(j)), all in a financially safe and sound manner. All Banks are subject to the supervision of the Finance Board. The bulk of the Banks' corporate powers, duties and responsibilities are described in sections 10, 11, 12 and 16 of the Act. Id. at 1430, 1431, 1432 and 1436. Section 10 of the Act authorizes each Bank to make secured advances to its members upon collateral sufficient, in its judgment, to fully secure the advance, and to certain eligible nonmember borrowers (which, in this rule, the Finance Board has referred to as ``associates'') upon statutorily specified collateral. See id. at 1430(a), 1430b. The Banks may conduct correspondent services, establish reserves, make investments and pay dividends, all subject to statutory limitations. See id. at 1431, 1436. Under section 12(a) of the Act, a Bank has the power to sue and be sued. See id. at 1432(a). In addition, each Bank has adopted bylaws that address such matters as: the conduct of meetings of the board of directors; existence, composition, conduct and administration of committees of the board of directors; and indemnification. II. Analysis of Proposed Rule A. Overview Proposed part 917 for the first time would set forth in one place and in regulation the duties and responsibilities of a Bank's board of directors and of senior management of the Bank. It would make clear the Finance Board's belief that oversight of management by a strong and proactive board of directors is critical to the safe and successful operation of each Bank. Generally, under proposed part 917, the board of directors of each Bank would be responsible for: (1) Approving and periodically reviewing the significant policies of the Bank; (2) understanding the major risks taken by the Bank, setting acceptable tolerance levels for these risks and requiring that senior management takes the steps necessary to identify, measure, monitor and control these risks; (3) monitoring the Bank's compliance with applicable statutes, regulation and policy (both of the Finance Board and the Bank); (4) adopting and maintaining policies to ensure that the Bank carries out its housing finance and community lending mission; (5) approving the organizational structure and delegations of authority; and (6) overseeing senior management's establishment and maintenance of an adequate and effective system of internal controls and senior management's monitoring of the effectiveness of the internal control system. Proposed part 917 also provides generally that senior management of each Bank would be responsible for: (1) Implementing strategies and policies approved by the Bank's board; (2) developing processes that identify, measure, monitor and control risks incurred by the Bank; (3) maintaining an organizational structure that clearly assigns responsibility, authority and reporting relationships; (4) ensuring that delegated responsibilities are effectively carried out; (5) setting appropriate internal control policies; and (6) monitoring the adequacy and effectiveness of the internal control system. The proposed requirements for the Banks' boards of directors and senior management generally are based on widely accepted best corporate practices. They are intended to require that the boards of directors oversee both risk management for safety and soundness and achievement of the public purpose of supporting housing and community lending. Oversight by both the boards of directors and senior management is integral to the overall business operation of a Bank. The first line of defense in ensuring safety and soundness is an effective corporate governance structure within the Banks themselves. Having an active, informed and engaged board of directors is the cornerstone of a well- run entity. In addition, recognition of the importance of mission achievement must originate with the board of directors and fulfillment of mission at all levels of the Bank must be promoted and encouraged by the board. The proposed rule would require that the boards of directors of the Banks fulfill these important responsibilities. B. Definitions--Sec. 917.1 Section 917.1 of the proposed rule sets forth definitions of terms used in part 917. These terms are discussed below as they relate to the substantive provisions of the proposed rule. C. General Authorities and Duties of Bank Boards of Directors-- Sec. 917.2 The first sentence of Sec. 917.2(a) of the proposed rule would implement the first clause of section 7(a) of the Bank Act, 12 U.S.C. 1427(a), which states that the management of each Bank shall be vested in its board of directors. The Finance Board interprets this statutory provision as charging each Banks' board of directors with the ultimate legal responsibility for guiding the activities of the Bank, and not as a requirement that a Bank's board of directors administer the day-to- day operations of the Bank. Accordingly, the second sentence of proposed Sec. 917.2(a) makes clear that a Bank's board of directors may delegate responsibility for such day-to-day operations to Bank management, but that, in so doing, may not and can not delegate its ultimate statutory responsibility for the management of the Bank. Proposed Sec. 917.2(b) enumerates the duties that would apply to all official activities of each board director. Specifically, proposed Sec. 917.2(b)(1) would charge each director with the duty to carry out his or her duties as director in good faith, in a manner such director believes to be in the best interests of the Bank, and with such care, including reasonable inquiry, as an ordinarily prudent person in a like position would use under similar circumstances. Proposed Sec. 917.2(b)(2) would implement section 7(j) of the Bank Act, id. at 1427(j), by requiring that directors administer the affairs of the Bank fairly and impartially. Proposed Sec. 917.2(b)(3) would require that each board director be financially literate (i.e., have a working familiarity with basic finance and accounting practices), or become financially literate [[Page 83]] within a reasonable time after his or her election or appointment to the board of directors. This financial literacy may be obtained through training provided by the Bank if a director does not possess such financial literacy at the time of his or her election or appointment to the board. Finally, proposed Sec. 917.2(b)(4) would charge each Bank director with the general duty to direct the operations of the Bank in conformity with the requirements of the Bank Act and the Finance Board's regulations. In order to ensure that Bank boards of directors are able to oversee effectively the management of the Banks, proposed Sec. 917.2(c)(1) would make clear that this section simply codifies the existing authority all Bank boards of directors, and all committees thereof, have to retain staff and outside consultants at the expense of the Bank, as necessary to carry out their official duties and responsibilities. Proposed Sec. 917.2(c)(2) states that the board of directors, or any committee thereof, may require any internal Bank staff providing services to the board or committee on a particular matter to report directly to the board or committee on that matter. D. Risk Management--Sec. 917.3 Section 917.3 of the proposed rule sets forth the risk management responsibilities of Bank boards of directors and senior management. Proposed Sec. 917.3(a)(1) would require that, beginning 90 days after the effective date of this rule in final form, each Bank's board of directors have in effect at all times a risk management policy addressing the Bank's exposure to credit risk, market risk, liquidity risk, business risk and operations risk, as those terms are defined in proposed Sec. 917.1. The risk limits set forth in the policy shall be consistent with the Bank's capital position and its ability to measure and manage risk. While, under proposed Sec. 917.3(a)(1) a Bank need not submit its risk management policy to the Finance Board, these policies will be reviewed by the Finance Board as part of the ongoing examination process. Proposed Sec. 917.3(a)(2)(i) would require that the Bank's board of directors review the Bank's risk management policy on at least an annual basis, while proposed Sec. 917.3(a)(2)(ii) would make clear that each Bank's board shall amend its risk management policy, as appropriate to meet changing circumstances. Proposed Sec. 917.3(a)(2)(iii) provides that the board of directors also would be required to re-adopt the risk management policy, including interim amendments, not less often than every three years, as appropriate, based