[Federal Register Volume 76, Number 83 (Friday, April 29, 2011)]
[Rules and Regulations]
[Pages 23861-23871]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2011-10108]


=======================================================================
-----------------------------------------------------------------------

NATIONAL CREDIT UNION ADMINISTRATION

12 CFR Part 704

RIN 3133-AD74


Corporate Credit Unions

AGENCY: National Credit Union Administration (NCUA).

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: NCUA is issuing final amendments to its rule governing 
corporate credit unions (corporates). The amendments include internal 
control and reporting requirements for corporates similar to those 
required for banks under the Federal Deposit Insurance Act and the 
Sarbanes-Oxley Act. The amendments require each corporate to establish 
an enterprise-wide risk management committee staffed with at least one 
risk management expert. The amendments require corporates conduct all 
board of director votes as recorded votes and include the votes of 
individual directors in the meeting minutes. The amendments permit 
corporates to charge their members reasonable one-time or periodic 
membership fees as necessary to facilitate retained earnings growth. 
For senior corporate executives who are dual employees of corporate 
credit union service organizations (CUSOs), the amendments also require 
disclosure of certain compensation received from the corporate CUSO.

DATES: This rule is effective May 31, 2011, except that the amendments 
to Sec. Sec.  704.2 and 704.15 are effective January 1, 2012, and the 
addition of Sec.  704.21 is effective April 29, 2013.

FOR FURTHER INFORMATION CONTACT: Jacqueline Lussier, Staff Attorney, 
Office of General Counsel; Elizabeth Wirick, Staff Attorney, Office of 
General Counsel; and Lisa Henderson, Staff Attorney, Office of General 
Counsel, all at telephone (703) 518-6540), National Credit Union 
Administration, 1775 Duke Street, Alexandria, VA 22314; or David 
Shetler, Deputy Director, Office of Corporate Credit Unions, at the 
address above or telephone (703) 518-6640.

SUPPLEMENTARY INFORMATION: 

I. Background

    In September 2010, the NCUA Board made substantial revisions to 
part 704 (with conforming amendments to parts 702, 703, 709, and 747). 
75 FR 64786 (Oct. 20, 2010) (September Rulemaking). These amendments 
established a new capital scheme, including risk-based capital 
requirements; imposed new prompt corrective action requirements; placed 
various new limits on corporate investments; imposed new asset-
liability management controls; amended some corporate governance 
provisions; and limited a corporate CUSO to categories of activities 
preapproved by NCUA.
    The preamble to the September Rulemaking also stated that shortly 
after its promulgation the Board intended to issue another proposal 
that would further amend part 704 and related provisions. Id. at 64824. 
In November 2010, the Board issued the promised follow-on proposal with 
further revisions to the corporate rule. 75 FR 73000 (Nov. 29, 2010). 
The seven amendments proposed in November would have:
     Provided for the sharing of Temporary Corporate Credit 
Union Stabilization Fund (TCCUSF) expenses among all members of 
corporate credit unions, including both credit union and noncredit 
union members;
     Limited natural person credit unions (NPCUs) to membership 
in one corporate of the NPCU's choice at any one time;
     Required corporates conduct all board of director votes as 
recorded votes and include the votes of individual directors in the 
meeting minutes;
     Incorporated certain audit, reporting, and audit committee 
practices from the Federal Deposit Insurance Act (FDI Act), Part 363 of 
the Federal Deposit Insurance Corporation (FDIC) Regulations, and the 
Sarbanes-Oxley Act of 2002;
     Required corporates to establish enterprise-wide risk 
management committees staffed with at least one independent risk 
management expert;
     Allowed corporates to charge their members reasonable one-
time or periodic membership fees; and

[[Page 23862]]

     Required the disclosure of compensation received from a 
corporate CUSO by certain highly compensated corporate credit union 
executives.
    The initial public comment period on the November proposals was 30 
days, but the Board extended the comment period to 60 days. 75 FR 75648 
(Dec. 6, 2010). During the comment period, which closed on January 28, 
2011, NCUA received 227 comments from a wide variety of sources.

II. Overview of the Final Amendments

    After considering the comments received on the November proposal, 
the Board determined not to proceed with the first two proposals listed 
above relating to the sharing of TCCUSF expenses and the limitation on 
corporate credit union membership. This final rule does include the 
other five November proposals. As discussed in detail below, the Board 
adopted the membership fee and CUSO compensation disclosure amendments 
exactly as proposed. In response to the comments, however, the Board 
adopted the final three proposals (i.e., relating to internal controls, 
enterprise risk management, and recording director votes) with some 
changes from the proposed versions. Additionally, some of the 
provisions relating to internal controls and enterprise risk management 
have delayed effective dates.

III. Section-by-Section Analysis of the Final Amendments

Section 704.2 Definitions

    The proposal included a number of new definitions in Sec.  704.2, 
generally relating to terms used in the proposed internal control and 
reporting amendments to Sec.  704.15. The newly defined terms included: 
Critical accounting policies, Enterprise risk management, Examination 
of internal control, Family, Financial statements, Financial statement 
audit, Generally accepted auditing standards, Independent public 
accountant, Internal control, Internal control framework, Internal 
control over financial reporting, and Supervisory committee.
    Although the proposed rule contained a definition for Family, that 
definition has been dropped from this final rule as the Board has 
determined that the existing part 704 definition of Immediate family 
member is sufficient. This final rule also modifies the proposed 
definition of Independent public accountant (IPA) slightly to ensure 
that if a state permits accountants licensed out-of-state to practice 
accounting in-state, those accountants will be considered to fall 
within the IPA definition.
    The effective date of these new definitions is delayed to January 
1, 2012, to correspond to the earliest effective date of the internal 
control and reporting amendments in Sec.  704.15.
    Except as described above, the proposed Sec.  704.2 definitions are 
adopted as proposed.

Section 704.11 Corporate Credit Union Service Organizations; and Sec.  
704.19 Disclosure of Executive and Director Compensation

    The proposal included amendments to Sec. Sec.  704.11 and 704.19 to 
ensure that the required disclosures of compensation paid to certain 
corporate employees under Sec.  704.19 also capture compensation paid 
to these employees by any corporate CUSO in which the corporate credit 
union has invested or made a loan. The proposed revisions to Sec.  
704.19(a) clarified that a corporate credit union's annual disclosures 
of compensation paid to its most highly compensated employees must 
include any compensation from a CUSO in which the corporate has 
invested. To facilitate an accurate disclosure, the proposal also 
required the CUSO agree to provide this information about dual employee 
compensation to the corporate. This agreement would be embedded in the 
general agreement between the corporate and the CUSO discussed in Sec.  
704.11(g).
    A slight majority of commenters opposed this proposed CUSO 
compensation disclosure requirement, and the most frequent reason given 
was a concern that this disclosure could lead to ``piercing the 
corporate veil'' between the corporate and the CUSO. The NCUA Board 
disagrees that disclosure of the compensation of dually-compensated 
employees, by itself or in connection with other factors, is likely to 
shift a CUSO's legal liability to a corporate.
    Some commenters also worried NCUA might eventually impose these 
disclosure requirements on natural person credit unions and their CUSOs 
as well. At this time, the Board has no such intent. The Board does 
believe, however, that the members of corporate credit unions need this 
transparency with regard to corporate executive pay.
    Other commenters opined that NCUA has no authority to regulate 
CUSOs. The Board agrees that it cannot regulate CUSOs directly, but it 
can, for safety and soundness reasons, regulate the types of 
investments that credit unions make and whether credit unions should 
invest in CUSOs. If a corporate wishes to invest in, or loan to, an 
entity, that entity will likely meet the definition of a corporate 
CUSO, and the CUSO must conform to NCUA's requirements if it wishes to 
retain that corporate investment. Another objector termed the proposal 
unnecessary because the information is required on, and can be obtained 
from, IRS Form 990. This objector is incorrect. For example, federally 
chartered credit unions do not file Form 990s, and, typically, the 
information contained on a completed Form 990 is not coextensive with 
the information required to be disclosed to members under this rule.
    One commenter who generally supported the proposal requested that 
disclosure be limited to the member/owners of the corporate and that 
the disclosure not be made to the general public. The Board notes that 
Sec.  704.19 does not require public disclosure, but only disclosure to 
members. 12 CFR 704.19(b). The corporate can make this member 
disclosure in a nonpublic manner if it desires.
    Accordingly, the Board adopts the proposed revisions to Sec. Sec.  
704.11 and 704.19 without change.