on the board's reviews of the policy. In addition to providing consistency, this requirement would make clear that, despite the turnover in board personnel that will occur over a number of years, all or most current members of a Bank's board of directors will be thoroughly familiar with the Bank's risk management policy, will have given meaningful consideration to its provisions and will have expressed an opinion regarding the adequacy of the policy through the voting process. Proposed Sec. 917.3(a)(2)(iv) also would make clear that each Bank's board of directors has the ultimate responsibility to ensure that policies and procedures are in place to achieve Bank compliance at all times with the risk management policy. Section 917.3(b) of the proposed rule sets forth several specific requirements for each Bank's risk management policy. Proposed Sec. 917.3(b)(1) would require that each Bank's risk management plan describe how the Bank will comply with its capital structure plan required under section 6(b) of the Bank Act (as amended by the Modernization Act), 12 U.S.C. 1426(b), to be submitted to the Finance Board within 270 days of the Finance Board's promulgation of regulations prescribing uniform capital standards for the Banks pursuant to section 6(a) of the Bank Act (as amended by the Modernization Act), id. at 1426(a). Proposed Sec. 917.3(b)(2) would require each Bank's risk management policy to set forth tolerance levels for the market and credit risk components. Proposed Sec. 917.3(b)(3) would require each Bank's risk management policy to set forth standards for the Bank's management of credit, market, liquidity, business and operations risks. Credit risk is defined in proposed Sec. 917.1 as the risk that the market value of an obligation will decline as a result of deterioration in creditworthiness. The creditworthiness of an obligation can be affected by both the creditworthiness of the specific counterparty or the market's general perception of the creditworthiness of an entire class of obligations. The Banks must assess the creditworthiness of issuers, obligors, or other counterparties prior to acquiring investments and, under proposed Sec. 917.3(b)(3)(i), the Bank's risk management policy would be required to include the standards and criteria for such an assessment. In addition, the credit risk portion of each Bank's risk management policy also should identify the criteria for selecting brokers, dealers and other securities firms with which the Bank may execute transactions. Market risk is defined in proposed Sec. 917.1 as the risk of loss in value of the Bank's portfolio resulting from movements in interest rates, foreign exchange rates and equity and commodity prices. Proposed Sec. 917.3(b)(3)(ii) would require that each Bank's risk management policy establish standards for the methods and models used to measure and monitor market risk, including maximum exposure thresholds and scenarios for measuring risk exposure. Liquidity risk is defined in proposed Sec. 917.1 as the risk that a Bank would be unable to meet its obligations as they come due or meet the credit needs of its members and eligible nonmember borrowers in a timely and cost-efficient manner. Operational liquidity addresses day- to-day or ongoing liquidity needs under normal circumstances. Operational liquidity needs may be either anticipated or unanticipated. Contingency liquidity addresses the same liquidity needs, but under abnormal or unusual circumstances in which a Bank's access to the capital markets is impeded. This impediment may result from a market disruption, operational failure, or real or perceived credit problems. Proposed Sec. 917.3(b)(3)(iii) would require that each Bank's risk management policy indicate the Bank's sources of liquidity, including specific types of investments to be held for liquidity purposes, and the methodology to be used for determining the Bank's operational and contingency liquidity needs. While the Bank System Financial Management Policy (FMP) currently governs Bank liquidity requirements, it is anticipated that the Finance Board will promulgate new liquidity regulations in a future rulemaking. Operations risk is defined in proposed Sec. 917.1 as the risk of an unexpected loss to a Bank resulting from human error, fraud, unenforceability of legal contracts, or deficiencies in internal controls or information systems. Proposed Sec. 917.3(b)(3)(iv) would require that each Bank's risk management policy address operations risk by setting forth standards for an effective internal control system (as described in more detail in the discussion of proposed Sec. 917.4 below), including periodic testing and reporting. Business risk is defined in proposed Sec. 917.1 as the risk of an adverse impact on a Bank's profitability resulting from external factors as may occur in both the short and long run. Such factors include: continued financial services industry consolidation; declining membership base; concentration of borrowing among members; and increased inter-Bank competition. Proposed Sec. 917.3(b)(3)(v) would require that each Bank's risk management [[Page 84]] policy identify these risks and include strategies for mitigating such risks, including contingency plans where appropriate. In order for each Bank to create and maintain a meaningful risk management policy, it is important that the boards of directors be cognizant of the strategic risks facing the Bank. Therefore, proposed Sec. 917.3(c) would require that senior management of each Bank perform, at least annually, a written risk assessment that identifies and evaluates all material risks, including both quantitative and qualitative aspects, that could adversely affect the achievement of the Bank's performance objectives and compliance requirements. Proposed Sec. 917.3(c) also requires that the risk assessment be in written form and be reviewed by the Bank's board of directors promptly upon its completion. E. Internal Control System--Sec. 917.4 While the existing FMP requires that the management of each Bank establish internal control systems, the FMP provides no guidance on how to ascertain the sufficiency of the systems. There have been several instances where internal control weaknesses have been discovered through the Finance Board's examination process. As a result, the Finance Board believes it prudent to provide more specific requirements for the internal control process that must be in place at each Bank. In developing requirements for internal control processes for the Banks, the Finance Board reviewed the available literature on the appropriate internal control systems for financial institutions. Included in this review was the Basle Committee on Banking Supervision's (BCBS) Framework for Internal Control Systems published in September 1998 (hereinafter Basle Committee Report) and the Committee of Sponsoring Organizations of the Treadway Commission's Internal Control--Integrated Framework Report published in September 1992 (hereinafter Treadway Commission Report). The recommendations contained in these Reports are considered to be state of the art for defining, implementing, monitoring, and evaluating internal control systems. According to the Basle Committee Report, a system of effective internal controls is a critical component of bank management and a foundation for safe and sound operation of a banking organization. A strong system of internal controls can help a bank meet its goals and objectives, achieve long-term profitability targets, and maintain reliable financial and managerial reporting. An internal control system also can help to: (1) Ensure the bank is in compliance with laws, regulations and the bank's internal policies and procedures; (2) safeguard assets; and (3) decrease the risk of damage to the bank's reputation. The Treadway Commission Report defines internal controls as a process, effected by the board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the: (1) Effectiveness and efficiency of operations; (2) reliability of financial reporting; and (3) compliance with applicable laws and regulations. Both Reports discuss basic components or principles for establishing and assessing internal control--i.e., management oversight and the control environment, risk recognition and assessment, control activities and segregation of duties, information and communication, and monitoring activities and correcting deficiencies. The provisions of Sec. 917.4 of the proposed rule were adapted from the basic components and principles in the Basle Committee