Section 704.13 Board Responsibilities

    The proposal would have amended Sec.  704.13 to require corporates 
to conduct all board of director votes as recorded votes and to include 
the votes of individual directors in the meeting minutes, with the goal 
of increasing the transparency of the corporate credit union decision-
making process. In the final rule, the Board has modified this proposal 
to require recording only ``no'' votes and abstentions on a particular 
item where the affirmative votes can otherwise be determined as the 
remaining directors in attendance.
    Many commenters who opposed the proposal were concerned that 
requiring recorded votes would create divisiveness within the board or 
could lead to individuals being singled out for litigation or 
enforcement action. Some commenters also stated that the proposal would 
discourage individuals from serving on corporate boards. A few 
commenters also expressed concerns that NCUA would also eventually 
impose the same requirement on NPCUs. Other commenters opined that the 
proposal exceeded NCUA's authority generally, arguing that only states 
could impose such requirements on state-chartered corporates. Another 
commenter stated this requirement was a matter for the bylaws, not a 
regulation.
    The Board disagrees with these commenters. Recent events in the 
corporate system illustrate the dangers resulting from the insular and 
non-transparent decision-making that occurred at some corporate credit

[[Page 23863]]

unions. As corporates continue their efforts to reorganize and recover 
from the crisis, it is essential that the members of corporate credit 
unions are able to see how their directors vote on matters that affect 
the members. While the Board acknowledges the possibility that this 
transparency requirement could create dissension among board members, 
the Board believes that the benefits of openness and transparency far 
outweigh any discomfort individual board members may face from recorded 
votes. Further, as discussed in the preamble to the proposed rule, NCUA 
has broad authority to require federally-insured credit unions, 
including corporate credit unions, to prepare and submit financial 
information and other information as the Board requires. 12 U.S.C. 
1761, 1766, 1781, 1782(a)(2), and 1789. Because of the importance of 
transparency in corporate credit union board decisions, and the effect 
those decisions can have on the safety and soundness of the entire 
credit union system, the Board believes this provision is appropriately 
placed in a regulation rather than relying on each corporate to adopt a 
conforming bylaw.
    A few commenters also asserted that the proposed recorded vote 
requirement would conflict with provisions of Roberts' Rules of Order 
that provide for the chair to vote only in case of a tie, or with 
provisions of state law and the Revised Model Business Corporation Act 
that presume all directors assent to an action unless dissent is 
documented. Several commenters suggested recording ``no'' votes and 
abstentions would suffice, especially if the meeting minutes list the 
directors present. After considering these comments, the Board has 
modified the proposal to require recording only ``no'' votes and 
abstentions on all board votes, as long as the names of directors 
attending the meeting are recorded elsewhere in the minutes.
    Except as noted above, the Board adopts the revisions to Sec.  
704.13 as proposed.

Section 704.15 Audit and Reporting Requirements

    NCUA currently requires that a corporate credit union's board of 
directors ensure the preparation of timely and accurate balance sheets, 
income statements, and internal risk assessments and that systems are 
audited periodically in accordance with industry standards. 12 CFR 
704.4(c). In addition, a corporate credit union's supervisory committee 
must ensure that: (1) An external audit is performed annually in 
accordance with generally accepted auditing standards; and (2) the 
audit report is submitted to the board of directors, to NCUA, and in a 
summary version, to the members. 12 CFR 704.15(a).
    To facilitate early identification of problems in financial 
management at corporate credit unions, the NCUA Board proposed to amend 
Sec.  704.15 to add certain additional auditing, reporting, and 
supervisory committee requirements. These proposals were very similar 
to those required of banks by the FDIC. 12 CFR part 363. The most 
significant proposed revisions would have required a corporate to:
     Ensure that its financial reports reflect all material 
correcting adjustments necessary to conform with generally accepted 
accounting principles (GAAP) as identified by the corporate's IPA.
     Prepare an annual management report, signed by the chief 
executive officer and the chief accounting officer or chief financial 
officer, that contains: (1) A statement of management's responsibility 
for preparing financial statements, for establishing and maintaining an 
adequate internal control structure, and for complying with safety and 
soundness laws and regulations; (2) an assessment of the corporate's 
compliance with such laws and regulations; and (3) for a corporate with 
assets of at least $1 billion, an assessment of the effectiveness of 
the internal control structure.
     Ensure that its IPA: (1) Reports to the supervisory 
committee all critical accounting policies; (2) retains the working 
papers related to an audit for seven years; (3) complies with the 
independence standards and interpretations of the American Institute of 
Certified Public Accountants (AICPA); (4) has an acceptable peer 
review; (5) notifies NCUA if the IPA ceases being a corporate's 
independent accountant; and (6) for a corporate with assets of at least 
$1 billion, reports separately to the supervisory committee on 
management's assertions concerning the effectiveness of the corporate's 
internal control structure.
     Ensure that it: (1) Files a copy of its annual report to 
NCUA within 180 days after the end of the calendar year, which NCUA 
will make available for public inspection; (2) provides NCUA with a 
copy of any letter or report issued by its IPA; (3) informs NCUA when 
it engages an IPA or loses an IPA through dismissal or resignation; (4) 
provides a notice to NCUA of late filing of the annual report; and (5) 
submits a summary of its annual report to the membership.
     Ensure that its supervisory committee (1) consists of 
members who are independent of the corporate (defined as having no 
family relationships or material business or professional relationships 
with the corporate); (2) supervises the IPA; and (3) ensures that audit 
engagement letters do not contain unsafe and unsound limitation of 
liability provisions.
    The public commenters that addressed the proposed revisions to 
Sec.  704.15 generally did so without discussing the specific 
revisions. That is, those in favor of the proposal simply stated that 
it was a good idea. Likewise, those opposed maintained generally that 
the proposed revisions to Sec.  704.15 were too burdensome. A few 
commenters said that if any of the provisions were adopted, they should 
apply to all corporates regardless of size.
    The NCUA Board believes that the proposed amendments are important 
to ensure the accurate and reliable measurement of a corporate credit 
union's assets and earnings, which has a direct bearing on the 
determination of regulatory capital. The Board believes that the 
amendments will help identify weaknesses in internal control over 
financial reporting and risk management at corporate credit unions and 
reinforce corrective measures, thus complementing supervisory efforts 
in contributing to the safety and soundness of corporate credit unions. 
Accordingly, the Board is adopting the provisions as proposed, except 
as discussed below. The Board is mindful, however, that corporates are 
still adjusting to the major part 704 revisions in the September 
Rulemaking, and that imposing these new auditing and reporting 
requirements on corporate credit unions immediately could be confusing 
and overly burdensome. Accordingly, the Board is delaying the effective 
date of all the Sec.  704.15 revisions until at least January 1, 2012, 
and as discussed below, delaying some of the revisions into 2013 and 
2014.
    Proposed paragraph 704.15(a)(2) required corporate credit union 
management to prepare an annual report containing certain enumerated 
elements. Several elements--including a statement of management's 
responsibility for establishing and maintaining an adequate internal 
control structure and procedures for financial reporting--applied to 
all corporates. However, proposed paragraph 704.15(a)(2)(iii), which 
required that management assess the effectiveness of the internal 
control structure and procedures for financial reporting, would have 
applied only to corporate credit unions with at least $1 billion in 
assets. Similarly, proposed paragraph 704.15(b)(2), which required