and Treadway Commission Reports. The Finance Board believes that appropriate internal controls will be critical to the successful devolution of full corporate governance authority to the Banks. The proposed rule would provide the framework for an effective internal control system, and establish senior management and board of directors' responsibilities regarding internal controls. Proposed Sec. 917.4(a)(1) would require each Bank to establish and maintain an effective internal control system that addresses: (i) The efficiency and effectiveness of Bank activities; (ii) the safeguarding of assets; (iii) the reliability, completeness and timely reporting of financial and management information and transparency of such information to the Bank's board of directors and to the Finance Board; and (iv) compliance with applicable laws, regulations, policies, supervisory determinations and directives of the Bank's board of directors and senior management. Proposed Sec. 917.4(a)(2) enumerates certain minimum ongoing internal control activities that the Finance Board considers to be necessary in order for the internal control objectives described in proposed Sec. 917.4(a)(1) to be achieved. These activities include: (i) Top level reviews by the Bank's board of directors and senior management; (ii) activity controls, including review of standard performance and exception reports; (iii) physical and procedural controls adequate to safeguard, and prevent the unauthorized use of, assets; (iv) monitoring for compliance with the risk tolerance limits set forth in the risk management policy that would be required under proposed Sec. 917.3(a); (v) any required approvals and authorizations for specific activities; and (vi) any required verifications and reconciliations for specific activities. Section 917.4(b) of the proposed rule would charge each Bank's board of directors with the responsibility to ensure that the internal control system required under proposed Sec. 917.4(a)(1) is established and maintained, and to oversee senior management's implementation of the system on an ongoing basis. Under proposed Sec. 917.4(b), a Bank's board of directors will be considered to have met these general requirements on internal control system establishment, maintenance and oversight if it: (1) Conducts periodic discussions with senior management regarding the effectiveness of the internal control system; (2) ensures that an effective and comprehensive internal audit of the internal control system is performed annually; (3) requires internal control deficiencies to be reported to the Bank's board of directors in a timely manner and ensures that such deficiencies are addressed promptly; (4) conducts a timely review of evaluations of the effectiveness of the internal control system made by auditors and Finance Board examiners; (5) ensures that senior management promptly and effectively addresses recommendations and concerns expressed by auditors and Finance Board examiners regarding weaknesses in the internal control system; (6) reports internal control deficiencies, and the corrective action taken, to the Finance Board in a timely manner; (7) establishes, documents and communicates a clear and effective organizational structure for the Bank; (8) ensures that all delegations of board authority state the extent of the authority and responsibilities delegated; and (9) establishes reporting requirements. Section 917.4(c) of the proposed rule would require senior management at each Bank to establish, implement and maintain the internal control system under the direction of the Bank's board of directors. Under proposed Sec. 917.4(c), specific actions on the part of senior management that would be necessary to fulfill these responsibilities include: (1) Establishing, implementing and effectively communicating to Bank personnel policies and procedures that are adequate to ensure that internal control activities necessary to maintain [[Page 85]] an effective internal control system are an integral part of the daily functions of all Bank personnel; (2) ensuring that all Bank personnel fully understand and comply with all policies and procedures; (3) ensuring appropriate segregation of duties among Bank personnel and that personnel are not assigned conflicting responsibilities; (4) establishing effective paths of communication throughout the organization in order to ensure that Bank personnel receive necessary and appropriate information; (5) developing and implementing procedures that translate the major business strategies and policies established by the board of directors into operating standards; (6) ensuring adherence to the lines of authority and responsibility established by the Bank's board of directors; (7) overseeing the implementation and maintenance of management information and other systems; (8) establishing and implementing an effective system to track internal control weaknesses and the actions taken to correct them; and (9) monitoring and reporting to the Bank's board of directors the effectiveness of the internal control system on an ongoing basis. F. Audit Committees--Sec. 917.5 Section 917.5 of the proposed rule would require that each Bank's board of directors establish an audit committee. Current Finance Board requirements for audit committees are contained in Finance Board Res. No. 92-568.1 (July 22, 1992) and Finance Board Advisory Bulletin 96-1 (Feb. 29, 1996). Resolution No. 92-568.1 contains guidelines intended to be the minimum standards that should be adopted by the Banks for revisions of the respective audit charters. The guidelines require that: (1) Audit committee charters include a statement of the audit committee's responsibilities, including a statement of its purpose to assist the full board of directors in fulfillment of its fiduciary responsibilities; (2) the audit committee shall consist of at least three board members and shall include appointed directors and elected directors; (3) that in determining the membership of the audit committee, the board of directors should provide for continuity of service; (4) the audit committee shall meet at least twice annually with the audit director and the audit committee shall meet in executive session with both the audit director and the external auditors at least annually; (5) the audit committee shall oversee the selection, compensation, and performance evaluation of the audit director; (6) written minutes shall be prepared for each meeting and a copy of such minutes forwarded to the Finance Board; and (7) the charters of the audit director and audit committee shall be reviewed and approved at least annually by the audit committee and the board of directors, respectively. Advisory Bulletin 96-1 communicated examination findings regarding certain Bank practices that may tend to reduce the independence of the internal audit function, specifically the processes by which Bank audit director compensation is determined and performance is evaluated. The Bulletin indicated that examiners would review measures taken by the audit committee to assure the independence from management of the internal audit function, and to fulfill its responsibility to select, set the compensation of, and evaluate the performance of the audit director, and specified that all Bank audit committees should review their current practices and revise these as appropriate. Proposed Sec. 917.5 would set forth a clear regulatory requirement that each Bank have an audit committee, and would govern the audit committees' independence and their responsibilities for oversight of Bank operations. The proposed requirements for audit committees are based on standard corporate requirements and best practices. In developing the appropriate requirements for Bank audit committees, the Finance Board reviewed the audit committee regulations of other federal financial institution regulatory agencies and the Report and Recommendations of the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees (Feb. 8, 1999) (hereinafter Blue Ribbon Committee Report). The Securities and Exchange Commission encouraged the New York Stock Exchange and the National Association of Securities Dealers to form a private sector body to investigate perceived problems in financial reporting. Accordingly, the Blue Ribbon Committee was formed in October 1998 to take an objective look at U.S. corporate financial reporting, specifically assessing the current mechanisms for oversight and accountability among corporate audit committees, independent auditors, and financial and senior