[[Page 23864]]

that corporates have the IPA attest to management's assertions 
concerning the effectiveness of the corporate's internal control 
structure and procedures for financial reporting, also applied only to 
corporates with at least $1 billion in assets.
    Some commenters stated that all the internal control requirements 
in Sec.  704.15 should apply to all corporates. After careful 
consideration, the Board agrees and has determined to remove the $1 
billion asset threshold for these two provisions. All corporates 
present systemic risk and therefore should be subject to strong 
internal control reviews and attestations. To mitigate the compliance 
burden of these requirements, however, the Board has determined to 
delay the effective date of these provisions past 2012. The management 
assessment requirement in paragraph (a)(2)(iii) will take effect on 
January 1, 2013, so that only management reports prepared in 2013 (for 
the calendar year 2012) and for later calendar years must contain 
management's assessment of the effectiveness of the internal control 
structure and procedures. In addition, the IPA assessment requirement 
in paragraph (b)(2) will take effect on January 1, 2014 for management 
reports prepared for the calendar year 2013 and thereafter.
    Proposed paragraph 704.15(d)(1) addressed the composition of a 
corporate credit union's supervisory committee, stating that its 
members may not be employees of the corporate credit union and must be 
independent of the corporate credit union. A few commenters found this 
provision confusing, and the Board has clarified it. The final 
paragraph (d)(1) states that supervisory committee members must be 
independent of the operational side of the corporate, that is, the part 
of the credit union that is supervised, directly or indirectly, by the 
corporate's Chief Executive Officer.
    Except as discussed above, the Board adopts Sec.  704.15 as 
proposed.

Section 704.21 Enterprise Risk Management

    The proposal included a new section on Enterprise Risk Management 
(ERM) requiring all corporate credit unions to develop and follow an 
ERM policy. The proposal required the board of directors establish an 
ERM committee responsible for overseeing the corporate's risk 
management practices and for reporting at least annually to the board 
of directors. The committee would include at least one independent risk 
management expert with sufficient experience in identifying, assessing, 
and managing risk exposures.
    The proposal defined independent to mean that the expert does not, 
going back three years, have any family relationships or any material 
business or professional relationships with the corporate that would 
affect his or her independence as a committee member. The risk 
management expert must have a post-graduate education; an actuarial, 
accounting, economics, financial, or legal background; and at least 
five years experience in identifying, assessing, and managing risk 
exposures. The expert's experience must also be commensurate with the 
size of the corporate and the complexity of its operations. The board 
must hire this individual from outside the corporate.
    Most of the commenters who commented generally on enterprise risk 
assessments thought they were valuable and could be effective tools for 
management. Many of these commenters agreed with the proposed rule but 
thought it should be refined.
    Several other commenters specifically opposed any regulatory ERM 
requirement. Many of these commenters thought the ERM proposals were 
redundant with other committees (ALCO, supervisory, and audit) and 
unnecessary in light of these committees, regular NCUA and state 
examinations, and the new NCUA corporate regulations. Some of these 
commenters thought that the ERM functions were not sufficiently 
distinguished from the functions of the board, ALCO, supervisory 
committee, or audit committee, and that the ERM committee might impinge 
on the turf of these committees and the board, all without providing 
material new information or new benefit. These commenters, however, did 
not say specifically how the ERM might cause this confusion. A few 
commenters thought that NCUA should consider addressing ERM as guidance 
or best practices. A few commenters grouped the proposed rule's ERM and 
audit reporting requirements together and generally opposed both as 
expensive and unnecessary.
    The Board disagrees with these comments. As general matter, 
organizations may be practicing good risk management on an exposure-by-
exposure basis, but they may not be paying close enough attention to 
the aggregation of exposures across the entire organization. An 
organization must measure and understand all the individual risks 
associated with its various business components, and also understand 
how they interact dynamically. A successful ERM process can help to 
meet many of those challenges. As one commenter stated, 
``[i]ncreasingly, [ERM] is being utilized by credit unions, 
particularly larger ones, as an important mechanism to ensure the 
organization has the proper, overall [perspective] on all of its risks 
and its capacity to manage those risks. * * * [E]nterprise risk 
assessments * * * can be very effective tools [for] making sure the 
corporate has the ability to identify, manage, and correct material 
risks.''
    There is a misapprehension among some commenters that the ERM 
committee would be redundant of other committees, such as the 
supervisory (or audit) and ALCO or credit committees. The FCU Act, 
NCUA's regulations, and the standard federal corporate credit union 
bylaws provide for those committees and prescribe targeted areas of 
responsibility for each. The ERM committee's unique mission would be to 
review and report on management's identification and management of all 
of the corporate's significant and emerging enterprise risk. The ERM 
committee would act in an advisory capacity to the board of directors 
to ensure that the board obtains focused, comprehensive information on 
enterprise risk, and not just on the individual, specific risks 
addressed by the ALCO, credit, and supervisory committees. The ERM 
committee would address all of an enterprise's risks--including 
financial, operational, strategic, compliance, and reputational risks--
under one umbrella. The ERM committee would also conduct its analysis 
and present its views independent of the earnings pressure faced by the 
operational side of the corporate. The pressure to achieve certain 
earnings goals can, in some instances, cause the operators to overlook 
or downplay the risks associated with their endeavors.
    The ERM committee has no power to require action by the corporate 
or any part of the corporate, and thus does not overlap with 
management's turf or the turf of any other committee. To clarify that 
the committee is only advisory, and has no prescriptive powers or 
authorities, the final rule replaces the word ``oversight'' with the 
word ``review'' as it applies to the ERM committee's activities.
    One commenter stated that, if the rule was adopted, it ought to 
specify a charter for the ERM committee and the scope of its duties and 
delegated responsibilities. The Board believes that the board of 
directors of the corporate has the responsibility to specify the duties 
of the ERM committee consistent with the requirements of this rule. 
Accordingly, a specific charter is not

[[Page 23865]]

necessary. Another commenter stated that annual ERM reporting is 
insufficient, and that it should be done at least quarterly. The Board 
agrees and has modified the regulation accordingly.
    Some commenters addressed the ERM expert. One commenter thought 
that a single expert was insufficient, and that multiple experts with 
different expertise were necessary. Another commenter thought a ``part-
time'' consultant was not a good idea, and that the rule should 
encourage the use of ``in-house full-time risk management experts.'' A 
few commenters asked for clarification of the independence concept, and 
two commenters did not see how the ERM expert could remain independent 
from the corporate once the expert was compensated by the corporate.
    In response to these comments, the NCUA Board notes that the 
proposal required that the ERM committee include ``at least'' one 
independent risk management expert. Each corporate has the authority to 
determine whether additional experts are necessary or desirable. The 
Board also believes that each corporate should be permitted to decide 
whether to employ the expert on a full- or part-time basis as part of 
the ERM committee or to engage the expert as a consultant, either part- 
or full-time, and has clarified this in the rule text.
    As for the independence requirement, the Board's intent was to 
ensure the ERM expert is not influenced by the operational side of the 
corporate credit union. For clarity, the final rule provides that an 
ERM expert is independent if neither the expert, nor any immediate 
family member of the expert, is supervised by, or has any other 
material business or professional relationship with, the chief 
executive officer or anyone supervised, directly or indirectly, by the 
CEO. This is similar to the independence standard applicable to the 
members of the supervisory committee as provided under Sec.  704.15(d). 
Also, the Board notes that the fact that the expert is compensated by 
the corporate does not undermine the independence of the expert any 
more than compensating the independent public accountant undermines the 
IPA's independence.
    The Board is delaying the effective date of this ERM section for 24 
months to give corporates time to put together an ERM policy, assemble 
an ERM committee, and locate and hire a qualified ERM expert. The final 
rule also renumbers this ERM section as Sec.  704.21, instead of Sec.  
704.22 as proposed.
    Except as discussed above, the Board adopts the final ERM section 
as proposed.

Section 704.22 Membership Fees

    The proposal included a new section on membership fees permitting a 
corporate the option to charge its members a one-time or periodic 
membership fee as a mandatory requirement of membership. The purpose of 
the proposal was to give corporates another tool to build retained 
earnings.
    The proposal required the fee be uniform and proportional to the 
member's asset size. The corporate could reduce the fee for members 
that have contributed capital to the corporate, but any reduction would 
have to be proportional to the amount of the member's non-depleted 
contributed capital. The corporate would have to give members at least 
six months advance notice of any initial or new fees, or any material 
change to a recurring fee. A corporate could terminate the membership 
of any credit union that fails to pay the fee fully within 60 days of 
invoicing.
    Of the commenters who commented on this provision, slightly over 
half supported it, with the rest opposed to it. Several corporate 
credit unions commented on the proposal with most supporting it. Many 
commenters that supported the proposal recommended some changes to it, 
as discussed below.
    Some supportive commenters stated corporates should be allowed to 
determine the amount of the fee without the limits imposed in the 
proposed rule and in accordance with a formulation set by the 
corporate. Some of these commenters felt that adequate disclosure to 
the members should be the only requirement. The Board does not agree 
with these comments. The rule provides corporates the option of 
charging reasonable membership fees as a way to build retained 
earnings. The requirement that fees be calculated uniformly for all 
members and as a percentage of each member's assets is a safeguard 
against the imposition of arbitrary and unreasonable fees and ensures 
fair treatment of all members, including smaller natural person credit 
unions. Furthermore, this fee provision does give corporates the 
flexibility to reduce fees for those members that are contributing more 
capital to the corporate. One commenter also recommended that the rule 
require any membership fees be approved by at least a majority vote of 
the corporate's members. Again, the Board disagrees. Allowing members 
to vote on whether the corporate may charge such fees would undermine 
the corporate's flexibility in employing fees as a tool to attain 
required retained earnings targets. Also, the rule provides for 
adequate notice to members about upcoming fees so that the members can 
oppose the fee or obtain their services elsewhere.
    Some commenters stated that the required six-month notice provision 
for any new fees is too long, and should be shortened to something like 
45 or 60 days. These commenters believe that this would permit 
corporates to more accurately estimate the need for and results from 
assessing the fee. Another commenter opined that six months notice is 
adequate for routine fees, but that for more significant fee charges 
the proposal does not allow time for forward planning by credit union 
members.
    The Board disagrees with these commenters. The Board believes that 
the required minimum six-month advance notice is reasonable for 
planning by both corporates and members. A notice period shorter than 
six months would not give members adequate time to look for alternative 
service providers should they find the fees too onerous. The commenter 
who said that six months notice is adequate for routine fees, but 
wanted a longer advance notice period for more significant charges did 
not define ``routine fees'' or ``more significant charges.'' The 
proposed rule sets only a minimum notice period; it does not keep a 
corporate from providing additional advance notice for particular fees.
    Those commenters who opposed permitting membership fees provided 
various reasons for their opposition. Some of these commenters felt 
such fees would put additional, unwarranted financial strain on NPCUs 
already required to contribute capital to corporates and make payments 
to the Temporary Corporate Credit Union Stabilization Fund. Many of 
these commenters thought the fee option would give corporates too much 
power over their NPCU members. The Board believes that the fee rule 
provides an acceptable balance between the corporates' need for 
retained earnings and capital and the members' need for services.
    Some commenters expressed concern about allowing a corporate to 
``expel'' a member for not paying membership fees. One commenter felt 
the proposal appears to circumvent the expulsion process established in 
the FCU Act and that the process of expulsion should be defined with 
regard to capital and contract requirements. Several commenters stated 
that the proposal does not address whether an NPCU whose membership is 
terminated for

[[Page 23866]]

failure to pay the fee will get its perpetual contributed capital back.
    The Board believes that some of these commenters are 
mischaracterizing the membership termination provision as an 
``expulsion'' from membership. A corporate has the right to terminate 
membership of any member that does not comply with the minimum 
conditions of membership, such as maintaining the minimum share balance 
required under the bylaws. Such termination is not an expulsion. 
Likewise, failure to pay a legally imposed membership fee in a timely 
fashion under this new section subjects the member to potential 
membership termination. In addition, provisions for the return of 
membership capital are addressed elsewhere in part 704.
    The Board notes that the membership fees section numbering in the 
proposed (i.e., Sec.  704.23) is changed to Sec.  704.22 in the final 
rule. Also, paragraph (d) of the proposed Sec.  704.23 stated that the 
corporate credit union may terminate the membership of any credit union 
that fails to pay the fee in full on a timely basis. The reference to 
credit union should have been to member since corporates may have 
certain entities in their fields of membership that are not credit 
unions, and the final rule corrects this reference.
    Except as discussed above, the Board adopts this membership fee 
provision as proposed.

IV. Regulatory Procedures

Regulatory Flexibility Act

    The Regulatory Flexibility Act requires NCUA to prepare an analysis 
to describe any significant economic impact any regulation may have on 
a substantial number of small entities (those under $10 million in 
assets). This final regulation applies only to corporate credit unions, 
all of which have assets well in excess of $10 million. Accordingly, 
the NCUA Board certifies that this final rule will not have a 
significant economic impact on a substantial number of small credit 
unions and, therefore, a regulatory flexibility analysis is not 
required.