management. Proposed Sec. 917.5(a) would require that each Bank's board of directors establish an audit committee. Proposed Secs. 917.5(b)(1) and (2) would require that each Bank's audit committee consist of five or more board directors, each of whom meets the independence criteria discussed below, and include a balance of representatives of community financial institutions, as defined in section 2(13) of the Bank Act (as amended by the Modernization Act) 12 U.S.C. 1422(13), and other members and of appointed and elected directors of the Bank. The requirement in proposed Sec. 917.5(b)(1) that the audit committee comprise five or more persons differs from the recommendation of the Blue Ribbon Committee Report that the audit committee comprise a minimum of three directors. The Finance Board believes it is important that the audit committee include representatives of large and small members and appointed and elected directors of the Bank in order to prevent dominance by one particular interest. A minimum of five members is necessary to achieve diverse representation on the audit committee. Proposed Sec. 917.5(b)(3) would require that the terms of audit committee members be appropriately staggered to provide for continuity of service, and to avoid a complete, or substantial, turnover of the membership of the audit committee in any one year. Under proposed Sec. 917.2, all members of a Bank's board of directors would be required to be financially literate; that is, to be able to read and understand the Bank's balance sheet and income statement and to ask substantive questions of internal and external auditors. In addition to this general requirement, proposed Sec. 917.5(b)(4) would require that at least one member of each bank's audit committee have extensive accounting or related financial management experience. The Finance Board requests comment as to whether this requirement regarding accounting or financial management experience should be made to apply specifically to the chair of the audit committee, or whether it is sufficient to require only that at least one member of the audit committee possess such experience. The Finance Board also requests comment on whether the chair of the audit committee should be required to serve as vice-chair of the full board of directors in order to ensure that the audit committee chair has adequate incentive for effective leadership. In addition, proposed Sec. 917.5(c) would require that any director serving on the audit committee be sufficiently independent of the Bank and its management so as to maintain the ability to make the type of objective judgments that are required of audit committee members. The proposed independence criteria were adapted from the Blue Ribbon Committee Report, which states that ``common sense dictates that a director without any financial, family, or other material [[Page 86]] personal ties to management is more likely to be able to evaluate objectively the propriety of management's accounting, internal control and reporting practices.'' The Finance Board agrees that the independence of the directors serving on the audit committee is of great importance. Proposed Sec. 917.5(c) describes several examples of relationships that would call into question the independence of an audit committee member and that, therefore, would disqualify any director having such a relationship with the Bank or its management from serving on the audit committee. This list is not intended to be exhaustive, because it is impossible to foresee all potential individual circumstances that might compromise the independence of a particular director. Thus, the Finance Board expects that the board of directors will consider all potential relationships when qualifying a director for service on the audit committee. Proposed Sec. 917.5(d) would require that each Bank's audit committee adopt a formal written charter setting forth the scope of the audit committee's powers and responsibilities and establishing its structure, processes and membership requirements. Both the audit committee itself and the Bank's full board of directors would be required to review and assess the adequacy of and, where appropriate, amend the provisions of the audit committee charter annually and to readopt the charter, including amendments, not less often than every three years, based on the board's and audit committee's reviews of the policy. Proposed Sec. 917.5(d)(3) would require that the audit committee charter contain the following specific provisions: (i) that the audit committee has the responsibility to select, evaluate and, where appropriate, replace the internal auditor and that the internal auditor may be removed only with the approval of the audit committee; (ii) that the internal auditor shall report directly to the audit committee on substantive matters and that the internal auditor is ultimately responsible to the audit committee and the board of directors; and (iii) that the internal and external auditors be allowed unrestricted access to the audit committee without any requirement of management knowledge or approval. Although not expressly stated in Sec. 917.5, the audit committee would be required, under the general provisions of proposed Sec. 917.2(c), to have the authority to use the services of Bank staff and to employ such outside experts as it deems necessary to carry out its functions. The proposed requirements pertaining to the audit committee charters were adapted from the recommendations contained in the Blue Ribbon Committee Report and the current Finance Board requirements on audit committees. Proposed Sec. 917.5(e) sets forth the duties of each Bank's audit committee under the new regulatory structure, including the duties to: (1) Direct senior management to maintain the reliability and integrity of the accounting policies and financial reporting and disclosure practices of the Bank; (2) review the basis for the Bank's financial statements and the external auditor's opinion rendered with respect to such financial statements and ensure that policies are in place to achieve disclosure and transparency regarding the Bank's true financial performance and governance practices; (3) oversee the internal audit function; (4) oversee the external audit function; (5) act as an independent, direct channel of communication between the Bank's board of directors and the internal and external auditors; (6) conduct or authorize investigations into any matters within the audit committee's scope of responsibilities; (7) ensure that senior management has established and is maintaining an adequate internal control system; (8) review the policies and procedures established by senior management to monitor implementation of the Bank's strategic business plan required under Sec. 917.9 of the proposed rule; and (9) report periodically its findings to the Bank's board of directors. Proposed Sec. 917.5(e)(8) requires that the audit committee oversee not only financial audits but also oversee an audit of the controls in place to ensure the Bank's compliance with its strategic business plan. However, the audit committee is not required to assess the Bank's actual conformity with its strategic business plan, or the extent to which the Bank has achieved its statutory mission. Review of the strategic business plan of the Bank is the responsibility of the full board of directors, as more fully discussed in proposed Sec. 917.9(c)(3) below. Finally, proposed Sec. 917.5(f) would require that each Bank's audit committee prepare written minutes of each audit committee meeting. G. Budget Preparation--Sec. 917.6 Proposed Sec. 917.6 would require that: (a) Each Bank's board of directors adopt an annual operating expense budget and a capital expenditures budget; (b) a Bank's board of directors not delegate the authority to approve the Bank's annual budgets, or any subsequent amendments thereto, to Bank officers or other Bank employees; (c) each Bank's annual budgets be prepared based upon an interest rate scenario as determined by the Bank; and (d) no Bank exceed its total annual operating expense budget or its total annual capital expenditures budget without prior approval by the Bank's board of directors of an amendment to such budget. These provisions are carried over from existing Sec. 934.7 of the Finance Board's regulations, which itself was recently amended by an interim final rule. See 64 FR 71275. As part of the Finance Board's effort to relinquish all Bank corporate governance responsibilities, the recent interim final rule deleted old paragraphs (b) through (e) of Sec. 934.7, which had required that each Bank submit to the Finance Board certain specified budget information. In addition, the interim final rule deleted old paragraph (a)(2) of Sec. 934.7, requiring Finance Board approval for Banks' purchase or long-term lease of buildings, because, subsequent to the enactment of the Modernization Act, such approval is no longer a statutory requirement. See Modernization Act at 606(d). Finally, the interim final rule redesignated remaining paragraphs (a)(1), (3), (4) and (5) as paragraphs (a), (b), (c) and (d), respectively. The Finance Board is proposing to move the provisions of Sec. 934.7 to part 917 because most of the material in part 934 will be deleted through the reorganization rule, and regulations governing budget reporting requirements come logically within the realm of board of directors' and senior management responsibilities. H. Dividends--Sec. 917.7 Section 917.7 of the proposed rule provides that a Bank's board of directors may declare and pay a dividend only from previously retained earnings or current net earnings, as determined by the Bank, and only if such payment will not result in the impairment of the par value of the capital stock of the Bank. This language has been moved from existing Sec. 934.17, which, itself, was recently amended in an interim final rule intended to immediately implement certain devolutionary changes required under the Modernization Act. See 64 FR 71275. Before the enactment of the Modernization Act, section 16(a) of the Bank Act provided generally that dividends may be paid by the Banks out of previously retained earnings or current net earnings only with the approval of the Finance Board. See 12 U.S.C. 1436(a) (1999). Section 934.17 of the Finance Board's regulations formerly implemented this statutory provision by providing generally that [[Page 87]] the board of directors of each Bank, with the approval of the Finance Board, may declare and pay a dividend from net earnings, including previously retained earnings, on the paid-in value of capital stock held during the dividend period. See 12 CFR 934.17 (1999). In addition, dividend payments by the Banks were formerly subject to a Finance Board Dividend Policy, see Finance Board Res. No. 90-38 (Mar. 15, 1990), as well as Board of Directors Resolutions approving specific Bank dividend payments, that established specific conditions for approval of such dividend payments, including that the dividend payment would not result in a projected impairment of the par value of the capital stock of the Bank. The Modernization Act amended section 16(a) of the Bank Act by removing the requirement for Finance Board approval of Bank dividend payments. See Modernization Act at section 606(g)(1)(B). Accordingly, the Finance Board removed most of the specific dividend payment restrictions formerly set forth in Sec. 934.17 and in the Dividend Policy. However, for considerations of safety and soundness, the Finance Board believes that the impairment restriction formerly imposed under the Dividend Policy should continue to apply. In addition, while the Modernization Act provided for the repeal of section 6(g) of the Bank Act (requiring that all Bank stock share in dividends without preference), section 6(g) remains in effect during a transition period until the Finance Board has adopted capital regulations and approved the capital structure plans of the Banks. See Modernization Act at section 608. Consequently, Sec. 934.17 was amended to contain only the requirement that dividends be paid on all stock without preference and the impairment restriction set forth in the former Dividend Policy. Because the reorganization rule, discussed above, will eliminate part 934 of the Finance Board's regulations and because the Finance Board wishes to retain the substance of recently-amended Sec. 934.17 in its regulations, the agency is proposing to move this material to new part 917, given that approval of dividend payments is a responsibility of a Bank's board of directors. I. Bank Bylaws--Sec. 917.8 Section 917.8 of the proposed rule would require that a Bank's board of directors have in effect at all times bylaws governing the manner in which the Bank administers its affairs and that such bylaws be consistent with applicable laws and regulations as administered by the Finance Board. The proposed rule merely moves this language from existing Sec. 934.16, which, as is the case with the section on dividends discussed above, was recently amended in an interim final rule intended to immediately implement certain provisions of the Modernization Act. See 64 FR 71275. Before the enactment of the Modernization Act, section 12(a) of the Bank Act provided that the Banks had the power, by their boards of directors, to prescribe, amend, and repeal bylaws governing the manner in which their affairs may be administered, subject to the approval of the Finance Board. See 12 U.S.C. 1432(a). At that time, Sec. 934.16 of the Finance Board's regulations allowed the Banks to adopt, amend or repeal their bylaws without Finance Board approval, as long as the bylaws or amendments were consistent with applicable statutes, regulations and Finance Board policies. See 12 CFR 934.16. The Modernization Act amended section 12(a) of the Bank Act by removing the requirement for Finance Board approval of Bank bylaws, provided that the bylaws are consistent with applicable laws and regulations, as administered by the Finance Board. See Modernization Act at section 606(d)(1)(C). In order to promote sound corporate governance practice, the Finance Board amended Sec. 934.16 to require the Banks to have bylaws governing the manner in which the Banks' affairs are conducted. Because the reorganization rule, discussed above, will eliminate part 934 of the Finance Board's regulations, the proposed rule would move the amended language of Sec. 934.16, to part 917, as the enactment of bylaws is a duty of each Bank's board of directors. J. Mission of the Banks; Strategic Business Plan--Sec. 917.9 Proposed Sec. 917.9 sets forth requirements that each Bank must meet in developing a strategic business plan to enumerate the Banks goals and objectives for achieving the mission of the Bank. The Bank Act establishes the Finance Board's primary responsibility for ensuring the safety and soundness of the Bank System and, consistent with that duty, ensuring that the Banks, as government-sponsored enterprises (GSEs), fulfill their public policy mission. See 12 U.S.C. 1422a(a)(3). As with the risk management function, a Bank's board of directors must take its strategic business planning seriously and impress the importance of implementing the plan and mission achievement upon Bank management and staff. The Banks' boards of directors must be fully engaged so that there is an appropriate focus on strategic business plan implementation and mission achievement at all levels of the Bank. Proposed Sec. 917.9(a) defines the mission of the Banks as providing to members and associates (i.e., entities that have been approved as a nonmember mortgagee pursuant to subpart B of part 950 (currently part 935) of the Finance Board's regulations) financial products and services, including but not limited to advances (i.e., correspondent services and other Bank business activities may be considered to be mission-related), that assist and enhance such members' and associates' financing of: (1) Housing, including single- family and multi-family housing serving consumers at all income levels, and (2) community lending as defined in Sec. 953.3 (current Sec. 970.3) of the Finance Board's regulations. This statement of mission and the related strategic business plan requirements of Sec. 917.9 are intended to ensure maximum use of the cooperative structure of the Bank System to provide funds for housing finance and community lending. Proposed Sec. 917.9(b) would require that, beginning 90 days after the effective date of the provision, each Bank's board of directors have in effect at all times a strategic business plan describes how the business activities of the Bank with achieve the mission of the Bank. Specifically, the plan would be required to: (1) Enumerate the business activities that the Bank has determined are consistent with the mission of the Bank and the reasons that those activities are so designated, including how such activities assist and enhance members' and associates' business and further the cooperative nature of the Bank System; (2) enumerate operating goals and objectives for each major business