Paperwork Reduction Act

    The Paperwork Reduction Act of 1995 (PRA) applies to rulemakings in 
which an agency by rule creates a new paperwork burden on regulated 
entities or modifies an existing burden. 44 U.S.C. 3507(d). For 
purposes of the PRA, a paperwork burden may take the form of a 
reporting, recordkeeping, or disclosure requirement, each referred to 
as an information collection. NCUA identified and described several 
information collection requirements in the proposed rule. As required 
by the PRA, NCUA submitted a copy of the proposed rule to the Office of 
Management and Budget (OMB) for its review and approval. Persons 
interested in submitting comments with respect to the information 
collection aspects of the proposed rule were invited to submit them to 
OMB (with a copy to NCUA) at the addresses noted in the preamble to the 
proposed rule.
    For several reasons, NCUA has modified the final estimated burden 
associated with the final rule. At the time the proposed rule was 
issued, there were 27 corporate credit unions, and there are now only 
26 corporates. This reduction affects the burden estimates for some 
aspects of the information collection requirements, as discussed below. 
In addition, and as discussed more fully in the preamble to this final 
rule, the Board has determined to make several changes in the final 
rule, and some of those changes affect the burden estimates for some 
aspects of the information collection requirements. These changes are 
also discussed below. Finally, NCUA received one comment specifically 
addressed to the agency's estimates of paperwork burden as set out in 
the preamble to the proposed rule concerning proposed Sec.  704.15, 
Audit and reporting requirements. This comment is discussed below in 
the section addressing the burden represented by Sec.  704.15(a)(2).
    The specific provisions of the final rule with hour-burden 
estimates different from the proposal follow.
Section 704.13(c)(8)--Recorded Director Votes
    As proposed, this section required all 27 corporates to conduct all 
board of director votes by recorded vote and to record those votes in 
the minutes of the directors' meetings. In the proposed rule, NCUA 
estimated that compliance with the requirement should take 
approximately 1 hour and that each corporate would hold 12 meetings per 
year. 27 corporates x 12 meetings = 324 meetings per year. 324 meetings 
x 1 hours = 324 hours.
    There are now 26 corporates, so the estimated burden is reduced. 26 
corporates x 12 meetings = 312 meetings per year. 312 meetings x 1 hour 
= 312 hours. Accordingly, this change has the effect of decreasing the 
estimated burden by 12 hours.
Section 704.21--Equitable Distribution of Corporate Credit Union 
Stabilization Fund Expenses
    The Board has determined not to adopt this proposal in the final 
rule. This eliminates the associated information collection 
requirements, which consisted of (i) an aggregate estimated 540 hours 
for the preparation of a list of non-FICU members of each corporate and 
providing the list to NCUA and (ii) an aggregate estimated 675 hours 
for conducting a special meeting of a corporate's members to expel a 
member and notifying NCUA of the result of the vote. Accordingly, the 
elimination of this section has the effect of decreasing the estimated 
aggregate burden by 1,215 hours.
Section 704.15(a)(2)--Management Report
    NCUA received one comment letter opposed to nearly every aspect of 
the audit and reporting requirements under proposed Sec.  704.15. One 
of the comments concerned NCUA's paperwork burden estimates. The 
commenter stated that the management report requirements in proposed 
Sec.  704.15(a)(2) will substantially increase the cost of compliance, 
``far beyond what the NCUA reports in the Summary of Collection Burden 
of the regulation.'' The commenter, however, failed to provide any 
specific information on what the increased burden hours or costs would 
be.
    There are two information collections in proposed Sec.  
704.15(a)(2), as described below:
    (1) As proposed, paragraphs (a)(2)(i) and (ii) of Sec.  704.15 
require all corporates to prepare an annual management report that 
contains a statement of management's responsibilities for performing 
certain duties in the corporate. The report must also contain an 
assessment of the corporate's compliance with certain laws and 
regulations. NCUA estimated that it should take a corporate 
approximately 4 hours to prepare its management report. 27 corporates x 
4 hours = 108 hours.
    (2) As proposed, paragraph (a)(2)(iii) of Sec.  704.15 required 
each corporate credit union with assets of $1 billion or more to 
include in its management report an assessment by management of the 
effectiveness of the corporate credit union's internal control 
structure and procedures for financial reporting. There were 16 
corporates with at least $1 billion in assets at the time the proposed 
rule was issued. NCUA estimated that it should take a corporate 
approximately 8 hours to prepare its assessment. 16 corporates x 8 
hours = 128 hours.
    After considering the comment and based on additional information, 
the following factors affect the estimated burden hours associated with 
Sec.  704.15(a)(2):

[[Page 23867]]

     The number of corporates has dropped from 27 to 26;
     The final rule applies the assessment requirements of 
Sec.  704.15(a)(2)(iii) to all corporates, regardless of asset size; 
and
     NCUA estimates that the burden hours per corporate will be 
25% greater than the burden estimated in the proposal.
    Accordingly, NCUA estimates that it should take a corporate about 5 
hours to prepare its management report under paragraphs (a)(2)(i) and 
(ii) of Sec.  704.15. 26 corporates x 5 hours = 130 hours.
    NCUA estimates that it should take a corporate about 10 hours to 
prepare its assessment under paragraph (a)(2)(iii) of Sec.  704.15. 26 
corporates x 10 hours = 260 hours.
    With the revisions described above, NCUA now estimates the total 
information collection burden represented by the final rule, calculated 
on an annual basis, as follows:
     Recorded director votes: 26 corporates x 12 meetings x 1 
hour = 312 hours.
     Disclosure of dual employee compensation from corporate 
CUSOs: 5 CUSOs x 1 hour = 5 hours.
     Management report: 26 corporates x 5 hours = 130 hours.
     Assessment: 26 corporates x 10 hours = 260 hours.
     Notice of engagement or change of accountants: 5 
corporates x 2 hours = 10 hours.
     Notification of late filing: 5 corporates x 1 hour = 5 
hours.
    Total Burden Hours: 722 hours.
    NCUA has submitted these burden revisions to OMB. NCUA expects that 
OMB will review and approve the revisions, and approve NCUA's 
submission, in the near future.

Executive Order 13132

    Executive Order 13132 encourages independent regulatory agencies to 
consider the impact of their actions on state and local interests. In 
adherence to fundamental federalism principles, NCUA, an independent 
regulatory agency as defined in 44 U.S.C. 3502(5), voluntarily complies 
with the executive order.
    The final rule will not have substantial direct effects on the 
states, on the connection between the national government and the 
states, or on the distribution of power and responsibilities among the 
various levels of government. NCUA has determined that this final rule 
does not constitute a policy that has federalism implications for 
purposes of the executive order.

The Treasury and General Government Appropriations Act, 1999--
Assessment of Federal Regulations and Policies on Families

    The NCUA has determined that this final rule will not affect family 
well-being within the meaning of section 654 of the Treasury and 
General Government Appropriations Act, 1999, Public Law 105-277, 112 
Stat. 2681 (1998).

Small Business Regulatory Enforcement Fairness Act

    The Small Business Regulatory Enforcement Fairness Act of 1996 
(Pub. L. 104-121) provides generally for congressional review of agency 
rules. A reporting requirement is triggered in instances where NCUA 
issues a final rule as defined by section 551 of the Administrative 
Procedure Act. 5 U.S.C. 551. The Office of Management and Budget has 
determined that this rule is not a major rule for purposes of the Small 
Business Regulatory Enforcement Fairness Act of 1996.

List of Subjects in 12 CFR Part 704

    Credit unions, Corporate credit unions, Reporting and recordkeeping 
requirements.

    By the National Credit Union Administration Board on April 21, 
2011.
Mary F. Rupp,
Secretary of the Board.
    For the reasons stated in the preamble, the National Credit Union 
Administration amends 12 CFR part 704 as set forth below:

PART 704--CORPORATE CREDIT UNIONS

0
1. The authority citation for part 704 continues to read as follows:

    Authority:  12 U.S.C. 1762, 1766(a), 1772a, 1781, 1789, and 
1795e.