activity and all new activities; and (3) describe new business activities and enhancements to existing activities. In addition, proposed Sec. 917.9(b)(4) would require that each Bank's strategic business plan be supported by appropriate and timely research and analysis of relevant market developments and member and associate demand for Bank products and services. The Banks already are required to prepare a ``Housing Finance and Community Development Mission Achievement Report'' (HFCDMA Report) to be reviewed by the Finance Board as part of its annual supervisory examination of each Bank. Although the HFCDMA Report addresses topics [[Page 88]] similar to those that would be addressed in the strategic business plan, the focus of the Report is primarily retrospective, while the strategic business plan is intended to be prospective. However, to the extent that information prepared for the HFCDMA Report, or any other reports, meets the regulatory requirements for the strategic business plan, a Bank would be permitted to use this work product to satisfy the strategic business plan requirements. As with the risk management policy, proposed Sec. 917.9(c)(1) would require that the Bank's board of directors review the Bank's strategic business plan on at least an annual basis, while proposed Sec. 917.9(c)(2) would require that the board amend the strategic business plan, as appropriate, based on these reviews. Proposed Sec. 917.9(c)(3) would require a Bank's board of directors to re-adopt a strategic business plan, including interim amendments, not less often than every three years, as appropriate, based on the board's reviews of the policy. As with the similar provision in proposed Sec. 917.3(a)(2)(iii), this requirement is intended to ensure that, even given the turnover in board personnel that will occur over a number of years, all or most current members of a Bank's board of directors will be thoroughly familiar with the Bank's strategic business plan, will have given meaningful consideration to its provisions and will have expressed their opinion regarding the adequacy of the policy through the voting process. Proposed Sec. 917.9(c)(4) also would make clear that each Bank's board of directors has the responsibility to establish management reporting requirements and monitor implementation of the strategic business plan and the operating goals and objectives contained therein. These provisions would require the board of directors to oversee the process of assessing the Bank's implementation of its strategic business plan, but would not require that this responsibility reside with the audit committee or the internal auditor. It is not necessary that the requirements for the audit committee, which oversees the financial audit of the Bank, be applied to the oversight of the strategic business plan. Thus, proposed Sec. 917.9 requires that the board of directors oversee Bank implementation of the strategic business plan, but allows the board to determine how, and by what mechanism, it will carry out this responsibility. However, as previously discussed, the audit committee shall be responsible for ensuring that proper controls exist to ensure that an assessment of the Bank's implementation of its strategic business plan is carried out. III. Regulatory Flexibility Act The proposed rule applies only to the Banks, which do not come within the meaning of ``small entities,'' as defined in the Regulatory Flexibility Act (RFA). See 5 U.S.C. 601(6). Therefore, in accordance with section 605(b) of the RFA, see id. at 605(b), the Finance Board hereby certifies that this proposed rule, if promulgated as a final rule, will not have a significant economic impact on a substantial number of small entities. List of Subjects in 12 CFR Parts 917 Community development, Credit, Housing and Federal home loan banks. Accordingly, the Finance Board hereby proposes to amend title 12, chapter IX, Code of Federal Regulations, by adding a new part 917 to read as follows: PART 917--POWERS AND RESPONSIBILITIES OF BANK BOARDS OF DIRECTORS AND SENIOR MANAGEMENT Sec. 917.1 Definitions. 917.2 General authorities and duties of Bank boards of directors. 917.3 Risk management. 917.4 Internal control system. 917.5 Audit committees. 917.6 Budget preparation and reporting requirements. 917.7 Dividends. 917.8 Bank bylaws. 917.9 Mission of the Banks; Strategic business plan. Authority: 12 U.S.C. 1422a(a)(3), 1422b(a)(1), 1427, 1432(a), 1436(a), 1440. Sec. 917.1 Definitions. As used in this part: Associate means an entity that has been approved as a nonmember mortgagee pursuant to subpart B of part 950 of this chapter. Business risk means the risk of an adverse impact on a Bank's profitability resulting from external factors as may occur in both the short and long run. Capital structure plan means the plan establishing and implementing a capital structure that each Bank is required to submit to the Finance Board under 12 U.S.C. 1426(b). Community financial institution has the meaning set forth in 12 U.S.C. 1422(13). Community lending has the meaning set forth in Sec. 952.3 of this chapter. Contingency liquidity means: (1) Marketable assets with a maturity of one year or less; (2) Self-liquidating assets with a maturity of seven days or less; and (3) Assets that are generally accepted as collateral in the repurchase agreement market. Credit risk means the risk that the market value of an obligation will decline as a result of deterioration in creditworthiness. Immediate family member means a parent, sibling, spouse, child, dependent, or any relative sharing the same residence. Internal auditor means the individual responsible for the internal audit function at the Bank. Liquidity risk means the risk that a Bank is unable to meet its obligations as they come due or meet the credit needs of its members and eligible nonmember borrowers in a timely and cost-efficient manner. Market risk means the risk that the market value of a Bank's portfolio will decline as a result of changes in interest rates, foreign exchange rates, equity and commodity prices. Operations risk means the risk of an unexpected loss to a Bank resulting from human error, fraud, unenforceability of legal contracts, or deficiencies in internal controls or information systems. Sec. 917.2 General authorities and duties of Bank boards of directors. (a) Management of the Bank. The management of each Bank shall be vested in its board of directors. While Bank boards of directors may delegate the execution of operational functions to Bank personnel, the ultimate responsibility of each Bank's board of directors for that Bank's management is non-delegable. (b) Duties of Bank directors. Each Bank director shall have the duty to: (1) Carry out his or her duties as director in good faith, in a manner such director believes to be in the best interests of the Bank, and with such care, including reasonable inquiry, as an ordinarily prudent person in a like position would use under similar circumstances; (2) Administer the affairs of the Bank fairly and impartially and without discrimination in favor of or against any member; (3) Be financially literate, or become financially literate within a reasonable time after appointment or election; and (4) Direct the operations of the Bank in conformity with the requirements set forth in the Act and this chapter. (c) Authority regarding staff and outside consultants. (1) In carrying out its duties and responsibilities under the Act and this chapter, each Bank's board of directors and all committees thereof shall have authority to retain staff and [[Page 89]] outside counsel, independent accountants, or other outside consultants at the expense of the Bank. (2) Bank staff providing services to the board of directors or any committee of the board under paragraph (c)(1) of this section may be required by the board of directors or such committee to report directly to the board or such committee, as appropriate. Sec. 917.3 Risk management. (a) Adoption of risk management policy. (1) Beginning 90 days after the effective date of this section, each Bank's board of directors shall have in effect at all times a risk management policy that addresses the Bank's exposure to credit risk, market risk, liquidity risk, business risk and operations risk and that conforms to the requirements of paragraph (b) of this section and to all applicable Finance Board regulations and policies. (2) Review and compliance. Each Bank's board of directors shall: (i) Review the Bank's risk management policy at least annually; (ii) Amend the