0
2. Effective January 1, 2012, add definitions of Critical accounting 
policies, Enterprise risk management, Examination of internal control, 
Financial statements, Financial statement audit, Generally accepted 
auditing standards, Independent public accountant, Internal control, 
Internal control framework, Internal control over financial reporting, 
and Supervisory committee to Sec.  704.2 as follows:


Sec.  704.2  Definitions.

* * * * *
    Critical accounting policies means those policies that are most 
important to the portrayal of a corporate credit union's financial 
condition and results and that require management's most difficult, 
subjective, or complex judgments, often as a result of the need to make 
estimates about the effect of matters that are inherently uncertain.
* * * * *
    Enterprise risk management means the process of addressing risk on 
an entity-wide basis. The purpose of this process is not to eliminate 
risk but, rather, to provide the knowledge the board of directors and 
management need to effectively measure, monitor, and control risk and 
to then plan appropriate strategies to achieve the entity's business 
objectives with a reasonable amount of risk taking.
* * * * *
    Examination of internal control means an engagement of an 
independent public accountant to report directly on internal control or 
on management's assertions about internal control. An examination of 
internal control over financial reporting includes controls over the 
preparation of financial statements in accordance with accounting 
principles generally accepted in the United States of America (GAAP) 
and NCUA regulatory reporting requirements.
* * * * *
    Financial statements means the presentation of a corporate credit 
union's financial data, including accompanying notes, derived from 
accounting records of the credit union, and intended to disclose the 
credit union's economic resources or obligations at a point in time, or 
the changes therein for a period of time, in conformity with GAAP. Each 
of the following is considered to be a financial statement: a balance 
sheet or statement of financial condition; statement of income or 
statement of operations; statement of undivided earnings; statement of 
cash flows; statement of changes in members' equity; statement of 
revenue and expenses; and statement of cash receipts and disbursements.
    Financial statement audit means an audit of the financial 
statements of a corporate credit union performed in accordance with 
generally accepted auditing standards by an independent person who is 
licensed by the appropriate State or jurisdiction. The objective of a 
financial statement audit is to express an opinion as to whether those 
financial statements of the credit union present fairly, in all 
material respects, the financial position and the results of its 
operations and its cash flows in conformity with GAAP.
* * * * *
    Generally accepted auditing standards (GAAS) means the standards 
approved and adopted by the American Institute of Certified Public 
Accountants

[[Page 23868]]

which apply when an independent, licensed certified public accountant 
audits private company financial statements in the United States of 
America. Auditing standards differ from auditing procedures in that 
procedures address acts to be performed, whereas standards measure the 
quality of the performance of those acts and the objectives to be 
achieved by use of the procedures undertaken. In addition, auditing 
standards address the auditor's professional qualifications as well as 
the judgment exercised in performing the audit and in preparing the 
report of the audit.
* * * * *
    Independent public accountant (IPA) means a person who is licensed 
by, or otherwise authorized by, the appropriate State or jurisdiction 
to practice public accounting. An IPA must be able to exercise fairness 
toward credit union officials, members, creditors and others who may 
rely upon the report of a supervisory committee audit and to 
demonstrate the impartiality necessary to produce dependable findings. 
As used in this part, IPA is synonymous with the terms ``auditor'' and 
``accountant.'' The term IPA does not include a licensed person working 
in his or her capacity as an employee of an unlicensed entity and 
issuing an audit opinion in the unlicensed entity's name, e.g., a 
licensed league auditor or licensed retired examiner working for a non-
licensed entity.
* * * * *
    Internal control means the process, established by the corporate 
credit union's board of directors, officers and employees, designed to 
provide reasonable assurance of reliable financial reporting and 
safeguarding of assets against unauthorized acquisition, use, or 
disposition. A credit union's internal control structure generally 
consists of five components: Control environment; risk assessment; 
control activities; information and communication; and monitoring. 
Reliable financial reporting refers to preparation of Call Reports that 
meet management's financial reporting objectives. Internal control over 
safeguarding of assets against unauthorized acquisition, use, or 
disposition refers to prevention or timely detection of transactions 
involving such unauthorized access, use, or disposition of assets which 
could result in a loss that is material to the financial statements.
    Internal control framework means criteria such as that established 
in Internal Control--Integrated Framework, issued by the Committee of 
Sponsoring Organizations of the Treadway Commission (COSO), or 
comparable, reasonable, and U.S.-recognized criteria.
    Internal control over financial reporting means a process effected 
by those charged with governance, management, and other personnel, 
designed to provide reasonable assurance regarding the preparation of 
reliable financial statements in accordance with accounting principles 
generally accepted in the United States of America. A corporate credit 
union's internal control over financial reporting includes those 
policies and procedures that:
    (1) Pertain to the maintenance of records that, in reasonable 
detail, accurately and fairly reflect the transactions and dispositions 
of the assets of the entity;
    (2) Provide reasonable assurance that transactions are recorded as 
necessary to permit preparation of financial statements in accordance 
with accounting principles generally accepted in the United States of 
America, and that receipts and expenditures of the entity are being 
made only in accordance with authorizations of management and those 
charged with governance; and
    (3) Provide reasonable assurance regarding prevention, or timely 
detection and correction, of unauthorized acquisition, use, or 
disposition of the entity's assets that could have a material effect on 
the financial statements.
* * * * *
    Supervisory committee means, for federally chartered corporate 
credit unions, the supervisory committee as defined in Section 111(b) 
of the Federal Credit Union Act, 12 U.S.C. 1761(b). For state chartered 
corporate credit unions, the term supervisory committee refers to the 
audit committee, or similar committee, designated by state statute or 
regulation.
* * * * *

0
3. Revise paragraphs (g)(5) and (g)(6), and add a new paragraph (g)(7), 
to Sec.  704.11 to read as follows:


Sec.  704.11.  Corporate Credit Union Service Organizations (Corporate 
CUSOs).

* * * * *
    (g) * * *
    (5) Will allow the auditor, board of directors, and NCUA complete 
access to the CUSO's personnel, facilities, equipment, books, records, 
and any other documentation that the auditor, directors, or NCUA deem 
pertinent;
    (6) Will inform the corporate, at least quarterly, of all the 
compensation paid by the CUSO to its employees who are also employees 
of the corporate credit union; and
    (7) Will comply with all the requirements of this section.
* * * * *

0
4. Revise paragraphs (c)(6) and (c)(7), and add a new paragraph (c)(8), 
in Sec.  704.13 to read as follows:


Sec.  704.13  Board responsibilities.

* * * * *
    (c) * * *
    (6) Financial performance is evaluated to ensure that the 
objectives of the corporate credit union and the responsibilities of 
management are met;
    (7) Planning addresses the retention of external consultants, as 
appropriate, to review the adequacy of technical, human, and financial 
resources dedicated to support major risk areas; and
    (8) For each item before the board, the meeting minutes list the 
names of directors and their votes, as well as the names of any 
directors who did not vote, except that if the minutes include a 
complete list of directors attending the meeting, the vote tally need 
only list the names of directors who voted against the item or who 
abstained.

0
5. Effective January 1, 2012, revise Sec.  704.15 to read as follows:


Sec.  704.15  Audit and reporting requirements.