risk management policy as appropriate; (iii) Re-adopt the Bank's risk management policy, including interim amendments, not less often than every three years; and (iv) Ensure that policies and procedures are in place to achieve Bank compliance at all times with the risk management policy. (b) Risk management policy requirements. In addition to meeting any other requirements set forth in this chapter, each Bank's risk management policy shall: (1) Describe how the Bank will comply with its capital structure plan, after such plan is approved by the Finance Board; (2) Set forth the Bank's tolerance levels for the market and credit risk components; and (3) Set forth standards for the Bank's management of each risk component, including but not limited to: (i) Regarding credit risk arising from all secured and unsecured transactions, standards and criteria for, and timing of, periodic assessment of the creditworthiness of issuers, obligors, or other counterparties including identifying the criteria for selecting dealers, brokers and other securities firms with which the Bank may execute transactions; and (ii) Regarding market risk, standards for the methods and models used to measure and monitor such risk; (iii) Regarding day-to-day operational liquidity needs and contingency liquidity needs for periods during which the Bank's access to capital markets is impaired: (A) An enumeration of specific types of investments to be held for such liquidity purposes; and (B) The methodology to be used for determining the Bank's operational and contingency liquidity needs; (iv) Regarding operations risk, standards for an effective internal control system, including periodic testing and reporting; and (v) Regarding business risk, strategies for mitigating such risk, including contingency plans where appropriate. (c) Risk assessment. The senior management of each Bank shall perform, at least annually, a risk assessment that identifies and evaluates all material risks, including both quantitative and qualitative aspects, that could adversely affect the achievement of the Bank's performance objectives and compliance requirements. The risk assessment shall be in written form and shall be reviewed by the Bank's board of directors promptly upon its completion. Sec. 917.4 Internal control system. (a) Establishment and maintenance. (1) Each Bank shall establish and maintain an effective internal control system that addresses: (i) The efficiency and effectiveness of Bank activities; (ii) The safeguarding of Bank assets; (iii) The reliability, completeness and timely reporting of financial and management information and transparency of such information to the Bank's board of directors and to the Finance Board; and (iv) Compliance with applicable laws, regulations, policies, supervisory determinations and directives of the Bank's board of directors and senior management. (2) Ongoing internal control activities necessary to maintain the internal control system required under paragraph (a)(1) of this section shall include, but are not limited to: (i) Top level reviews by the Bank's board of directors and senior management, including review of financial presentations and performance reports; (ii) Activity controls, including review of standard performance and exception reports by department-level management on an appropriate periodic basis; (iii) Physical and procedural controls to safeguard, and prevent the unauthorized use of, assets; (iv) Monitoring for compliance with the risk tolerance limits set forth in the Bank's risk management policy; (v) Any required approvals and authorizations for specific activities; and (vi) Any required verifications and reconciliations for specific activities. (b) Internal control responsibilities of Banks' boards of directors. Each Bank's board of directors shall ensure that the internal control system required under paragraph (a)(1) of this section is established and maintained, and shall oversee senior management's implementation of such a system on an ongoing basis, by: (1) Conducting periodic discussions with senior management regarding the effectiveness of the internal control system; (2) Ensuring that an effective and comprehensive internal audit of the internal control system is performed annually; (3) Requiring that internal control deficiencies be reported to the Bank's board of directors in a timely manner and that such deficiencies are addressed promptly; (4) Conducting a timely review of evaluations of the effectiveness of the internal control system made by internal auditors, external auditors and Finance Board examiners; (5) Directing senior management to address promptly and effectively recommendations and concerns expressed by internal auditors, external auditors and Finance Board examiners regarding weaknesses in the internal control system; (6) Reporting any internal control deficiencies found, and the corrective action taken, to the Finance Board in a timely manner; (7) Establishing, documenting and communicating an organizational structure that clearly shows lines of authority within the Bank, provides for effective communication throughout the Bank, and ensures that there are no gaps in the lines of authority; (8) Reviewing all delegations of authority to specific personnel or committees and requiring that such delegations state the extent of the authority and responsibilities delegated; and (9) Establishing reporting requirements, including specifying the nature and frequency of reports it receives. (c) Internal control responsibilities of Banks' senior management. Each Bank's senior management shall be responsible for carrying out the directives of the Bank's board of directors, including the establishment, implementation and maintenance of the internal control system required under paragraph (a)(1) of this section, by: [[Page 90]] (1) Establishing, implementing and effectively communicating to Bank personnel policies and procedures that are adequate to ensure that internal control activities necessary to maintain an effective internal control system, including the activities enumerated in paragraph (a)(2) of this section, are an integral part of the daily functions of all Bank personnel; (2) Ensuring that all Bank personnel fully understand and comply with all policies, procedures and legal requirements; (3) Ensuring that there is appropriate segregation of duties among Bank personnel and that personnel are not assigned conflicting responsibilities; (4) Establishing effective paths of communication upward, downward and across the organization in order to ensure that Bank personnel receive necessary and appropriate information, including: (i) Information relating to the operational policies and procedures of the Bank; (ii) Information relating to the actual operational performance of the Bank; (iii) Adequate and comprehensive internal financial, operational and compliance data; and (iv) External market information about events and conditions that are relevant to decision making; (5) Developing and implementing procedures that translate the major business strategies and policies established by the Bank's board of directors into operating standards; (6) Ensuring adherence to the lines of authority and responsibility established by the Bank's board of directors; (7) Overseeing the implementation and maintenance of management information and other systems; (8) Establishing and implementing an effective system to track internal control weaknesses and the actions taken to correct them; and (9) Monitoring and reporting to the Bank's board of directors the effectiveness of the internal control system on an ongoing basis. Sec. 917.5 Audit committees. (a) Establishment. The board of directors of each Bank shall establish an audit committee, consistent with the requirements set forth in this section. (b) Composition. (1) The audit committee shall comprise five or more persons drawn from the Bank's board of directors, each of whom shall meet the criteria of independence set forth in paragraph (c) of this section. (2) The audit committee shall include a balance of representatives of: (i) Community financial institutions and other members; and (ii) Appointive and elective directors of the Bank. (3) The terms of audit committee members shall be appropriately staggered so as to provide for continuity of service. (4) At least one member of the audit committee shall have extensive accounting or related financial management experience. (c) Independence. Any member of the Bank's board of directors shall be considered to be sufficiently