    (a) Annual reporting requirements--(1) Audited financial 
statements. A corporate credit union must prepare annual financial 
statements in accordance with generally accepted accounting principles 
(GAAP), which must be audited by an independent public accountant in 
accordance with generally accepted auditing standards. The annual 
financial statements and regulatory reports must reflect all material 
correcting adjustments necessary to conform with GAAP that were 
identified by the corporate credit union's independent public 
accountant.
    (2) Management report. Each corporate credit union must prepare, as 
of the end of the previous calendar year, an annual management report 
that contains the following:
    (i) A statement of management's responsibilities for preparing the 
corporate credit union's annual financial statements, for establishing 
and maintaining an adequate internal control structure and procedures 
for financial reporting, and for complying with laws and regulations 
relating to safety and soundness in the following areas: affiliate 
transactions, legal lending limits, loans to insiders, restrictions on 
capital and share

[[Page 23869]]

dividends, and regulatory reporting that meets full and fair 
disclosure;
    (ii) An assessment by management of the corporate credit union's 
compliance with such laws and regulations during the past calendar 
year. The assessment must state management's conclusion as to whether 
the corporate credit union has complied with the designated safety and 
soundness laws and regulations during the calendar year and disclose 
any noncompliance with the laws and regulations; and
    (iii) Beginning on and after January 1, 2013, an assessment by 
management of the effectiveness of the corporate credit union's 
internal control structure and procedures as of the end of the past 
calendar year that must include the following:
    (A) A statement identifying the internal control framework used by 
management to evaluate the effectiveness of the corporate credit 
union's internal control over financial reporting;
    (B) A statement that the assessment included controls over the 
preparation of regulatory financial statements in accordance with 
regulatory reporting instructions including identification of such 
regulatory reporting instructions; and
    (C) A statement expressing management's conclusion as to whether 
the corporate credit union's internal control over financial reporting 
is effective as of the end of the previous calendar year. Management 
must disclose all material weaknesses in internal control over 
financial reporting, if any, that it has identified that have not been 
remediated prior to the calendar year-end. Management may not conclude 
that the corporate credit union's internal control over financial 
reporting is effective if there are one or more material weaknesses.
    (3) Management report signatures. The chief executive officer and 
either the chief accounting officer or chief financial officer of the 
corporate credit union must sign the management report.
    (b) Independent public accountant--(1) Annual audit of financial 
statements. Each corporate credit union must engage an independent 
public accountant to audit and report on its annual financial 
statements in accordance with generally accepted auditing standards. 
The scope of the audit engagement must be sufficient to permit such 
accountant to determine and report whether the financial statements are 
presented fairly and in accordance with GAAP. A corporate credit union 
must provide its independent public accountant with a copy of its most 
recent Call Report and NCUA examination report. It must also provide 
its independent public accountant with copies of any notice that its 
capital category is being changed or reclassified and any 
correspondence from NCUA regarding compliance with this section.
    (2) Internal control over financial reporting. Beginning on and 
after January 1, 2014, the independent public accountant who audits the 
corporate credit union's financial statements must examine, attest to, 
and report separately on the assertion of management concerning the 
effectiveness of the corporate credit union's internal control 
structure and procedures for financial reporting. The attestation and 
report must be made in accordance with generally accepted standards for 
attestation engagements. The accountant's report must not be dated 
prior to the date of the management report and management's assessment 
of the effectiveness of internal control over financial reporting. 
Notwithstanding the requirements set forth in applicable professional 
standards, the accountant's report must include the following:
    (i) A statement identifying the internal control framework used by 
the independent public accountant, which must be the same as the 
internal control framework used by management, to evaluate the 
effectiveness of the corporate credit union's internal control over 
financial reporting;
    (ii) A statement that the independent public accountant's 
evaluation included controls over the preparation of regulatory 
financial statements in accordance with regulatory reporting 
instructions including identification of such regulatory reporting 
instructions; and
    (iii) A statement expressing the independent public accountant's 
conclusion as to whether the corporate credit union's internal control 
over financial reporting is effective as of the end of the previous 
calendar year. The report must disclose all material weaknesses in 
internal control over financial reporting that the independent public 
accountant has identified that have not been remediated prior to the 
calendar year-end. The independent public accountant may not conclude 
that the corporate credit union's internal control over financial 
reporting is effective if there are one or more material weaknesses.
    (3) Notice by accountant of termination of services. An independent 
public accountant performing an audit under this part who ceases to be 
the accountant for a corporate credit union must notify NCUA in writing 
of such termination within 15 days after the occurrence of such event 
and set forth in reasonable detail the reasons for such termination.
    (4) Communications with supervisory committee. In addition to the 
requirements for communications with audit committees set forth in 
applicable professional standards, the independent public accountant 
must report the following on a timely basis to the supervisory 
committee:
    (i) All critical accounting policies and practices to be used by 
the corporate credit union;
    (ii) All alternative accounting treatments within GAAP for policies 
and practices related to material items that the independent public 
accountant has discussed with management, including the ramifications 
of the use of such alternative disclosures and treatments, and the 
treatment preferred by the independent public accountant; and
    (iii) Other written communications the independent public 
accountant has provided to management, such as a management letter or 
schedule of unadjusted differences.
    (5) Retention of working papers. The independent public accountant 
must retain the working papers related to the audit of the corporate 
credit union's financial statements and, if applicable, the evaluation 
of the corporate credit union's internal control over financial 
reporting for seven years from the report release date, unless a longer 
period of time is required by law.
    (6) Independence. The independent public accountant must comply 
with the independence standards and interpretations of the American 
Institute of Certified Public Accountants (AICPA).
    (7) Peer reviews and inspection reports. (i) Prior to commencing 
any services for a corporate credit union under this section, the 
independent public accountant must have received a peer review, or be 
enrolled in a peer review program, that meets acceptable guidelines. 
Acceptable peer reviews include peer reviews performed in accordance 
with the AICPA's Peer Review Standards and inspections conducted by the 
Public Company Accounting Oversight Board (PCAOB).
    (ii) Within 15 days of receiving notification that the AICPA has 
accepted a peer review or the PCAOB has issued an inspection report, or 
before commencing any audit under this section, whichever is earlier, 
the independent public accountant must file a copy of the most recent 
peer review report and the public portion of the most recent PCAOB 
inspection report, if any, accompanied by any

[[Page 23870]]