independent to serve as a member of the audit committee if that director does not have a disqualifying relationship with the Bank or its management that would interfere with the exercise of that director's independent judgment. Such disqualifying relationships include, but are not limited to: (1) Being employed by the Bank in the current year or any of the past five years; (2) Accepting any compensation from the Bank other than compensation for service as a board director; (3) Serving or having served in any of the past five years as a consultant, advisor, promoter, underwriter, or legal counsel of or to the Bank; or (4) Being an immediate family member of an individual who is, or has been in any of the past five years, employed by the Bank. (d) Charter. (1) The audit committee of each Bank shall adopt, and the Bank's board of directors shall approve, a formal written charter that specifies the scope of the audit committee's powers and responsibilities, as well as the audit committee's structure, processes and membership requirements. (2) The audit committee and the board of directors of each Bank shall: (i) Review, assess the adequacy of and, where appropriate, amend the Bank's audit committee charter on an annual basis; (ii) Amend the audit committee charter as appropriate; and (iii) Re-adopt and re-approve, respectively, the Bank's audit committee charter not less often than every three years. (3) Each Bank's audit committee charter shall: (i) Provide that the audit committee has the responsibility to select, evaluate and, where appropriate, replace the internal auditor and that the internal auditor may be removed only with the approval of the audit committee; (ii) Provide that the internal auditor shall report directly to the audit committee on substantive matters and that the internal auditor is ultimately accountable to the audit committee and board of directors; and (iii) Provide that both the internal auditor and the external auditor shall have unrestricted access to the audit committee without the need for any prior management knowledge or approval. (e) Duties. Each Bank's audit committee shall have the duty to: (1) Direct senior management to maintain the reliability and integrity of the accounting policies and financial reporting and disclosure practices of the Bank; (2) Review the basis for the Bank's financial statements and the external auditor's opinion rendered with respect to such financial statements (including the nature and extent of any significant changes in accounting principles or the application therein) and ensure that policies are in place to achieve disclosure and transparency regarding the Bank's true financial performance and governance practices; (3) Oversee the internal audit function by: (i) Reviewing the scope of audit services required, significant accounting policies, significant risks and exposures, audit activities and audit findings; (ii) Assessing the performance and determining the compensation of the internal auditor; and (iii) Reviewing and approving the internal auditor's work plan; (4) Oversee the external audit function by: (i) Approving the external auditor's annual engagement letter; (ii) Reviewing the performance of the external auditor; and (iii) Making recommendations to the Bank's board of directors regarding the appointment, renewal, or termination of the external auditor; (5) Provide an independent, direct channel of communication between the Bank's board of directors and the internal and external auditors; (6) Conduct or authorize investigations into any matters within the audit committee's scope of responsibilities; (7) Ensure that senior management has established and is maintaining an adequate internal control system within the Bank by: (i) Reviewing the Bank's internal control system and the resolution of identified material weaknesses and reportable conditions in the internal control system, including the prevention or detection of management override or compromise of the internal control system; and (ii) Reviewing the programs and policies of the Bank designed to ensure compliance with applicable laws, regulations and policies and monitoring the results of these compliance efforts; [[Page 91]] (8) Reviewing the policies and procedures established by senior management to assess and monitor implementation of with the Bank's strategic business plan and the operating goals and objectives contained therein; and (9) Report periodically its findings to the Bank's board of directors. (f) Meetings. The audit committee shall prepare written minutes of each audit committee meeting. Sec. 917.6 Budget preparation and reporting requirements. (a) Adoption of budgets. Each Bank's board of directors shall be responsible for the adoption of an annual operating expense budget and a capital expenditures budget for the Bank, and any subsequent amendments thereto, consistent with the requirements of the Act, this section, other regulations and policies of the Finance Board, and with the Bank's responsibility to protect both its members and the public interest by keeping its costs to an efficient and effective minimum. (b) No delegation of budget authority. A Bank's board of directors may not delegate the authority to approve the Bank's annual budgets, or any subsequent amendments thereto, to Bank officers or other Bank employees. (c) Interest rate scenario. A Bank's annual budgets shall be prepared based upon an interest rate scenario as determined by the Bank. (d) Board approval for deviations. A Bank may not exceed its total annual operating expense budget or its total annual capital expenditures budget without prior approval by the Bank's board of directors of an amendment to such budget. Sec. 917.7 Dividends. A Bank's board of directors may declare and pay a dividend only from previously retained earnings or current net earnings and only if such payment will not result in a projected impairment of the par value of the capital stock of the Bank. Dividends on such capital stock shall be computed without preference. Sec. 917.8 Bank bylaws. A Bank's board of directors shall have in effect at all times bylaws governing the manner in which the Bank administers its affairs and such bylaws shall be consistent with applicable laws and regulations as administered by the Finance Board. Sec. 917.9 Mission of the Banks; Strategic business plan. (a) Mission of the Banks. The mission of the Banks is to provide to its members and associates financial products and services, including but not limited to advances, that assist and enhance such members' and associates' financing of: (1) Housing, including single-family and multi-family housing serving consumers at all income levels; and (2) Community lending. (b) Adoption of strategic business plan. Beginning 90 days after the effective date of this section, each Bank's board of directors shall have in effect at all times a strategic business plan that describes how the business activities of the Bank will achieve the mission of the Bank as set forth in paragraph (a) of this section. Specifically, each Bank's strategic business plan shall: (1) Enumerate those business activities of the Bank that the board of directors has determined are consistent with the mission of the Banks as set forth in paragraph (a) of this section and the reasons that those activities are so designated, including how such activities assist and enhance members' and associates' business and further the cooperative nature of the Bank System; (2) Enumerate operating goals and objectives for each major business activity and for all new business activities and the strategies for meeting such goals and objectives; (3) Describe any proposed new business activities or enhancements of existing activities; and (4) Be supported by appropriate and timely research and analysis of relevant market developments and member and associate demand for Bank products and services. (c) Review and monitoring. Each Bank's board of directors shall: (1) Review the Bank's strategic business plan at least annually; (2) Amend the strategic business plan as appropriate; (3) Re-adopt the Bank's strategic business plan, including interim amendments, not less often than every three years; and (4) Establish management reporting requirements and monitor implementation of the strategic business plan and the operating goals and objectives contained therein. Dated: December 14, 1999. By the Board of Directors of the Federal Housing Finance Board. Bruce A. Morrison, Chairman. [FR Doc. 99-34037 Filed 12-30-99; 8:45 am] BILLING CODE 6725-01-P