letters of comments, response, and acceptance, with NCUA if the report 
has not already been filed.
    (iii) Within 15 days of the PCAOB making public a previously 
nonpublic portion of an inspection report, the independent public 
accountant must file a copy of the previously nonpublic portion of the 
inspection report with NCUA.
    (c) Filing and notice requirements--(1) Annual Report. Each 
corporate credit union must, no later than 180 days after the end of 
the calendar year, file an Annual Report with NCUA consisting of the 
following documents:
    (i) The audited comparative annual financial statements;
    (ii) The independent public accountant's report on the audited 
financial statements;
    (iii) The management report; and
    (iv) The independent public accountant's attestation report on 
management's assessment concerning the corporate credit union's 
internal control structure and procedures for financial reporting.
    (2) Public availability. The annual report in paragraph (c)(1) of 
this section will be made available by NCUA for public inspection.
    (3) Independent public accountant's letters and reports. Each 
corporate credit union must file with NCUA a copy of any management 
letter or other report issued by its independent public accountant with 
respect to such corporate credit union and the services provided by 
such accountant pursuant to this part (except for the independent 
public accountant's reports that are included in the Annual Report) 
within 15 days after receipt by the corporate credit union. Such 
reports include, but are not limited to:
    (i) Any written communication regarding matters that are required 
to be communicated to the supervisory committee (for example, critical 
accounting policies, alternative accounting treatments discussed with 
management, and any schedule of unadjusted differences); and
    (ii) Any written communication of significant deficiencies and 
material weaknesses in internal control required by the AICPA's 
auditing standards.
    (4) Notice of engagement or change of accountants. Each corporate 
credit union that engages an independent public accountant, or that 
loses an independent public accountant through dismissal or 
resignation, must notify NCUA within 15 days after the engagement, 
dismissal, or resignation. The corporate credit union must include with 
the notice a reasonably detailed statement of the reasons for any 
dismissal or resignation. The corporate credit union must also provide 
a copy of the notice to the independent public accountant at the same 
time the notice is filed with NCUA.
    (5) Notification of late filing. A corporate credit union that is 
unable to timely file any part of its Annual Report or any other report 
or notice required by this paragraph (c) must submit a written notice 
of late filing to NCUA. The notice must disclose the corporate credit 
union's inability to timely file all or specified portions of its 
Annual Report or other report or notice and the reasons therefore in 
reasonable detail. The late filing notice must also state the date by 
which the report or notice will be filed. The written notice must be 
filed with NCUA before the deadline for filing the Annual Report or any 
other report or notice, as appropriate. NCUA may take appropriate 
enforcement action for failure to timely file any report, or notice of 
late filing, required by this section.
    (6) Report to Members. A corporate credit union must submit a 
preliminary Annual Report to the membership at the next calendar year's 
annual meeting.
    (d) Supervisory committee.--(1) Composition. Each corporate credit 
union must establish a supervisory committee, all of whose members must 
independent. A committee member is independent if:
    (i) Neither the committee member, nor any immediate family member 
of the committee member, is supervised by, or has any material business 
or professional relationship with, the chief executive officer (CEO) of 
the corporate credit union, or anyone directly or indirectly supervised 
by the CEO, and
    (ii) Neither the committee member, nor any immediate family member 
of the committee member, has had any of the relationships described in 
paragraph (d)(1)(i) for at least the past three years.
    (2) Duties. In addition to any duties specified under the corporate 
credit union's bylaws and these regulations, the duties of the credit 
union's supervisory committee include the appointment, compensation, 
and oversight of the independent public accountant who performs 
services required under this section and reviewing with management and 
the independent public accountant the basis for all the reports 
prepared and issued under this section. The supervisory committee must 
submit the audited comparative annual financial statements and the 
independent public accountant's report on those statements to the 
corporate credit union's board of directors.
    (3) Independent public accountant engagement letters. (i) In 
performing its duties with respect to the appointment of the corporate 
credit union's independent public accountant, the supervisory committee 
must ensure that engagement letters and/or any related agreements with 
the independent public accountant for services to be performed under 
this section:
    (A) Obligate the independent public accountant to comply with the 
requirements of paragraph (b) of this section (including, but not 
limited to, the notice of termination of services, communications with 
the supervisory committee, and notifications of peer reviews and 
inspection reports); and
    (B) Do not contain any limitation of liability provisions that:
    (1) Indemnify the independent public accountant against claims made 
by third parties;
    (2) Hold harmless or release the independent public accountant from 
liability for claims or potential claims that might be asserted by the 
client corporate credit union, other than claims for punitive damages; 
or
    (3) Limit the remedies available to the client corporate credit 
union.
    (ii) Engagement letters may include alternative dispute resolution 
agreements and jury trial waiver provisions provided that the letters 
do not incorporate any limitation of liability provisions set forth in 
paragraph (d)(3)(i)(B) of this section.
    (4) Outside counsel. The supervisory committee of any corporate 
credit union must, when deemed necessary by the committee, have access 
to its own outside counsel.
    (e) Internal audit. A corporate credit union with average daily 
assets in excess of $400 million for the preceding calendar year, or as 
ordered by NCUA, must employ or contract, on a full- or part-time 
basis, the services of an internal auditor. The internal auditor's 
responsibilities will, at a minimum, comply with the Standards and 
Professional Practices of Internal Auditing, as established by the 
Institute of Internal Auditors. The internal auditor will report 
directly to the chair of the corporate credit union's supervisory 
committee, who may delegate supervision of the internal auditor's daily 
activities to the chief executive officer of the corporate credit 
union. The internal auditor's reports, findings, and recommendations 
will be in writing and presented to the supervisory committee no less 
than quarterly, and will be provided upon request to the IPA and NCUA.

[[Page 23871]]


0
6. Revise the introductory text of paragraph (a) of Sec.  704.19 to 
read as follows:


Sec.  704.19  Disclosure of executive and director compensation.

    (a) Annual disclosure. A corporate credit union must annually 
prepare and maintain a disclosure of the dollar amount of compensation 
paid to its most highly compensated employees, including compensation 
from any corporate CUSO in which the corporate has invested or made a 
loan, in accordance with the following schedule:
* * * * *

0
7. Effective April 29, 2013, add a new Sec.  704.21 to read as follows:


Sec.  704.21  Enterprise risk management.

    (a) A corporate credit union must develop and follow an enterprise 
risk management policy.
    (b) The board of directors of a corporate credit union must 
establish an enterprise risk management committee (ERMC) responsible 
for reviewing the enterprise-wide risk management practices of the 
corporate credit union. The ERMC must report at least quarterly to the 
board of directors.
    (c) The ERMC must include at least one independent risk management 
expert. The risk management expert will have post-graduate education; 
an actuarial, accounting, economics, financial, or legal background; 
and at least five years experience in identifying, assessing, and 
managing risk exposures. The risk management expert's experience must 
also be commensurate with the size of the corporate credit union and 
the complexity of its operations. The board of directors may hire the 
independent risk management expert to work full-time or part-time for 
the ERMC or as a consultant for the ERMC.
    (d) A risk management expert qualifies as independent if:
    (1) The expert reports to the ERMC and to the corporate credit 
union's board of directors;
    (2) Neither the expert, nor any immediate family member of the 
expert, is supervised by, or has any material business or professional 
relationship with, the chief executive officer (CEO) of the corporate 
credit union, or anyone directly or indirectly supervised by the CEO; 
and
    (3) Neither the expert, nor any immediate family member of the 
expert, has had any of the relationships described in paragraph (d)(2) 
of this section for at least the past three years.
    (e) The risk management expert is not required to be a director of 
the corporate credit union.

0
8. Add a new Sec.  704.22 to read as follows:


Sec.  704.22  Membership fees.

    (a) A corporate credit union may charge its members a membership 
fee. The fee may be one-time or periodic.
    (b) The corporate credit union must calculate the fee uniformly for 
all members as a percentage of each member's assets, except that the 
corporate credit union may reduce the amount of the fee for members 
that have contributed capital to the corporate. Any reduction must be 
proportional to the amount of the member's nondepleted contributed 
capital.
    (c) The corporate credit union must give its members at least six 
months advance notice of any initial or new fee, including terms and 
conditions, before invoicing the fee. For a recurring fee, the 
corporate credit union must also give six months notice of any material 
change to the terms and conditions of the fee.
    (d) The corporate credit union may terminate the membership of any 
credit union that fails to pay the fee in full within 60 days of the 
invoice date.

[FR Doc. 2011-10108 Filed 4-28-11; 8:45 am]
BILLING CODE 7535-01-P